Help Center/ Web Application Firewall/ API Reference/ APIs/ Managing Rules/ Batch Updating Global Protection Whitelist Rules

Updated on 2026-05-12 GMT+08:00

View PDF

Batch Updating Global Protection Whitelist Rules

Function

This API is used to batch update global protection whitelist rules.

Calling Method

For details, see Calling APIs.

URI

POST /v1/{project_id}/waf/rule/ignore/batch-update

**Table 1** Path Parameters
Parameter	Mandatory	Type	Description
project_id	Yes	String	Definition Project ID. To obtain it, log in to the Huawei Cloud console, click the username, choose My Credentials, and find the project ID in the Projects list. Constraints N/A Range The value contains 32 characters. Only letters and digits are supported. Default Value N/A

Request Parameters

**Table 2** Request header parameters
Parameter	Mandatory	Type	Description
X-Auth-Token	Yes	String	Definition User token. You can obtain it by calling the IAM API for obtaining a user token. The user token is the value of X-Subject-Token in the response header. Constraints N/A Range N/A Default Value N/A
Content-Type	Yes	String	Definition Content type. Constraints N/A Range N/A Default Value application/json;charset=utf8

**Table 3** Request body parameters
Parameter	Mandatory	Type	Description
domain	Yes	Array of strings	Domain names or websites to be protected. If the array length is 0, the rule takes effect for all domain names or websites.
conditions	Yes	Array of CreateCondition objects	Condition list.
mode	Yes	Integer	Version of the false alarm masking rule. The value is fixed at 1, indicating the v2 version. v1 is only compatible with earlier versions where a rule cannot be created.
rule	Yes	String	Definition Rule to be masked. Constraints The options vary depending on the value of unchecked modules. Range Ignore WAF Protection bypass: all modules The basic web protection modules can be classified based on: ID: built-in rule ID. You can obtain the ID through the ListWebBasicProtectionRules API. Separate multiple IDs with semicolons (;). Example: "000000;111111" Type: Separate multiple types with semicolons (;). Example: "xss;webshell" xss: XSS attacks webshell: website Trojans vuln: other types of attacks sqli: SQL injections robot: malicious crawlers rfi: remote file inclusion attacks lfi: local file inclusion attacks cmdi: command injections All built-in rules illegal: illegal request Default Value N/A
advanced	No	IgnoreAdvanced object	Advanced settings.
description	No	String	Rule description.
policy_rule_ids	Yes	Array of policy_rule_ids objects	Definition Policy ID and rule ID array. The rule ID and the ID of the policy that rule belongs to. Constraints N/A Range N/A Default Value N/A

**Table 4** CreateCondition
Parameter	Mandatory	Type	Description
category	Yes	String	Definition Field type. Constraints N/A Range url: path. custom_geoip: geolocation of the client IP address. robot: known feature crawler. user-agent: User Agent ip: IPv4 ipv6: IPv6 params: Params cookie: Cookie referer: Referer header: Header method: Method request_line: Request Line request: Request protocol: Protocol request_body: Request Body Default Value N/A
index	No	String	Definition Subfield. Constraints The value varies with the field type. Range custom_geoip: v4: IPv4 v6: IPv6 any: IPv4 or IPv6 ip/ipv6: null: client IP address x-forwarded-for: IP address recorded in the X-Forwarded-For of the request header $remote_addr: TCP connection IP address $remote_sockaddr: Layer 3 source IP address params/cookie/header: If check_all_indexes_logic is null, the subfield name can be customized. If check_all_indexes_logic is not null, the value must be null. Other field types are not supported. The default value is null. Default Value N/A
logic_operation	Yes	String	Definition Matching Logic Constraints The matching logic varies depending on field types. Range url/user-agent/referer: contain_any: Include any value. not_contain_all: Exclude any value. equal_any: Equal to any value. not_equal_all: Not equal to any value. prefix_any: Prefix matches any value. not_prefix_all: Prefix does not match any of them. suffix_any: Suffix matches any value. not_suffix_all: Suffix does not match any of them. contain: Contain the content. not_contain: Do not contain the content. equal: Equal to. not_equal: Do not equal to. prefix: Match the prefix. not_prefix: Do not match the prefix. suffix: Match the suffix. not_suffix: Do not match the suffix. len_equal: Length equal to. len_not_equal: Length not equal to. len_greater: Length greater than. len_less: Length less than. len_greater_equal: Length greater than or equal to. len_less_equal: Length less than or equal to. regular_match: Match the regular expression. regular_not_match: Do not match the regular expression. custom_geoip: belong: Belong to. not_belong: Do not belong to. robot: match: Match the content. not_match: Do not match the content. ip/ipv6: equal_any: Equal to any value. not_equal_all: Not equal to any value. equal: Equal to. not_equal: Do not equal to. params/cookie/header: contain_any: Include any value. not_contain_all: Exclude any value. equal_any: Equal to any value. not_equal_all: Not equal to any value. prefix_any: Prefix matches any value. not_prefix_all: Prefix does not match any of them. suffix_any: Suffix matches any value. not_suffix_all: Suffix does not match any of them. contain: Contain the content. not_contain: Do not contain the content. equal: Equal to. not_equal: Do not equal to. prefix: Match the prefix. not_prefix: Do not match the prefix. suffix: Match the suffix. not_suffix: Do not match the suffix. len_equal: Length equal to. len_not_equal: Length not equal to. len_greater: Length greater than. len_less: Length less than. len_greater_equal: Length greater than or equal to. len_less_equal: Length less than or equal to. num_equal: The number equals to. num_not_equal: The number does not equal to. num_greater: The number is greater than. num_less: The number is less than. exist: The content exists. not_exist: The content does not exist. regular_match: Match the regular expression. regular_not_match: Do not match the regular expression. method/protocol: equal: Equal to. not_equal: Do not equal to. request_line: len_equal: Length equal to. len_not_equal: Length not equal to. len_greater: Length greater than. len_less: Length less than. len_greater_equal: Length greater than or equal to. len_less_equal: Length less than or equal to. request: len_equal: Length equal to. len_not_equal: Length not equal to. len_greater: Length greater than. len_less: Length less than. len_greater_equal: Length greater than or equal to. len_less_equal: Length less than or equal to. regular_match: Match the regular expression. regular_not_match: Do not match the regular expression. request_body: contain: Contain the content. contain_any: Include any value. not_contain: Do not contain the content. not_contain_all: Exclude any value. regular_match: Match the regular expression. regular_not_match: Do not match the regular expression. Default Value N/A
contents	No	Array of strings	Definition Content for the matching logic in the condition list. Constraints This parameter is mandatory when the value of logic_operation does not end with any or all. Range The value contains 1 to 4096 characters. The content format varies according to the category and logic_operation parameters. logic_operation (numeric comparison type): The value is a number. url: URL format. Only one matching content is supported. custom_geoip: Country or region to which the client IP address belongs. Use vertical bars (\|) to separate multiple locations, for example, BJ\|SH. robot: List of known crawlers. You can select multiple crawlers. crawler_engine: Search engine. crawler_scanner: Scanner. crawler_script: script tool. crawler_other: Other crawlers. ip: IPv4 ipv6: IPv6 address referer: For example, http://test.com. params: Do not include ampersands (&). user-agent/cookie/header/request_body: No restriction. method: The method supported by the HTTP protocol. The letters are in uppercase. protocol: http https Default Value N/A
check_all_indexes_logic	No	Integer	Definition This parameter is transferred when all or any subfields need to be checked. Constraints This parameter is supported only when category is set to params, cookie, or header. Range 1: all subfields 2: any subfield Default Value N/A
value_list_id	No	String	Definition ID of the referenced table. Constraints This parameter is mandatory when the value of logic_operation ends with any or all. The type of the referenced table must be the same as that of category. Range Obtain the referenced table ID through the ListValueList API. Default Value N/A

**Table 5** IgnoreAdvanced
Parameter	Mandatory	Type	Description
index	No	String	Field type. The following field types are supported: Params, Cookie, Header, Body, and Multipart. If you select Params, Cookie, or Header, you can select All or configure subfields you need. If you select Body or Multipart, you can select All.
contents	No	Array of strings	Subfield of the specified field type. The default value is all.

