Updating a Protection Policy

Function

This API is used to update a policy. The request body can contain only the part to be updated.

Calling Method

For details, see Calling APIs.

URI

PATCH /v1/{project_id}/waf/policy/{policy_id}

**Table 1** Path Parameters
Parameter	Mandatory	Type	Description
project_id	Yes	String	Definition Project ID. To obtain it, log in to the Huawei Cloud console, click the username, choose My Credentials, and find the project ID in the Projects list. Constraints N/A Range Enter 32 characters. Only letters and digits are allowed. Default Value N/A
policy_id	Yes	String	Definition Protection policy ID. You can call the ListPolicy API to obtain the policy ID. Constraints N/A Range Enter 32 characters. Only letters and digits are allowed. Default Value N/A

**Table 2** Query Parameters
Parameter	Mandatory	Type	Description
enterprise_project_id	No	String	Definition Obtain the enterprise project ID by calling the ListEnterpriseProject API of Enterprise Project Management Service (EPS). To obtain the resource details in all enterprise projects of a user, set this parameter to all_granted_eps. Constraints N/A Range 0: the default enterprise project. all_granted_eps: all enterprise projects. A specific enterprise project ID: Enter a maximum of 36 characters. Default Value 0

Request Parameters

**Table 3** Request header parameters
Parameter	Mandatory	Type	Description
X-Auth-Token	Yes	String	Definition User token. It can be obtained by calling the IAM API (value of X-Subject-Token in the response header). Constraints N/A Range N/A Default Value N/A
Content-Type	Yes	String	Definition Content type. Constraints N/A Range N/A Default Value application/json;charset=utf8

**Table 4** Request body parameters
Parameter	Mandatory	Type	Description
name	No	String	Definition Policy name. Constraints N/A Range Policy name. Only digits, letters, and underscores (_) are allowed. Maximum length : 64 characters. Default Value N/A
level	No	Integer	Definition Basic web protection level. Constraints N/A Range 1: Low. At this level, only requests with obvious attack characteristics are blocked. If a large number of false alarms are reported, this level is recommended. 2: Medium. This is the default level, which meets web protection requirements in most scenarios. 3: Strict. At this level, WAF provides the finest granular protection and can intercept attacks with complex bypass features, such as Jolokia cyber attacks, common gateway interface (CGI) vulnerability detection, and Druid SQL injection attacks. Default Value N/A
full_detection	No	Boolean	Definition Detection mode in the precise protection rule. Constraints N/A Range false: Instant detection. If a request matches a configured precise protection rule, WAF immediately ends threat detection and blocks the request. true: Full detection. If a request matches a configured precise protection rule, WAF does not block the request immediately. Instead, WAF continues to detect other threats and then blocks the request. Default Value N/A
robot_action	No	Action object	Protective actions for each rule in anti-crawler protection.
action	No	PolicyAction object	Protective action
options	No	PolicyOption object	Whether a protection type is enabled in protection policy.
modulex_options	No	Map<String,Object>	Definition Configurations of intelligent access control protection items. Currently, this feature is still in the open beta test (OBT) phase and available only in certain sites. Constraints N/A Range N/A Default Value N/A
hosts	No	Array of strings	Definition ID array of protected domain names bound to the protection policy. (This parameter is reserved for future function expansion and can be ignored.) Constraints N/A Range N/A Default Value N/A
bind_host	No	Array of BindHost objects	Array of domain names protected with the protection policy. Compared with the hosts field, this field contains more details. This parameter cannot be edited and is reserved for extended functions. You can ignore it.
extend	No	Map<String,String>	Definition Extended field, which is used to store basic web protection configurations. For details, see the example. deep_decode: deep detection check_all_headers: header detection shiro_rememberMe_enable: Shiro decryption detection Constraints N/A Range N/A Default Value N/A

**Table 5** Action
Parameter	Mandatory	Type	Description
category	No	String	Definition Protective action information in feature anti-crawler Range log: Only logs are recorded. block: WAF blocks attacks.

**Table 6** PolicyAction
Parameter	Mandatory	Type	Description
category	No	String	Definition Basic web protection action (log: record only; block: block) Range block log
followed_action_id	No	String	Definition Attack penalty rule ID. Range N/A

**Table 7** PolicyOption
Parameter	Mandatory	Type	Description
webattack	No	Boolean	Definition Whether basic web protection is enabled. Range true false
common	No	Boolean	Definition Whether general check is enabled. Range true false
crawler	No	Boolean	Definition Reserved parameter. The value is always true and can be ignored. Range true false
crawler_engine	No	Boolean	Definition Whether the search engine is enabled. Range true false
crawler_scanner	No	Boolean	Definition Whether the anti-crawler detection is enabled. Range true false
crawler_script	No	Boolean	Definition Whether the JavaScript anti-crawler is enabled. Range true false
crawler_other	No	Boolean	Definition Whether other crawler check is enabled. Range true false
webshell	No	Boolean	Definition Whether web shell detection is enabled Range true false
cc	No	Boolean	Definition Whether the CC attack protection rule is enabled. Range true false
custom	No	Boolean	Definition Whether precise protection is enabled. Range true false
whiteblackip	No	Boolean	Definition Whether blacklist and whitelist protection is enabled. Range true false
geoip	No	Boolean	Definition Whether geolocation access control is enabled. Range true false
ignore	No	Boolean	Definition Whether false alarm masking is enabled. Range true false
privacy	No	Boolean	Definition Whether data masking is enabled. Range true false
antitamper	No	Boolean	Definition Whether the web tamper protection is enabled. Range true false
antileakage	No	Boolean	Definition Whether the information leakage prevention is enabled. Range true false
bot_enable	No	Boolean	Definition Whether the website anti-crawler function is enabled. Range true false
modulex_enabled	No	Boolean	Definition Whether CC attack protection for moduleX is enabled. This feature is in the open beta test (OBT). During the OBT, only the log only mode is supported. Range true false

**Table 8** BindHost
Parameter	Mandatory	Type	Description
id	No	String	Definition Domain name ID. Constraints N/A Range N/A Default Value N/A
hostname	No	String	Definition Domain name. Constraints N/A Range N/A Default Value N/A
waf_type	No	String	Definition Domain name mode. The value can be cloud for cloud mode or premium for dedicated mode. Constraints N/A Range cloud premium Default Value N/A
mode	No	String	Definition This parameter is required only by the dedicated mode. Constraints N/A Range N/A Default Value N/A

Response Parameters

Status code: 200

**Table 9** Response body parameters
Parameter	Type	Description
id	String	Definition Protection policy ID. Range N/A
name	String	Definition Protection policy name. Range Enter a maximum of 64 characters. Only letters, digits, underscores (_), hyphens (-), colons (:), and periods (.) are allowed.
level	Integer	Definition Basic web protection level. Range 1: Low. At this level, only requests with obvious attack characteristics are blocked. If a large number of false alarms are reported, this level is recommended. 2: Medium. This is the default level, which meets web protection requirements in most scenarios. 3: Strict. At this level, WAF provides the finest granular protection and can intercept attacks with complex bypass features, such as Jolokia cyber attacks, common gateway interface (CGI) vulnerability detection, and Druid SQL injection attacks.
full_detection	Boolean	Definition Detection mode in the precise protection rule. Range false: Instant detection. If a request matches a configured precise protection rule, WAF immediately ends threat detection and blocks the request. true: Full detection. If a request matches a configured precise protection rule, WAF does not block the request immediately. Instead, WAF continues to detect other threats and then blocks the request.
robot_action	Action object	Protective actions for each rule in anti-crawler protection.
action	PolicyAction object	Protective action
options	PolicyOption object	Whether a protection type is enabled in protection policy.
modulex_options	Map<String,Object>	Definition Configurations of intelligent access control protection items. Currently, this feature is still in the open beta test (OBT) phase and available only in certain sites. Range N/A
hosts	Array of strings	Definition ID array of protected domain names bound to a protection policy. Range N/A
bind_host	Array of BindHost objects	Array of domain names protected with the protection policy. Compared with the hosts field, this field contains more details.
extend	Map<String,String>	Definition Extended field, which is used to store the switch configuration of basic web protection. Range N/A
timestamp	Long	Definition Time the policy was created. Range N/A

**Table 10** Action
Parameter	Type	Description
category	String	Definition Protective action information in feature anti-crawler Range log: Only logs are recorded. block: WAF blocks attacks.

**Table 11** PolicyAction
Parameter	Type	Description
category	String	Definition Basic web protection action (log: record only; block: block) Range block log
followed_action_id	String	Definition Attack penalty rule ID. Range N/A

**Table 12** PolicyOption
Parameter	Type	Description
webattack	Boolean	Definition Whether basic web protection is enabled. Range true false
common	Boolean	Definition Whether general check is enabled. Range true false
crawler	Boolean	Definition Reserved parameter. The value is always true and can be ignored. Range true false
crawler_engine	Boolean	Definition Whether the search engine is enabled. Range true false
crawler_scanner	Boolean	Definition Whether the anti-crawler detection is enabled. Range true false
crawler_script	Boolean	Definition Whether the JavaScript anti-crawler is enabled. Range true false
crawler_other	Boolean	Definition Whether other crawler check is enabled. Range true false
webshell	Boolean	Definition Whether web shell detection is enabled Range true false
cc	Boolean	Definition Whether the CC attack protection rule is enabled. Range true false
custom	Boolean	Definition Whether precise protection is enabled. Range true false
whiteblackip	Boolean	Definition Whether blacklist and whitelist protection is enabled. Range true false
geoip	Boolean	Definition Whether geolocation access control is enabled. Range true false
ignore	Boolean	Definition Whether false alarm masking is enabled. Range true false
privacy	Boolean	Definition Whether data masking is enabled. Range true false
antitamper	Boolean	Definition Whether the web tamper protection is enabled. Range true false
antileakage	Boolean	Definition Whether the information leakage prevention is enabled. Range true false
bot_enable	Boolean	Definition Whether the website anti-crawler function is enabled. Range true false
modulex_enabled	Boolean	Definition Whether CC attack protection for moduleX is enabled. This feature is in the open beta test (OBT). During the OBT, only the log only mode is supported. Range true false

**Table 13** BindHost
Parameter	Type	Description
id	String	Definition Domain name ID. Constraints N/A Range N/A Default Value N/A
hostname	String	Definition Domain name. Constraints N/A Range N/A Default Value N/A
waf_type	String	Definition Domain name mode. The value can be cloud for cloud mode or premium for dedicated mode. Constraints N/A Range cloud premium Default Value N/A
mode	String	Definition This parameter is required only by the dedicated mode. Constraints N/A Range N/A Default Value N/A

Status code: 400

**Table 14** Response body parameters
Parameter	Type	Description
error_code	String	Error code.
error_msg	String	Error message.
encoded_authorization_message	String	You can call the decode-authorization-message interface of the STS service to decode the rejection reason. For details, see the STS5 joint commissioning and self-verification. This parameter is returned only when an IAM 5 authentication error occurs.
details	Array of IAM5ErrorDetails objects	The set of error messages reported when a downstream service is invoked. This parameter is returned only when an IAM 5 authentication error occurs.

**Table 15** IAM5ErrorDetails
Parameter	Type	Description
error_code	String	Error codes of the downstream service.
error_msg	String	Error messages of the downstream service.

Status code: 401

**Table 16** Response body parameters
Parameter	Type	Description
error_code	String	Error code.
error_msg	String	Error message.
encoded_authorization_message	String	You can call the decode-authorization-message interface of the STS service to decode the rejection reason. For details, see the STS5 joint commissioning and self-verification. This parameter is returned only when an IAM 5 authentication error occurs.
details	Array of IAM5ErrorDetails objects	The set of error messages reported when a downstream service is invoked. This parameter is returned only when an IAM 5 authentication error occurs.

**Table 17** IAM5ErrorDetails
Parameter	Type	Description
error_code	String	Error codes of the downstream service.
error_msg	String	Error messages of the downstream service.

Status code: 500

**Table 18** Response body parameters
Parameter	Type	Description
error_code	String	Error code.
error_msg	String	Error message.
encoded_authorization_message	String	You can call the decode-authorization-message interface of the STS service to decode the rejection reason. For details, see the STS5 joint commissioning and self-verification. This parameter is returned only when an IAM 5 authentication error occurs.
details	Array of IAM5ErrorDetails objects	The set of error messages reported when a downstream service is invoked. This parameter is returned only when an IAM 5 authentication error occurs.

**Table 19** IAM5ErrorDetails
Parameter	Type	Description
error_code	String	Error codes of the downstream service.
error_msg	String	Error messages of the downstream service.

Example Requests

The following example shows how to modify basic web protection settings, including enabling deep inspection, header inspection, and Shiro decryption check, for a specific policy in a project. The project is specified by project_id, and the policy is specified by policy_id.
```
PATCH https://{Endpoint}/v1/{project_id}/waf/policy/{policy_id}?enterprise_project_id=0

{
  "extend" : {
    "extend" : "{\"deep_decode\":true,\"check_all_headers\":true,\"shiro_rememberMe_enable\":true}"
  }
}
```
The following example shows how to disable whitelist and blacklist protection for a specific policy in a project. The project is specified by project_id, and the policy is specified by policy_id.
```
PATCH https://{Endpoint}/v1/{project_id}/waf/policy/{policy_id}?enterprise_project_id=0

{
  "options" : {
    "whiteblackip" : false
  }
}
```

Example Responses

Status code: 200

{
  "id" : "38ff0cb9a10e4d5293c642bc0350fa6d",
  "name" : "demo",
  "level" : 2,
  "action" : {
    "category" : "log"
  },
  "options" : {
    "webattack" : true,
    "common" : true,
    "crawler" : true,
    "crawler_engine" : false,
    "crawler_scanner" : true,
    "crawler_script" : false,
    "crawler_other" : false,
    "webshell" : false,
    "cc" : true,
    "custom" : true,
    "whiteblackip" : false,
    "geoip" : true,
    "ignore" : true,
    "privacy" : true,
    "antitamper" : true,
    "antileakage" : false,
    "bot_enable" : true
  },
  "hosts" : [ "c0268b883a854adc8a2cd352193b0e13" ],
  "timestamp" : 1650529538732,
  "full_detection" : false,
  "bind_host" : [ {
    "id" : "c0268b883a854adc8a2cd352193b0e13",
    "hostname" : "www.demo.com",
    "waf_type" : "cloud"
  } ]
}

SDK Sample Code

The SDK sample code is as follows.

The following example shows how to modify basic web protection settings, including enabling deep inspection, header inspection, and Shiro decryption check, for a specific policy in a project. The project is specified by project_id, and the policy is specified by policy_id.

        
         
           
           
             package com.huaweicloud.sdk.test;

import com.huaweicloud.sdk.core.auth.ICredential;
import com.huaweicloud.sdk.core.auth.BasicCredentials;
import com.huaweicloud.sdk.core.exception.ConnectionException;
import com.huaweicloud.sdk.core.exception.RequestTimeoutException;
import com.huaweicloud.sdk.core.exception.ServiceResponseException;
import com.huaweicloud.sdk.waf.v1.region.WafRegion;
import com.huaweicloud.sdk.waf.v1.*;
import com.huaweicloud.sdk.waf.v1.model.*;

import java.util.Map;
import java.util.HashMap;

public class UpdatePolicySolution {

    public static void main(String[] args) {
        // The AK and SK used for authentication are hard-coded or stored in plaintext, which has great security risks. It is recommended that the AK and SK be stored in ciphertext in configuration files or environment variables and decrypted during use to ensure security.
        // In this example, AK and SK are stored in environment variables for authentication. Before running this example, set environment variables CLOUD_SDK_AK and CLOUD_SDK_SK in the local environment
        String ak = System.getenv("CLOUD_SDK_AK");
        String sk = System.getenv("CLOUD_SDK_SK");
        String projectId = "{project_id}";

        ICredential auth = new BasicCredentials()
                .withProjectId(projectId)
                .withAk(ak)
                .withSk(sk);

        WafClient client = WafClient.newBuilder()
                .withCredential(auth)
                .withRegion(WafRegion.valueOf("<YOUR REGION>"))
                .build();
        UpdatePolicyRequest request = new UpdatePolicyRequest();
        request.withPolicyId("{policy_id}");
        UpdatePolicyRequestBody body = new UpdatePolicyRequestBody();
        Map<String, String> listbodyExtend = new HashMap<>();
        listbodyExtend.put("extend", "{"deep_decode":true,"check_all_headers":true,"shiro_rememberMe_enable":true}");
        body.withExtend(listbodyExtend);
        request.withBody(body);
        try {
            UpdatePolicyResponse response = client.updatePolicy(request);
            System.out.println(response.toString());
        } catch (ConnectionException e) {
            e.printStackTrace();
        } catch (RequestTimeoutException e) {
            e.printStackTrace();
        } catch (ServiceResponseException e) {
            e.printStackTrace();
            System.out.println(e.getHttpStatusCode());
            System.out.println(e.getRequestId());
            System.out.println(e.getErrorCode());
            System.out.println(e.getErrorMsg());
        }
    }
}

            

          

        
       

The following example shows how to disable whitelist and blacklist protection for a specific policy in a project. The project is specified by project_id, and the policy is specified by policy_id.

        
         
           
           
             package com.huaweicloud.sdk.test;

import com.huaweicloud.sdk.core.auth.ICredential;
import com.huaweicloud.sdk.core.auth.BasicCredentials;
import com.huaweicloud.sdk.core.exception.ConnectionException;
import com.huaweicloud.sdk.core.exception.RequestTimeoutException;
import com.huaweicloud.sdk.core.exception.ServiceResponseException;
import com.huaweicloud.sdk.waf.v1.region.WafRegion;
import com.huaweicloud.sdk.waf.v1.*;
import com.huaweicloud.sdk.waf.v1.model.*;


public class UpdatePolicySolution {

    public static void main(String[] args) {
        // The AK and SK used for authentication are hard-coded or stored in plaintext, which has great security risks. It is recommended that the AK and SK be stored in ciphertext in configuration files or environment variables and decrypted during use to ensure security.
        // In this example, AK and SK are stored in environment variables for authentication. Before running this example, set environment variables CLOUD_SDK_AK and CLOUD_SDK_SK in the local environment
        String ak = System.getenv("CLOUD_SDK_AK");
        String sk = System.getenv("CLOUD_SDK_SK");
        String projectId = "{project_id}";

        ICredential auth = new BasicCredentials()
                .withProjectId(projectId)
                .withAk(ak)
                .withSk(sk);

        WafClient client = WafClient.newBuilder()
                .withCredential(auth)
                .withRegion(WafRegion.valueOf("<YOUR REGION>"))
                .build();
        UpdatePolicyRequest request = new UpdatePolicyRequest();
        request.withPolicyId("{policy_id}");
        UpdatePolicyRequestBody body = new UpdatePolicyRequestBody();
        PolicyOption optionsbody = new PolicyOption();
        optionsbody.withWhiteblackip(false);
        body.withOptions(optionsbody);
        request.withBody(body);
        try {
            UpdatePolicyResponse response = client.updatePolicy(request);
            System.out.println(response.toString());
        } catch (ConnectionException e) {
            e.printStackTrace();
        } catch (RequestTimeoutException e) {
            e.printStackTrace();
        } catch (ServiceResponseException e) {
            e.printStackTrace();
            System.out.println(e.getHttpStatusCode());
            System.out.println(e.getRequestId());
            System.out.println(e.getErrorCode());
            System.out.println(e.getErrorMsg());
        }
    }
}

            

          

        
       

        
         
           
           
             # coding: utf-8

import os
from huaweicloudsdkcore.auth.credentials import BasicCredentials
from huaweicloudsdkwaf.v1.region.waf_region import WafRegion
from huaweicloudsdkcore.exceptions import exceptions
from huaweicloudsdkwaf.v1 import *

if __name__ == "__main__":
    # The AK and SK used for authentication are hard-coded or stored in plaintext, which has great security risks. It is recommended that the AK and SK be stored in ciphertext in configuration files or environment variables and decrypted during use to ensure security.
    # In this example, AK and SK are stored in environment variables for authentication. Before running this example, set environment variables CLOUD_SDK_AK and CLOUD_SDK_SK in the local environment
    ak = os.environ["CLOUD_SDK_AK"]
    sk = os.environ["CLOUD_SDK_SK"]
    projectId = "{project_id}"

    credentials = BasicCredentials(ak, sk, projectId)

    client = WafClient.new_builder() \
        .with_credentials(credentials) \
        .with_region(WafRegion.value_of("<YOUR REGION>")) \
        .build()

    try:
        request = UpdatePolicyRequest()
        request.policy_id = "{policy_id}"
        listExtendbody = {
            "extend": "{"deep_decode":true,"check_all_headers":true,"shiro_rememberMe_enable":true}"
        }
        request.body = UpdatePolicyRequestBody(
            extend=listExtendbody
        )
        response = client.update_policy(request)
        print(response)
    except exceptions.ClientRequestException as e:
        print(e.status_code)
        print(e.request_id)
        print(e.error_code)
        print(e.error_msg)

            

          

        
       

The following example shows how to disable whitelist and blacklist protection for a specific policy in a project. The project is specified by project_id, and the policy is specified by policy_id.

        
         
           
           
             # coding: utf-8

import os
from huaweicloudsdkcore.auth.credentials import BasicCredentials
from huaweicloudsdkwaf.v1.region.waf_region import WafRegion
from huaweicloudsdkcore.exceptions import exceptions
from huaweicloudsdkwaf.v1 import *

if __name__ == "__main__":
    # The AK and SK used for authentication are hard-coded or stored in plaintext, which has great security risks. It is recommended that the AK and SK be stored in ciphertext in configuration files or environment variables and decrypted during use to ensure security.
    # In this example, AK and SK are stored in environment variables for authentication. Before running this example, set environment variables CLOUD_SDK_AK and CLOUD_SDK_SK in the local environment
    ak = os.environ["CLOUD_SDK_AK"]
    sk = os.environ["CLOUD_SDK_SK"]
    projectId = "{project_id}"

    credentials = BasicCredentials(ak, sk, projectId)

    client = WafClient.new_builder() \
        .with_credentials(credentials) \
        .with_region(WafRegion.value_of("<YOUR REGION>")) \
        .build()

    try:
        request = UpdatePolicyRequest()
        request.policy_id = "{policy_id}"
        optionsbody = PolicyOption(
            whiteblackip=False
        )
        request.body = UpdatePolicyRequestBody(
            options=optionsbody
        )
        response = client.update_policy(request)
        print(response)
    except exceptions.ClientRequestException as e:
        print(e.status_code)
        print(e.request_id)
        print(e.error_code)
        print(e.error_msg)

