Viewing the Custom IPS Rule List
Function
This API is used to view the custom IPS rule list.
Calling Method
For details, see Calling APIs.
URI
GET /v1/{project_id}/ips/custom-rule
Parameter |
Mandatory |
Type |
Description |
---|---|---|---|
project_id |
Yes |
String |
Definition Project ID, which is used to specify the project that an asset belongs to. You can query the assets of a project by project ID. You can obtain the project ID from the API or console. For details, see Obtaining a Project ID. Constraints N/A Range 32-bit UUID. Default Value N/A |
Parameter |
Mandatory |
Type |
Description |
---|---|---|---|
action_type |
No |
Integer |
Definition Action. Constraints N/A Range 0: Record logs only. 1: Block sessions. 2: Block IP addresses. Default Value N/A |
affected_os |
No |
Integer |
Definition Affected OS. Constraints N/A Range 0 (any), 1 (Windows), 2 (Linux), 3 (FreeBSD), 4 (Solaris), 5 (other Unix), 6 (network devices), 7 (macOS), 8 (iOS), 9 (Android), or 10 (other) Default Value N/A |
attack_type |
No |
Integer |
Definition Attack type. Constraints N/A Range 1 (access control), 2 (vulnerability scan), 3 (email attack), 4 (vulnerability exploit), 5 (web attack), 6 (password attack), 7 (hijacking), 8 (protocol anomaly), 9 (Trojan), 10 (worm), 11 (buffer overflow), 12 (hacker tool), 13 (spyware), 14 (DDoS flood), 15 (application-layer DDoS attack), 16 (other suspicious behavior), 17 (suspicious DNS activity), 18 (phishing), 19 (spam), or 20 (other attack) Default Value N/A |
ips_name |
No |
String |
Definition IPS rule name. Constraints N/A Range N/A Default Value N/A |
ips_id |
No |
String |
Definition IPS rule ID. Constraints N/A Range N/A Default Value N/A |
protocol |
No |
Integer |
Definition Protocol type. Constraints N/A Range 1 (FTP), 2 (TELNET), 3 (SMTP), 4 (DNS_TCP), 5 (DNS_UDP), 6 (DHCP), 7 (TFTP), 8 (FINGER), 9 (HTTP), 10 (POP3), 11 (SUNRPC_TCP), 12 (SUNRPC_UDP), 13 (NNTP), 14 (MSRPC_TCP), 15 (MSRPC_UDP), 16 (NETBIOS_NAME_TCP), 17 (NETBIOS_NAME_UDP), 18 (NETBIOS_SMB), 19 (NETBIOS_DATAGRAM), 20 (IMAP4), 21 (SNMP), 22 (LDAP), 23 (MSSQL), or 24 (ORACLE) Default Value N/A |
severity |
No |
Integer |
Definition Severity. Constraints N/A Range critical, high, medium, or low Default Value N/A |
software |
No |
Integer |
Definition Affected software. Constraints N/A Range 0 (ANY), 1 (ADOBE), 2 (APACHE), 3 (APPLE), 4 (CA), 5 (CISCO), 6 (GOOGLE_CHROME), 7 (HP), 8 (IBM), 9 (IE), 10 (IIS), 11 (MC_AFEE), 12 (MEDIA_PLAYER), 13 (MICROSOFT_NET), 14 (MICROSOFT_EDGE), 15 (MICROSOFT_EXCHANGE), 16 (MICROSOFT_OFFICE), 17 (MICROSOFT_OUTLOOK), 18 (MICROSOFT_SHARE_POINT), 19 (MICROSOFT_WINDOWS), 20 (MOZILLA), 21 (MSSQL), 22 (MYSQL), 23 (NOVELL), 24 (ORACLE), 25 (SAMBA), 26 (SAMSUNG), 27 (SAP), 28 (SCADA), 29 (SQUID), 30 (SUN), 31 (SYMANTEC), 32 (TREND_MICRO), 33 (VMWARE), 34 (WORD_PRESS), or 35 (OTHERS) Default Value N/A |
fw_instance_id |
Yes |
String |
Definition Firewall ID. It is a unique ID generated after a firewall instance is created. You can obtain the firewall ID by referring to Obtaining a Firewall ID. Constraints N/A Range 32-bit UUID. Default Value N/A |
limit |
Yes |
Integer |
Definition Maximum number of records that can be returned. Constraints N/A Range 1-1024 Default Value N/A |
offset |
Yes |
Integer |
Definition Offset. The records after this offset will be queried. Constraints N/A Range 0 - 1024 Default Value N/A |
Request Parameters
None
Response Parameters
Status code: 200
Parameter |
Type |
Description |
---|---|---|
data |
CustomerIpsPageInfo object |
Parameter |
Type |
Description |
---|---|---|
limit |
Integer |
Definition Maximum number of records that can be returned. Constraints N/A Range 1-1024 Default Value N/A |
offset |
Integer |
Definition Offset. The records after this offset will be queried. Constraints N/A Range 0 - 1024 Default Value N/A |
records |
Array of CustomerIpsListVO objects |
Definition Custom IPS rule list. Range N/A |
total |
Integer |
Definition Number of custom IPS rules. Range N/A |
Parameter |
Type |
Description |
---|---|---|
action |
Integer |
Definition Action. Range 0 (log only) or 1 (reset/block) |
affected_os |
Integer |
Definition Affected OS. Range 0 (any), 1 (Windows), 2 (Linux), 3 (FreeBSD), 4 (Solaris), 5 (other Unix), 6 (network devices), 7 (macOS), 8 (iOS), 9 (Android), or 10 (other) |
attack_type |
Integer |
Definition Attack type. Constraints N/A Range 1 (access control), 2 (vulnerability scan), 3 (email attack), 4 (vulnerability exploit), 5 (web attack), 6 (password attack), 7 (hijacking), 8 (protocol anomaly), 9 (Trojan), 10 (worm), 11 (buffer overflow), 12 (hacker tool), 13 (spyware), 14 (DDoS flood), 15 (application-layer DDoS attack), 16 (other suspicious behavior), 17 (suspicious DNS activity), 18 (phishing), 19 (spam), or 20 (other attack) Default Value N/A |
config_status |
Integer |
Definition Rule status. Range 0 (initialized), 1 (configuring), 2 (configuration succeeded), or 3 (configuration failed) |
content |
String |
Definition Content that matches an IPS attack. Range N/A |
dst_port_type |
Integer |
Definition Port type. Range -1 (any), 0 (include), or 1 (exclude) |
dst_ports |
String |
Definition Port. Range 1 - 65535 |
ips_cfw_id |
String |
Definition ID of a custom IPS rule in CFW. Constraints N/A Range 32-bit UUID. Default Value N/A |
ips_id |
String |
Definition IPS rule ID. Range N/A |
ips_name |
String |
Definition IPS rule name. Range N/A |
protocol |
Integer |
Definition Protocol type. Range 1** (FTP), 2 (TELNET), 3 (SMTP), 4 (DNS_TCP), 5 (DNS_UDP), 6 (DHCP), 7 (TFTP), 8 (FINGER), 9 (HTTP), 10 (POP3), 11 (SUNRPC_TCP), 12 (SUNRPC_UDP), 13 (NNTP), 14 (MSRPC_TCP), 15 (MSRPC_UDP), 16 (NETBIOS_NAME_TCP), 17 (NETBIOS_NAME_UDP), 18 (NETBIOS_SMB), 19 (NETBIOS_DATAGRAM), 20 (IMAP4), 21 (SNMP), 22 (LDAP), 23 (MSSQL), or 24 (ORACLE) |
severity |
Integer |
Definition Severity. Range critical, high, medium, or low |
software |
Integer |
Definition Affected software. Range 0 (ANY), 1 (ADOBE), 2 (APACHE), 3 (APPLE), 4 (CA), 5 (CISCO), 6 (GOOGLE_CHROME), 7 (HP), 8 (IBM), 9 (IE), 10 (IIS), 11 (MC_AFEE), 12 (MEDIA_PLAYER), 13 (MICROSOFT_NET), 14 (MICROSOFT_EDGE), 15 (MICROSOFT_EXCHANGE), 16 (MICROSOFT_OFFICE), 17 (MICROSOFT_OUTLOOK), 18 (MICROSOFT_SHARE_POINT), 19 (MICROSOFT_WINDOWS), 20 (MOZILLA), 21 (MSSQL), 22 (MYSQL), 23 (NOVELL), 24 (ORACLE), 25 (SAMBA), 26 (SAMSUNG), 27 (SAP), 28 (SCADA), 29 (SQUID), 30 (SUN), 31 (SYMANTEC), 32 (TREND_MICRO), 33 (VMWARE), 34 (WORD_PRESS), or 35 (OTHERS) |
src_port_type |
Integer |
Definition Port type. The value can be -1 (Any), 0 (include), or 1 (exclude). Range N/A |
src_ports |
String |
Definition Port. Range N/A |
Status code: 400
Parameter |
Type |
Description |
---|---|---|
error_code |
String |
Definition Error code. Range N/A |
error_msg |
String |
Definition Error message. Range N/A |
Example Requests
Query the custom IPS rule list of the firewall whose project ID is eb7accd78ea845078275b2ad5280a109 and firewall ID is 8a996d43-75bd-48b4-b1b8-de0706b72b8f. The offset is 0, and the maximum number of returned records is 10.
https://{Endpoint}/v1/eb7accd78ea845078275b2ad5280a109/ips/custom-rule?fw_instance_id=8a996d43-75bd-48b4-b1b8-de0706b72b8f&offset=0&limit=10
Example Responses
Status code: 200
OK
{ "data" : { "limit" : 1000, "offset" : 0, "records" : [ { "action" : 0, "affected_os" : 1, "attack_type" : 1, "config_status" : 2, "content" : "content:\"test\";distance:0;within:65535;nocase;", "dst_port_type" : 1, "dst_ports" : "2", "ips_cfw_id" : "3d42ef53-9b44-4d8c-b83e-b1cce27bd543", "ips_id" : "350000", "ips_name" : "Custom IPS.", "protocol" : 9, "severity" : 0, "software" : 1, "src_port_type" : 0, "src_ports" : "1" } ], "total" : 1 } }
Status code: 400
Bad Request
{ "error_code" : "CFW.00200003", "error_msg" : "Parameter error." }
SDK Sample Code
The SDK sample code is as follows.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 |
package com.huaweicloud.sdk.test; import com.huaweicloud.sdk.core.auth.ICredential; import com.huaweicloud.sdk.core.auth.BasicCredentials; import com.huaweicloud.sdk.core.exception.ConnectionException; import com.huaweicloud.sdk.core.exception.RequestTimeoutException; import com.huaweicloud.sdk.core.exception.ServiceResponseException; import com.huaweicloud.sdk.cfw.v1.region.CfwRegion; import com.huaweicloud.sdk.cfw.v1.*; import com.huaweicloud.sdk.cfw.v1.model.*; public class ListCustomerIpsSolution { public static void main(String[] args) { // The AK and SK used for authentication are hard-coded or stored in plaintext, which has great security risks. It is recommended that the AK and SK be stored in ciphertext in configuration files or environment variables and decrypted during use to ensure security. // In this example, AK and SK are stored in environment variables for authentication. Before running this example, set environment variables CLOUD_SDK_AK and CLOUD_SDK_SK in the local environment String ak = System.getenv("CLOUD_SDK_AK"); String sk = System.getenv("CLOUD_SDK_SK"); String projectId = "{project_id}"; ICredential auth = new BasicCredentials() .withProjectId(projectId) .withAk(ak) .withSk(sk); CfwClient client = CfwClient.newBuilder() .withCredential(auth) .withRegion(CfwRegion.valueOf("<YOUR REGION>")) .build(); ListCustomerIpsRequest request = new ListCustomerIpsRequest(); try { ListCustomerIpsResponse response = client.listCustomerIps(request); System.out.println(response.toString()); } catch (ConnectionException e) { e.printStackTrace(); } catch (RequestTimeoutException e) { e.printStackTrace(); } catch (ServiceResponseException e) { e.printStackTrace(); System.out.println(e.getHttpStatusCode()); System.out.println(e.getRequestId()); System.out.println(e.getErrorCode()); System.out.println(e.getErrorMsg()); } } } |
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 |
# coding: utf-8 import os from huaweicloudsdkcore.auth.credentials import BasicCredentials from huaweicloudsdkcfw.v1.region.cfw_region import CfwRegion from huaweicloudsdkcore.exceptions import exceptions from huaweicloudsdkcfw.v1 import * if __name__ == "__main__": # The AK and SK used for authentication are hard-coded or stored in plaintext, which has great security risks. It is recommended that the AK and SK be stored in ciphertext in configuration files or environment variables and decrypted during use to ensure security. # In this example, AK and SK are stored in environment variables for authentication. Before running this example, set environment variables CLOUD_SDK_AK and CLOUD_SDK_SK in the local environment ak = os.environ["CLOUD_SDK_AK"] sk = os.environ["CLOUD_SDK_SK"] projectId = "{project_id}" credentials = BasicCredentials(ak, sk, projectId) client = CfwClient.new_builder() \ .with_credentials(credentials) \ .with_region(CfwRegion.value_of("<YOUR REGION>")) \ .build() try: request = ListCustomerIpsRequest() response = client.list_customer_ips(request) print(response) except exceptions.ClientRequestException as e: print(e.status_code) print(e.request_id) print(e.error_code) print(e.error_msg) |
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 |
package main import ( "fmt" "github.com/huaweicloud/huaweicloud-sdk-go-v3/core/auth/basic" cfw "github.com/huaweicloud/huaweicloud-sdk-go-v3/services/cfw/v1" "github.com/huaweicloud/huaweicloud-sdk-go-v3/services/cfw/v1/model" region "github.com/huaweicloud/huaweicloud-sdk-go-v3/services/cfw/v1/region" ) func main() { // The AK and SK used for authentication are hard-coded or stored in plaintext, which has great security risks. It is recommended that the AK and SK be stored in ciphertext in configuration files or environment variables and decrypted during use to ensure security. // In this example, AK and SK are stored in environment variables for authentication. Before running this example, set environment variables CLOUD_SDK_AK and CLOUD_SDK_SK in the local environment ak := os.Getenv("CLOUD_SDK_AK") sk := os.Getenv("CLOUD_SDK_SK") projectId := "{project_id}" auth := basic.NewCredentialsBuilder(). WithAk(ak). WithSk(sk). WithProjectId(projectId). Build() client := cfw.NewCfwClient( cfw.CfwClientBuilder(). WithRegion(region.ValueOf("<YOUR REGION>")). WithCredential(auth). Build()) request := &model.ListCustomerIpsRequest{} response, err := client.ListCustomerIps(request) if err == nil { fmt.Printf("%+v\n", response) } else { fmt.Println(err) } } |
For SDK sample code of more programming languages, see the Sample Code tab in API Explorer. SDK sample code can be automatically generated.
Status Codes
Status Code |
Description |
---|---|
200 |
OK |
400 |
Bad Request |
Error Codes
See Error Codes.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot