Editing a Web Tamper Protection Policy
Function
This API is used to edit a web tamper protection policy.
Calling Method
For details, see Calling APIs.
URI
PUT /v5/{project_id}/webtamper/{host_id}/policy
Parameter |
Mandatory |
Type |
Description |
---|---|---|---|
project_id |
Yes |
String |
Definition Project ID, which is used to specify the project that an asset belongs to. After the project ID is configured, you can query assets in the project using the project ID. For details about how to obtain it, see Obtaining a Project ID. Constraints N/A Range The value can contain 1 to 256 characters. Default Value N/A |
host_id |
Yes |
String |
Definition Server ID. For this parameter to be valid, the server must be protected by WTP. Constraints You need to use the ListWtpProtectHost API to query the protection status list of WTP servers. In the response body of the ListWtpProtectHost API, the host_id of the server whose protect_status is opened, open_failed, protection_pause, or partial_protection is the ID of the server that meets the modification conditions. Range Length: 1 to 256 characters Default Value N/A |
Parameter |
Mandatory |
Type |
Description |
---|---|---|---|
enterprise_project_id |
No |
String |
Definition Enterprise project ID, which is used to filter assets in different enterprise projects. For details, see Obtaining an Enterprise Project ID. To query assets in all enterprise projects, set this parameter to all_granted_eps. Constraints You need to set this parameter only after the enterprise project function is enabled. Range The value can contain 1 to 256 characters. Default Value 0: default enterprise project. |
Request Parameters
Parameter |
Mandatory |
Type |
Description |
---|---|---|---|
X-Auth-Token |
Yes |
String |
Definition User token, which contains user identity and permissions. The token can be used for identity authentication when an API is called. For details about how to obtain the token, see Obtaining a User Token. Constraints N/A Range The value can contain 1 to 32,768 characters. Default Value N/A |
Parameter |
Mandatory |
Type |
Description |
---|---|---|---|
protect_dir_info |
Yes |
Protected directory information. |
|
enable_timing_off |
No |
Boolean |
Definition Scheduled protection switch status. Constraints N/A Range
Default Value False |
timing_off_config_info |
No |
Details of the scheduled switch configuration. |
|
enable_rasp_protect |
No |
Boolean |
Definition Whether to enable dynamic web tamper protection. This parameter is supported only for Linux servers. Constraints Dynamic web tamper protection can be enabled only for Linux servers. This parameter cannot be set for Windows servers. Range
Default Value False |
rasp_path |
No |
String |
Definition Tomcat bin directory of dynamic WTP. This parameter is supported only for Linux servers. Constraints The Tomcat bin directory of dynamic WTP can be configured only for Linux servers. This parameter cannot be set for Windows servers. Range Length: 1 to 256 characters. The value must start with a slash (/) and cannot end with a slash (/). Only letters, numbers, underscores (_), hyphens (-), and periods (.) are allowed. Default Value N/A |
enable_privileged_process |
No |
Boolean |
Definition Privileged process status. Constraints N/A Range
Default Value False |
privileged_process_info |
No |
Privileged process configuration details. |
Parameter |
Mandatory |
Type |
Description |
---|---|---|---|
protect_dir_list |
Yes |
Array of WebTamperProtectHostDirRequestInfo objects |
Definition List of protected directories. Constraints N/A Range 1 to 50 items Default Value N/A |
exclude_file_type |
No |
String |
Definition Excluded file types. Constraints N/A Range The file type can contain only letters and numbers. A maximum of 10 file types can be added. Each file type can contain a maximum of 10 characters. Multiple file types are separated by semicolons (;). Default Value N/A |
protect_mode |
No |
String |
Definition Protection mode. Only Linux servers support the alarm mode. Windows servers only support the interception mode. Constraints N/A Range
Default Value recovery |
Parameter |
Mandatory |
Type |
Description |
---|---|---|---|
protect_dir |
Yes |
String |
Definition Protected directory. Constraints N/A Range Length: 1 to 256 characters For Linux servers, the value must start with a slash (/) and cannot end with a slash (/). Only letters, numbers, underscores (_), hyphens (-), and periods (.) are allowed. For Windows servers, the directory name cannot start with a space or end with a backslash (), and cannot contain the following special characters: ;/*?"<>| Default Value N/A |
exclude_child_dir |
No |
String |
Definition Excluded subdirectory. Constraints N/A Range A subdirectory must be a relative path under the protected directory. A subdirectory can be up to 256 characters long. Up to 10 subdirectories are allowed. Use semicolons (;) to separate them. A subdirectory name on a Linux server cannot start or end with a slash (/). A subdirectory name on a Windows server cannot start or end with a backslash (). Default Value N/A |
exclude_file_path |
No |
String |
Definition Excluded file path. Constraints An excluded file path can only be set for Linux servers. Range An excluded file path must be a relative path under the protected directory. It can be up to 256 characters long, and cannot start or end with a slash (/). Up to 50 paths are allowed. Use semicolons (;) to separate them. Default Value N/A |
local_backup_dir |
No |
String |
Definition A local backup path is required for Linux servers. Constraints A local backup path can only be set for Linux servers. Range A local backup path cannot contain semicolons (;), start with a space, or end with a slash (/). Up to 256 characters are allowed. Default Value N/A |
Parameter |
Mandatory |
Type |
Description |
---|---|---|---|
week_off_list |
No |
Array of integers |
Definition List of automatic protection periods. Constraints N/A Range 1 to 7 items Default Value N/A |
timing_range_list |
No |
Array of TimingRangeConfigRequestInfo objects |
Definition Automatic unprotection period. Constraints N/A Range 1 to 5 items Default Value N/A |
Parameter |
Mandatory |
Type |
Description |
---|---|---|---|
time_range |
No |
String |
Definition Time range during which protection is automatically disabled. The start time and end time are separated by a hyphen (-), for example, 15:00-15:30. Constraints A time range must be at least 5 minutes. Time ranges (except for those starting at 00:00 or ending at 23:59) cannot overlap and must have at least a 5-minute interval. Range Length: 0 to 20 characters Default Value N/A |
description |
No |
String |
Definition Description of the automatic unprotection period. Constraints N/A Range Length**: 0 to 20 characters Default Value N/A |
Parameter |
Mandatory |
Type |
Description |
---|---|---|---|
privileged_process_path_list |
No |
Array of strings |
Definition List of privileged process file paths. Constraints N/A Range 0 to 10 items Default Value N/A |
privileged_child_status |
No |
Boolean |
Definition Trustworthy status of a privileged process and its subprocesses. Constraints N/A Range
Default Value False |
Response Parameters
Status code: 200
Request succeeded.
None
Example Requests
Edit a web tamper protection policy.
PUT https://{endpoint}/v5/{project_id}/webtamper/{host_id}/policy { "protect_dir_info" : { "protect_dir_list" : [ { "local_backup_dir" : "/root/test2", "protect_dir" : "/root/test1" }, { "exclude_child_dir" : "pro", "exclude_file_path" : "path", "local_backup_dir" : "/root/test4", "protect_dir" : "/root/test3" } ], "exclude_file_type" : "log;pid;text", "protect_mode" : "recovery" }, "enable_timing_off" : true, "enable_privileged_process" : true, "enable_rasp_protect" : true, "timing_off_config_info" : { "week_off_list" : [ 5, 7 ], "timing_range_list" : [ { "time_range" : "02:00-04:00", "description" : "close" }, { "time_range" : "12:05-14:00" } ] }, "privileged_process_info" : { "privileged_process_path_list" : [ "/usr/bin/echo" ], "privileged_child_status" : true }, "rasp_path" : "/usr/bin/tomcat/bin" }
Example Responses
None
SDK Sample Code
The SDK sample code is as follows.
Edit a web tamper protection policy.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 |
package com.huaweicloud.sdk.test; import com.huaweicloud.sdk.core.auth.ICredential; import com.huaweicloud.sdk.core.auth.BasicCredentials; import com.huaweicloud.sdk.core.exception.ConnectionException; import com.huaweicloud.sdk.core.exception.RequestTimeoutException; import com.huaweicloud.sdk.core.exception.ServiceResponseException; import com.huaweicloud.sdk.hss.v5.region.HssRegion; import com.huaweicloud.sdk.hss.v5.*; import com.huaweicloud.sdk.hss.v5.model.*; import java.util.List; import java.util.ArrayList; public class UpdateWebTamperHostPolicySolution { public static void main(String[] args) { // The AK and SK used for authentication are hard-coded or stored in plaintext, which has great security risks. It is recommended that the AK and SK be stored in ciphertext in configuration files or environment variables and decrypted during use to ensure security. // In this example, AK and SK are stored in environment variables for authentication. Before running this example, set environment variables CLOUD_SDK_AK and CLOUD_SDK_SK in the local environment String ak = System.getenv("CLOUD_SDK_AK"); String sk = System.getenv("CLOUD_SDK_SK"); String projectId = "{project_id}"; ICredential auth = new BasicCredentials() .withProjectId(projectId) .withAk(ak) .withSk(sk); HssClient client = HssClient.newBuilder() .withCredential(auth) .withRegion(HssRegion.valueOf("<YOUR REGION>")) .build(); UpdateWebTamperHostPolicyRequest request = new UpdateWebTamperHostPolicyRequest(); request.withHostId("{host_id}"); UpdateWebTamperHostPolicyRequestInfo body = new UpdateWebTamperHostPolicyRequestInfo(); List<String> listPrivilegedProcessInfoPrivilegedProcessPathList = new ArrayList<>(); listPrivilegedProcessInfoPrivilegedProcessPathList.add("/usr/bin/echo"); WebTamperPrivilegedProcessRequestInfo privilegedProcessInfobody = new WebTamperPrivilegedProcessRequestInfo(); privilegedProcessInfobody.withPrivilegedProcessPathList(listPrivilegedProcessInfoPrivilegedProcessPathList) .withPrivilegedChildStatus(true); List<TimingRangeConfigRequestInfo> listTimingOffConfigInfoTimingRangeList = new ArrayList<>(); listTimingOffConfigInfoTimingRangeList.add( new TimingRangeConfigRequestInfo() .withTimeRange("02:00-04:00") .withDescription("close") ); listTimingOffConfigInfoTimingRangeList.add( new TimingRangeConfigRequestInfo() .withTimeRange("12:05-14:00") ); List<Integer> listTimingOffConfigInfoWeekOffList = new ArrayList<>(); listTimingOffConfigInfoWeekOffList.add(5); listTimingOffConfigInfoWeekOffList.add(7); WebTamperTimingOffConfigInfoRequestInfo timingOffConfigInfobody = new WebTamperTimingOffConfigInfoRequestInfo(); timingOffConfigInfobody.withWeekOffList(listTimingOffConfigInfoWeekOffList) .withTimingRangeList(listTimingOffConfigInfoTimingRangeList); List<WebTamperProtectHostDirRequestInfo> listProtectDirInfoProtectDirList = new ArrayList<>(); listProtectDirInfoProtectDirList.add( new WebTamperProtectHostDirRequestInfo() .withProtectDir("/root/test1") .withLocalBackupDir("/root/test2") ); listProtectDirInfoProtectDirList.add( new WebTamperProtectHostDirRequestInfo() .withProtectDir("/root/test3") .withExcludeChildDir("pro") .withExcludeFilePath("path") .withLocalBackupDir("/root/test4") ); WebTamperProtectDirRequestInfo protectDirInfobody = new WebTamperProtectDirRequestInfo(); protectDirInfobody.withProtectDirList(listProtectDirInfoProtectDirList) .withExcludeFileType("log;pid;text") .withProtectMode("recovery"); body.withPrivilegedProcessInfo(privilegedProcessInfobody); body.withEnablePrivilegedProcess(true); body.withRaspPath("/usr/bin/tomcat/bin"); body.withEnableRaspProtect(true); body.withTimingOffConfigInfo(timingOffConfigInfobody); body.withEnableTimingOff(true); body.withProtectDirInfo(protectDirInfobody); request.withBody(body); try { UpdateWebTamperHostPolicyResponse response = client.updateWebTamperHostPolicy(request); System.out.println(response.toString()); } catch (ConnectionException e) { e.printStackTrace(); } catch (RequestTimeoutException e) { e.printStackTrace(); } catch (ServiceResponseException e) { e.printStackTrace(); System.out.println(e.getHttpStatusCode()); System.out.println(e.getRequestId()); System.out.println(e.getErrorCode()); System.out.println(e.getErrorMsg()); } } } |
Edit a web tamper protection policy.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 |
# coding: utf-8 import os from huaweicloudsdkcore.auth.credentials import BasicCredentials from huaweicloudsdkhss.v5.region.hss_region import HssRegion from huaweicloudsdkcore.exceptions import exceptions from huaweicloudsdkhss.v5 import * if __name__ == "__main__": # The AK and SK used for authentication are hard-coded or stored in plaintext, which has great security risks. It is recommended that the AK and SK be stored in ciphertext in configuration files or environment variables and decrypted during use to ensure security. # In this example, AK and SK are stored in environment variables for authentication. Before running this example, set environment variables CLOUD_SDK_AK and CLOUD_SDK_SK in the local environment ak = os.environ["CLOUD_SDK_AK"] sk = os.environ["CLOUD_SDK_SK"] projectId = "{project_id}" credentials = BasicCredentials(ak, sk, projectId) client = HssClient.new_builder() \ .with_credentials(credentials) \ .with_region(HssRegion.value_of("<YOUR REGION>")) \ .build() try: request = UpdateWebTamperHostPolicyRequest() request.host_id = "{host_id}" listPrivilegedProcessPathListPrivilegedProcessInfo = [ "/usr/bin/echo" ] privilegedProcessInfobody = WebTamperPrivilegedProcessRequestInfo( privileged_process_path_list=listPrivilegedProcessPathListPrivilegedProcessInfo, privileged_child_status=True ) listTimingRangeListTimingOffConfigInfo = [ TimingRangeConfigRequestInfo( time_range="02:00-04:00", description="close" ), TimingRangeConfigRequestInfo( time_range="12:05-14:00" ) ] listWeekOffListTimingOffConfigInfo = [ 5, 7 ] timingOffConfigInfobody = WebTamperTimingOffConfigInfoRequestInfo( week_off_list=listWeekOffListTimingOffConfigInfo, timing_range_list=listTimingRangeListTimingOffConfigInfo ) listProtectDirListProtectDirInfo = [ WebTamperProtectHostDirRequestInfo( protect_dir="/root/test1", local_backup_dir="/root/test2" ), WebTamperProtectHostDirRequestInfo( protect_dir="/root/test3", exclude_child_dir="pro", exclude_file_path="path", local_backup_dir="/root/test4" ) ] protectDirInfobody = WebTamperProtectDirRequestInfo( protect_dir_list=listProtectDirListProtectDirInfo, exclude_file_type="log;pid;text", protect_mode="recovery" ) request.body = UpdateWebTamperHostPolicyRequestInfo( privileged_process_info=privilegedProcessInfobody, enable_privileged_process=True, rasp_path="/usr/bin/tomcat/bin", enable_rasp_protect=True, timing_off_config_info=timingOffConfigInfobody, enable_timing_off=True, protect_dir_info=protectDirInfobody ) response = client.update_web_tamper_host_policy(request) print(response) except exceptions.ClientRequestException as e: print(e.status_code) print(e.request_id) print(e.error_code) print(e.error_msg) |
Edit a web tamper protection policy.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 |
package main import ( "fmt" "github.com/huaweicloud/huaweicloud-sdk-go-v3/core/auth/basic" hss "github.com/huaweicloud/huaweicloud-sdk-go-v3/services/hss/v5" "github.com/huaweicloud/huaweicloud-sdk-go-v3/services/hss/v5/model" region "github.com/huaweicloud/huaweicloud-sdk-go-v3/services/hss/v5/region" ) func main() { // The AK and SK used for authentication are hard-coded or stored in plaintext, which has great security risks. It is recommended that the AK and SK be stored in ciphertext in configuration files or environment variables and decrypted during use to ensure security. // In this example, AK and SK are stored in environment variables for authentication. Before running this example, set environment variables CLOUD_SDK_AK and CLOUD_SDK_SK in the local environment ak := os.Getenv("CLOUD_SDK_AK") sk := os.Getenv("CLOUD_SDK_SK") projectId := "{project_id}" auth := basic.NewCredentialsBuilder(). WithAk(ak). WithSk(sk). WithProjectId(projectId). Build() client := hss.NewHssClient( hss.HssClientBuilder(). WithRegion(region.ValueOf("<YOUR REGION>")). WithCredential(auth). Build()) request := &model.UpdateWebTamperHostPolicyRequest{} request.HostId = "{host_id}" var listPrivilegedProcessPathListPrivilegedProcessInfo = []string{ "/usr/bin/echo", } privilegedChildStatusPrivilegedProcessInfo:= true privilegedProcessInfobody := &model.WebTamperPrivilegedProcessRequestInfo{ PrivilegedProcessPathList: &listPrivilegedProcessPathListPrivilegedProcessInfo, PrivilegedChildStatus: &privilegedChildStatusPrivilegedProcessInfo, } timeRangeTimingRangeList:= "02:00-04:00" descriptionTimingRangeList:= "close" timeRangeTimingRangeList1:= "12:05-14:00" var listTimingRangeListTimingOffConfigInfo = []model.TimingRangeConfigRequestInfo{ { TimeRange: &timeRangeTimingRangeList, Description: &descriptionTimingRangeList, }, { TimeRange: &timeRangeTimingRangeList1, }, } var listWeekOffListTimingOffConfigInfo = []int32{ int32(5), int32(7), } timingOffConfigInfobody := &model.WebTamperTimingOffConfigInfoRequestInfo{ WeekOffList: &listWeekOffListTimingOffConfigInfo, TimingRangeList: &listTimingRangeListTimingOffConfigInfo, } localBackupDirProtectDirList:= "/root/test2" excludeChildDirProtectDirList:= "pro" excludeFilePathProtectDirList:= "path" localBackupDirProtectDirList1:= "/root/test4" var listProtectDirListProtectDirInfo = []model.WebTamperProtectHostDirRequestInfo{ { ProtectDir: "/root/test1", LocalBackupDir: &localBackupDirProtectDirList, }, { ProtectDir: "/root/test3", ExcludeChildDir: &excludeChildDirProtectDirList, ExcludeFilePath: &excludeFilePathProtectDirList, LocalBackupDir: &localBackupDirProtectDirList1, }, } excludeFileTypeProtectDirInfo:= "log;pid;text" protectModeProtectDirInfo:= "recovery" protectDirInfobody := &model.WebTamperProtectDirRequestInfo{ ProtectDirList: listProtectDirListProtectDirInfo, ExcludeFileType: &excludeFileTypeProtectDirInfo, ProtectMode: &protectModeProtectDirInfo, } enablePrivilegedProcessUpdateWebTamperHostPolicyRequestInfo:= true raspPathUpdateWebTamperHostPolicyRequestInfo:= "/usr/bin/tomcat/bin" enableRaspProtectUpdateWebTamperHostPolicyRequestInfo:= true enableTimingOffUpdateWebTamperHostPolicyRequestInfo:= true request.Body = &model.UpdateWebTamperHostPolicyRequestInfo{ PrivilegedProcessInfo: privilegedProcessInfobody, EnablePrivilegedProcess: &enablePrivilegedProcessUpdateWebTamperHostPolicyRequestInfo, RaspPath: &raspPathUpdateWebTamperHostPolicyRequestInfo, EnableRaspProtect: &enableRaspProtectUpdateWebTamperHostPolicyRequestInfo, TimingOffConfigInfo: timingOffConfigInfobody, EnableTimingOff: &enableTimingOffUpdateWebTamperHostPolicyRequestInfo, ProtectDirInfo: protectDirInfobody, } response, err := client.UpdateWebTamperHostPolicy(request) if err == nil { fmt.Printf("%+v\n", response) } else { fmt.Println(err) } } |
For SDK sample code of more programming languages, see the Sample Code tab in API Explorer. SDK sample code can be automatically generated.
Status Codes
Status Code |
Description |
---|---|
200 |
Request succeeded. |
Error Codes
See Error Codes.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot