Adding a False Alarm Masking Rule
Function
This API is used to add a false alarm masking rule.
URI
POST /v1/{project_id}/waf/policy/{policy_id}/ignore
Parameter |
Mandatory |
Type |
Description |
|---|---|---|---|
project_id |
Yes |
String |
Project ID |
policy_id |
Yes |
String |
Protection policy ID. You can call the ListPolicy API to obtain the policy ID. |
Parameter |
Mandatory |
Type |
Description |
|---|---|---|---|
enterprise_project_id |
No |
String |
ID of the enterprise project. It can be obtained by calling the ListEnterpriseProject API of EPS. |
Request Parameters
Parameter |
Mandatory |
Type |
Description |
|---|---|---|---|
X-Auth-Token |
Yes |
String |
auth token |
Content-Type |
Yes |
String |
Content type Default: application/json;charset=utf8 |
Parameter |
Mandatory |
Type |
Description |
|---|---|---|---|
domain |
Yes |
Array of strings |
Domain name or website to e protect. If the array length is 0, the rule takes effect for all domain names or websites. |
conditions |
Yes |
Array of CreateCondition objects |
Condition list |
mode |
Yes |
Integer |
Version of the false alarm masking rule. The value must be 1(v2). v1 is only compatible with earlier versions where a rule cannot be created. |
rule |
Yes |
String |
ID of the built-in rule. You can query the rule ID by choosing Policy > Policy Name > Basic Web Protection > Protection Rules on the WAF console or in the event details. |
description |
No |
String |
Description of a masking rule |
Parameter |
Mandatory |
Type |
Description |
|---|---|---|---|
category |
Yes |
String |
Field type. The value can be ip, url, params, cookie, or header. |
contents |
Yes |
Array of strings |
Content. The array length must be 1. The content format varies depending on field types. For example, if the field type is ip, the value must be an IP address or IP address segment. If the field type is url, the value must be in standard URL format. If the field type is params, cookie, or header, the content format is not limited. |
logic_operation |
Yes |
String |
Matching logics. The matching logic varies depending on field types. If the field type is ip, equal and not_equal are supported. If the field type is url, header, params, or cookie, equal, not_equal, contain, not_contain, prefix, not_prefix, suffix, not_suffix, regular_match, and regular_not_match are supported. |
check_all_indexes_logic |
No |
Integer |
This parameter is not required if a custom subfield is used and the field type is url or ip. In other cases, the value 1 indicates that all subfields will be checked, and the value 2 indicates that any subfield will be checked. |
index |
No |
String |
If the field type is ip and the subfield is the client IP address, the index parameter does not exist. If the subfield type is X-Forwarded-For, set the value to x-forwarded-for. If the field type is params, header, or cookie and the subfield is of a customized type, the value of index is the custom subfield. |
Response Parameters
Status code: 200
Parameter |
Type |
Description |
|---|---|---|
id |
String |
Rule ID |
policyid |
String |
Policy ID |
timestamp |
Long |
Timestamp when the rule is created |
description |
String |
Rule description |
status |
Integer |
Rule status. The value can be 0 (disabled) or 1 (enabled). |
rule |
String |
ID of the built-in rule. You can query the rule ID by choosing Policy > Policy Name > Basic Web Protection > Protection Rules on the WAF console or in the event details. |
mode |
Integer |
Version of the false alarm masking rule. The value must be 1(v2). v1 is compatible with earlier versions only where a rule cannot be created. |
conditions |
Array of Condition objects |
Condition list |
domain |
Array of strings |
Protected domain name or website |
Parameter |
Type |
Description |
|---|---|---|
category |
String |
Field type. The value can be ip, url, params, cookie, or header. |
contents |
Array of strings |
Content. The array length must be 1. The content format varies depending on field types. For example, if the field type is ip, the value must be an IP address or IP address segment. If the field type is url, the value must be in standard URL format. If the field type is params, cookie, or header, the content format is not limited. |
logic_operation |
String |
Matching logics. The matching logic varies depending on field types. If the field type is ip, equal and not_equal are supported. If the field type is url, header, params, or cookie, equal, not_equal, contain, not_contain, prefix, not_prefix, suffix, not_suffix, regular_match, and regular_not_match are supported. |
check_all_indexes_logic |
Integer |
If the field type is url or ip, the check_all_indexes_logic field does not exist. In other cases, the value 1 indicates that all subfields will be checked, the value 2 indicates that any subfield will be checked, and the value null indicates that custom subfields will be used. |
index |
String |
If the field type is ip and the subfield is the client IP address, the index parameter does not exist. If the subfield type is X-Forwarded-For, set the value to x-forwarded-for. If the field type is params, header, or cookie and the subfield is of a customized type, the value of index is the custom subfield. |
Status code: 400
Parameter |
Type |
Description |
|---|---|---|
error_code |
String |
Error Code |
error_msg |
String |
Error Messages |
Status code: 401
Parameter |
Type |
Description |
|---|---|---|
error_code |
String |
Error Code |
error_msg |
String |
Error Messages |
Status code: 500
Parameter |
Type |
Description |
|---|---|---|
error_code |
String |
Error Code |
error_msg |
String |
Error Messages |
Example Requests
POST https://{Endpoint}/v1/{project_id}/waf/policy/{policy_id}/ignore?enterprise_project_id=0
{
"domain" : [ "test3.th.com" ],
"conditions" : [ {
"category" : "url",
"logic_operation" : "contain",
"contents" : [ "attack" ],
"index" : null
} ],
"mode" : 1,
"description" : "",
"rule" : "webshell"
}
Example Responses
Status code: 200
OK
{
"id" : "c20f67b3e1c040c0b0d8866e568ee8bf",
"policyid" : "a75e96d8284c4c4f98ada7d391e8342c",
"timestamp" : 1656507126528,
"description" : "",
"status" : 1,
"rule" : "webshell",
"mode" : 1,
"conditions" : [ {
"category" : "url",
"contents" : [ "attack" ],
"logic_operation" : "contain"
} ],
"domain" : [ "test3.th.com" ]
}
Status Codes
Status Code |
Description |
|---|---|
200 |
OK |
400 |
Request failed. |
401 |
The token does not have required permissions. |
500 |
Internal server error. |
Error Codes
See Error Codes.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot
