This API is used to create a CC attack protection rule.

Function

URI

POST /v1/edgesec/configuration/http/policies/{policy_id}/cc-rule

**Table 1** Path Parameters
Parameter	Mandatory	Type	Description
policy_id	Yes	String	Policy ID.

Request Parameters

**Table 2** Request header parameters
Parameter	Mandatory	Type	Description
X-Auth-Token	Yes	String	auth token

**Table 3** Request body parameters
Parameter	Mandatory	Type	Description
name	Yes	String	Rule name
priority	Yes	Integer	Priority of the CC rule. A larger value indicates a higher priority. The default value is 1. This parameter is mandatory during rule creation.
description	No	String	Rule description, which contains a maximum of 512 characters.
mode	Yes	Integer	CC protection rule mode. Currently, only rules of the advanced CC protection mode can be created. 0: Standard. Only the protection path of a domain name can be restricted. 1: Advanced. The path, IP address, cookie, header, and params fields can all be restricted.
total_num	No	Integer	Number of requests of all users in a period
limit_num	Yes	Integer	Number of requests of a single user in a period
limit_period	Yes	Integer	Rate limit period
lock_time	No	Integer	Block duration
tag_type	Yes	String	Protection mode
tag_index	No	String	Protection mode tag
tag_condition	No	HttpCcRuleCondition object	Protection rule condition
unlock_num	No	Integer	Number of allow actions
domain_aggregation	No	Boolean	Aggregate domain name
conditions	No	Array of HttpCcRuleCondition objects	Rate limit condition of the CC attack protection rule. This parameter is mandatory when the CC attack protection rule is in advanced mode (mode is set to 1).
action	Yes	HttpRuleAction object	Action of the protection rule.
time_mode	Yes	String	Effective mode
start	No	Long	Start time of the customized effective period
terminal	No	Long	End time of the customized effective period
period_type	No	String	Type of the daily effective time period. Currently, only day is supported.
time_range	No	Array of TimeRangeItem objects	Daily effective time period

**Table 4** HttpCcRuleCondition
Parameter	Mandatory	Type	Description
category	Yes	String	Protection rule field
index	No	String	Subfield. When category is set to params, cookie, or header, this parameter is mandatory and you need to set this parameter based on the site requirements.
contents	No	Array of strings	Logical matching content of the condition list. This parameter is mandatory when the value of logic_operation does not end with any or all.
logic_operation	Yes	String	Condition matching logic If the field type category is url, the matching logic can be contain, not_contain, equal, not_equal, prefix, not_prefix, suffix, not_suffix, contain_any, not_contain_all, equal_any, not_equal_all, equal_any, not_equal_all, prefix_any, not_prefix_all, suffix_any, not_suffix_all, len_greater, len_less, len_equal, or len_not_equal. If the field type category is ip or ipv6, the matching logic can be equal, not_equal, equal_any, or not_equal_all. If the field type category is params, cookie, or header, the matching logic can be contain, not_contain, equal, not_equal, prefix, not_prefix, suffix, not_suffix, contain_any, not_contain_all, equal_any, not_equal_all, equal_any, not_equal_all, prefix_any, not_prefix_all, suffix_any, not_suffix_all, len_greater, len_less, len_equal, len_not_equal, num_greater, num_less, num_equal, num_not_equal, exist, or not_exist.
value_list_id	No	String	ID of the referenced table This parameter is mandatory when the value of logic_operation ends with any or all. In addition, the referenced table type must be the same as the category type.
size	No	Long	This field is used if the protection rule involves a threshold.
check_all_indexes_logic	No	Integer	1: all subfields 2: any subfield

**Table 5** HttpRuleAction
Parameter	Mandatory	Type	Description
category	Yes	String	Operation type, block: block. pass: allow. log: Only log detected attacks.
followed_action_id	No	String	Attack punishment rule ID. This parameter is available only when category is set to block.
detail	No	HttpRuleActionDetail object	Action of the protection rule.

**Table 6** HttpRuleActionDetail
Parameter	Mandatory	Type	Description
redirect_url	No	String	URL to which the page is redirected.
response	No	HttpRuleActionResponse object	Return page of the protection rule

**Table 7** HttpRuleActionResponse
Parameter	Mandatory	Type	Description
content_type	No	String	Content type.
content	No	String	Content

**Table 8** TimeRangeItem
Parameter	Mandatory	Type	Description
st	No	Integer	Start time of the daily effective period
end	No	Integer	End time of the daily effective period

Response Parameters

Status code: 200

**Table 9** Response body parameters
Parameter	Type	Description
id	String	Rule ID
name	String	Rule name
priority	Integer	Priority of a CC rule. A larger value indicates a higher priority. The default value is 1.
policy_id	String	ID of the policy to which the rule belongs
policy_name	String	Name of the policy to which the rule belongs
timestamp	Long	Time when a rule is created
description	String	Rule description
status	Integer	Rule enabling status
mode	Integer	Rule type (0: standard; 1: advanced)
total_num	Integer	Number of requests of all users in a period
limit_num	Integer	Number of requests of a single user in a period
limit_period	Integer	Rate limit period
lock_time	Integer	Lock duration
tag_type	String	Protection mode
tag_index	String	Protection mode tag
tag_condition	HttpCcRuleCondition object	Protection rule condition
unlock_num	Integer	Number of allow actions
domain_aggregation	Boolean	Aggregate domain name
conditions	Array of HttpCcRuleCondition objects	The parameters in the condition list are complex and are cascaded. Add a false alarm masking rule on the console. Press F12 to view the request parameters whose path suffix is /cc-rule and method is POST.
action	HttpRuleAction object	Action of the protection rule.
producer	Integer	Source
time_mode	String	Effective mode
start	Long	Start time of the customized effective period
terminal	Long	End time of the customized effective period
period_type	String	Type of the daily effective time period. Currently, only day is supported.
time_range	Array of TimeRangeItem objects	Daily effective time period

**Table 10** HttpCcRuleCondition
Parameter	Type	Description
category	String	Protection rule field
index	String	Subfield. When category is set to params, cookie, or header, this parameter is mandatory and you need to set this parameter based on the site requirements.
contents	Array of strings	Logical matching content of the condition list. This parameter is mandatory when the value of logic_operation does not end with any or all.
logic_operation	String	Condition matching logic If the field type category is url, the matching logic can be contain, not_contain, equal, not_equal, prefix, not_prefix, suffix, not_suffix, contain_any, not_contain_all, equal_any, not_equal_all, equal_any, not_equal_all, prefix_any, not_prefix_all, suffix_any, not_suffix_all, len_greater, len_less, len_equal, or len_not_equal. If the field type category is ip or ipv6, the matching logic can be equal, not_equal, equal_any, or not_equal_all. If the field type category is params, cookie, or header, the matching logic can be contain, not_contain, equal, not_equal, prefix, not_prefix, suffix, not_suffix, contain_any, not_contain_all, equal_any, not_equal_all, equal_any, not_equal_all, prefix_any, not_prefix_all, suffix_any, not_suffix_all, len_greater, len_less, len_equal, len_not_equal, num_greater, num_less, num_equal, num_not_equal, exist, or not_exist.
value_list_id	String	ID of the referenced table This parameter is mandatory when the value of logic_operation ends with any or all. In addition, the referenced table type must be the same as the category type.
size	Long	This field is used if the protection rule involves a threshold.
check_all_indexes_logic	Integer	1: all subfields 2: any subfield

**Table 11** HttpRuleAction
Parameter	Type	Description
category	String	Operation type, block: block. pass: allow. log: Only log detected attacks.
followed_action_id	String	Attack punishment rule ID. This parameter is available only when category is set to block.
detail	HttpRuleActionDetail object	Action of the protection rule.

**Table 12** HttpRuleActionDetail
Parameter	Type	Description
redirect_url	String	URL to which the page is redirected.
response	HttpRuleActionResponse object	Return page of the protection rule

**Table 13** HttpRuleActionResponse
Parameter	Type	Description
content_type	String	Content type.
content	String	Content

**Table 14** TimeRangeItem
Parameter	Type	Description
st	Integer	Start time of the daily effective period
end	Integer	End time of the daily effective period

Status code: 400

**Table 15** Response body parameters
Parameter	Type	Description
error_code	String	Standard error code: service name.8-digit code
error_msg	String	Detailed error information.
encoded_authorization_message	String	If the service is integrated with IAM5.0, an IAM response must be returned when access is denied.

Status code: 401

**Table 16** Response body parameters
Parameter	Type	Description
error_code	String	Standard error code: service name.8-digit code
error_msg	String	Detailed error information.
encoded_authorization_message	String	If the service is integrated with IAM5.0, an IAM response must be returned when access is denied.

Status code: 500

**Table 17** Response body parameters
Parameter	Type	Description
error_code	String	Standard error code: service name.8-digit code
error_msg	String	Detailed error information.
encoded_authorization_message	String	If the service is integrated with IAM5.0, an IAM response must be returned when access is denied.