Actions Supported by Policy-based Authorization
This section describes the actions supported by Web Application Firewall (WAF) in policy/role-based authorization scenarios.
Supported Actions
WAF provides system-defined policies that can be directly used in IAM. You can also create custom policies and use them to supplement system-defined policies, implementing more refined access control. The following are related concepts:
- Permission: A statement in a policy that allows or denies certain operations. APIs: REST APIs that can be called in a custom policy
- Actions: Added to a custom policy to control permissions for specific operations.
- Dependent actions: actions on which a specific action depends to take effect. When assigning permissions for the action to a user, you also need to assign permissions for the dependent actions.
- IAM projects or enterprise projects: Scope of users a permission is granted to. Policies that contain actions for both IAM and enterprise projects can be used and take effect for both IAM and Enterprise Management. Policies that contain actions only for IAM projects can be used and applied to IAM only. Administrators can check whether an action supports IAM projects or enterprise projects in the action list. "√" indicates that the action supports the project and "×" indicates that the action does not support the project. For details about the differences between IAM and enterprise management, see Differences Between IAM and Enterprise Management.
|
Permission |
API |
Action |
IAM Project |
|---|---|---|---|
|
Querying details about a dedicated WAF instance |
GET /v1/{project_id}/premium-waf/instance/{instance_id} |
waf:premiumInstance:get |
√ |
|
Deleting a dedicated WAF instance |
DELETE /v1/{project_id}/premium-waf/instance/{instance_id} |
waf:premiumInstance:delete |
√ |
|
Renaming a dedicated WAF instance |
PUT /v1/{project_id}/premium-waf/instance/{instance_id} |
waf:premiumInstance:put |
√ |
|
Creating a dedicated WAF instance |
POST /v1/{project_id}/premium-waf/instance |
waf:premiumInstance:create |
√ |
|
Querying dedicated WAF instances |
GET /v1/{project_id}/premium-waf/instance |
waf:premiumInstance:list |
√ |
|
Adding a domain name to a dedicated WAF instance |
POST /v1/{project_id}/premium-waf/host |
waf:instance:create |
√ |
|
Querying domain names protected by dedicated WAF engines |
GET /v1/{project_id}/premium-waf/host |
waf:instance:list |
√ |
|
Modifying a domain name protected by a dedicated WAF instance |
PUT /v1/{project_id}/premium-waf/host/{host_id} |
waf:instance:put |
√ |
|
Querying domain name settings in dedicated mode |
GET /v1/{project_id}/premium-waf/host/{host_id} |
waf:instance:get |
√ |
|
Deleting a domain name from a dedicated WAF instance |
DELETE /v1/{project_id}/premium-waf/host/{host_id} |
waf:instance:delete |
√ |
|
Modifying the protection status of a domain name in dedicated mode |
PUT /v1/{project_id}/premium-waf/host/{host_id}/protect-status |
waf:instance:put |
√ |
|
Modifying the access status of a domain name in dedicated mode |
PUT /v1/{project_id}/premium-waf/host/{host_id}/access_status |
waf:instance:put |
√ |
|
Querying the protection policy list |
GET /v1/{project_id}/waf/policy |
waf:policy:list |
√ |
|
Creating a protection policy |
POST /v1/{project_id}/waf/policy |
waf:policy:create |
√ |
|
Querying a protection policy by ID |
GET /v1/{project_id}/waf/policy/{policy_id} |
waf:policy:get |
√ |
|
Updating a protection policy |
PATCH /v1/{project_id}/waf/policy/{policy_id} |
waf:policy:put |
√ |
|
Deleting a protection policy |
DELETE /v1/{project_id}/waf/policy/{policy_id} |
waf:policy:delete |
√ |
|
Querying the blacklist and whitelist rule list |
GET /v1/{project_id}/waf/policy/{policy_id}/whiteblackip |
waf:whiteBlackIpRule:list |
√ |
|
Creating a blacklist or whitelist rule |
POST /v1/{project_id}/waf/policy/{policy_id}/whiteblackip |
waf:whiteBlackIpRule:create |
√ |
|
Deleting a blacklist or whitelist rule |
GET /v1/{project_id}/waf/policy/{policy_id}/whiteblackip/{rule_id} |
waf:whiteBlackIpRule:get |
√ |
|
Updating a blacklist or whitelist rule |
PUT /v1/{project_id}/waf/policy/{policy_id}/whiteblackip/{rule_id} |
waf:whiteBlackIpRule:put |
√ |
|
Deleting a blacklist or whitelist rule |
DELETE /v1/{project_id}/waf/policy/{policy_id}/whiteblackip/{rule_id} |
waf:whiteBlackIpRule:delete |
√ |
|
Querying the CC attack protection rule list |
GET /v1/{project_id}/waf/policy/{policy_id}/cc |
waf:ccRule:list |
√ |
|
Creating a CC attack protection rule |
POST /v1/{project_id}/waf/policy/{policy_id}/cc |
waf:ccRule:create |
√ |
|
Querying a CC attack protection rule by ID |
GET /v1/{project_id}/waf/policy/{policy_id}/cc/{rule_id} |
waf:ccRule:get |
√ |
|
Updating a CC attack protection rule |
PUT /v1/{project_id}/waf/policy/{policy_id}/cc/{rule_id} |
waf:ccRule:put |
√ |
|
Deleting a CC attack protection rule |
DELETE /v1/{project_id}/waf/policy/{policy_id}/cc/{rule_id} |
waf:ccRule:delete |
√ |
|
Querying precise protection rules |
GET /v1/{project_id}/waf/policy/{policy_id}/custom |
waf:preciseProtectionRule:list |
√ |
|
Creating a precise protection rule |
POST /v1/{project_id}/waf/policy/{policy_id}/custom |
waf:preciseProtectionRule:create |
√ |
|
Querying a precise protection rule by ID |
GET /v1/{project_id}/waf/policy/{policy_id}/custom/{rule_id} |
waf:preciseProtectionRule:get |
√ |
|
Updating a precise protection rule |
PUT /v1/{project_id}/waf/policy/{policy_id}/custom/{rule_id} |
waf:preciseProtectionRule:put |
√ |
|
Deleting a precise protection rule |
DELETE /v1/{project_id}/waf/policy/{policy_id}/custom/{rule_id} |
waf:preciseProtectionRule:delete |
√ |
|
Querying data masking rules |
GET /v1/{project_id}/waf/policy/{policy_id}/privacy |
waf:privacyRule:list |
√ |
|
Creating a data masking rule |
POST /v1/{project_id}/waf/policy/{policy_id}/privacy |
waf:privacyRule:create |
√ |
|
Querying a data masking rule by ID |
GET /v1/{project_id}/waf/policy/{policy_id}/privacy/{rule_id} |
waf:privacyRule:get |
√ |
|
Updating a data masking rule |
PUT /v1/{project_id}/waf/policy/{policy_id}/privacy/{rule_id} |
waf:privacyRule:put |
√ |
|
Deleting a data masking rule |
DELETE /v1/{project_id}/waf/policy/{policy_id}/privacy/{rule_id} |
waf:privacyRule:delete |
√ |
|
Querying the list of web tamper protection rules |
GET /v1/{project_id}/waf/policy/{policy_id}/antitamper |
waf:antiTamperRule:list |
√ |
|
Creating a web tamper protection rule |
POST /v1/{project_id}/waf/policy/{policy_id}/antitamper |
waf:antiTamperRule:create |
√ |
|
Querying a web tamper protection rule by ID |
GET /v1/{project_id}/waf/policy/{policy_id}/antitamper/{rule_id} |
waf:antiTamperRule:get |
√ |
|
Deleting a web tamper protection rule |
DELETE /v1/{project_id}/waf/policy/{policy_id}/antitamper/{rule_id} |
waf:antiTamperRule:delete |
√ |
|
Updating the cache of a web tamper protection rule |
POST /v1/{project_id}/waf/policy/{policy_id}/antitamper/{antitamperid}/refresh |
waf:antiTamperRule:create |
√ |
|
Querying false alarm masking rules |
GET /v1/{project_id}/waf/policy/{policy_id}/ignore |
waf:falseAlarmMaskRule:list |
√ |
|
Creating a false alarm masking rule |
POST /v1/{project_id}/waf/policy/{policy_id}/ignore |
waf:falseAlarmMaskRule:create |
√ |
|
Querying a false alarm masking rule |
GET /v1/{project_id}/waf/policy/{policy_id}/ignore/{rule_id} |
waf:falseAlarmMaskRule:get |
√ |
|
Updating a false alarm masking rule |
PUT /v1/{project_id}/waf/policy/{policy_id}/ignore/{rule_id} |
waf:falseAlarmMaskRule:put |
√ |
|
Deleting a false alarm masking rule |
DELETE /v1/{project_id}/waf/policy/{policy_id}/ignore/{rule_id} |
waf:falseAlarmMaskRule:delete |
√ |
|
Querying the certificate list |
GET /v1/{project_id}/waf/certificate |
waf:certificate:get |
√ |
|
Creating a certificate |
POST /v1/{project_id}/waf/certificate |
waf:certificate:create |
√ |
|
Querying a certificate |
GET /v1/{project_id}/waf/certificate/{certificate_id} |
waf:certificate:list |
√ |
|
Modifying a certificate |
PUT /v1/{project_id}/waf/certificate/{certificate_id} |
waf:certificate:put |
√ |
|
Deleting a certificate |
DELETE /v1/{project_id}/waf/certificate/{certificate_id} |
waf:certificate:delete |
√ |
|
Applying a certificate to a domain name |
POST /v1/{project_id}/waf/certificate/{certificate_id}/apply-to-hosts |
waf:certificate:apply |
√ |
|
Querying the number of requests and attacks on dashboard |
GET /v1/{project_id}/waf/overviews/statistics |
waf:event:get |
√ |
|
Querying top N statistics on dashboard |
GET /v1/{project_id}/waf/overviews/classification |
waf:event:get |
√ |
|
Querying the list of attack events |
GET /v1/{project_id}/waf/event |
waf:event:get |
√ |
|
Querying attack event details |
GET /v1/{project_id}/waf/event/{eventid} |
waf:event:get |
√ |
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot
