Querying the Protection Policy List

Function

This API is used to query the protection policy list.

Calling Method

For details, see Calling APIs.

URI

GET /v1/{project_id}/waf/policy

**Table 1** Path Parameters
Parameter	Mandatory	Type	Description
project_id	Yes	String	Project ID. To obtain it, go to Huawei Cloud management cons. Then, in the Projects area, view Project ID** of the corresponding project.

**Table 2** Query Parameters
Parameter	Mandatory	Type	Description
enterprise_project_id	No	String	You can obtain the ID by calling the ListEnterpriseProject API of EPS.
page	No	Integer	Page number of the data to be returned during pagination query. The default value is 1, indicating that the data on the first page is returned.
pagesize	No	Integer	Number of results on each page during pagination query. Value range: 1 to 100. The default value is 10, indicating that each page contains 10 results.
name	No	String	Policy name

Request Parameters

**Table 3** Request header parameters
Parameter	Mandatory	Type	Description
X-Auth-Token	Yes	String	User token. It can be obtained by calling the IAM API (value of X-Subject-Token in the response header).
Content-Type	Yes	String	Content type.

Response Parameters

Status code: 200

**Table 4** Response body parameters
Parameter	Type	Description
total	Integer	Total number of policies.
items	Array of PolicyResponse objects	Array of protection policy information.

**Table 5** PolicyResponse
Parameter	Type	Description
id	String	Policy ID
name	String	Array of details of policies
level	Integer	Protection level of basic web protection 1: Low. At this protection level, WAF blocks only requests with obvious attack features. If a large number of false alarms have been reported, Low is recommended. 2: Medium. This protection level meets web protection requirements in most scenarios. 3: High. At this protection level, WAF provides the finest granular protection and can intercept attacks with complex bypass features, such as Jolokia cyber attacks, common gateway interface (CGI) vulnerability detection, and Druid SQL injection attacks.
full_detection	Boolean	The detection mode in Precise Protection. false: Instant detection. When a request hits the blocking conditions in Precise Protection, WAF terminates checks and blocks the request immediately. true: Full detection. If a request hits the blocking conditions in Precise Protection, WAF does not block the request immediately. Instead, it blocks the requests until other checks are finished.
robot_action	Action object	Protective actions for each rule in anti-crawler protection.
action	PolicyAction object	Protective action
options	PolicyOption object	Whether a protection type is enabled in protection policy.
modulex_options	Map<String,Object>	Configurations about intelligent access control. Currently, this feature is still in the open beta test (OBT) phase and available at some sites.
hosts	Array of strings	Array of domain name IDs protected by the policy.
bind_host	Array of BindHost objects	Array of domain names protected with the protection policy. Compared with the hosts field, this field contains more details.
extend	Map<String,String>	Extended field, which is used to store the rule configuration of basic web protection.
timestamp	Long	Time a policy is created

**Table 6** Action
Parameter	Type	Description
category	String	Protective action for feature-based anti-crawler rules: log: WAF only logs discovered attacks. block: WAF blocks discovered attacks.

**Table 7** PolicyAction
Parameter	Type	Description
category	String	Basic web protection action. The value can be log or block. log: WAF only logs discovered attacks. block: WAF blocks discovered attacks.
followed_action_id	String	ID of the known attack source rule

**Table 8** PolicyOption
Parameter	Type	Description
webattack	Boolean	Whether basic web protection is enabled
common	Boolean	Whether general check is enabled
crawler	Boolean	This parameter is reserved. The value of this parameter is fixed at true. You can ignore this parameter.
crawler_engine	Boolean	Whether the search engine is enabled
crawler_scanner	Boolean	Whether the anti-crawler detection is enabled
crawler_script	Boolean	Whether the JavaScript anti-crawler is enabled
crawler_other	Boolean	Whether other crawler check is enabled
webshell	Boolean	Whether webshell detection is enabled
cc	Boolean	Whether the CC attack protection rules are enabled
custom	Boolean	Whether precise protection is enabled
whiteblackip	Boolean	Whether blacklist and whitelist protection is enabled
geoip	Boolean	Whether geolocation access control is enabled
ignore	Boolean	Whether false alarm masking is enabled
privacy	Boolean	Whether data masking is enabled
antitamper	Boolean	Whether the web tamper protection is enabled
antileakage	Boolean	Whether the information leakage prevention is enabled
bot_enable	Boolean	Whether the anti-crawler protection is enabled
modulex_enabled	Boolean	Whether CC attack protection for moduleX is enabled. This feature is in the open beta test (OBT). During the OBT, only the log only mode is supported.

**Table 9** BindHost
Parameter	Type	Description
id	String	Domain name ID.
hostname	String	Domain name.
waf_type	String	Deployment mode of WAF instance that is used for the domain name. The value can be cloud for cloud WAF or premium for dedicated WAF instances.
mode	String	This parameter is required only by the dedicated mode.

Status code: 400

**Table 10** Response body parameters
Parameter	Type	Description
error_code	String	Error code.
error_msg	String	Error message.
encoded_authorization_message	String	You can call the decode-authorization-message interface of the STS service to decode the rejection reason. For details, see the STS5 joint commissioning and self-verification. This parameter is returned only when an IAM 5 authentication error occurs.
details	Array of IAM5ErrorDetails objects	The set of error messages reported when a downstream service is invoked. This parameter is returned only when an IAM 5 authentication error occurs.

**Table 11** IAM5ErrorDetails
Parameter	Type	Description
error_code	String	Error codes of the downstream service.
error_msg	String	Error messages of the downstream service.

Status code: 401

**Table 12** Response body parameters
Parameter	Type	Description
error_code	String	Error code.
error_msg	String	Error message.
encoded_authorization_message	String	You can call the decode-authorization-message interface of the STS service to decode the rejection reason. For details, see the STS5 joint commissioning and self-verification. This parameter is returned only when an IAM 5 authentication error occurs.
details	Array of IAM5ErrorDetails objects	The set of error messages reported when a downstream service is invoked. This parameter is returned only when an IAM 5 authentication error occurs.

**Table 13** IAM5ErrorDetails
Parameter	Type	Description
error_code	String	Error codes of the downstream service.
error_msg	String	Error messages of the downstream service.

Status code: 500

**Table 14** Response body parameters
Parameter	Type	Description
error_code	String	Error code.
error_msg	String	Error message.
encoded_authorization_message	String	You can call the decode-authorization-message interface of the STS service to decode the rejection reason. For details, see the STS5 joint commissioning and self-verification. This parameter is returned only when an IAM 5 authentication error occurs.
details	Array of IAM5ErrorDetails objects	The set of error messages reported when a downstream service is invoked. This parameter is returned only when an IAM 5 authentication error occurs.

**Table 15** IAM5ErrorDetails
Parameter	Type	Description
error_code	String	Error codes of the downstream service.
error_msg	String	Error messages of the downstream service.

Example Requests

The following example shows how to obtain the policy list in a project. The project ID is specified by project_id.

GET https://{Endpoint}/v1/{project_id}/waf/policy?enterprise_project_id=0

Example Responses

Status code: 200

Request succeeded.

{
  "total" : 1,
  "items" : [ {
    "id" : "41cba8aee2e94bcdbf57460874205494",
    "name" : "policy_2FHwFOKz",
    "level" : 2,
    "action" : {
      "category" : "log"
    },
    "options" : {
      "webattack" : true,
      "common" : true,
      "crawler" : true,
      "crawler_engine" : false,
      "crawler_scanner" : true,
      "crawler_script" : false,
      "crawler_other" : false,
      "webshell" : false,
      "cc" : true,
      "custom" : true,
      "whiteblackip" : true,
      "geoip" : true,
      "ignore" : true,
      "privacy" : true,
      "antitamper" : true,
      "antileakage" : false,
      "bot_enable" : true,
      "modulex_enabled" : false
    },
    "hosts" : [ ],
    "extend" : { },
    "timestamp" : 1650527546218,
    "full_detection" : false,
    "bind_host" : [ ]
  } ]
}

SDK Sample Code

The SDK sample code is as follows.

      
       
         
         
           package com.huaweicloud.sdk.test;

import com.huaweicloud.sdk.core.auth.ICredential;
import com.huaweicloud.sdk.core.auth.BasicCredentials;
import com.huaweicloud.sdk.core.exception.ConnectionException;
import com.huaweicloud.sdk.core.exception.RequestTimeoutException;
import com.huaweicloud.sdk.core.exception.ServiceResponseException;
import com.huaweicloud.sdk.waf.v1.region.WafRegion;
import com.huaweicloud.sdk.waf.v1.*;
import com.huaweicloud.sdk.waf.v1.model.*;


public class ListPolicySolution {

    public static void main(String[] args) {
        // The AK and SK used for authentication are hard-coded or stored in plaintext, which has great security risks. It is recommended that the AK and SK be stored in ciphertext in configuration files or environment variables and decrypted during use to ensure security.
        // In this example, AK and SK are stored in environment variables for authentication. Before running this example, set environment variables CLOUD_SDK_AK and CLOUD_SDK_SK in the local environment
        String ak = System.getenv("CLOUD_SDK_AK");
        String sk = System.getenv("CLOUD_SDK_SK");
        String projectId = "{project_id}";

        ICredential auth = new BasicCredentials()
                .withProjectId(projectId)
                .withAk(ak)
                .withSk(sk);

        WafClient client = WafClient.newBuilder()
                .withCredential(auth)
                .withRegion(WafRegion.valueOf("<YOUR REGION>"))
                .build();
        ListPolicyRequest request = new ListPolicyRequest();
        try {
            ListPolicyResponse response = client.listPolicy(request);
            System.out.println(response.toString());
        } catch (ConnectionException e) {
            e.printStackTrace();
        } catch (RequestTimeoutException e) {
            e.printStackTrace();
        } catch (ServiceResponseException e) {
            e.printStackTrace();
            System.out.println(e.getHttpStatusCode());
            System.out.println(e.getRequestId());
            System.out.println(e.getErrorCode());
            System.out.println(e.getErrorMsg());
        }
    }
}

          

        

      
     

      
       
         
         
           # coding: utf-8

import os
from huaweicloudsdkcore.auth.credentials import BasicCredentials
from huaweicloudsdkwaf.v1.region.waf_region import WafRegion
from huaweicloudsdkcore.exceptions import exceptions
from huaweicloudsdkwaf.v1 import *

if __name__ == "__main__":
    # The AK and SK used for authentication are hard-coded or stored in plaintext, which has great security risks. It is recommended that the AK and SK be stored in ciphertext in configuration files or environment variables and decrypted during use to ensure security.
    # In this example, AK and SK are stored in environment variables for authentication. Before running this example, set environment variables CLOUD_SDK_AK and CLOUD_SDK_SK in the local environment
    ak = os.environ["CLOUD_SDK_AK"]
    sk = os.environ["CLOUD_SDK_SK"]
    projectId = "{project_id}"

    credentials = BasicCredentials(ak, sk, projectId)

    client = WafClient.new_builder() \
        .with_credentials(credentials) \
        .with_region(WafRegion.value_of("<YOUR REGION>")) \
        .build()

    try:
        request = ListPolicyRequest()
        response = client.list_policy(request)
        print(response)
    except exceptions.ClientRequestException as e:
        print(e.status_code)
        print(e.request_id)
        print(e.error_code)
        print(e.error_msg)

          

        

      
     

      
       
         
         
           package main

import (
	"fmt"
	"github.com/huaweicloud/huaweicloud-sdk-go-v3/core/auth/basic"
    waf "github.com/huaweicloud/huaweicloud-sdk-go-v3/services/waf/v1"
	"github.com/huaweicloud/huaweicloud-sdk-go-v3/services/waf/v1/model"
    region "github.com/huaweicloud/huaweicloud-sdk-go-v3/services/waf/v1/region"
)

func main() {
    // The AK and SK used for authentication are hard-coded or stored in plaintext, which has great security risks. It is recommended that the AK and SK be stored in ciphertext in configuration files or environment variables and decrypted during use to ensure security.
    // In this example, AK and SK are stored in environment variables for authentication. Before running this example, set environment variables CLOUD_SDK_AK and CLOUD_SDK_SK in the local environment
    ak := os.Getenv("CLOUD_SDK_AK")
    sk := os.Getenv("CLOUD_SDK_SK")
    projectId := "{project_id}"

    auth := basic.NewCredentialsBuilder().
        WithAk(ak).
        WithSk(sk).
        WithProjectId(projectId).
        Build()

    client := waf.NewWafClient(
        waf.WafClientBuilder().
            WithRegion(region.ValueOf("<YOUR REGION>")).
            WithCredential(auth).
            Build())

    request := &model.ListPolicyRequest{}
	response, err := client.ListPolicy(request)
	if err == nil {
        fmt.Printf("%+v\n", response)
    } else {
        fmt.Println(err)
    }
}

          

        

      
     