Creating a Blacklist/Whitelist Rule

Function

This API is used to create a blacklist or whitelist rule.

Calling Method

For details, see Calling APIs.

URI

POST /v1/{project_id}/waf/policy/{policy_id}/whiteblackip

**Table 1** Path Parameters
Parameter	Mandatory	Type	Description
project_id	Yes	String	Project ID. To obtain it, go to Huawei Cloud management cons. Then, in the Projects area, view Project ID** of the corresponding project.
policy_id	Yes	String	Policy ID. It can be obtained by calling the ListPolicy API.

**Table 2** Query Parameters
Parameter	Mandatory	Type	Description
enterprise_project_id	No	String	You can obtain the ID by calling the ListEnterpriseProject API of EPS.

Request Parameters

**Table 3** Request header parameters
Parameter	Mandatory	Type	Description
X-Auth-Token	Yes	String	User token. It can be obtained by calling the IAM API (value of X-Subject-Token in the response header).
Content-Type	Yes	String	Content type.

**Table 4** Request body parameters
Parameter	Mandatory	Type	Description
name	Yes	String	Rue name. The value can contain a maximum of 64 characters. Only letters, digits, hyphens (-), underscores (_), and periods (.) are allowed.
addr	No	String	IP address or IP address ranges in the blacklist or whitelist rule, for example, 42.123.120.66 or 42.123.120.0/16.
description	No	String	Rule description
white	Yes	Integer	Protective action 0: WAF blocks requests that hit the rule. 1: WAF allows requests that hit the rule. 2: WAF only record requests that hit the rule.
ip_group_id	No	String	ID of the created IP address group. Use either this parameter or addr. To add an IP address group, go to the WAF console, choose Objects > Address Groups, and click Add Address Group.

Response Parameters

Status code: 200

**Table 5** Response body parameters
Parameter	Type	Description
id	String	Rule ID.
name	String	Name of the whitelist or blacklist rule.
policyid	String	Policy ID.
addr	String	IP address or IP address ranges in the blacklist or whitelist rule, for example, 42.123.120.66 or 42.123.120.0/16.
white	Integer	Protective action 0: WAF blocks requests that hit the rule. 1: WAF allows requests that hit the rule. 2: WAF only record requests that hit the rule.
ip_group	Ip_group object	IP address group.
status	Integer	Rule status. The value can be 0 or 1. 0: The rule is disabled. 1: The rule is enabled.
description	String	Rule description.
timestamp	Long	Time a rule is created. The value is a 13-digit timestamp in millisecond.

**Table 6** Ip_group
Parameter	Type	Description
id	String	ID of the IP address group.
name	String	Name of the IP address group.
size	Long	Number of IP addresses or IP address ranges in the IP address group.

Status code: 400

**Table 7** Response body parameters
Parameter	Type	Description
error_code	String	Error code.
error_msg	String	Error message.

Status code: 401

**Table 8** Response body parameters
Parameter	Type	Description
error_code	String	Error code.
error_msg	String	Error message.

Status code: 500

**Table 9** Response body parameters
Parameter	Type	Description
error_code	String	Error code.
error_msg	String	Error message.

Example Requests

The following example shows how to create a whitelist or blacklist rule in a protection policy. The project ID is specified by project_id, and the policy ID is specified by policy_id. The rule name is demo, the protective action is block, the description is demo, and the IP address of the rule is x.x.x.

POST https://{Endpoint}/v1/{project_id}/waf/policy/{policy_id}/whiteblackip?enterprise_project_id=0

{
  "name" : "demo",
  "white" : 0,
  "description" : "demo",
  "addr" : "x.x.x.x"
}

Example Responses

Status code: 200

{
  "id" : "5d43af25404341058d5ab17b7ba78b56",
  "policyid" : "38ff0cb9a10e4d5293c642bc0350fa6d",
  "name" : "demo",
  "timestamp" : 1650531872900,
  "description" : "demo",
  "status" : 1,
  "addr" : "x.x.x.x",
  "white" : 0
}

SDK Sample Code

The SDK sample code is as follows.

      
       
         
         
           package com.huaweicloud.sdk.test;

import com.huaweicloud.sdk.core.auth.ICredential;
import com.huaweicloud.sdk.core.auth.BasicCredentials;
import com.huaweicloud.sdk.core.exception.ConnectionException;
import com.huaweicloud.sdk.core.exception.RequestTimeoutException;
import com.huaweicloud.sdk.core.exception.ServiceResponseException;
import com.huaweicloud.sdk.waf.v1.region.WafRegion;
import com.huaweicloud.sdk.waf.v1.*;
import com.huaweicloud.sdk.waf.v1.model.*;


public class CreateWhiteblackipRuleSolution {

    public static void main(String[] args) {
        // The AK and SK used for authentication are hard-coded or stored in plaintext, which has great security risks. It is recommended that the AK and SK be stored in ciphertext in configuration files or environment variables and decrypted during use to ensure security.
        // In this example, AK and SK are stored in environment variables for authentication. Before running this example, set environment variables CLOUD_SDK_AK and CLOUD_SDK_SK in the local environment
        String ak = System.getenv("CLOUD_SDK_AK");
        String sk = System.getenv("CLOUD_SDK_SK");
        String projectId = "{project_id}";

        ICredential auth = new BasicCredentials()
                .withProjectId(projectId)
                .withAk(ak)
                .withSk(sk);

        WafClient client = WafClient.newBuilder()
                .withCredential(auth)
                .withRegion(WafRegion.valueOf("<YOUR REGION>"))
                .build();
        CreateWhiteblackipRuleRequest request = new CreateWhiteblackipRuleRequest();
        request.withPolicyId("{policy_id}");
        CreateWhiteBlackIpRuleRequestBody body = new CreateWhiteBlackIpRuleRequestBody();
        body.withWhite(0);
        body.withDescription("demo");
        body.withAddr("x.x.x.x");
        body.withName("demo");
        request.withBody(body);
        try {
            CreateWhiteblackipRuleResponse response = client.createWhiteblackipRule(request);
            System.out.println(response.toString());
        } catch (ConnectionException e) {
            e.printStackTrace();
        } catch (RequestTimeoutException e) {
            e.printStackTrace();
        } catch (ServiceResponseException e) {
            e.printStackTrace();
            System.out.println(e.getHttpStatusCode());
            System.out.println(e.getRequestId());
            System.out.println(e.getErrorCode());
            System.out.println(e.getErrorMsg());
        }
    }
}

          

        

      
     

      
       
         
         
           # coding: utf-8

import os
from huaweicloudsdkcore.auth.credentials import BasicCredentials
from huaweicloudsdkwaf.v1.region.waf_region import WafRegion
from huaweicloudsdkcore.exceptions import exceptions
from huaweicloudsdkwaf.v1 import *

if __name__ == "__main__":
    # The AK and SK used for authentication are hard-coded or stored in plaintext, which has great security risks. It is recommended that the AK and SK be stored in ciphertext in configuration files or environment variables and decrypted during use to ensure security.
    # In this example, AK and SK are stored in environment variables for authentication. Before running this example, set environment variables CLOUD_SDK_AK and CLOUD_SDK_SK in the local environment
    ak = os.environ["CLOUD_SDK_AK"]
    sk = os.environ["CLOUD_SDK_SK"]
    projectId = "{project_id}"

    credentials = BasicCredentials(ak, sk, projectId)

    client = WafClient.new_builder() \
        .with_credentials(credentials) \
        .with_region(WafRegion.value_of("<YOUR REGION>")) \
        .build()

    try:
        request = CreateWhiteblackipRuleRequest()
        request.policy_id = "{policy_id}"
        request.body = CreateWhiteBlackIpRuleRequestBody(
            white=0,
            description="demo",
            addr="x.x.x.x",
            name="demo"
        )
        response = client.create_whiteblackip_rule(request)
        print(response)
    except exceptions.ClientRequestException as e:
        print(e.status_code)
        print(e.request_id)
        print(e.error_code)
        print(e.error_msg)

          

        

      
     

      
       
         
         
           package main

import (
	"fmt"
	"github.com/huaweicloud/huaweicloud-sdk-go-v3/core/auth/basic"
    waf "github.com/huaweicloud/huaweicloud-sdk-go-v3/services/waf/v1"
	"github.com/huaweicloud/huaweicloud-sdk-go-v3/services/waf/v1/model"
    region "github.com/huaweicloud/huaweicloud-sdk-go-v3/services/waf/v1/region"
)

func main() {
    // The AK and SK used for authentication are hard-coded or stored in plaintext, which has great security risks. It is recommended that the AK and SK be stored in ciphertext in configuration files or environment variables and decrypted during use to ensure security.
    // In this example, AK and SK are stored in environment variables for authentication. Before running this example, set environment variables CLOUD_SDK_AK and CLOUD_SDK_SK in the local environment
    ak := os.Getenv("CLOUD_SDK_AK")
    sk := os.Getenv("CLOUD_SDK_SK")
    projectId := "{project_id}"

    auth := basic.NewCredentialsBuilder().
        WithAk(ak).
        WithSk(sk).
        WithProjectId(projectId).
        Build()

    client := waf.NewWafClient(
        waf.WafClientBuilder().
            WithRegion(region.ValueOf("<YOUR REGION>")).
            WithCredential(auth).
            Build())

    request := &model.CreateWhiteblackipRuleRequest{}
	request.PolicyId = "{policy_id}"
	descriptionCreateWhiteBlackIpRuleRequestBody:= "demo"
	addrCreateWhiteBlackIpRuleRequestBody:= "x.x.x.x"
	request.Body = &model.CreateWhiteBlackIpRuleRequestBody{
		White: int32(0),
		Description: &descriptionCreateWhiteBlackIpRuleRequestBody,
		Addr: &addrCreateWhiteBlackIpRuleRequestBody,
		Name: "demo",
	}
	response, err := client.CreateWhiteblackipRule(request)
	if err == nil {
        fmt.Printf("%+v\n", response)
    } else {
        fmt.Println(err)
    }
}

          

        

      
     