Help Center/ Web Application Firewall/ API Reference/ APIs/ Rule Management/ Querying Global Protection Whitelist (Formerly False Alarm Masking) Rules

Updated on 2024-07-02 GMT+08:00

Online Debugging

CLI Examples

View PDF

Querying Global Protection Whitelist (Formerly False Alarm Masking) Rules

Function

Calling Method

For details, see Calling APIs.

URI

GET /v1/{project_id}/waf/policy/{policy_id}/ignore

**Table 1** Path Parameters
Parameter	Mandatory	Type	Description
project_id	Yes	String	Project ID. To obtain it, go to Huawei Cloud management cons. Then, in the Projects area, view Project ID** of the corresponding project.
policy_id	Yes	String	Policy ID. It can be obtained by calling the ListPolicy API.

**Table 2** Query Parameters
Parameter	Mandatory	Type	Description
enterprise_project_id	No	String	You can obtain the ID by calling the ListEnterpriseProject API of EPS.
page	No	Integer	Page number of the data to be returned during pagination query. The default value is 1, indicating that the data on the first page is returned.
pagesize	No	Integer	Number of results on each page during pagination query. Value range: 1 to 100. The default value is 10, indicating that each page contains 10 results.

Request Parameters

**Table 3** Request header parameters
Parameter	Mandatory	Type	Description
X-Auth-Token	Yes	String	User token. It can be obtained by calling the IAM API (value of X-Subject-Token in the response header).
Content-Type	Yes	String	Content type.

Response Parameters

Status code: 200

**Table 4** Response body parameters
Parameter	Type	Description
total	Integer	The number of global protection whitelist (formerly false alarm masking) rules in the protection policy.
items	Array of IgnoreRuleBody objects	Domain names the global protection whitelist (formerly false alarm masking) rule is used for.

**Table 5** IgnoreRuleBody
Parameter	Type	Description
id	String	Rule ID
policyid	String	ID of the protection policy that includes the rule
timestamp	Long	Timestamp the rule was created.
description	String	Rule description
status	Integer	Rule status. The value can be 0 or 1. 0: The rule is disabled. 1: The rule is enabled.
url	String	The path for false masking alarms. This parameter is available only when mode is set to 0.
rule	String	Rules to be masked If you want to block a specific built-in rule, the value of this parameter is the rule ID. To query the rule ID, go to the WAF console, choose Policies and click the target policy name. On the displayed page, in the Basic Web Protection area, select the Protection Rules tab, and view the ID of the specific rule. You can also query the rule ID in the event details. If you want to mask a type of basic web protection rules, set this parameter to the name of the type of basic web protection rules. xss: XSS attacks webshell: Web shells vuln: Other types of attacks sqli: SQL injection attack robot: Malicious crawlers rfi: Remote file inclusion lfi: Local file inclusion cmdi: Command injection attack To bypass the basic web protection, set this parameter to all. To bypass all WAF protection, set this parameter to bypass.
mode	Integer	Version number. The value 0 indicates the old version V1, and the value 1 indicates the new version V2. If the value of mode is 0, the conditions field does not exist, and the url and url_logic fields exist. When the value of mode is 1, the url and url_logic fields do not exist, and the conditions field exists.
url_logic	String	Matching logic. The value can be equal, not_equal, contain, not_contain, prefix, not_prefix, suffix, not_suffix.
conditions	Array of Condition objects	Condition list
domain	Array of strings	Protecting Domain Names or Protecting Websites
advanced	Array of Advanced objects	Advanced settings. The current parameter type is incorrect. Ignore this parameter. If the parameter type is correct, see the update interface. The parameter type will be corrected later.

**Table 6** Condition
Parameter	Type	Description
category	String	Field type. The value can be ip, url, params, cookie, or header.
contents	Array of strings	Content. The array length must be 1. The content format varies depending on field types. For example, if the field type is ip, the value must be an IP address or IP address range. If the field type is url, the value must be a URL in standard format. If the field type is params, cookie, or header, the content format is not limited.
logic_operation	String	The matching logic varies depending on the field type. For example, if the field type is ip, the logic can be equal or not_equal. If the field type is url, params, cookie, or header, the logic can be equal, not_equal, contain, not_contain, prefix, not_prefix, suffix, not_suffix.
check_all_indexes_logic	Integer	This parameter is reserved and can be ignored.
index	String	If the field type is ip and the subfield is the client IP address, the index parameter does not exist. If the subfield type is X-Forwarded-For, the value is x-forwarded-for. If the field type is params, header, or cookie, and the subfield is user-defined, the value of index is the user-defined subfield.

**Table 7** Advanced
Parameter	Type	Description
index	String	Field type. The following field types are supported: params, cookie, header, body, and multipart. If you select params, cookie, or header, you can select All or configure subfields you need. If you select body or multipart, you can select All**.
contensts	Array of strings	Subfield of the specified field type. The default value is all.

Status code: 400

**Table 8** Response body parameters
Parameter	Type	Description
error_code	String	Error code.
error_msg	String	Error message.

Status code: 401

**Table 9** Response body parameters
Parameter	Type	Description
error_code	String	Error code.
error_msg	String	Error message.

Status code: 403

**Table 10** Response body parameters
Parameter	Type	Description
error_code	String	Error code.
error_msg	String	Error message.

Status code: 500

**Table 11** Response body parameters
Parameter	Type	Description
error_code	String	Error code.
error_msg	String	Error message.

Example Requests

The following example shows how to query the global whitelist protect (the formerly false alarm masking) rule list. Details about the query are specified by project_id and policy_id.

GET https://{Endpoint}/v1/{project_id}/waf/policy/{policy_id}/ignore?enterprise_project_id=0&page=1&pagesize=10

Example Responses

Status code: 200

{
  "total" : 1,
  "items" : [ {
    "id" : "40484384970948d79fffe4e4ae1fc54d",
    "policyid" : "f385eceedf7c4c34a4d1def19eafbe85",
    "timestamp" : 1650512535222,
    "description" : "demo",
    "status" : 1,
    "rule" : "091004",
    "mode" : 1,
    "conditions" : [ {
      "category" : "ip",
      "contents" : [ "x.x.x.x" ],
      "logic_operation" : "equal"
    } ],
    "domain" : [ "we.test.418lab.cn" ]
  } ]
}

SDK Sample Code

The SDK sample code is as follows.

      
       
         
         
           package com.huaweicloud.sdk.test;

import com.huaweicloud.sdk.core.auth.ICredential;
import com.huaweicloud.sdk.core.auth.BasicCredentials;
import com.huaweicloud.sdk.core.exception.ConnectionException;
import com.huaweicloud.sdk.core.exception.RequestTimeoutException;
import com.huaweicloud.sdk.core.exception.ServiceResponseException;
import com.huaweicloud.sdk.waf.v1.region.WafRegion;
import com.huaweicloud.sdk.waf.v1.*;
import com.huaweicloud.sdk.waf.v1.model.*;


public class ListIgnoreRuleSolution {

    public static void main(String[] args) {
        // The AK and SK used for authentication are hard-coded or stored in plaintext, which has great security risks. It is recommended that the AK and SK be stored in ciphertext in configuration files or environment variables and decrypted during use to ensure security.
        // In this example, AK and SK are stored in environment variables for authentication. Before running this example, set environment variables CLOUD_SDK_AK and CLOUD_SDK_SK in the local environment
        String ak = System.getenv("CLOUD_SDK_AK");
        String sk = System.getenv("CLOUD_SDK_SK");
        String projectId = "{project_id}";

        ICredential auth = new BasicCredentials()
                .withProjectId(projectId)
                .withAk(ak)
                .withSk(sk);

        WafClient client = WafClient.newBuilder()
                .withCredential(auth)
                .withRegion(WafRegion.valueOf("<YOUR REGION>"))
                .build();
        ListIgnoreRuleRequest request = new ListIgnoreRuleRequest();
        request.withPolicyId("{policy_id}");
        try {
            ListIgnoreRuleResponse response = client.listIgnoreRule(request);
            System.out.println(response.toString());
        } catch (ConnectionException e) {
            e.printStackTrace();
        } catch (RequestTimeoutException e) {
            e.printStackTrace();
        } catch (ServiceResponseException e) {
            e.printStackTrace();
            System.out.println(e.getHttpStatusCode());
            System.out.println(e.getRequestId());
            System.out.println(e.getErrorCode());
            System.out.println(e.getErrorMsg());
        }
    }
}

          

        

      
     

      
       
         
         
           # coding: utf-8

import os
from huaweicloudsdkcore.auth.credentials import BasicCredentials
from huaweicloudsdkwaf.v1.region.waf_region import WafRegion
from huaweicloudsdkcore.exceptions import exceptions
from huaweicloudsdkwaf.v1 import *

if __name__ == "__main__":
    # The AK and SK used for authentication are hard-coded or stored in plaintext, which has great security risks. It is recommended that the AK and SK be stored in ciphertext in configuration files or environment variables and decrypted during use to ensure security.
    # In this example, AK and SK are stored in environment variables for authentication. Before running this example, set environment variables CLOUD_SDK_AK and CLOUD_SDK_SK in the local environment
    ak = os.environ["CLOUD_SDK_AK"]
    sk = os.environ["CLOUD_SDK_SK"]
    projectId = "{project_id}"

    credentials = BasicCredentials(ak, sk, projectId)

    client = WafClient.new_builder() \
        .with_credentials(credentials) \
        .with_region(WafRegion.value_of("<YOUR REGION>")) \
        .build()

    try:
        request = ListIgnoreRuleRequest()
        request.policy_id = "{policy_id}"
        response = client.list_ignore_rule(request)
        print(response)
    except exceptions.ClientRequestException as e:
        print(e.status_code)
        print(e.request_id)
        print(e.error_code)
        print(e.error_msg)

          

        

      
     

      
       
         
         
           package main

import (
	"fmt"
	"github.com/huaweicloud/huaweicloud-sdk-go-v3/core/auth/basic"
    waf "github.com/huaweicloud/huaweicloud-sdk-go-v3/services/waf/v1"
	"github.com/huaweicloud/huaweicloud-sdk-go-v3/services/waf/v1/model"
    region "github.com/huaweicloud/huaweicloud-sdk-go-v3/services/waf/v1/region"
)

func main() {
    // The AK and SK used for authentication are hard-coded or stored in plaintext, which has great security risks. It is recommended that the AK and SK be stored in ciphertext in configuration files or environment variables and decrypted during use to ensure security.
    // In this example, AK and SK are stored in environment variables for authentication. Before running this example, set environment variables CLOUD_SDK_AK and CLOUD_SDK_SK in the local environment
    ak := os.Getenv("CLOUD_SDK_AK")
    sk := os.Getenv("CLOUD_SDK_SK")
    projectId := "{project_id}"

    auth := basic.NewCredentialsBuilder().
        WithAk(ak).
        WithSk(sk).
        WithProjectId(projectId).
        Build()

    client := waf.NewWafClient(
        waf.WafClientBuilder().
            WithRegion(region.ValueOf("<YOUR REGION>")).
            WithCredential(auth).
            Build())

    request := &model.ListIgnoreRuleRequest{}
	request.PolicyId = "{policy_id}"
	response, err := client.ListIgnoreRule(request)
	if err == nil {
        fmt.Printf("%+v\n", response)
    } else {
        fmt.Println(err)
    }
}

          

        

      
     