Querying the Blacklist and Whitelist Rule List

Function

This API is used to query the list of blacklist and whitelist rules.

Calling Method

For details, see Calling APIs.

URI

GET /v1/{project_id}/waf/policy/{policy_id}/whiteblackip

**Table 1** Path Parameters
Parameter	Mandatory	Type	Description
project_id	Yes	String	Project ID. To obtain it, go to Huawei Cloud management cons. Then, in the Projects area, view Project ID** of the corresponding project.
policy_id	Yes	String	Policy ID. It can be obtained by calling the ListPolicy API.

**Table 2** Query Parameters
Parameter	Mandatory	Type	Description
enterprise_project_id	No	String	You can obtain the ID by calling the ListEnterpriseProject API of EPS.
page	No	Integer	Page number of the data to be returned during pagination query. The default value is 1, indicating that the data on the first page is returned.
pagesize	No	Integer	Number of results on each page during pagination query. Value range: 1 to 100. The default value is 10, indicating that each page contains 10 results.
name	No	String	Name of the whitelist or blacklist rule.

Request Parameters

**Table 3** Request header parameters
Parameter	Mandatory	Type	Description
X-Auth-Token	Yes	String	User token. It can be obtained by calling the IAM API (value of X-Subject-Token in the response header).
Content-Type	Yes	String	Content type.

Response Parameters

Status code: 200

**Table 4** Response body parameters
Parameter	Type	Description
total	Integer	Number of the whitelist and blacklist rules.
items	Array of WhiteBlackIpResponseBody objects	Details of blacklist or whitelist rules.
size	Integer	Number of the Ip addresses

**Table 5** WhiteBlackIpResponseBody
Parameter	Type	Description
id	String	Rule ID.
name	String	Name of the whitelist or blacklist rule.
policyid	String	Policy ID.
timestamp	Long	Timestamp (ms) when the rule was created.
description	String	Rule description.
status	Integer	Rule status. The value can be 0 or 1. 0: The rule is disabled. 1: The rule is enabled.
addr	String	IP address/IP address group
white	Integer	Protective action 0: WAF blocks requests that hit the rule. 1: WAF allows requests that hit the rule. 2: WAF only record requests that hit the rule.
ip_group	Ip_group object	IP address group.
time_mode	String	The rule application method. Default value: permanent, indicating that the rule will be applied once it is configured.
start	Long	Effective start time. This parameter is valid only when time_Mode is set to customize.
terminal	Long	Effective end time. This parameter is valid only when time_Mode is set to customize.

**Table 6** Ip_group
Parameter	Type	Description
id	String	ID of the IP address group.
name	String	Name of the IP address group.
size	Long	Number of IP addresses or IP address ranges in the IP address group.

Status code: 400

**Table 7** Response body parameters
Parameter	Type	Description
error_code	String	Error code.
error_msg	String	Error message.
encoded_authorization_message	String	You can call the decode-authorization-message interface of the STS service to decode the rejection reason. For details, see the STS5 joint commissioning and self-verification. This parameter is returned only when an IAM 5 authentication error occurs.
details	Array of IAM5ErrorDetails objects	The set of error messages reported when a downstream service is invoked. This parameter is returned only when an IAM 5 authentication error occurs.

**Table 8** IAM5ErrorDetails
Parameter	Type	Description
error_code	String	Error codes of the downstream service.
error_msg	String	Error messages of the downstream service.

Status code: 401

**Table 9** Response body parameters
Parameter	Type	Description
error_code	String	Error code.
error_msg	String	Error message.
encoded_authorization_message	String	You can call the decode-authorization-message interface of the STS service to decode the rejection reason. For details, see the STS5 joint commissioning and self-verification. This parameter is returned only when an IAM 5 authentication error occurs.
details	Array of IAM5ErrorDetails objects	The set of error messages reported when a downstream service is invoked. This parameter is returned only when an IAM 5 authentication error occurs.

**Table 10** IAM5ErrorDetails
Parameter	Type	Description
error_code	String	Error codes of the downstream service.
error_msg	String	Error messages of the downstream service.

Status code: 500

**Table 11** Response body parameters
Parameter	Type	Description
error_code	String	Error code.
error_msg	String	Error message.
encoded_authorization_message	String	You can call the decode-authorization-message interface of the STS service to decode the rejection reason. For details, see the STS5 joint commissioning and self-verification. This parameter is returned only when an IAM 5 authentication error occurs.
details	Array of IAM5ErrorDetails objects	The set of error messages reported when a downstream service is invoked. This parameter is returned only when an IAM 5 authentication error occurs.

**Table 12** IAM5ErrorDetails
Parameter	Type	Description
error_code	String	Error codes of the downstream service.
error_msg	String	Error messages of the downstream service.

Example Requests

The following example shows how to query the whitelist and blacklist rule list in a project. The project ID is specified by project_id, and the policy is specified by policy_id.

GET https://{Endpoint}/v1/{project_id}/waf/policy/{policy_id}/whiteblackip?enterprise_project_id=0

Example Responses

Status code: 200

{
  "total" : 1,
  "items" : [ {
    "id" : "3c96caf769ca4f57814fcf4259ea89a1",
    "policyid" : "4dddfd44fc89453e9fd9cd6bfdc39db2",
    "name" : "hkhtest",
    "timestamp" : 1650362891844,
    "description" : "demo",
    "status" : 1,
    "addr" : "x.x.x.x",
    "white" : 0
  } ]
}

SDK Sample Code

The SDK sample code is as follows.

      
       
         
         
           package com.huaweicloud.sdk.test;

import com.huaweicloud.sdk.core.auth.ICredential;
import com.huaweicloud.sdk.core.auth.BasicCredentials;
import com.huaweicloud.sdk.core.exception.ConnectionException;
import com.huaweicloud.sdk.core.exception.RequestTimeoutException;
import com.huaweicloud.sdk.core.exception.ServiceResponseException;
import com.huaweicloud.sdk.waf.v1.region.WafRegion;
import com.huaweicloud.sdk.waf.v1.*;
import com.huaweicloud.sdk.waf.v1.model.*;


public class ListWhiteblackipRuleSolution {

    public static void main(String[] args) {
        // The AK and SK used for authentication are hard-coded or stored in plaintext, which has great security risks. It is recommended that the AK and SK be stored in ciphertext in configuration files or environment variables and decrypted during use to ensure security.
        // In this example, AK and SK are stored in environment variables for authentication. Before running this example, set environment variables CLOUD_SDK_AK and CLOUD_SDK_SK in the local environment
        String ak = System.getenv("CLOUD_SDK_AK");
        String sk = System.getenv("CLOUD_SDK_SK");
        String projectId = "{project_id}";

        ICredential auth = new BasicCredentials()
                .withProjectId(projectId)
                .withAk(ak)
                .withSk(sk);

        WafClient client = WafClient.newBuilder()
                .withCredential(auth)
                .withRegion(WafRegion.valueOf("<YOUR REGION>"))
                .build();
        ListWhiteblackipRuleRequest request = new ListWhiteblackipRuleRequest();
        request.withPolicyId("{policy_id}");
        try {
            ListWhiteblackipRuleResponse response = client.listWhiteblackipRule(request);
            System.out.println(response.toString());
        } catch (ConnectionException e) {
            e.printStackTrace();
        } catch (RequestTimeoutException e) {
            e.printStackTrace();
        } catch (ServiceResponseException e) {
            e.printStackTrace();
            System.out.println(e.getHttpStatusCode());
            System.out.println(e.getRequestId());
            System.out.println(e.getErrorCode());
            System.out.println(e.getErrorMsg());
        }
    }
}

          

        

      
     

      
       
         
         
           # coding: utf-8

import os
from huaweicloudsdkcore.auth.credentials import BasicCredentials
from huaweicloudsdkwaf.v1.region.waf_region import WafRegion
from huaweicloudsdkcore.exceptions import exceptions
from huaweicloudsdkwaf.v1 import *

if __name__ == "__main__":
    # The AK and SK used for authentication are hard-coded or stored in plaintext, which has great security risks. It is recommended that the AK and SK be stored in ciphertext in configuration files or environment variables and decrypted during use to ensure security.
    # In this example, AK and SK are stored in environment variables for authentication. Before running this example, set environment variables CLOUD_SDK_AK and CLOUD_SDK_SK in the local environment
    ak = os.environ["CLOUD_SDK_AK"]
    sk = os.environ["CLOUD_SDK_SK"]
    projectId = "{project_id}"

    credentials = BasicCredentials(ak, sk, projectId)

    client = WafClient.new_builder() \
        .with_credentials(credentials) \
        .with_region(WafRegion.value_of("<YOUR REGION>")) \
        .build()

    try:
        request = ListWhiteblackipRuleRequest()
        request.policy_id = "{policy_id}"
        response = client.list_whiteblackip_rule(request)
        print(response)
    except exceptions.ClientRequestException as e:
        print(e.status_code)
        print(e.request_id)
        print(e.error_code)
        print(e.error_msg)

          

        

      
     

      
       
         
         
           package main

import (
	"fmt"
	"github.com/huaweicloud/huaweicloud-sdk-go-v3/core/auth/basic"
    waf "github.com/huaweicloud/huaweicloud-sdk-go-v3/services/waf/v1"
	"github.com/huaweicloud/huaweicloud-sdk-go-v3/services/waf/v1/model"
    region "github.com/huaweicloud/huaweicloud-sdk-go-v3/services/waf/v1/region"
)

func main() {
    // The AK and SK used for authentication are hard-coded or stored in plaintext, which has great security risks. It is recommended that the AK and SK be stored in ciphertext in configuration files or environment variables and decrypted during use to ensure security.
    // In this example, AK and SK are stored in environment variables for authentication. Before running this example, set environment variables CLOUD_SDK_AK and CLOUD_SDK_SK in the local environment
    ak := os.Getenv("CLOUD_SDK_AK")
    sk := os.Getenv("CLOUD_SDK_SK")
    projectId := "{project_id}"

    auth := basic.NewCredentialsBuilder().
        WithAk(ak).
        WithSk(sk).
        WithProjectId(projectId).
        Build()

    client := waf.NewWafClient(
        waf.WafClientBuilder().
            WithRegion(region.ValueOf("<YOUR REGION>")).
            WithCredential(auth).
            Build())

    request := &model.ListWhiteblackipRuleRequest{}
	request.PolicyId = "{policy_id}"
	response, err := client.ListWhiteblackipRule(request)
	if err == nil {
        fmt.Printf("%+v\n", response)
    } else {
        fmt.Println(err)
    }
}

          

        

      
     