Editing a Web Tamper Protection Policy

Function

This API is used to edit a web tamper protection policy.

Calling Method

For details, see Calling APIs.

URI

PUT /v5/{project_id}/webtamper/{host_id}/policy

**Table 1** Path Parameters
Parameter	Mandatory	Type	Description
project_id	Yes	String	Definition Project ID, which is used to specify the project that an asset belongs to. After the project ID is configured, you can query assets in the project using the project ID. For details about how to obtain it, see Obtaining a Project ID. Constraints N/A Range The value can contain 1 to 256 characters. Default Value N/A
host_id	Yes	String	Definition Server ID. For this parameter to be valid, the server must be protected by WTP. Constraints You need to use the ListWtpProtectHost API to query the protection status list of WTP servers. In the response body of the ListWtpProtectHost API, the host_id of the server whose protect_status is opened, open_failed, protection_pause, or partial_protection is the ID of the server that meets the modification conditions. Range Length: 1 to 256 characters Default Value N/A

**Table 2** Query Parameters
Parameter	Mandatory	Type	Description
enterprise_project_id	No	String	Definition Enterprise project ID, which is used to filter assets in different enterprise projects. For details, see Obtaining an Enterprise Project ID. To query assets in all enterprise projects, set this parameter to all_granted_eps. Constraints You need to set this parameter only after the enterprise project function is enabled. Range The value can contain 1 to 256 characters. Default Value 0: default enterprise project.

Request Parameters

**Table 3** Request header parameters
Parameter	Mandatory	Type	Description
X-Auth-Token	Yes	String	Definition User token, which contains user identity and permissions. The token can be used for identity authentication when an API is called. For details about how to obtain the token, see Obtaining a User Token. Constraints N/A Range The value can contain 1 to 32,768 characters. Default Value N/A

**Table 4** Request body parameters
Parameter	Mandatory	Type	Description
protect_dir_info	Yes	WebTamperProtectDirRequestInfo object	Protected directory information.
enable_timing_off	No	Boolean	Definition Scheduled protection switch status. Constraints N/A Range True: Enable scheduled unprotection. timing_off_config_info must be specified. False: Disable scheduled unprotection. timing_off_config_info does not need to be specified. Default Value False
timing_off_config_info	No	WebTamperTimingOffConfigInfoRequestInfo object	Details of the scheduled switch configuration.
enable_rasp_protect	No	Boolean	Definition Whether to enable dynamic web tamper protection. This parameter is supported only for Linux servers. Constraints Dynamic web tamper protection can be enabled only for Linux servers. This parameter cannot be set for Windows servers. Range True: Dynamic web tamper protection is enabled. rasp_path must be set. False: Dynamic web tamper protection is disabled. rasp_path does not need to be set. Default Value False
rasp_path	No	String	Definition Tomcat bin directory of dynamic WTP. This parameter is supported only for Linux servers. Constraints The Tomcat bin directory of dynamic WTP can be configured only for Linux servers. This parameter cannot be set for Windows servers. Range Length: 1 to 256 characters. The value must start with a slash (/) and cannot end with a slash (/). Only letters, numbers, underscores (_), hyphens (-), and periods (.) are allowed. Default Value N/A
enable_privileged_process	No	Boolean	Definition Privileged process status. Constraints N/A Range True: The privileged process is enabled. privileged_process_info must be set. False: Privileged processes are disabled. privileged_process_info does not need to be set. Default Value False
privileged_process_info	No	WebTamperPrivilegedProcessRequestInfo object	Privileged process configuration details.

**Table 5** WebTamperProtectDirRequestInfo
Parameter	Mandatory	Type	Description
protect_dir_list	Yes	Array of WebTamperProtectHostDirRequestInfo objects	Definition List of protected directories. Constraints N/A Range 1 to 50 items Default Value N/A
exclude_file_type	No	String	Definition Excluded file types. Constraints N/A Range The file type can contain only letters and numbers. A maximum of 10 file types can be added. Each file type can contain a maximum of 10 characters. Multiple file types are separated by semicolons (;). Default Value N/A
protect_mode	No	String	Definition Protection mode. Only Linux servers support the alarm mode. Windows servers only support the interception mode. Constraints N/A Range recovery: Interception mode alarm: Alarm mode. Only Linux servers are supported. Default Value recovery

**Table 6** WebTamperProtectHostDirRequestInfo
Parameter	Mandatory	Type	Description
protect_dir	Yes	String	Definition Protected directory. Constraints N/A Range Length: 1 to 256 characters For Linux servers, the value must start with a slash (/) and cannot end with a slash (/). Only letters, numbers, underscores (_), hyphens (-), and periods (.) are allowed. For Windows servers, the directory name cannot start with a space or end with a backslash (), and cannot contain the following special characters: ;/?"<>\| Default Value* N/A
exclude_child_dir	No	String	Definition Excluded subdirectory. Constraints N/A Range A subdirectory must be a relative path under the protected directory. A subdirectory can be up to 256 characters long. Up to 10 subdirectories are allowed. Use semicolons (;) to separate them. A subdirectory name on a Linux server cannot start or end with a slash (/). A subdirectory name on a Windows server cannot start or end with a backslash (). Default Value N/A
exclude_file_path	No	String	Definition Excluded file path. Constraints An excluded file path can only be set for Linux servers. Range An excluded file path must be a relative path under the protected directory. It can be up to 256 characters long, and cannot start or end with a slash (/). Up to 50 paths are allowed. Use semicolons (;) to separate them. Default Value N/A
local_backup_dir	No	String	Definition A local backup path is required for Linux servers. Constraints A local backup path can only be set for Linux servers. Range A local backup path cannot contain semicolons (;), start with a space, or end with a slash (/). Up to 256 characters are allowed. Default Value N/A

**Table 7** WebTamperTimingOffConfigInfoRequestInfo
Parameter	Mandatory	Type	Description
week_off_list	No	Array of integers	Definition List of automatic protection periods. Constraints N/A Range 1 to 7 items Default Value N/A
timing_range_list	No	Array of TimingRangeConfigRequestInfo objects	Definition Automatic unprotection period. Constraints N/A Range 1 to 5 items Default Value N/A

**Table 8** TimingRangeConfigRequestInfo
Parameter	Mandatory	Type	Description
time_range	No	String	Definition Time range during which protection is automatically disabled. The start time and end time are separated by a hyphen (-), for example, 15:00-15:30. Constraints A time range must be at least 5 minutes. Time ranges (except for those starting at 00:00 or ending at 23:59) cannot overlap and must have at least a 5-minute interval. Range Length: 0 to 20 characters Default Value N/A
description	No	String	Definition Description of the automatic unprotection period. Constraints N/A Range Length: 0 to 20 characters Default Value** N/A

**Table 9** WebTamperPrivilegedProcessRequestInfo
Parameter	Mandatory	Type	Description
privileged_process_path_list	No	Array of strings	Definition List of privileged process file paths. Constraints N/A Range 0 to 10 items Default Value N/A
privileged_child_status	No	Boolean	Definition Trustworthy status of a privileged process and its subprocesses. Constraints N/A Range True: The sub-processes of privileged processes are trusted. False: The sub-processes of privileged processes are not trusted. Default Value False

Response Parameters

Status code: 200

Request succeeded.

None

Example Requests

Edit a web tamper protection policy.

PUT https://{endpoint}/v5/{project_id}/webtamper/{host_id}/policy

{
  "protect_dir_info" : {
    "protect_dir_list" : [ {
      "local_backup_dir" : "/root/test2",
      "protect_dir" : "/root/test1"
    }, {
      "exclude_child_dir" : "pro",
      "exclude_file_path" : "path",
      "local_backup_dir" : "/root/test4",
      "protect_dir" : "/root/test3"
    } ],
    "exclude_file_type" : "log;pid;text",
    "protect_mode" : "recovery"
  },
  "enable_timing_off" : true,
  "enable_privileged_process" : true,
  "enable_rasp_protect" : true,
  "timing_off_config_info" : {
    "week_off_list" : [ 5, 7 ],
    "timing_range_list" : [ {
      "time_range" : "02:00-04:00",
      "description" : "close"
    }, {
      "time_range" : "12:05-14:00"
    } ]
  },
  "privileged_process_info" : {
    "privileged_process_path_list" : [ "/usr/bin/echo" ],
    "privileged_child_status" : true
  },
  "rasp_path" : "/usr/bin/tomcat/bin"
}

Example Responses

None

SDK Sample Code

The SDK sample code is as follows.

Edit a web tamper protection policy.

      
       
         
         
           package com.huaweicloud.sdk.test;

import com.huaweicloud.sdk.core.auth.ICredential;
import com.huaweicloud.sdk.core.auth.BasicCredentials;
import com.huaweicloud.sdk.core.exception.ConnectionException;
import com.huaweicloud.sdk.core.exception.RequestTimeoutException;
import com.huaweicloud.sdk.core.exception.ServiceResponseException;
import com.huaweicloud.sdk.hss.v5.region.HssRegion;
import com.huaweicloud.sdk.hss.v5.*;
import com.huaweicloud.sdk.hss.v5.model.*;

import java.util.List;
import java.util.ArrayList;

public class UpdateWebTamperHostPolicySolution {

    public static void main(String[] args) {
        // The AK and SK used for authentication are hard-coded or stored in plaintext, which has great security risks. It is recommended that the AK and SK be stored in ciphertext in configuration files or environment variables and decrypted during use to ensure security.
        // In this example, AK and SK are stored in environment variables for authentication. Before running this example, set environment variables CLOUD_SDK_AK and CLOUD_SDK_SK in the local environment
        String ak = System.getenv("CLOUD_SDK_AK");
        String sk = System.getenv("CLOUD_SDK_SK");
        String projectId = "{project_id}";

        ICredential auth = new BasicCredentials()
                .withProjectId(projectId)
                .withAk(ak)
                .withSk(sk);

        HssClient client = HssClient.newBuilder()
                .withCredential(auth)
                .withRegion(HssRegion.valueOf("<YOUR REGION>"))
                .build();
        UpdateWebTamperHostPolicyRequest request = new UpdateWebTamperHostPolicyRequest();
        request.withHostId("{host_id}");
        UpdateWebTamperHostPolicyRequestInfo body = new UpdateWebTamperHostPolicyRequestInfo();
        List<String> listPrivilegedProcessInfoPrivilegedProcessPathList = new ArrayList<>();
        listPrivilegedProcessInfoPrivilegedProcessPathList.add("/usr/bin/echo");
        WebTamperPrivilegedProcessRequestInfo privilegedProcessInfobody = new WebTamperPrivilegedProcessRequestInfo();
        privilegedProcessInfobody.withPrivilegedProcessPathList(listPrivilegedProcessInfoPrivilegedProcessPathList)
            .withPrivilegedChildStatus(true);
        List<TimingRangeConfigRequestInfo> listTimingOffConfigInfoTimingRangeList = new ArrayList<>();
        listTimingOffConfigInfoTimingRangeList.add(
            new TimingRangeConfigRequestInfo()
                .withTimeRange("02:00-04:00")
                .withDescription("close")
        );
        listTimingOffConfigInfoTimingRangeList.add(
            new TimingRangeConfigRequestInfo()
                .withTimeRange("12:05-14:00")
        );
        List<Integer> listTimingOffConfigInfoWeekOffList = new ArrayList<>();
        listTimingOffConfigInfoWeekOffList.add(5);
        listTimingOffConfigInfoWeekOffList.add(7);
        WebTamperTimingOffConfigInfoRequestInfo timingOffConfigInfobody = new WebTamperTimingOffConfigInfoRequestInfo();
        timingOffConfigInfobody.withWeekOffList(listTimingOffConfigInfoWeekOffList)
            .withTimingRangeList(listTimingOffConfigInfoTimingRangeList);
        List<WebTamperProtectHostDirRequestInfo> listProtectDirInfoProtectDirList = new ArrayList<>();
        listProtectDirInfoProtectDirList.add(
            new WebTamperProtectHostDirRequestInfo()
                .withProtectDir("/root/test1")
                .withLocalBackupDir("/root/test2")
        );
        listProtectDirInfoProtectDirList.add(
            new WebTamperProtectHostDirRequestInfo()
                .withProtectDir("/root/test3")
                .withExcludeChildDir("pro")
                .withExcludeFilePath("path")
                .withLocalBackupDir("/root/test4")
        );
        WebTamperProtectDirRequestInfo protectDirInfobody = new WebTamperProtectDirRequestInfo();
        protectDirInfobody.withProtectDirList(listProtectDirInfoProtectDirList)
            .withExcludeFileType("log;pid;text")
            .withProtectMode("recovery");
        body.withPrivilegedProcessInfo(privilegedProcessInfobody);
        body.withEnablePrivilegedProcess(true);
        body.withRaspPath("/usr/bin/tomcat/bin");
        body.withEnableRaspProtect(true);
        body.withTimingOffConfigInfo(timingOffConfigInfobody);
        body.withEnableTimingOff(true);
        body.withProtectDirInfo(protectDirInfobody);
        request.withBody(body);
        try {
            UpdateWebTamperHostPolicyResponse response = client.updateWebTamperHostPolicy(request);
            System.out.println(response.toString());
        } catch (ConnectionException e) {
            e.printStackTrace();
        } catch (RequestTimeoutException e) {
            e.printStackTrace();
        } catch (ServiceResponseException e) {
            e.printStackTrace();
            System.out.println(e.getHttpStatusCode());
            System.out.println(e.getRequestId());
            System.out.println(e.getErrorCode());
            System.out.println(e.getErrorMsg());
        }
    }
}

          

        

      
     

Edit a web tamper protection policy.

      
       
         
         
           # coding: utf-8

import os
from huaweicloudsdkcore.auth.credentials import BasicCredentials
from huaweicloudsdkhss.v5.region.hss_region import HssRegion
from huaweicloudsdkcore.exceptions import exceptions
from huaweicloudsdkhss.v5 import *

if __name__ == "__main__":
    # The AK and SK used for authentication are hard-coded or stored in plaintext, which has great security risks. It is recommended that the AK and SK be stored in ciphertext in configuration files or environment variables and decrypted during use to ensure security.
    # In this example, AK and SK are stored in environment variables for authentication. Before running this example, set environment variables CLOUD_SDK_AK and CLOUD_SDK_SK in the local environment
    ak = os.environ["CLOUD_SDK_AK"]
    sk = os.environ["CLOUD_SDK_SK"]
    projectId = "{project_id}"

    credentials = BasicCredentials(ak, sk, projectId)

    client = HssClient.new_builder() \
        .with_credentials(credentials) \
        .with_region(HssRegion.value_of("<YOUR REGION>")) \
        .build()

    try:
        request = UpdateWebTamperHostPolicyRequest()
        request.host_id = "{host_id}"
        listPrivilegedProcessPathListPrivilegedProcessInfo = [
            "/usr/bin/echo"
        ]
        privilegedProcessInfobody = WebTamperPrivilegedProcessRequestInfo(
            privileged_process_path_list=listPrivilegedProcessPathListPrivilegedProcessInfo,
            privileged_child_status=True
        )
        listTimingRangeListTimingOffConfigInfo = [
            TimingRangeConfigRequestInfo(
                time_range="02:00-04:00",
                description="close"
            ),
            TimingRangeConfigRequestInfo(
                time_range="12:05-14:00"
            )
        ]
        listWeekOffListTimingOffConfigInfo = [
            5,
            7
        ]
        timingOffConfigInfobody = WebTamperTimingOffConfigInfoRequestInfo(
            week_off_list=listWeekOffListTimingOffConfigInfo,
            timing_range_list=listTimingRangeListTimingOffConfigInfo
        )
        listProtectDirListProtectDirInfo = [
            WebTamperProtectHostDirRequestInfo(
                protect_dir="/root/test1",
                local_backup_dir="/root/test2"
            ),
            WebTamperProtectHostDirRequestInfo(
                protect_dir="/root/test3",
                exclude_child_dir="pro",
                exclude_file_path="path",
                local_backup_dir="/root/test4"
            )
        ]
        protectDirInfobody = WebTamperProtectDirRequestInfo(
            protect_dir_list=listProtectDirListProtectDirInfo,
            exclude_file_type="log;pid;text",
            protect_mode="recovery"
        )
        request.body = UpdateWebTamperHostPolicyRequestInfo(
            privileged_process_info=privilegedProcessInfobody,
            enable_privileged_process=True,
            rasp_path="/usr/bin/tomcat/bin",
            enable_rasp_protect=True,
            timing_off_config_info=timingOffConfigInfobody,
            enable_timing_off=True,
            protect_dir_info=protectDirInfobody
        )
        response = client.update_web_tamper_host_policy(request)
        print(response)
    except exceptions.ClientRequestException as e:
        print(e.status_code)
        print(e.request_id)
        print(e.error_code)
        print(e.error_msg)

          

        

      
     

Edit a web tamper protection policy.

      
       
         
         
           package main

import (
	"fmt"
	"github.com/huaweicloud/huaweicloud-sdk-go-v3/core/auth/basic"
    hss "github.com/huaweicloud/huaweicloud-sdk-go-v3/services/hss/v5"
	"github.com/huaweicloud/huaweicloud-sdk-go-v3/services/hss/v5/model"
    region "github.com/huaweicloud/huaweicloud-sdk-go-v3/services/hss/v5/region"
)

func main() {
    // The AK and SK used for authentication are hard-coded or stored in plaintext, which has great security risks. It is recommended that the AK and SK be stored in ciphertext in configuration files or environment variables and decrypted during use to ensure security.
    // In this example, AK and SK are stored in environment variables for authentication. Before running this example, set environment variables CLOUD_SDK_AK and CLOUD_SDK_SK in the local environment
    ak := os.Getenv("CLOUD_SDK_AK")
    sk := os.Getenv("CLOUD_SDK_SK")
    projectId := "{project_id}"

    auth := basic.NewCredentialsBuilder().
        WithAk(ak).
        WithSk(sk).
        WithProjectId(projectId).
        Build()

    client := hss.NewHssClient(
        hss.HssClientBuilder().
            WithRegion(region.ValueOf("<YOUR REGION>")).
            WithCredential(auth).
            Build())

    request := &model.UpdateWebTamperHostPolicyRequest{}
	request.HostId = "{host_id}"
	var listPrivilegedProcessPathListPrivilegedProcessInfo = []string{
        "/usr/bin/echo",
    }
	privilegedChildStatusPrivilegedProcessInfo:= true
	privilegedProcessInfobody := &model.WebTamperPrivilegedProcessRequestInfo{
		PrivilegedProcessPathList: &listPrivilegedProcessPathListPrivilegedProcessInfo,
		PrivilegedChildStatus: &privilegedChildStatusPrivilegedProcessInfo,
	}
	timeRangeTimingRangeList:= "02:00-04:00"
	descriptionTimingRangeList:= "close"
	timeRangeTimingRangeList1:= "12:05-14:00"
	var listTimingRangeListTimingOffConfigInfo = []model.TimingRangeConfigRequestInfo{
        {
            TimeRange: &timeRangeTimingRangeList,
            Description: &descriptionTimingRangeList,
        },
        {
            TimeRange: &timeRangeTimingRangeList1,
        },
    }
	var listWeekOffListTimingOffConfigInfo = []int32{
        int32(5),
	    int32(7),
    }
	timingOffConfigInfobody := &model.WebTamperTimingOffConfigInfoRequestInfo{
		WeekOffList: &listWeekOffListTimingOffConfigInfo,
		TimingRangeList: &listTimingRangeListTimingOffConfigInfo,
	}
	localBackupDirProtectDirList:= "/root/test2"
	excludeChildDirProtectDirList:= "pro"
	excludeFilePathProtectDirList:= "path"
	localBackupDirProtectDirList1:= "/root/test4"
	var listProtectDirListProtectDirInfo = []model.WebTamperProtectHostDirRequestInfo{
        {
            ProtectDir: "/root/test1",
            LocalBackupDir: &localBackupDirProtectDirList,
        },
        {
            ProtectDir: "/root/test3",
            ExcludeChildDir: &excludeChildDirProtectDirList,
            ExcludeFilePath: &excludeFilePathProtectDirList,
            LocalBackupDir: &localBackupDirProtectDirList1,
        },
    }
	excludeFileTypeProtectDirInfo:= "log;pid;text"
	protectModeProtectDirInfo:= "recovery"
	protectDirInfobody := &model.WebTamperProtectDirRequestInfo{
		ProtectDirList: listProtectDirListProtectDirInfo,
		ExcludeFileType: &excludeFileTypeProtectDirInfo,
		ProtectMode: &protectModeProtectDirInfo,
	}
	enablePrivilegedProcessUpdateWebTamperHostPolicyRequestInfo:= true
	raspPathUpdateWebTamperHostPolicyRequestInfo:= "/usr/bin/tomcat/bin"
	enableRaspProtectUpdateWebTamperHostPolicyRequestInfo:= true
	enableTimingOffUpdateWebTamperHostPolicyRequestInfo:= true
	request.Body = &model.UpdateWebTamperHostPolicyRequestInfo{
		PrivilegedProcessInfo: privilegedProcessInfobody,
		EnablePrivilegedProcess: &enablePrivilegedProcessUpdateWebTamperHostPolicyRequestInfo,
		RaspPath: &raspPathUpdateWebTamperHostPolicyRequestInfo,
		EnableRaspProtect: &enableRaspProtectUpdateWebTamperHostPolicyRequestInfo,
		TimingOffConfigInfo: timingOffConfigInfobody,
		EnableTimingOff: &enableTimingOffUpdateWebTamperHostPolicyRequestInfo,
		ProtectDirInfo: protectDirInfobody,
	}
	response, err := client.UpdateWebTamperHostPolicy(request)
	if err == nil {
        fmt.Printf("%+v\n", response)
    } else {
        fmt.Println(err)
    }
}

          

        

      
     