Help Center/ Web Application Firewall/ API Reference/ APIs/ Rule Management/ Querying the List of Global Protection Whitelist (Formerly False Alarm Masking) Rules

Updated on 2024-07-02 GMT+08:00

Online Debugging

CLI Examples

View PDF

Querying the List of Global Protection Whitelist (Formerly False Alarm Masking) Rules

Function

This API is used to query the list of global protection whitelist (formerly false alarm masking) rules.

Calling Method

For details, see Calling APIs.

URI

GET /v1/{project_id}/waf/policy/{policy_id}/ignore/{rule_id}

**Table 1** Path Parameters
Parameter	Mandatory	Type	Description
project_id	Yes	String	Project ID. To obtain it, go to Huawei Cloud management console and hover the cursor over your username. On the displayed window, choose My Credentials. Then, in the Projects area, view Project ID of the corresponding project.
policy_id	Yes	String	Policy ID. It can be obtained by calling the ListPolicy API.
rule_id	Yes	String	ID of a false alarm masking rule. You can obtain the rule ID from the id field in the response body of the ListIgnoreRule API, which is used for querying false alarm masking rules.

**Table 2** Query Parameters
Parameter	Mandatory	Type	Description
enterprise_project_id	No	String	You can obtain the ID by calling the ListEnterpriseProject API of EPS.

Request Parameters

**Table 3** Request header parameters
Parameter	Mandatory	Type	Description
X-Auth-Token	Yes	String	User token. It can be obtained by calling the IAM API (value of X-Subject-Token in the response header).
Content-Type	Yes	String	Content type.

Response Parameters

Status code: 200

**Table 4** Response body parameters
Parameter	Type	Description
id	String	Rule ID.
policyid	String	Policy ID.
timestamp	Long	Timestamp the rule is created.
description	String	Rule description.
status	Integer	Rule status. The value can be 0 or 1. 0: The rule is disabled. 1: The rule is enabled.
url	String	The path for false masking alarms. This parameter is available only when mode is set to 0.
rule	String	Items to be masked. You can provide multiple items and separate them with semicolons (;). To block a specific built-in rule, set the value of this parameter to the rule ID. To query the rule ID, go to the WAF console, choose Policies and click the target policy name. On the displayed page, in the Basic Web Protection area, select the Protection Rules tab, and view the ID of the specific rule. You can also query the rule ID in the event details. To mask a type of basic web protection rules, set this parameter to the name of the basic web protection rule type. xss: XSS attacks webshell: Web shells vuln: Other types of attacks sqli: SQL injection attack robot: Malicious crawlers rfi: Remote file inclusion lfi: Local file inclusion cmdi: Command injection attack To bypass the basic web protection, set this parameter to all. To bypass all WAF protection, set this parameter to bypass.
mode	Integer	Version number. The value can be 0 or 1. 0: indicates the old version V1. 1 indicates the new version V2. When the value of mode is 0, the conditions field does not exist, but the url and url_logic fields exist. When the value of mode is 1, the url and url_logic fields do not exist, but the conditions field exists.
url_logic	String	URL match logic
conditions	Array of Condition objects	Conditions
advanced	IgnoreAdvanced object	Advanced settings
domain	Array of strings	Protected domain name or website

**Table 5** Condition
Parameter	Type	Description
category	String	Field type. The value can be ip, url, params, cookie, or header.
contents	Array of strings	Content. The array length must be 1. The content format varies depending on field types. For example, if the field type is ip, the value must be an IP address or IP address range. If the field type is url, the value must be a URL in standard format. If the field type is params, cookie, or header, the content format is not limited.
logic_operation	String	The matching logic varies depending on the field type. For example, if the field type is ip, the logic can be equal or not_equal. If the field type is url, params, cookie, or header, the logic can be equal, not_equal, contain, not_contain, prefix, not_prefix, suffix, not_suffix.
check_all_indexes_logic	Integer	This parameter is reserved and can be ignored.
index	String	If the field type is ip and the subfield is the client IP address, the index parameter does not exist. If the subfield type is X-Forwarded-For, the value is x-forwarded-for. If the field type is params, header, or cookie, and the subfield is user-defined, the value of index is the user-defined subfield.

**Table 6** IgnoreAdvanced
Parameter	Type	Description
index	String	Field type. The following field types are supported: Params, Cookie, Header, Body, and Multipart. When you select Params, Cookie, or Header, you can set this parameter to all or configure subfields as required. When you select Body or Multipart, set this parameter to all.
contents	Array of strings	Subfield of the specified field type. The default value is all.

Status code: 400

**Table 7** Response body parameters
Parameter	Type	Description
error_code	String	Error code.
error_msg	String	Error message.

Status code: 401

**Table 8** Response body parameters
Parameter	Type	Description
error_code	String	Error code.
error_msg	String	Error message.

Status code: 500

**Table 9** Response body parameters
Parameter	Type	Description
error_code	String	Error code.
error_msg	String	Error message.

Example Requests

The following example shows how to query a global whitelist protect (the formerly false alarm masking) rule. Details about the query are specified by project_id, policy_id, and rule_id.

GET https://{Endpoint}/v1/{project_id}/waf/policy/{policy_id}/ignore/{rule_id}

Example Responses

Status code: 200

Request sent.

{
  "id" : "16e81d9a9e0244359204d7f00326ee4f",
  "policyid" : "0681f69f94ac408e9688373e45a61fdb",
  "timestamp" : 1679106005786,
  "description" : "",
  "status" : 1,
  "rule" : "webshell;vuln",
  "mode" : 1,
  "conditions" : [ {
    "category" : "url",
    "contents" : [ "/test" ],
    "logic_operation" : "contain"
  } ],
  "domain" : [ ],
  "advanced" : {
    "index" : "params",
    "contents" : [ ]
  }
}

SDK Sample Code

The SDK sample code is as follows.

