Updated on 2024-07-25 GMT+08:00

Creating a Precise Protection Rule

Function

This API is used to create a precise protection rule.

URI

POST /v1/{project_id}/waf/policy/{policy_id}/custom

Table 1 Path Parameters

Parameter

Mandatory

Type

Description

project_id

Yes

String

Project ID

policy_id

Yes

String

Protection policy ID. You can call the ListPolicy API to obtain the policy ID.

Request Parameters

Table 2 Request header parameters

Parameter

Mandatory

Type

Description

X-Auth-Token

Yes

String

auth token

Content-Type

Yes

String

Content type

Default: application/json;charset=utf8

Table 3 Request body parameters

Parameter

Mandatory

Type

Description

name

No

String

Name of the custom rule

time

No

Boolean

Time the precise protection rule takes effect.

  • false: The rule takes effect immediately.

  • true: The effective time is customized.

start

No

Long

Timestamp (ms) when the precise protection rule takes effect. This parameter is returned only when time is true.

terminal

No

Long

Timestamp (ms) when the precise protection rule expires. This parameter is returned only when time is true.

conditions

No

Array of CustomConditions objects

Match condition List

action

No

CustomAction object

Protective action of the precise protection rule

priority

No

Integer

Priority of a rule. Smaller values correspond to higher priorities. If two rules are assigned with the same priority, the rule added earlier has higher priority. The value ranges from 0 to 1000.

Table 4 CustomConditions

Parameter

Mandatory

Type

Description

category

No

String

The condition types can be path, user-agent, ip, params, cookie, referer, or header.

index

No

String

  • If category is set to cookie, index indicates cookie name.

  • If category is set to params, index indicates param name.

  • If category is set to header, index indicates an option in the header.

check_all_indexes_logic

No

Integer

Available values are 1 and 2. The value 1 indicates all subfields, and the value 2 indicates any subfields.

logic_operation

No

Integer

The value can be:

  • contain

  • not_contain

  • equal

  • not_equal

  • prefix

  • not_prefix

  • suffix

  • not_suffix If category is set to ip, logic_operation can be set to equal or not_equal only.

contents

No

Array of strings

Content of the match conditions

value_list_id

No

String

ID of the reference table

Table 5 CustomAction

Parameter

Mandatory

Type

Description

category

No

String

Action type.

  • block: WAF blocks attacks.

  • pass: WAF allows requests.

Response Parameters

Status code: 200

Table 6 Response body parameters

Parameter

Type

Description

id

String

ID of a precise protection rule.

policyid

String

ID of the policy to which the rule belongs.

conditions

Array of conditions objects

List of matching conditions. All conditions must be met.

action

action object

Protective action of the precise protection rule

priority

Integer

Priority of a rule. Smaller values correspond to higher priorities. If two rules are assigned with the same priority, the rule added earlier has higher priority. The value ranges from 0 to 1000.

timestamp

Long

Timestamp when the precise protection rule is created.

start

Long

Timestamp (ms) when the precise protection rule takes effect. This parameter is returned only when time is true.

terminal

Long

Timestamp (ms) when the precise protection rule expires. This parameter is returned only when time is true.

Table 7 conditions

Parameter

Type

Description

category

String

Condition type. Its option can be path, user-agent, ip, params, cookie, referer, or header.

index

String

  • If category is set to cookie, index indicates cookie name.

  • If category is set to params, index indicates param name.

  • If category is set to header, index indicates an option in the header.

check_all_indexes_logic

Integer

Available values are 1 and 2. The value 1 indicates all subfields, and the value 2 indicates any subfields.

logic_operation

Integer

The value can be:

  • contain

  • not_contain

  • equal

  • not_equal

  • prefix

  • not_prefix

  • suffix

  • not_suffix If category is set to ip, logic_operation can be set to equal or not_equal only.

contents

Array of strings

Content of the match conditions

Table 8 action

Parameter

Type

Description

category

String

Action type.

  • block: WAF blocks attacks.

  • pass: WAF allows requests.

Status code: 400

Table 9 Response body parameters

Parameter

Type

Description

error_code

String

Error Code

error_msg

String

Error Messages

Status code: 401

Table 10 Response body parameters

Parameter

Type

Description

error_code

String

Error Code

error_msg

String

Error Messages

Status code: 500

Table 11 Response body parameters

Parameter

Type

Description

error_code

String

Error Code

error_msg

String

Error Messages

Example Requests

POST https://{Endpoint}/v1/{project_id}/waf/policy/{policy_id}/custom?enterprise_project_id=0

{
  "description" : "",
  "action" : {
    "category" : "block"
  },
  "priority" : 50,
  "conditions" : [ {
    "category" : "header",
    "logic_operation" : "exist",
    "index" : "sdfsafsda"
  } ],
  "time" : false
}

Example Responses

Status code: 200

ok

{
  "items" : [ {
    "action" : {
      "category" : "block"
    },
    "action_mode" : false,
    "aging_time" : 0,
    "conditions" : [ {
      "category" : "header",
      "index" : "sdfsafsda",
      "logic_operation" : "exist"
    } ],
    "description" : "",
    "id" : "2a3caa2bc9814c09ad73d02e3485b4a4",
    "policyid" : "1f016cde588646aca3fb19f277c44d03",
    "priority" : 50,
    "producer" : 1,
    "status" : 1,
    "time" : false,
    "timestamp" : 1656495488880
  } ]
}

Status Codes

Status Code

Description

200

ok

400

Request failed.

401

The token does not have required permissions.

500

Internal server error.

Error Codes

See Error Codes.