Supported Actions
WAF provides system-defined policies that can be directly used in IAM. You can also create custom policies and use them to supplement system-defined policies, implementing more refined access control. Operations supported by policies are specific to APIs. The following are common concepts related to policies:
- Permissions: Statements in a policy that allow or deny certain operations.
- APIs: REST APIs that can be called by a user who has been granted specific permissions.
- Actions: Specific operations that are allowed or denied in a custom policy.
- Related actions: Actions on which a specific action depends to take effect. When assigning permissions for the action to a user, you also need to assign permissions for the related actions.
- IAM or enterprise projects: Type of projects for which an action will take effect. Policies that contain actions for both IAM and enterprise projects can be used and take effect for both IAM and Enterprise Management. Policies that only contain actions for IAM projects can be used and only take effect for IAM.
√: supported; x: not supported
Permission
API
Action
Dependency Item
IAM Project
Querying details about a dedicated WAF instance
GET /v1/{project_id}/premium-waf/instance/{instance_id}
waf:premiumInstance:get
-
√
Deleting a dedicated WAF instance
DELETE /v1/{project_id}/premium-waf/instance/{instance_id}
waf:premiumInstance:delete
-
√
Renaming a dedicated WAF instance
PUT /v1/{project_id}/premium-waf/instance/{instance_id}
waf:premiumInstance:put
-
√
Creating a dedicated WAF instance
POST /v1/{project_id}/premium-waf/instance
waf:premiumInstance:create
-
√
Querying dedicated WAF instances
GET /v1/{project_id}/premium-waf/instance
waf:premiumInstance:list
-
√
Adding a domain name to a dedicated WAF instance
POST /v1/{project_id}/premium-waf/host
waf:instance:create
-
√
Querying domain names protected by dedicated WAF engines
GET /v1/{project_id}/premium-waf/host
waf:instance:list
-
√
Modifying a domain name protected by a dedicated WAF instance
PUT /v1/{project_id}/premium-waf/host/{host_id}
waf:instance:put
-
√
Querying domain name settings in dedicated mode
GET /v1/{project_id}/premium-waf/host/{host_id}
waf:instance:get
-
√
Deleting a domain name from a dedicated WAF instance
DELETE /v1/{project_id}/premium-waf/host/{host_id}
waf:instance:delete
-
√
Modifying the protection status of a domain name in dedicated mode
PUT /v1/{project_id}/premium-waf/host/{host_id}/protect-status
waf:instance:put
-
√
Modifying the access status of a domain name in dedicated mode
PUT /v1/{project_id}/premium-waf/host/{host_id}/access_status
waf:instance:put
-
√
Querying the policy list
GET /v1/{project_id}/waf/policy
waf:policy:list
-
√
Creating a protection policy
POST /v1/{project_id}/waf/policy
waf:policy:create
-
√
Querying a policy by ID
GET /v1/{project_id}/waf/policy/{policy_id}
waf:policy:get
-
√
Updating a policy
PATCH /v1/{project_id}/waf/policy/{policy_id}
waf:policy:put
-
√
Deleting a protection policy
DELETE /v1/{project_id}/waf/policy/{policy_id}
waf:policy:delete
-
√
Querying the blacklist and whitelist rule list
GET /v1/{project_id}/waf/policy/{policy_id}/whiteblackip
waf:whiteBlackIpRule:list
-
√
Creating a blacklist or whitelist rule
POST /v1/{project_id}/waf/policy/{policy_id}/whiteblackip
waf:whiteBlackIpRule:create
-
√
Querying a blacklist or whitelist rule
GET /v1/{project_id}/waf/policy/{policy_id}/whiteblackip/{rule_id}
waf:whiteBlackIpRule:get
-
√
Updating a blacklist or whitelist rule
PUT /v1/{project_id}/waf/policy/{policy_id}/whiteblackip/{rule_id}
waf:whiteBlackIpRule:put
-
√
Deleting a blacklist or whitelist rule
DELETE /v1/{project_id}/waf/policy/{policy_id}/whiteblackip/{rule_id}
waf:whiteBlackIpRule:delete
-
√
Querying the CC attack protection rule list
GET /v1/{project_id}/waf/policy/{policy_id}/cc
waf:ccRule:list
-
√
Creating a CC attack protection rule
POST /v1/{project_id}/waf/policy/{policy_id}/cc
waf:ccRule:create
-
√
Querying a CC attack protection rule by ID
GET /v1/{project_id}/waf/policy/{policy_id}/cc/{rule_id}
waf:ccRule:get
-
√
Updating a CC attack protection rule
PUT /v1/{project_id}/waf/policy/{policy_id}/cc/{rule_id}
waf:ccRule:put
-
√
Deleting a CC attack protection rule
DELETE /v1/{project_id}/waf/policy/{policy_id}/cc/{rule_id}
waf:ccRule:delete
-
√
Querying precise protection rules
GET /v1/{project_id}/waf/policy/{policy_id}/custom
waf:preciseProtectionRule:list
-
√
Creating a precise protection rule
POST /v1/{project_id}/waf/policy/{policy_id}/custom
waf:preciseProtectionRule:create
-
√
Querying a precise protection rule by ID
GET /v1/{project_id}/waf/policy/{policy_id}/custom/{rule_id}
waf:preciseProtectionRule:get
-
√
Updating a precise protection rule
PUT /v1/{project_id}/waf/policy/{policy_id}/custom/{rule_id}
waf:preciseProtectionRule:put
-
√
Deleting a precise protection rule
DELETE /v1/{project_id}/waf/policy/{policy_id}/custom/{rule_id}
waf:preciseProtectionRule:delete
-
√
Querying data masking rules
GET /v1/{project_id}/waf/policy/{policy_id}/privacy
waf:privacyRule:list
-
√
Adding a data masking rule
POST /v1/{project_id}/waf/policy/{policy_id}/privacy
waf:privacyRule:create
-
√
Querying a data masking rule by ID
GET /v1/{project_id}/waf/policy/{policy_id}/privacy/{rule_id}
waf:privacyRule:get
-
√
Updating a data masking rule
PUT /v1/{project_id}/waf/policy/{policy_id}/privacy/{rule_id}
waf:privacyRule:put
-
√
Deleting a data masking rule
DELETE /v1/{project_id}/waf/policy/{policy_id}/privacy/{rule_id}
waf:privacyRule:delete
-
√
Querying the list of web tamper protection rules
GET /v1/{project_id}/waf/policy/{policy_id}/antitamper
waf:antiTamperRule:list
-
√
Creating a web tamper protection rule
POST /v1/{project_id}/waf/policy/{policy_id}/antitamper
waf:antiTamperRule:create
-
√
Querying a web tamper protection rule by ID
GET /v1/{project_id}/waf/policy/{policy_id}/antitamper/{rule_id}
waf:antiTamperRule:get
-
√
Deleting a web tamper protection rule
DELETE /v1/{project_id}/waf/policy/{policy_id}/antitamper/{rule_id}
waf:antiTamperRule:delete
-
√
Updating the cache of a web tamper protection rule
POST /v1/{project_id}/waf/policy/{policy_id}/antitamper/{antitamperid}/refresh
waf:antiTamperRule:create
-
√
Querying false alarm masking rules
GET /v1/{project_id}/waf/policy/{policy_id}/ignore
waf:falseAlarmMaskRule:list
-
√
Adding a false alarm masking rule
POST /v1/{project_id}/waf/policy/{policy_id}/ignore
waf:falseAlarmMaskRule:create
-
√
Querying a false alarm masking rule
GET /v1/{project_id}/waf/policy/{policy_id}/ignore/{rule_id}
waf:falseAlarmMaskRule:get
-
√
Updating a false alarm masking rule
PUT /v1/{project_id}/waf/policy/{policy_id}/ignore/{rule_id}
waf:falseAlarmMaskRule:put
-
√
Deleting a false alarm masking rule
DELETE /v1/{project_id}/waf/policy/{policy_id}/ignore/{rule_id}
waf:falseAlarmMaskRule:delete
-
√
Querying the certificate list
GET /v1/{project_id}/waf/certificate
waf:certificate:get
-
√
Creating a certificate
POST /v1/{project_id}/waf/certificate
waf:certificate:create
-
√
Querying a certificate
GET /v1/{project_id}/waf/certificate/{certificate_id}
waf:certificate:list
-
√
Modifying a certificate
PUT /v1/{project_id}/waf/certificate/{certificate_id}
waf:certificate:put
-
√
Deleting a certificate
DELETE /v1/{project_id}/waf/certificate/{certificate_id}
waf:certificate:delete
-
√
Applying a certificate to a domain name
POST /v1/{project_id}/waf/certificate/{certificate_id}/apply-to-hosts
waf:certificate:apply
-
√
Querying the number of requests and attacks on dashboard
GET /v1/{project_id}/waf/overviews/statistics
waf:event:get
-
√
Querying top N statistics on dashboard
GET /v1/{project_id}/waf/overviews/classification
waf:event:get
-
√
Querying the list of attack events
GET /v1/{project_id}/waf/event
waf:event:get
-
√
Querying attack event details
GET /v1/{project_id}/waf/event/{eventid}
waf:event:get
-
√
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot
