Creating a Protection Policy
Function
This API is used to create a protection policy. The system configures some default configuration items when generating the policy. To modify the default configuration items, call the API for updating the protection policy.
URI
POST /v1/{project_id}/waf/policy
Parameter |
Mandatory |
Type |
Description |
---|---|---|---|
project_id |
Yes |
String |
Project ID. To obtain it, go to Cloud management console and hover the cursor over your username. On the displayed window, choose My Credentials.Then, in the Projects area, view Project ID of the corresponding project. |
Parameter |
Mandatory |
Type |
Description |
---|---|---|---|
enterprise_project_id |
No |
String |
You can obtain the ID by calling the ListEnterpriseProject API of EPS. |
Request Parameters
Parameter |
Mandatory |
Type |
Description |
---|---|---|---|
X-Auth-Token |
Yes |
String |
User token. It can be obtained by calling the IAM API (value of X-Subject-Token in the response header). |
Content-Type |
Yes |
String |
Content type. Default: application/json;charset=utf8 |
Parameter |
Mandatory |
Type |
Description |
---|---|---|---|
name |
Yes |
String |
Array of details of policies |
Response Parameters
Status code: 200
Parameter |
Type |
Description |
---|---|---|
id |
String |
Policy ID |
name |
String |
Array of details of policies |
level |
Integer |
Protection level of basic web protection
Default: 2 Enumeration values:
|
full_detection |
Boolean |
The detection mode in Precise Protection.
|
robot_action |
Action object |
Protective actions for each rule in anti-crawler protection. |
action |
PolicyAction object |
Protective action |
options |
PolicyOption object |
Whether a protection type is enabled in protection policy. |
modulex_options |
Map<String,Object> |
Configurations about intelligent access control. Currently, this feature is still in the open beta test (OBT) phase and available at some sites. |
hosts |
Array of strings |
Array of domain name IDs protected by the policy. |
bind_host |
Array of BindHost objects |
Array of domain names protected with the protection policy. Compared with the hosts field, this field contains more details. |
extend |
Map<String,String> |
Extended field, which is used to store the rule configuration of basic web protection. |
timestamp |
Long |
Time a policy is created |
Parameter |
Type |
Description |
---|---|---|
category |
String |
Protective action for feature-based anti-crawler rules:
|
Parameter |
Type |
Description |
---|---|---|
category |
String |
Basic web protection action. The value can be log or block. log: WAF only logs discovered attacks. block: WAF blocks discovered attacks. Enumeration values:
|
Parameter |
Type |
Description |
---|---|---|
webattack |
Boolean |
Whether basic web protection is enabled Enumeration values:
|
common |
Boolean |
Whether general check is enabled Enumeration values:
|
crawler |
Boolean |
This parameter is reserved. The value of this parameter is fixed at true. You can ignore this parameter. Enumeration values:
|
crawler_engine |
Boolean |
Whether the search engine is enabled Enumeration values:
|
crawler_scanner |
Boolean |
Whether the anti-crawler detection is enabled Enumeration values:
|
crawler_script |
Boolean |
Whether the JavaScript anti-crawler is enabled Enumeration values:
|
crawler_other |
Boolean |
Whether other crawler check is enabled Enumeration values:
|
webshell |
Boolean |
Whether webshell detection is enabled Enumeration values:
|
cc |
Boolean |
Whether the CC attack protection rules are enabled Enumeration values:
|
custom |
Boolean |
Whether precise protection is enabled Enumeration values:
|
whiteblackip |
Boolean |
Whether blacklist and whitelist protection is enabled Enumeration values:
|
geoip |
Boolean |
Whether geolocation access control is enabled Enumeration values:
|
ignore |
Boolean |
Whether false alarm masking is enabled Enumeration values:
|
privacy |
Boolean |
Whether data masking is enabled Enumeration values:
|
antitamper |
Boolean |
Whether the web tamper protection is enabled Enumeration values:
|
antileakage |
Boolean |
Whether the information leakage prevention is enabled Enumeration values:
|
bot_enable |
Boolean |
Whether the anti-crawler protection is enabled Enumeration values:
|
modulex_enabled |
Boolean |
Whether CC attack protection for moduleX is enabled. This feature is in the open beta test (OBT). During the OBT, only the log only mode is supported. Enumeration values:
|
Parameter |
Type |
Description |
---|---|---|
id |
String |
Domain name ID |
hostname |
String |
Domain name |
waf_type |
String |
Deployment mode of WAF instance that is used for the domain name. The value can be cloud for cloud WAF or premium for dedicated WAF instances. |
mode |
String |
This parameter is required only by the dedicated mode. |
Status code: 400
Parameter |
Type |
Description |
---|---|---|
error_code |
String |
Error code |
error_msg |
String |
Error message |
Status code: 401
Parameter |
Type |
Description |
---|---|---|
error_code |
String |
Error code |
error_msg |
String |
Error message |
Status code: 403
Parameter |
Type |
Description |
---|---|---|
error_code |
String |
Error code |
error_msg |
String |
Error message |
Status code: 500
Parameter |
Type |
Description |
---|---|---|
error_code |
String |
Error code |
error_msg |
String |
Error message |
Example Requests
POST https://{Endpoint}/v1/{project_id}/waf/policy?enterprise_project_id=0 { "name" : "demo" }
Example Responses
Status code: 200
OK
{ "id" : "38ff0cb9a10e4d5293c642bc0350fa6d", "name" : "demo", "level" : 2, "action" : { "category" : "log" }, "options" : { "webattack" : true, "common" : true, "crawler" : true, "crawler_engine" : false, "crawler_scanner" : true, "crawler_script" : false, "crawler_other" : false, "webshell" : false, "cc" : true, "custom" : true, "precise" : false, "whiteblackip" : true, "geoip" : true, "ignore" : true, "privacy" : true, "antitamper" : true, "anticrawler" : false, "antileakage" : false, "followed_action" : false, "bot_enable" : true, "modulex_enabled" : false }, "hosts" : [ ], "extend" : { }, "timestamp" : 1650529538732, "full_detection" : false, "bind_host" : [ ] }
Status Codes
Status Code |
Description |
---|---|
200 |
OK |
400 |
Request failed. |
401 |
The token does not have required permissions. |
403 |
The resource quota is insufficient. |
500 |
Internal server error. |
Error Codes
See Error Codes.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot