Viewing Web Tamper Protection Policies

Function

This API is used to view web tamper protection policies.

Calling Method

For details, see Calling APIs.

URI

GET /v5/{project_id}/webtamper/{host_id}/policy

**Table 1** Path Parameters
Parameter	Mandatory	Type	Description
project_id	Yes	String	Definition Project ID, which is used to specify the project that an asset belongs to. After the project ID is configured, you can query assets in the project using the project ID. For details about how to obtain it, see Obtaining a Project ID. Constraints N/A Range The value can contain 1 to 256 characters. Default Value N/A
host_id	Yes	String	Definition Server ID. For this parameter to be valid, the server must have WTP enabled, or the WTP policy is not deleted after WTP is disabled. Constraints You need to use the ListWtpProtectHost API to query the WTP server protection status list. The host_id in the response body of the ListWtpProtectHost API is the server ID that meets the query conditions. Range Length: 1 to 256 characters Default Value N/A

**Table 2** Query Parameters
Parameter	Mandatory	Type	Description
enterprise_project_id	No	String	Definition Enterprise project ID, which is used to filter assets in different enterprise projects. For details, see Obtaining an Enterprise Project ID. To query assets in all enterprise projects, set this parameter to all_granted_eps. Constraints You need to set this parameter only after the enterprise project function is enabled. Range The value can contain 1 to 256 characters. Default Value 0: default enterprise project.

Request Parameters

**Table 3** Request header parameters
Parameter	Mandatory	Type	Description
X-Auth-Token	Yes	String	Definition User token, which contains user identity and permissions. The token can be used for identity authentication when an API is called. For details about how to obtain the token, see Obtaining a User Token. Constraints N/A Range The value can contain 1 to 32,768 characters. Default Value N/A

Response Parameters

Status code: 200

**Table 4** Response body parameters
Parameter	Type	Description
protect_dir_num	Integer	Definition Number of protected directories. Range The value ranges from 0 to 50.
protect_dir_info	WtpProtectDirResponseInfo object	Protected directory information.
enable_timing_off	Boolean	Definition Scheduled protection switch status. Range True: Scheduled protection is enabled. False: Scheduled protection is not enabled.
timing_off_config_info	ListTimingOffConfigInfoResponseInfo object	Configuration details of scheduled protection.
enable_rasp_protect	Boolean	Definition Status of dynamic WTP. Range True: Dynamic WTP is enabled. False: Dynamic WTP is not enabled.
rasp_path	String	Definition Tomcat bin directory for dynamic WTP. Range Length: 0 to 512 characters
enable_privileged_process	Boolean	Definition Privileged process status. Range True: Privileged processes are enabled. False: Privileged processes are not enabled.
privileged_child_status	Boolean	Definition The trust status of the sub-processes of privileged processes. To configure this parameter, enable the privileged process first. Range True: The sub-processes of privileged processes are trusted. False: The sub-processes of privileged processes are not trusted.
privileged_process_path_list	Array of strings	Definition List of privileged process file paths. Range Minimim: 0 item; maximum: 10 items
privileged_process_info	ListPrivilegedProcessResponseInfo object	Privileged process configuration details

**Table 5** WtpProtectDirResponseInfo
Parameter	Type	Description
protect_dir_list	Array of WtpProtectHostDirResponseInfo objects	Definition List of protected directories. Range Minimim: 0 item; maximum: 50 items
exclue_file_type	String	Excluded file types
exclude_file_type	String	Definition Excluded file types. Range Length: 0 to 512 characters
protect_mode	String	Definition Protection mode. Range recovery: interception mode alarm: alarm mode

**Table 6** WtpProtectHostDirResponseInfo
Parameter	Type	Description
protect_dir	String	Definition Protected directory. Range Length: 0 to 512 characters
exclude_child_dir	String	Definition Excluded subdirectory. Range Length: 0 to 512 characters
exclude_file_path	String	Definition Excluded file path. Range Length: 0 to 512 characters
exclue_file_path	String	Excluded file path
local_backup_dir	String	Definition Local backup path. Range Length: 0 to 512 characters
protect_status	String	Definition Protection status. Range closed: disabled opened: The protection is in progress. opening: The function is being enabled. closing: disabling open_failed: Protection failed.
error	String	Definition Failure cause. If protection status is open_failed, there is a the failure cause. Range Length: 0 to 512 characters

**Table 7** ListTimingOffConfigInfoResponseInfo
Parameter	Type	Description
week_off_list	Array of integers	Definition List of automatic protection periods. Range Minimim: 0 item; maximum: 7 items
timing_range_list	Array of TimingRangeConfigInfo objects	Definition Automatic unprotection period. Range Minimim: 0 item; maximum: 5 items
total_num	Integer	Definition Total number. Range The value range is 0 to 2,147,483,647.

**Table 8** TimingRangeConfigInfo
Parameter	Type	Description
time_range	String	Definition Automatic unprotection period. Range Length: 0 to 512 characters
description	String	Definition Description of the automatic unprotection period. Range Length: 0 to 512 characters

**Table 9** ListPrivilegedProcessResponseInfo
Parameter	Type	Description
data_list	Array of PrivilegedProcessResponseInfo objects	data list
total_num	Integer	total number

**Table 10** PrivilegedProcessResponseInfo
Parameter	Type	Description
process_file_path	String	Privileged process file path

Example Requests

None

Example Responses

Status code: 200

Request succeeded.

{
  "protect_dir_info" : {
    "protect_dir_list" : [ {
      "protect_dir" : "/root/test1",
      "local_backup_dir" : "/root/test2",
      "protect_status" : "open_failed",
      "error" : "The protected directory or backup directory was not found."
    }, {
      "protect_dir" : "/root/test3",
      "exclude_child_dir" : "pro",
      "exclude_file_path" : "path",
      "local_backup_dir" : "/root/test4",
      "protect_status" : "open_failed",
      "error" : "The protected directory or backup directory was not found."
    } ],
    "exclude_file_type" : "log;pid;text",
    "protect_mode" : "recovery"
  },
  "enable_timing_off" : true,
  "timing_off_config_info" : {
    "week_off_list" : [ 1, 2, 4, 6 ],
    "timing_range_list" : [ {
      "time_range" : "02:00-04:00",
      "description" : "close"
    }, {
      "time_range" : "12:05-14:00"
    } ]
  },
  "enable_rasp_protect" : true,
  "rasp_path" : "/usr/bin/tomcat/bin",
  "enable_privileged_process" : true,
  "privileged_child_status" : true,
  "privileged_process_path_list" : [ "/usr/bin/echo" ]
}

SDK Sample Code

The SDK sample code is as follows.

      
       
         
         
           package com.huaweicloud.sdk.test;

import com.huaweicloud.sdk.core.auth.ICredential;
import com.huaweicloud.sdk.core.auth.BasicCredentials;
import com.huaweicloud.sdk.core.exception.ConnectionException;
import com.huaweicloud.sdk.core.exception.RequestTimeoutException;
import com.huaweicloud.sdk.core.exception.ServiceResponseException;
import com.huaweicloud.sdk.hss.v5.region.HssRegion;
import com.huaweicloud.sdk.hss.v5.*;
import com.huaweicloud.sdk.hss.v5.model.*;


public class ShowWebTamperHostPolicySolution {

    public static void main(String[] args) {
        // The AK and SK used for authentication are hard-coded or stored in plaintext, which has great security risks. It is recommended that the AK and SK be stored in ciphertext in configuration files or environment variables and decrypted during use to ensure security.
        // In this example, AK and SK are stored in environment variables for authentication. Before running this example, set environment variables CLOUD_SDK_AK and CLOUD_SDK_SK in the local environment
        String ak = System.getenv("CLOUD_SDK_AK");
        String sk = System.getenv("CLOUD_SDK_SK");
        String projectId = "{project_id}";

        ICredential auth = new BasicCredentials()
                .withProjectId(projectId)
                .withAk(ak)
                .withSk(sk);

        HssClient client = HssClient.newBuilder()
                .withCredential(auth)
                .withRegion(HssRegion.valueOf("<YOUR REGION>"))
                .build();
        ShowWebTamperHostPolicyRequest request = new ShowWebTamperHostPolicyRequest();
        request.withHostId("{host_id}");
        try {
            ShowWebTamperHostPolicyResponse response = client.showWebTamperHostPolicy(request);
            System.out.println(response.toString());
        } catch (ConnectionException e) {
            e.printStackTrace();
        } catch (RequestTimeoutException e) {
            e.printStackTrace();
        } catch (ServiceResponseException e) {
            e.printStackTrace();
            System.out.println(e.getHttpStatusCode());
            System.out.println(e.getRequestId());
            System.out.println(e.getErrorCode());
            System.out.println(e.getErrorMsg());
        }
    }
}

          

        

      
     

      
       
         
         
           # coding: utf-8

import os
from huaweicloudsdkcore.auth.credentials import BasicCredentials
from huaweicloudsdkhss.v5.region.hss_region import HssRegion
from huaweicloudsdkcore.exceptions import exceptions
from huaweicloudsdkhss.v5 import *

if __name__ == "__main__":
    # The AK and SK used for authentication are hard-coded or stored in plaintext, which has great security risks. It is recommended that the AK and SK be stored in ciphertext in configuration files or environment variables and decrypted during use to ensure security.
    # In this example, AK and SK are stored in environment variables for authentication. Before running this example, set environment variables CLOUD_SDK_AK and CLOUD_SDK_SK in the local environment
    ak = os.environ["CLOUD_SDK_AK"]
    sk = os.environ["CLOUD_SDK_SK"]
    projectId = "{project_id}"

    credentials = BasicCredentials(ak, sk, projectId)

    client = HssClient.new_builder() \
        .with_credentials(credentials) \
        .with_region(HssRegion.value_of("<YOUR REGION>")) \
        .build()

    try:
        request = ShowWebTamperHostPolicyRequest()
        request.host_id = "{host_id}"
        response = client.show_web_tamper_host_policy(request)
        print(response)
    except exceptions.ClientRequestException as e:
        print(e.status_code)
        print(e.request_id)
        print(e.error_code)
        print(e.error_msg)

          

        

      
     

      
       
         
         
           package main

import (
	"fmt"
	"github.com/huaweicloud/huaweicloud-sdk-go-v3/core/auth/basic"
    hss "github.com/huaweicloud/huaweicloud-sdk-go-v3/services/hss/v5"
	"github.com/huaweicloud/huaweicloud-sdk-go-v3/services/hss/v5/model"
    region "github.com/huaweicloud/huaweicloud-sdk-go-v3/services/hss/v5/region"
)

func main() {
    // The AK and SK used for authentication are hard-coded or stored in plaintext, which has great security risks. It is recommended that the AK and SK be stored in ciphertext in configuration files or environment variables and decrypted during use to ensure security.
    // In this example, AK and SK are stored in environment variables for authentication. Before running this example, set environment variables CLOUD_SDK_AK and CLOUD_SDK_SK in the local environment
    ak := os.Getenv("CLOUD_SDK_AK")
    sk := os.Getenv("CLOUD_SDK_SK")
    projectId := "{project_id}"

    auth := basic.NewCredentialsBuilder().
        WithAk(ak).
        WithSk(sk).
        WithProjectId(projectId).
        Build()

    client := hss.NewHssClient(
        hss.HssClientBuilder().
            WithRegion(region.ValueOf("<YOUR REGION>")).
            WithCredential(auth).
            Build())

    request := &model.ShowWebTamperHostPolicyRequest{}
	request.HostId = "{host_id}"
	response, err := client.ShowWebTamperHostPolicy(request)
	if err == nil {
        fmt.Printf("%+v\n", response)
    } else {
        fmt.Println(err)
    }
}

          

        

      
     