**Table 6** policy_rule_ids
Parameter	Mandatory	Type	Description
policy_id	Yes	String	Definition Policy ID, which uniquely identifies a protection policy. You can obtain the policy ID by calling the ListPolicy API for querying the list of protection policies. Constraints N/A Range N/A Default Value N/A
rule_ids	Yes	Array of strings	Definition Rule ID array, including the ID of a single rule in the current protection policy. You can obtain the rule ID by calling the ListIgnoreRule API. Constraints ID of a single rule. Range N/A Default Value N/A

Response Parameters

Status code: 200

**Table 7** Response body parameters
Parameter	Type	Description
policy_rule_ids	Array of policy_rule_ids objects	Definition Policy and rule ID array. It shows the association between the protection policy and the corresponding rule IDs. Constraints N/A Range N/A Default Value N/A

**Table 8** policy_rule_ids
Parameter	Type	Description
policy_id	String	Definition Policy ID, which uniquely identifies a protection policy. Constraints N/A Range N/A Default Value N/A
rule_ids	Array of strings	Definition Rule ID array. IDs of rules in the current protection policy are returned. Constraints N/A Range N/A Default Value N/A

Status code: 400

**Table 9** Response body parameters
Parameter	Type	Description
error_code	String	Error code.
error_msg	String	Error message.
encoded_authorization_message	String	You can call the decode-authorization-message interface of the STS service to decode the rejection reason. For details, see the STS5 joint commissioning and self-verification. This parameter is returned only when an IAM 5 authentication error occurs.
details	Array of IAM5ErrorDetails objects	The set of error messages reported when a downstream service is invoked. This parameter is returned only when an IAM 5 authentication error occurs.

**Table 10** IAM5ErrorDetails
Parameter	Type	Description
error_code	String	Error codes of the downstream service.
error_msg	String	Error messages of the downstream service.

Status code: 401

**Table 11** Response body parameters
Parameter	Type	Description
error_code	String	Error code.
error_msg	String	Error message.
encoded_authorization_message	String	You can call the decode-authorization-message interface of the STS service to decode the rejection reason. For details, see the STS5 joint commissioning and self-verification. This parameter is returned only when an IAM 5 authentication error occurs.
details	Array of IAM5ErrorDetails objects	The set of error messages reported when a downstream service is invoked. This parameter is returned only when an IAM 5 authentication error occurs.

**Table 12** IAM5ErrorDetails
Parameter	Type	Description
error_code	String	Error codes of the downstream service.
error_msg	String	Error messages of the downstream service.

Status code: 500

**Table 13** Response body parameters
Parameter	Type	Description
error_code	String	Error code.
error_msg	String	Error message.
encoded_authorization_message	String	You can call the decode-authorization-message interface of the STS service to decode the rejection reason. For details, see the STS5 joint commissioning and self-verification. This parameter is returned only when an IAM 5 authentication error occurs.
details	Array of IAM5ErrorDetails objects	The set of error messages reported when a downstream service is invoked. This parameter is returned only when an IAM 5 authentication error occurs.

**Table 14** IAM5ErrorDetails
Parameter	Type	Description
error_code	String	Error codes of the downstream service.
error_msg	String	Error messages of the downstream service.

Example Requests

Batch update global protection whitelist rules.

POST https://{endpoint}/v1/{project_id}/waf/rule/ignore/batch-update?enterprise_project_id=0

{
  "domain" : [ ],
  "mode" : 1,
  "description" : "",
  "conditions" : [ {
    "category" : "url",
    "logic_operation" : "contain",
    "index" : null,
    "contents" : [ "/test" ]
  } ],
  "rule" : "091004",
  "policy_rule_ids" : [ {
    "rule_ids" : [ "ed37d85a925d469bb01986d06291d15f" ],
    "policy_id" : "4a34899ab17a4811a6da57742f69135a"
  } ]
}

Example Responses

Status code: 200

Definition

Constraints

N/A

Range

N/A

Default Value

N/A

{
  "policy_rule_ids" : [ {
    "rule_ids" : [ "ed37d85a925d469bb01986d06291d15f" ],
    "policy_id" : "4a34899ab17a4811a6da57742f69135a"
  } ]
}

SDK Sample Code

The SDK sample code is as follows.

Batch update global protection whitelist rules.

     package com.huaweicloud.sdk.test;

import com.huaweicloud.sdk.core.auth.ICredential;
import com.huaweicloud.sdk.core.auth.BasicCredentials;
import com.huaweicloud.sdk.core.exception.ConnectionException;
import com.huaweicloud.sdk.core.exception.RequestTimeoutException;
import com.huaweicloud.sdk.core.exception.ServiceResponseException;
import com.huaweicloud.sdk.waf.v1.region.WafRegion;
import com.huaweicloud.sdk.waf.v1.*;
import com.huaweicloud.sdk.waf.v1.model.*;

import java.util.List;
import java.util.ArrayList;

public class BatchUpdateIgnoreRulesSolution {

    public static void main(String[] args) {
        // The AK and SK used for authentication are hard-coded or stored in plaintext, which has great security risks. It is recommended that the AK and SK be stored in ciphertext in configuration files or environment variables and decrypted during use to ensure security.
        // In this example, AK and SK are stored in environment variables for authentication. Before running this example, set environment variables CLOUD_SDK_AK and CLOUD_SDK_SK in the local environment
        String ak = System.getenv("CLOUD_SDK_AK");
        String sk = System.getenv("CLOUD_SDK_SK");
        String projectId = "{project_id}";

        ICredential auth = new BasicCredentials()
                .withProjectId(projectId)
                .withAk(ak)
                .withSk(sk);

        WafClient client = WafClient.newBuilder()
                .withCredential(auth)
                .withRegion(WafRegion.valueOf("<YOUR REGION>"))
                .build();
        BatchUpdateIgnoreRulesRequest request = new BatchUpdateIgnoreRulesRequest();
        BatchUpdateIgnoreRuleRequestBody body = new BatchUpdateIgnoreRuleRequestBody();
        List<String> listPolicyRuleIdsRuleIds = new ArrayList<>();
        listPolicyRuleIdsRuleIds.add("ed37d85a925d469bb01986d06291d15f");
        List<BatchUpdateIgnoreRuleRequestBodyPolicyRuleIds> listbodyPolicyRuleIds = new ArrayList<>();
        listbodyPolicyRuleIds.add(
            new BatchUpdateIgnoreRuleRequestBodyPolicyRuleIds()
                .withPolicyId("4a34899ab17a4811a6da57742f69135a")
                .withRuleIds(listPolicyRuleIdsRuleIds)
        );
        List<String> listConditionsContents = new ArrayList<>();
        listConditionsContents.add("/test");
        List<CreateCondition> listbodyConditions = new ArrayList<>();
        listbodyConditions.add(
            new CreateCondition()
                .withCategory(CreateCondition.CategoryEnum.fromValue("url"))
                .withLogicOperation(CreateCondition.LogicOperationEnum.fromValue("contain"))
                .withContents(listConditionsContents)
        );
        body.withPolicyRuleIds(listbodyPolicyRuleIds);
        body.withDescription("");
        body.withRule("091004");
        body.withMode(1);
        body.withConditions(listbodyConditions);
        request.withBody(body);
        try {
            BatchUpdateIgnoreRulesResponse response = client.batchUpdateIgnoreRules(request);
            System.out.println(response.toString());
        } catch (ConnectionException e) {
            e.printStackTrace();
        } catch (RequestTimeoutException e) {
            e.printStackTrace();
        } catch (ServiceResponseException e) {
            e.printStackTrace();
            System.out.println(e.getHttpStatusCode());
            System.out.println(e.getRequestId());
            System.out.println(e.getErrorCode());
            System.out.println(e.getErrorMsg());
        }
    }
}
 
 
  

Batch update global protection whitelist rules.

     # coding: utf-8

import os
from huaweicloudsdkcore.auth.credentials import BasicCredentials
from huaweicloudsdkwaf.v1.region.waf_region import WafRegion
from huaweicloudsdkcore.exceptions import exceptions
from huaweicloudsdkwaf.v1 import *

if __name__ == "__main__":
    # The AK and SK used for authentication are hard-coded or stored in plaintext, which has great security risks. It is recommended that the AK and SK be stored in ciphertext in configuration files or environment variables and decrypted during use to ensure security.
    # In this example, AK and SK are stored in environment variables for authentication. Before running this example, set environment variables CLOUD_SDK_AK and CLOUD_SDK_SK in the local environment
    ak = os.environ["CLOUD_SDK_AK"]
    sk = os.environ["CLOUD_SDK_SK"]
    projectId = "{project_id}"

    credentials = BasicCredentials(ak, sk, projectId)

    client = WafClient.new_builder() \
        .with_credentials(credentials) \
        .with_region(WafRegion.value_of("<YOUR REGION>")) \
        .build()

    try:
        request = BatchUpdateIgnoreRulesRequest()
        listRuleIdsPolicyRuleIds = [
            "ed37d85a925d469bb01986d06291d15f"
        ]
        listPolicyRuleIdsbody = [
            BatchUpdateIgnoreRuleRequestBodyPolicyRuleIds(
                policy_id="4a34899ab17a4811a6da57742f69135a",
                rule_ids=listRuleIdsPolicyRuleIds
            )
        ]
        listContentsConditions = [
            "/test"
        ]
        listConditionsbody = [
            CreateCondition(
                category="url",
                logic_operation="contain",
                contents=listContentsConditions
            )
        ]
        request.body = BatchUpdateIgnoreRuleRequestBody(
            policy_rule_ids=listPolicyRuleIdsbody,
            description="",
            rule="091004",
            mode=1,
            conditions=listConditionsbody
        )
        response = client.batch_update_ignore_rules(request)
        print(response)
    except exceptions.ClientRequestException as e:
        print(e.status_code)
        print(e.request_id)
        print(e.error_code)
        print(e.error_msg)
 
 
  

Batch update global protection whitelist rules.

     package main

import (
	"fmt"
	"github.com/huaweicloud/huaweicloud-sdk-go-v3/core/auth/basic"
    waf "github.com/huaweicloud/huaweicloud-sdk-go-v3/services/waf/v1"
	"github.com/huaweicloud/huaweicloud-sdk-go-v3/services/waf/v1/model"
    region "github.com/huaweicloud/huaweicloud-sdk-go-v3/services/waf/v1/region"
)

func main() {
    // The AK and SK used for authentication are hard-coded or stored in plaintext, which has great security risks. It is recommended that the AK and SK be stored in ciphertext in configuration files or environment variables and decrypted during use to ensure security.
    // In this example, AK and SK are stored in environment variables for authentication. Before running this example, set environment variables CLOUD_SDK_AK and CLOUD_SDK_SK in the local environment
    ak := os.Getenv("CLOUD_SDK_AK")
    sk := os.Getenv("CLOUD_SDK_SK")
    projectId := "{project_id}"

    auth, err := basic.NewCredentialsBuilder().
        WithAk(ak).
        WithSk(sk).
        WithProjectId(projectId).
        SafeBuild()

    if err != nil {
        fmt.Println(err)
        return
    }

    hcClient, err := waf.WafClientBuilder().
         WithRegion(region.ValueOf("<YOUR REGION>")).
         WithCredential(auth).
         SafeBuild()


    if err != nil {
        fmt.Println(err)
        return
    }

    client := waf.NewWafClient(hcClient)

    request := &model.BatchUpdateIgnoreRulesRequest{}
	var listRuleIdsPolicyRuleIds = []string{
        "ed37d85a925d469bb01986d06291d15f",
    }
	var listPolicyRuleIdsbody = []model.BatchUpdateIgnoreRuleRequestBodyPolicyRuleIds{
        {
            PolicyId: "4a34899ab17a4811a6da57742f69135a",
            RuleIds: listRuleIdsPolicyRuleIds,
        },
    }
	var listContentsConditions = []string{
        "/test",
    }
	var listConditionsbody = []model.CreateCondition{
        {
            Category: model.GetCreateConditionCategoryEnum().URL,
            LogicOperation: model.GetCreateConditionLogicOperationEnum().CONTAIN,
            Contents: &listContentsConditions,
        },
    }
	descriptionBatchUpdateIgnoreRuleRequestBody:= ""
	request.Body = &model.BatchUpdateIgnoreRuleRequestBody{
		PolicyRuleIds: listPolicyRuleIdsbody,
		Description: &descriptionBatchUpdateIgnoreRuleRequestBody,
		Rule: "091004",
		Mode: int32(1),
		Conditions: listConditionsbody,
	}
	response, err := client.BatchUpdateIgnoreRules(request)
	if err == nil {
        fmt.Printf("%+v\n", response)
    } else {
        fmt.Println(err)
    }
}
 
 
  

For SDK sample code of more programming languages, see the Sample Code tab in API Explorer. SDK sample code can be automatically generated.

Status Codes

Status Code	Description
200	Definition OK Constraints N/A Range N/A Default Value N/A
400	Definition Request failed. Constraints N/A Range N/A Default Value N/A
401	Definition The token does not have required permissions. Constraints N/A Range N/A Default Value N/A
500	Definition Internal server error. Constraints N/A Range N/A Default Value N/A

Error Codes

See Error Codes.

Parent Topic: Managing Rules

Previous topic: Batch Updating Information Leakage Prevention Rules

Next topic: Batch Updating a Data Masking Rule

Feedback

Was this page helpful?

Helpful Not helpful

Provide feedback

Thank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.

The system is busy. Please try again later.

For any further questions, feel free to contact us through the chatbot.

Chatbot