Help Center/ Edge Security/ API Reference/ API/ HTTP Protection Policy Management/ This API is used to create a protection policy.
Updated on 2024-11-18 GMT+08:00

This API is used to create a protection policy.

Function

This API is used to create a protection policy.

URI

POST /v1/edgesec/configuration/http/policies

Request Parameters

Table 1 Request header parameters

Parameter

Mandatory

Type

Description

X-Auth-Token

Yes

String

Tenant token

Table 2 Request body parameters

Parameter

Mandatory

Type

Description

name

Yes

String

Protection policy name.

Response Parameters

Status code: 200

Table 3 Response body parameters

Parameter

Type

Description

id

String

Policy ID.

name

String

Protection policy name.

level

Integer

Protection level.

full_detection

Boolean

Detection mode in the precise protection rule.

action

HttpPolicyAction object

Operation.

robot_action

HttpPolicyAction object

Operation.

options

HttpPolicyOption object

Option.

bind_host

Array of HttpPolicyBindHost objects

Basic information about the protected domain.

extend

Map<String,String>

Extended field.

third_bot_options

Map<String,third_bot_options>

Third-party BOT operation.

wap_managed_ruleset_id

String

ID of the hosting rule set for basic web protection.

Table 4 HttpPolicyAction

Parameter

Type

Description

category

String

Protection level.

followed_action_id

String

Attack penalty rule ID.

Table 5 HttpPolicyOption

Parameter

Type

Description

webattack

Boolean

Whether basic web protection is enabled.

common

Boolean

Whether general check is enabled.

bot_enable

Boolean

Whether full anti-crawler protection is enabled.

crawler

Boolean

Whether anti-crawler protection with feature libraries is enabled.

crawler_engine

Boolean

Whether the search engine is enabled.

crawler_scanner

Boolean

Whether the scanner is enabled.

crawler_script

Boolean

Whether the JavaScript anti-crawler is enabled.

crawler_other

Boolean

Whether other crawler check is enabled.

webshell

Boolean

Whether web shell detection is enabled

cc

Boolean

Whether the CC attack protection rule is enabled.

custom

Boolean

Whether precise protection is enabled.

followed_action

Boolean

Whether known attack source detection is enabled.

whiteblackip

Boolean

Whether blacklist and whitelist protection is enabled.

geoip

Boolean

Whether the geolocation rule is enabled.

ignore

Boolean

Whether false alarm masking is enabled.

privacy

Boolean

Whether data masking is enabled.

antitamper

Boolean

Whether the web tamper protection is enabled.

antileakage

Boolean

Whether the information leakage prevention is enabled.

anticrawler

Boolean

Whether the JavaScript anti-crawler rule is enabled.

third_bot_river

Boolean

Whether the third-party BOT is enabled

Table 6 HttpPolicyBindHost

Parameter

Type

Description

id

String

Domain name ID.

hostname

String

Domain name.

Status code: 400

Table 7 Response body parameters

Parameter

Type

Description

error_code

String

Standard error code: service name.8-digit code

error_msg

String

Detailed error information.

encoded_authorization_message

String

If the service is integrated with IAM5.0, an IAM response must be returned when access is denied.

Status code: 401

Table 8 Response body parameters

Parameter

Type

Description

error_code

String

Standard error code: service name.8-digit code

error_msg

String

Detailed error information.

encoded_authorization_message

String

If the service is integrated with IAM5.0, an IAM response must be returned when access is denied.

Status code: 500

Table 9 Response body parameters

Parameter

Type

Description

error_code

String

Standard error code: service name.8-digit code

error_msg

String

Detailed error information.

encoded_authorization_message

String

If the service is integrated with IAM5.0, an IAM response must be returned when access is denied.

Example Requests

None

Example Responses

None

Status Codes

Status Code

Description

200

Created

400

Request failed.

401

The token does not have required permissions.

500

Internal server error.

Error Codes

See Error Codes.