Help Center/ Edge Security/ API Reference/ API/ HTTP Protection Rule Management - Precise Protection/ This API is used to update a precise protection rule.

Updated on 2024-11-18 GMT+08:00

View PDF

This API is used to update a precise protection rule.

Function

This API is used to update a precise protection rule.

URI

PUT /v1/edgesec/configuration/http/policies/{policy_id}/access-control-rule/{rule_id}

**Table 1** Path Parameters
Parameter	Mandatory	Type	Description
policy_id	Yes	String	Policy ID.
rule_id	Yes	String	Protection rule ID.

Request Parameters

**Table 2** Request header parameters
Parameter	Mandatory	Type	Description
X-Auth-Token	Yes	String	auth token

**Table 3** Request body parameters
Parameter	Mandatory	Type	Description
name	Yes	String	Rule name.
description	No	String	Rule description, which contains a maximum of 512 characters.
status	No	Integer	Rule enabling status
time	Yes	Boolean	Whether to set the effective time
start	No	Long	Effective time
terminal	No	Long	Expiration time
priority	Yes	Integer	Priority
conditions	Yes	Array of HttpAccessControlRuleCondition objects	Hit condition
action	Yes	HttpRuleAction object	Action of the protection rule.

**Table 4** HttpAccessControlRuleCondition
Parameter	Mandatory	Type	Description
category	No	String	Field type. The options are url, custom_asn, custom_geoip, robot, user-agent, ip, params, cookie, referer, header, method, request_line, request, response_code, response_length, response_time, response_header and response_body.
index	No	String	Subfield: If the field type is url, custom_asn, custom_geoip, robot, user-agent, referer, request_line, method, request, response_code, response_length, response_time or response_body, the index parameter does not need to be passed in. If the field type is params, cookie, header, or response_header and the subfield is customized, the index field is a customized subfield.
contents	No	Array of strings	Content list
logic_operation	No	String	Processing logic
value_list_id	No	String	ID of the reference table
size	No	Long	This field is used if the protection rule involves a threshold.
check_all_indexes_logic	No	Integer	All subfields/2. Any subfield

**Table 5** HttpRuleAction
Parameter	Mandatory	Type	Description
category	Yes	String	Operation type, block: block. pass: allow. log: Only log detected attacks.
followed_action_id	No	String	Attack punishment rule ID. This parameter is available only when category is set to block.
detail	No	HttpRuleActionDetail object	Action of the protection rule.

**Table 6** HttpRuleActionDetail
Parameter	Mandatory	Type	Description
redirect_url	No	String	URL to which the page is redirected.
response	No	HttpRuleActionResponse object	Return page of the protection rule

**Table 7** HttpRuleActionResponse
Parameter	Mandatory	Type	Description
content_type	No	String	Content type.
content	No	String	Content

Response Parameters

Status code: 200

**Table 8** Response body parameters
Parameter	Type	Description
id	String	Rule ID.
name	String	Rule name.
policy_id	String	ID of the policy to which the rule belongs.
policy_name	String	Name of the policy to which the rule belongs.
timestamp	Long	Time when a rule is created
description	String	Rule description.
status	Integer	Rule enabling status
time	Boolean	Whether to set the effective time
start	Long	Effective time
terminal	Long	Expiration time
priority	Integer	Priority
conditions	Array of HttpAccessControlRuleCondition objects	Hit condition.
action	HttpRuleAction object	Action of the protection rule.
producer	Integer	Source

**Table 9** HttpAccessControlRuleCondition
Parameter	Type	Description
category	String	Field type. The options are url, custom_asn, custom_geoip, robot, user-agent, ip, params, cookie, referer, header, method, request_line, request, response_code, response_length, response_time, response_header and response_body.
index	String	Subfield: If the field type is url, custom_asn, custom_geoip, robot, user-agent, referer, request_line, method, request, response_code, response_length, response_time or response_body, the index parameter does not need to be passed in. If the field type is params, cookie, header, or response_header and the subfield is customized, the index field is a customized subfield.
contents	Array of strings	Content list
logic_operation	String	Processing logic
value_list_id	String	ID of the reference table
size	Long	This field is used if the protection rule involves a threshold.
check_all_indexes_logic	Integer	All subfields/2. Any subfield

**Table 10** HttpRuleAction
Parameter	Type	Description
category	String	Operation type, block: block. pass: allow. log: Only log detected attacks.
followed_action_id	String	Attack punishment rule ID. This parameter is available only when category is set to block.
detail	HttpRuleActionDetail object	Action of the protection rule.

**Table 11** HttpRuleActionDetail
Parameter	Type	Description
redirect_url	String	URL to which the page is redirected.
response	HttpRuleActionResponse object	Return page of the protection rule

**Table 12** HttpRuleActionResponse
Parameter	Type	Description
content_type	String	Content type.
content	String	Content

Status code: 400

**Table 13** Response body parameters
Parameter	Type	Description
error_code	String	Standard error code: service name.8-digit code
error_msg	String	Detailed error information.
encoded_authorization_message	String	If the service is integrated with IAM5.0, an IAM response must be returned when access is denied.

Status code: 401

**Table 14** Response body parameters
Parameter	Type	Description
error_code	String	Standard error code: service name.8-digit code
error_msg	String	Detailed error information.
encoded_authorization_message	String	If the service is integrated with IAM5.0, an IAM response must be returned when access is denied.

Status code: 500

**Table 15** Response body parameters
Parameter	Type	Description
error_code	String	Standard error code: service name.8-digit code
error_msg	String	Detailed error information.
encoded_authorization_message	String	If the service is integrated with IAM5.0, an IAM response must be returned when access is denied.

Example Requests

None

Example Responses

None

Status Codes

Status Code	Description
200	Request successful.
400	Request failed.
401	The token does not have required permissions.
500	Internal server error.

Error Codes

See Error Codes.

Parent topic: HTTP Protection Rule Management - Precise Protection

Previous topic: This API is used to query a precise protection rule.

Next topic: This API is used to delete a precise protection rule.

Feedback

Was this page helpful?

Helpful Not helpful

Provide feedback

Thank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.

The system is busy. Please try again later.

Which of the following issues have you encountered?

Content is inconsistent with the product UI

Unclear descriptions

Lack of examples or code

Incorrect steps

Can't find what I need

Lack of best practices

Feedback (optional)

0/500

Select at least one type of issue, and enter your comments or suggestions.

Enter a maximum of 500 characters.

Submit Cancel

For any further questions, feel free to contact us through the chatbot.