            

          

        
       

        
         
           
           
             package main

import (
	"fmt"
	"github.com/huaweicloud/huaweicloud-sdk-go-v3/core/auth/basic"
    waf "github.com/huaweicloud/huaweicloud-sdk-go-v3/services/waf/v1"
	"github.com/huaweicloud/huaweicloud-sdk-go-v3/services/waf/v1/model"
    region "github.com/huaweicloud/huaweicloud-sdk-go-v3/services/waf/v1/region"
)

func main() {
    // The AK and SK used for authentication are hard-coded or stored in plaintext, which has great security risks. It is recommended that the AK and SK be stored in ciphertext in configuration files or environment variables and decrypted during use to ensure security.
    // In this example, AK and SK are stored in environment variables for authentication. Before running this example, set environment variables CLOUD_SDK_AK and CLOUD_SDK_SK in the local environment
    ak := os.Getenv("CLOUD_SDK_AK")
    sk := os.Getenv("CLOUD_SDK_SK")
    projectId := "{project_id}"

    auth := basic.NewCredentialsBuilder().
        WithAk(ak).
        WithSk(sk).
        WithProjectId(projectId).
        Build()

    client := waf.NewWafClient(
        waf.WafClientBuilder().
            WithRegion(region.ValueOf("<YOUR REGION>")).
            WithCredential(auth).
            Build())

    request := &model.UpdatePolicyRequest{}
	request.PolicyId = "{policy_id}"
	var listExtendbody = map[string]string{
        "extend": "{"deep_decode":true,"check_all_headers":true,"shiro_rememberMe_enable":true}",
    }
	request.Body = &model.UpdatePolicyRequestBody{
		Extend: listExtendbody,
	}
	response, err := client.UpdatePolicy(request)
	if err == nil {
        fmt.Printf("%+v\n", response)
    } else {
        fmt.Println(err)
    }
}

            

          

        
       

The following example shows how to disable whitelist and blacklist protection for a specific policy in a project. The project is specified by project_id, and the policy is specified by policy_id.

        
         
           
           
             package main

import (
	"fmt"
	"github.com/huaweicloud/huaweicloud-sdk-go-v3/core/auth/basic"
    waf "github.com/huaweicloud/huaweicloud-sdk-go-v3/services/waf/v1"
	"github.com/huaweicloud/huaweicloud-sdk-go-v3/services/waf/v1/model"
    region "github.com/huaweicloud/huaweicloud-sdk-go-v3/services/waf/v1/region"
)

func main() {
    // The AK and SK used for authentication are hard-coded or stored in plaintext, which has great security risks. It is recommended that the AK and SK be stored in ciphertext in configuration files or environment variables and decrypted during use to ensure security.
    // In this example, AK and SK are stored in environment variables for authentication. Before running this example, set environment variables CLOUD_SDK_AK and CLOUD_SDK_SK in the local environment
    ak := os.Getenv("CLOUD_SDK_AK")
    sk := os.Getenv("CLOUD_SDK_SK")
    projectId := "{project_id}"

    auth := basic.NewCredentialsBuilder().
        WithAk(ak).
        WithSk(sk).
        WithProjectId(projectId).
        Build()

    client := waf.NewWafClient(
        waf.WafClientBuilder().
            WithRegion(region.ValueOf("<YOUR REGION>")).
            WithCredential(auth).
            Build())

    request := &model.UpdatePolicyRequest{}
	request.PolicyId = "{policy_id}"
	whiteblackipOptions:= false
	optionsbody := &model.PolicyOption{
		Whiteblackip: &whiteblackipOptions,
	}
	request.Body = &model.UpdatePolicyRequestBody{
		Options: optionsbody,
	}
	response, err := client.UpdatePolicy(request)
	if err == nil {
        fmt.Printf("%+v\n", response)
    } else {
        fmt.Println(err)
    }
}

            

          

        
       