      
       
         
         
           package com.huaweicloud.sdk.test;

import com.huaweicloud.sdk.core.auth.ICredential;
import com.huaweicloud.sdk.core.auth.BasicCredentials;
import com.huaweicloud.sdk.core.exception.ConnectionException;
import com.huaweicloud.sdk.core.exception.RequestTimeoutException;
import com.huaweicloud.sdk.core.exception.ServiceResponseException;
import com.huaweicloud.sdk.waf.v1.region.WafRegion;
import com.huaweicloud.sdk.waf.v1.*;
import com.huaweicloud.sdk.waf.v1.model.*;


public class ShowIgnoreRuleSolution {

    public static void main(String[] args) {
        // The AK and SK used for authentication are hard-coded or stored in plaintext, which has great security risks. It is recommended that the AK and SK be stored in ciphertext in configuration files or environment variables and decrypted during use to ensure security.
        // In this example, AK and SK are stored in environment variables for authentication. Before running this example, set environment variables CLOUD_SDK_AK and CLOUD_SDK_SK in the local environment
        String ak = System.getenv("CLOUD_SDK_AK");
        String sk = System.getenv("CLOUD_SDK_SK");
        String projectId = "{project_id}";

        ICredential auth = new BasicCredentials()
                .withProjectId(projectId)
                .withAk(ak)
                .withSk(sk);

        WafClient client = WafClient.newBuilder()
                .withCredential(auth)
                .withRegion(WafRegion.valueOf("<YOUR REGION>"))
                .build();
        ShowIgnoreRuleRequest request = new ShowIgnoreRuleRequest();
        request.withPolicyId("{policy_id}");
        request.withRuleId("{rule_id}");
        try {
            ShowIgnoreRuleResponse response = client.showIgnoreRule(request);
            System.out.println(response.toString());
        } catch (ConnectionException e) {
            e.printStackTrace();
        } catch (RequestTimeoutException e) {
            e.printStackTrace();
        } catch (ServiceResponseException e) {
            e.printStackTrace();
            System.out.println(e.getHttpStatusCode());
            System.out.println(e.getRequestId());
            System.out.println(e.getErrorCode());
            System.out.println(e.getErrorMsg());
        }
    }
}

          

        

      
     

      
       
         
         
           # coding: utf-8

import os
from huaweicloudsdkcore.auth.credentials import BasicCredentials
from huaweicloudsdkwaf.v1.region.waf_region import WafRegion
from huaweicloudsdkcore.exceptions import exceptions
from huaweicloudsdkwaf.v1 import *

if __name__ == "__main__":
    # The AK and SK used for authentication are hard-coded or stored in plaintext, which has great security risks. It is recommended that the AK and SK be stored in ciphertext in configuration files or environment variables and decrypted during use to ensure security.
    # In this example, AK and SK are stored in environment variables for authentication. Before running this example, set environment variables CLOUD_SDK_AK and CLOUD_SDK_SK in the local environment
    ak = os.environ["CLOUD_SDK_AK"]
    sk = os.environ["CLOUD_SDK_SK"]
    projectId = "{project_id}"

    credentials = BasicCredentials(ak, sk, projectId)

    client = WafClient.new_builder() \
        .with_credentials(credentials) \
        .with_region(WafRegion.value_of("<YOUR REGION>")) \
        .build()

    try:
        request = ShowIgnoreRuleRequest()
        request.policy_id = "{policy_id}"
        request.rule_id = "{rule_id}"
        response = client.show_ignore_rule(request)
        print(response)
    except exceptions.ClientRequestException as e:
        print(e.status_code)
        print(e.request_id)
        print(e.error_code)
        print(e.error_msg)

          

        

      
     

      
       
         
         
           package main

import (
	"fmt"
	"github.com/huaweicloud/huaweicloud-sdk-go-v3/core/auth/basic"
    waf "github.com/huaweicloud/huaweicloud-sdk-go-v3/services/waf/v1"
	"github.com/huaweicloud/huaweicloud-sdk-go-v3/services/waf/v1/model"
    region "github.com/huaweicloud/huaweicloud-sdk-go-v3/services/waf/v1/region"
)

func main() {
    // The AK and SK used for authentication are hard-coded or stored in plaintext, which has great security risks. It is recommended that the AK and SK be stored in ciphertext in configuration files or environment variables and decrypted during use to ensure security.
    // In this example, AK and SK are stored in environment variables for authentication. Before running this example, set environment variables CLOUD_SDK_AK and CLOUD_SDK_SK in the local environment
    ak := os.Getenv("CLOUD_SDK_AK")
    sk := os.Getenv("CLOUD_SDK_SK")
    projectId := "{project_id}"

    auth := basic.NewCredentialsBuilder().
        WithAk(ak).
        WithSk(sk).
        WithProjectId(projectId).
        Build()

    client := waf.NewWafClient(
        waf.WafClientBuilder().
            WithRegion(region.ValueOf("<YOUR REGION>")).
            WithCredential(auth).
            Build())

    request := &model.ShowIgnoreRuleRequest{}
	request.PolicyId = "{policy_id}"
	request.RuleId = "{rule_id}"
	response, err := client.ShowIgnoreRule(request)
	if err == nil {
        fmt.Printf("%+v\n", response)
    } else {
        fmt.Println(err)
    }
}

          

        

      
     