Help Center/ Edge Security/ API Reference/ API/ HTTP Protection Rule Management - False Alarm Masking/ This API is used to update a false alarm masking rule.

Updated on 2024-11-18 GMT+08:00

View PDF

This API is used to update a false alarm masking rule.

Function

This API is used to update a false alarm masking rule.

URI

PUT /v1/edgesec/configuration/http/policies/{policy_id}/ignore-rule/{rule_id}

**Table 1** Path Parameters
Parameter	Mandatory	Type	Description
policy_id	Yes	String	Policy ID.
rule_id	Yes	String	Protection rule ID.

Request Parameters

**Table 2** Request header parameters
Parameter	Mandatory	Type	Description
X-Auth-Token	Yes	String	auth token

**Table 3** Request body parameters
Parameter	Mandatory	Type	Description
name	No	String	Rule name
description	No	String	Rule description, which contains a maximum of 512 characters.
status	No	Integer	Rule enabling status
url	No	String	URL of the false alarm
rule	Yes	String	Rule to be masked. One or more rules can be masked. Use semicolons (;) to separate multiple rules. To mask a built-in tule, set the parameter to the rule ID. You can query the rule ID by navigating to Policies > Policy Name > Basic Web Protection > Advanced Settings > Protection Rules on the WAF console. The rule ID is also available in event details. To mask a type of basic web protection rule needs, set this parameter to the name of the rule. xss: XSS attack; webshell: website Trojan; vuln: other types of attack; sqli: SQL injection attack; robot: malicious crawler; rfi: remote file inclusion; lfi: local file inclusion; cmdi: command injection attack To mask the entire basic web protection module, set the parameter to all. To mask all detection modules, set the parameter to bypass.
mode	Yes	Integer	False alarm masking mode. The default value is 0, indicating the old mode.
domains	Yes	Array of strings	Domain name or website to e protect. If the array length is 0, the rule takes effect for all domain names or websites.
url_logic	No	String	URL type of the masking rule (prefix or equal)
advanced	No	HttpIgnoreRuleCondition object	The parameters in the condition list are complex and are cascaded. Add a false alarm masking rule on the console. Press F12 to view the request parameters whose path suffix is /ignore-rule and method is POST.
conditions	Yes	Array of HttpIgnoreRuleCondition objects	Hit condition

**Table 4** HttpIgnoreRuleCondition
Parameter	Mandatory	Type	Description
category	Yes	String	Field type. The value can be ip, url, params, cookie, or header.
index	No	String	If the field type is ip and the subfield is the client IP address, the index parameter does not exist. If the subfield type is X-Forwarded-For, set the value to x-forwarded-for. If the field type is params, header, or cookie and the subfield is of a customized type, the value of index is the custom subfield.
contents	Yes	Array of strings	Content list
logic_operation	Yes	String	Matching logics. The matching logic varies depending on field types. If the field type is ip, equal and not_equal are supported. If the field type is url, header, params, or cookie, equal, not_equal, contain, not_contain, prefix, not_prefix, suffix, not_suffix, regular_match, and regular_not_match are supported.
value_list_id	No	String	ID of the referenced table
size	No	Long	This field is used if the protection rule involves a threshold.
check_all_indexes_logic	No	Integer	All subfields/2. Any subfield

Response Parameters

Status code: 200

**Table 5** Response body parameters
Parameter	Type	Description
id	String	Rule ID
name	String	Rule name
policy_id	String	ID of the policy to which the rule belongs
policy_name	String	Name of the policy to which the rule belongs
timestamp	Long	Time when a rule is created
description	String	Rule description
status	Integer	Rule enabling status
url	String	URL of the false alarm
rule	String	Rule No.
mode	Integer	False alarm masking mode. The default value is 0, indicating the old mode.
domains	Array of strings	Domain name list
url_logic	String	URL type of the masking rule (prefix or equal)
advanced	HttpIgnoreRuleCondition object	The parameters in the condition list are complex and are cascaded. Add a false alarm masking rule on the console. Press F12 to view the request parameters whose path suffix is /ignore-rule and method is POST.
conditions	Array of HttpIgnoreRuleCondition objects	Hit condition
hit_num	Integer	Hit count
update_time	Long	Timestamp for the last update
clear_time	Long	Timestamp for clearing the last hit count

**Table 6** HttpIgnoreRuleCondition
Parameter	Type	Description
category	String	Field type. The value can be ip, url, params, cookie, or header.
index	String	If the field type is ip and the subfield is the client IP address, the index parameter does not exist. If the subfield type is X-Forwarded-For, set the value to x-forwarded-for. If the field type is params, header, or cookie and the subfield is of a customized type, the value of index is the custom subfield.
contents	Array of strings	Content list
logic_operation	String	Matching logics. The matching logic varies depending on field types. If the field type is ip, equal and not_equal are supported. If the field type is url, header, params, or cookie, equal, not_equal, contain, not_contain, prefix, not_prefix, suffix, not_suffix, regular_match, and regular_not_match are supported.
value_list_id	String	ID of the referenced table
size	Long	This field is used if the protection rule involves a threshold.
check_all_indexes_logic	Integer	All subfields/2. Any subfield

Status code: 400

**Table 7** Response body parameters
Parameter	Type	Description
error_code	String	Standard error code: service name.8-digit code
error_msg	String	Detailed error information.
encoded_authorization_message	String	If the service is integrated with IAM5.0, an IAM response must be returned when access is denied.

Status code: 401

**Table 8** Response body parameters
Parameter	Type	Description
error_code	String	Standard error code: service name.8-digit code
error_msg	String	Detailed error information.
encoded_authorization_message	String	If the service is integrated with IAM5.0, an IAM response must be returned when access is denied.

Status code: 500

**Table 9** Response body parameters
Parameter	Type	Description
error_code	String	Standard error code: service name.8-digit code
error_msg	String	Detailed error information.
encoded_authorization_message	String	If the service is integrated with IAM5.0, an IAM response must be returned when access is denied.

Example Requests

None

Example Responses

None

Status Codes

Status Code	Description
200	Request successful.
400	Request failed.
401	The token does not have required permissions.
500	Internal server error.

Error Codes

See Error Codes.

Parent topic: HTTP Protection Rule Management - False Alarm Masking

Previous topic: This API is used to query a false alarm masking rule.

Next topic: This API is used to delete a false alarm masking rule.

Feedback

Was this page helpful?

Helpful Not helpful

Provide feedback

Thank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.

The system is busy. Please try again later.

Which of the following issues have you encountered?

Content is inconsistent with the product UI

Unclear descriptions

Lack of examples or code

Incorrect steps

Can't find what I need

Lack of best practices

Feedback (optional)

0/500

Select at least one type of issue, and enter your comments or suggestions.

Enter a maximum of 500 characters.

Submit Cancel

For any further questions, feel free to contact us through the chatbot.