Querying the Global Protection Whitelist Rules in All Policies
Function
This API is used to query the global protection whitelist rules in all policies.
Calling Method
For details, see Calling APIs.
URI
GET /v1/{project_id}/waf/rule/ignore
| Parameter | Mandatory | Type | Description |
|---|---|---|---|
| project_id | Yes | String | Definition Project ID. To obtain it, log in to the Huawei Cloud console, click the username, choose My Credentials, and find the project ID in the Projects list. Constraints N/A Range The value contains 32 characters. Only letters and digits are supported. Default Value N/A |
| Parameter | Mandatory | Type | Description |
|---|---|---|---|
| policyids | No | String | Definition Policy ID list. Obtain the policy ID by calling the ListPolicy API. Policies are separated by commas (,). Constraints N/A Range N/A Default Value N/A |
| enterprise_project_id | No | String | Definition Obtain the enterprise project ID by calling the ListEnterpriseProject API of Enterprise Project Management Service (EPS). To obtain the resource details in all enterprise projects of a user, set this parameter to all_granted_eps. Constraints N/A Range Default Value 0 |
| page | No | Integer | Definition Page number of the data to be returned in a query. Constraints N/A Range The valid range of page depends on the total data volume and the value of pagesize. The value cannot be greater than the total number of pages. Default Value 1 |
| pagesize | No | Integer | Definition Number of results per page in a query. Constraints N/A Range [0, Total data volume] Default Value 1000 |
Request Parameters
| Parameter | Mandatory | Type | Description |
|---|---|---|---|
| X-Auth-Token | No | String | Definition User token. You can obtain it by calling the IAM API for obtaining a user token. The user token is the value of X-Subject-Token in the response header. Constraints N/A Range N/A Default Value N/A |
| Content-Type | Yes | String | Definition Content type. Constraints N/A Range N/A Default Value application/json;charset=utf8 |
Response Parameters
Status code: 200
| Parameter | Type | Description |
|---|---|---|
| total | Integer | The number of global protection whitelist (formerly false alarm masking) rules in the protection policy. |
| items | Array of IgnoreRuleBody objects | Domain names the global protection whitelist (formerly false alarm masking) rule is used for. |
| Parameter | Type | Description |
|---|---|---|
| id | String | Rule ID |
| policyid | String | ID of the protection policy that includes the rule |
| timestamp | Long | Timestamp the rule was created. |
| description | String | Rule description |
| status | Integer | Definition Rule status, which is used to specify whether a rule is enabled or disabled. Constraints N/A Range Default Value N/A |
| url | String | The path for false masking alarms. This parameter is available only when mode is set to 0. |
| rule | String | Type or ID of the rule to be masked. |
| mode | Integer | Version number. 0: indicates the old version V1. 1: indicates the new version V2. If the value of mode is 0, the conditions and multi_conditions fields do not exist, and the url and url_logic fields exist. If the value of mode is 1, the url and url_logic fields do not exist, and either the conditions field or the multi_conditions field exists. This is determined by the actual results returned. |
| url_logic | String | Matching logics. equal: A equals B; not_equal: A does not equal B; contain: A includes B; not_contain: A does not include B; prefix: the prefix includes a value; not_prefix: the prefix does not include a value; suffix: the suffix includes a value; not_suffix: the suffix does not include a value; regular_match: use a regular expression to match; regular_not_match: use a regular expression to exclude. |
| conditions | Array of Condition objects | Condition list |
| domain | Array of strings | Protecting Domain Names or Protecting Websites |
| advanced | IgnoreAdvanced object | Advanced settings. |
| Parameter | Type | Description |
|---|---|---|
| category | String | Field type. The value can be ip, url, params, cookie, or header. |
| contents | Array of strings | Content. The array length must be 1. The content format varies depending on field types. For example, if the field type is ip, the value must be an IP address or IP address range. If the field type is url, the value must be a URL in standard format. If the field type is params, cookie, or header, the content format is not limited. |
| logic_operation | String | Matching logics. The matching logic varies depending on field types. If the field type is ip, equal and not_equal are supported. If the field type is url, header, params, or cookie, equal, not_equal, contain, not_contain, prefix, not_prefix, suffix, not_suffix, regular_match, and regular_not_match are supported. |
| check_all_indexes_logic | Integer | If the field type is url or ip, the check_all_indexes_logic field does not exist. In other cases, the value 1 indicates that all subfields will be checked, the value 2 indicates that any subfield will be checked, and the valuenull indicates that custom subfields will be used. |
| index | String | If the field type is ip and the subfield is the client IP address, the index parameter does not exist. If the subfield type is X-Forwarded-For, the value is x-forwarded-for. If the field type is params, header, or cookie, and the subfield is user-defined, the value of index is the user-defined subfield. |
| Parameter | Type | Description |
|---|---|---|
| index | String | Field type. The following field types are supported: Params, Cookie, Header, Body, and Multipart. |
| contents | Array of strings | Subfield of the specified field type. The default value is all. |
Status code: 400
| Parameter | Type | Description |
|---|---|---|
| error_code | String | Error code. |
| error_msg | String | Error message. |
| encoded_authorization_message | String | You can call the decode-authorization-message interface of the STS service to decode the rejection reason. For details, see the STS5 joint commissioning and self-verification. This parameter is returned only when an IAM 5 authentication error occurs. |
| details | Array of IAM5ErrorDetails objects | The set of error messages reported when a downstream service is invoked. This parameter is returned only when an IAM 5 authentication error occurs. |
| Parameter | Type | Description |
|---|---|---|
| error_code | String | Error codes of the downstream service. |
| error_msg | String | Error messages of the downstream service. |
Status code: 401
| Parameter | Type | Description |
|---|---|---|
| error_code | String | Error code. |
| error_msg | String | Error message. |
| encoded_authorization_message | String | You can call the decode-authorization-message interface of the STS service to decode the rejection reason. For details, see the STS5 joint commissioning and self-verification. This parameter is returned only when an IAM 5 authentication error occurs. |
| details | Array of IAM5ErrorDetails objects | The set of error messages reported when a downstream service is invoked. This parameter is returned only when an IAM 5 authentication error occurs. |
| Parameter | Type | Description |
|---|---|---|
| error_code | String | Error codes of the downstream service. |
| error_msg | String | Error messages of the downstream service. |
Status code: 500
| Parameter | Type | Description |
|---|---|---|
| error_code | String | Error code. |
| error_msg | String | Error message. |
| encoded_authorization_message | String | You can call the decode-authorization-message interface of the STS service to decode the rejection reason. For details, see the STS5 joint commissioning and self-verification. This parameter is returned only when an IAM 5 authentication error occurs. |
| details | Array of IAM5ErrorDetails objects | The set of error messages reported when a downstream service is invoked. This parameter is returned only when an IAM 5 authentication error occurs. |
Example Requests
Query the global protection whitelist rules in all policies.
GET https://{endpoint}/v1/{project_id}/waf/rule/ignore?enterprise_project_id=0 Example Responses
Status code: 200
Request succeeded.
{
"total" : 198,
"items" : [ {
"id" : "5efee824e37845a88571c7a1f705e63c",
"policyid" : "f57df92fba6f43a78eabf44eb468b7e3",
"timestamp" : 1758523343065,
"description" : "",
"status" : 1,
"rule" : "bypass",
"mode" : 1,
"domain" : [ ]
} ]
} SDK Sample Code
The SDK sample code is as follows.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 | package com.huaweicloud.sdk.test; import com.huaweicloud.sdk.core.auth.ICredential; import com.huaweicloud.sdk.core.auth.BasicCredentials; import com.huaweicloud.sdk.core.exception.ConnectionException; import com.huaweicloud.sdk.core.exception.RequestTimeoutException; import com.huaweicloud.sdk.core.exception.ServiceResponseException; import com.huaweicloud.sdk.waf.v1.region.WafRegion; import com.huaweicloud.sdk.waf.v1.*; import com.huaweicloud.sdk.waf.v1.model.*; public class ListIgnorePolicyRulesSolution { public static void main(String[] args) { // The AK and SK used for authentication are hard-coded or stored in plaintext, which has great security risks. It is recommended that the AK and SK be stored in ciphertext in configuration files or environment variables and decrypted during use to ensure security. // In this example, AK and SK are stored in environment variables for authentication. Before running this example, set environment variables CLOUD_SDK_AK and CLOUD_SDK_SK in the local environment String ak = System.getenv("CLOUD_SDK_AK"); String sk = System.getenv("CLOUD_SDK_SK"); String projectId = "{project_id}"; ICredential auth = new BasicCredentials() .withProjectId(projectId) .withAk(ak) .withSk(sk); WafClient client = WafClient.newBuilder() .withCredential(auth) .withRegion(WafRegion.valueOf("<YOUR REGION>")) .build(); ListIgnorePolicyRulesRequest request = new ListIgnorePolicyRulesRequest(); try { ListIgnorePolicyRulesResponse response = client.listIgnorePolicyRules(request); System.out.println(response.toString()); } catch (ConnectionException e) { e.printStackTrace(); } catch (RequestTimeoutException e) { e.printStackTrace(); } catch (ServiceResponseException e) { e.printStackTrace(); System.out.println(e.getHttpStatusCode()); System.out.println(e.getRequestId()); System.out.println(e.getErrorCode()); System.out.println(e.getErrorMsg()); } } } |
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 | # coding: utf-8 import os from huaweicloudsdkcore.auth.credentials import BasicCredentials from huaweicloudsdkwaf.v1.region.waf_region import WafRegion from huaweicloudsdkcore.exceptions import exceptions from huaweicloudsdkwaf.v1 import * if __name__ == "__main__": # The AK and SK used for authentication are hard-coded or stored in plaintext, which has great security risks. It is recommended that the AK and SK be stored in ciphertext in configuration files or environment variables and decrypted during use to ensure security. # In this example, AK and SK are stored in environment variables for authentication. Before running this example, set environment variables CLOUD_SDK_AK and CLOUD_SDK_SK in the local environment ak = os.environ["CLOUD_SDK_AK"] sk = os.environ["CLOUD_SDK_SK"] projectId = "{project_id}" credentials = BasicCredentials(ak, sk, projectId) client = WafClient.new_builder() \ .with_credentials(credentials) \ .with_region(WafRegion.value_of("<YOUR REGION>")) \ .build() try: request = ListIgnorePolicyRulesRequest() response = client.list_ignore_policy_rules(request) print(response) except exceptions.ClientRequestException as e: print(e.status_code) print(e.request_id) print(e.error_code) print(e.error_msg) |
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 | package main import ( "fmt" "github.com/huaweicloud/huaweicloud-sdk-go-v3/core/auth/basic" waf "github.com/huaweicloud/huaweicloud-sdk-go-v3/services/waf/v1" "github.com/huaweicloud/huaweicloud-sdk-go-v3/services/waf/v1/model" region "github.com/huaweicloud/huaweicloud-sdk-go-v3/services/waf/v1/region" ) func main() { // The AK and SK used for authentication are hard-coded or stored in plaintext, which has great security risks. It is recommended that the AK and SK be stored in ciphertext in configuration files or environment variables and decrypted during use to ensure security. // In this example, AK and SK are stored in environment variables for authentication. Before running this example, set environment variables CLOUD_SDK_AK and CLOUD_SDK_SK in the local environment ak := os.Getenv("CLOUD_SDK_AK") sk := os.Getenv("CLOUD_SDK_SK") projectId := "{project_id}" auth, err := basic.NewCredentialsBuilder(). WithAk(ak). WithSk(sk). WithProjectId(projectId). SafeBuild() if err != nil { fmt.Println(err) return } hcClient, err := waf.WafClientBuilder(). WithRegion(region.ValueOf("<YOUR REGION>")). WithCredential(auth). SafeBuild() if err != nil { fmt.Println(err) return } client := waf.NewWafClient(hcClient) request := &model.ListIgnorePolicyRulesRequest{} response, err := client.ListIgnorePolicyRules(request) if err == nil { fmt.Printf("%+v\n", response) } else { fmt.Println(err) } } |
For SDK sample code of more programming languages, see the Sample Code tab in API Explorer. SDK sample code can be automatically generated.
Status Codes
| Status Code | Description |
|---|---|
| 200 | Request succeeded. |
| 400 | Request failed. |
| 401 | The token does not have required permissions. |
| 500 | Internal server error. |
Error Codes
See Error Codes.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot
