This API is used to enable web tamper protection for servers in batches.
Function
Enabling Web Tamper Protection for Servers in Batches
Calling Method
For details, see Calling APIs.
URI
POST /v5/{project_id}/webtamper/protection/batch-open
|
Parameter |
Mandatory |
Type |
Description |
|---|---|---|---|
|
project_id |
Yes |
String |
Definition Project ID, which is used to specify the project that an asset belongs to. After the project ID is configured, you can query assets in the project using the project ID. For details about how to obtain it, see Obtaining a Project ID. Constraints N/A Range The value can contain 1 to 256 characters. Default Value N/A |
|
Parameter |
Mandatory |
Type |
Description |
|---|---|---|---|
|
enterprise_project_id |
No |
String |
Definition Enterprise project ID, which is used to filter assets in different enterprise projects. For details, see Obtaining an Enterprise Project ID. To query assets in all enterprise projects, set this parameter to all_granted_eps. Constraints You need to set this parameter only after the enterprise project function is enabled. Range The value can contain 1 to 256 characters. Default Value 0: default enterprise project. |
Request Parameters
|
Parameter |
Mandatory |
Type |
Description |
|---|---|---|---|
|
X-Auth-Token |
Yes |
String |
Definition User token, which contains user identity and permissions. The token can be used for identity authentication when an API is called. For details about how to obtain the token, see Obtaining a User Token. Constraints N/A Range The value can contain 1 to 32,768 characters. Default Value N/A |
|
Parameter |
Mandatory |
Type |
Description |
|---|---|---|---|
|
host_id_list |
Yes |
Array of strings |
Definition ID list of servers where protection is to be enabled. You can only enter the IDs of the servers where web tamper protection has not been enabled. If web tamper protection has been enabled for a server, you can call the UpdateWebTamperHostPolicy API to modify its policy. Constraints You can only enter the IDs of the servers where web tamper protection has not been enabled. Linux and Windows servers cannot be specified together. Enable protection for them in different batches. Range 1 to 20,000 items Default Value N/A |
|
charging_mode |
No |
String |
Definition Billing mode. Constraints N/A Range
Default Value on_demand |
|
resource_id |
No |
String |
Definition Resource ID, that is, the WTP quota ID. This parameter can be specified when charging_mode is set to packet_cycle. You can also leave this parameter blank, indicating that a quota is randomly selected. Constraints N/A Range Length: 0 to 64 characters Default Value N/A |
|
tags |
No |
Array of TagInfo objects |
Definition Resource tag list. This parameter can be specified only if the billing mode is pay-per-use. Constraints This parameter can be specified only if the billing mode is pay-per-use. Range 0 to 2,097,152 items Default Value N/A |
|
protect_dir_info |
Yes |
Protected directory information. |
|
|
enable_timing_off |
No |
Boolean |
Definition Scheduled protection switch status. Constraints N/A Range
Default Value False |
|
timing_off_config_info |
No |
Details of the scheduled switch configuration. |
|
|
enable_rasp_protect |
No |
Boolean |
Definition Whether to enable dynamic web tamper protection. This parameter is supported only for Linux servers. Constraints Dynamic web tamper protection can be enabled only for Linux servers. This parameter cannot be set for Windows servers. Range
Default Value False |
|
rasp_path |
No |
String |
Definition Tomcat bin directory of dynamic WTP. This parameter is supported only for Linux servers. Constraints The Tomcat bin directory of dynamic WTP can be configured only for Linux servers. This parameter cannot be set for Windows servers. Range Length: 1 to 256 characters. The value must start with a slash (/) and cannot end with a slash (/). Only letters, numbers, underscores (_), hyphens (-), and periods (.) are allowed. Default Value N/A |
|
enable_privileged_process |
No |
Boolean |
Definition Privileged process status. Constraints N/A Range
Default Value False |
|
privileged_process_info |
No |
Privileged process configuration details. |
|
Parameter |
Mandatory |
Type |
Description |
|---|---|---|---|
|
key |
No |
String |
Definition Key. Range Each tag key can contain a maximum of 128 Unicode characters. The key cannot be left blank. |
|
value |
No |
String |
Definition Value. Range Each tag value can contain a maximum of 255 Unicode characters. |
|
Parameter |
Mandatory |
Type |
Description |
|---|---|---|---|
|
protect_dir_list |
Yes |
Array of WebTamperProtectHostDirRequestInfo objects |
Definition List of protected directories. Constraints N/A Range 1 to 50 items Default Value N/A |
|
exclude_file_type |
No |
String |
Definition Excluded file types. Constraints N/A Range The file type can contain only letters and numbers. A maximum of 10 file types can be added. Each file type can contain a maximum of 10 characters. Multiple file types are separated by semicolons (;). Default Value N/A |
|
protect_mode |
No |
String |
Definition Protection mode. Only Linux servers support the alarm mode. Windows servers only support the interception mode. Constraints N/A Range
Default Value recovery |
|
Parameter |
Mandatory |
Type |
Description |
|---|---|---|---|
|
protect_dir |
Yes |
String |
Definition Protected directory. Constraints N/A Range Length: 1 to 256 characters For Linux servers, the value must start with a slash (/) and cannot end with a slash (/). Only letters, numbers, underscores (_), hyphens (-), and periods (.) are allowed. For Windows servers, the directory name cannot start with a space or end with a backslash (), and cannot contain the following special characters: ;/*?"<>| Default Value N/A |
|
exclude_child_dir |
No |
String |
Definition Excluded subdirectory. Constraints N/A Range A subdirectory must be a relative path under the protected directory. A subdirectory can be up to 256 characters long. Up to 10 subdirectories are allowed. Use semicolons (;) to separate them. A subdirectory name on a Linux server cannot start or end with a slash (/). A subdirectory name on a Windows server cannot start or end with a backslash (). Default Value N/A |
|
exclude_file_path |
No |
String |
Definition Excluded file path. Constraints An excluded file path can only be set for Linux servers. Range An excluded file path must be a relative path under the protected directory. It can be up to 256 characters long, and cannot start or end with a slash (/). Up to 50 paths are allowed. Use semicolons (;) to separate them. Default Value N/A |
|
local_backup_dir |
No |
String |
Definition A local backup path is required for Linux servers. Constraints A local backup path can only be set for Linux servers. Range A local backup path cannot contain semicolons (;), start with a space, or end with a slash (/). Up to 256 characters are allowed. Default Value N/A |
|
Parameter |
Mandatory |
Type |
Description |
|---|---|---|---|
|
week_off_list |
No |
Array of integers |
Definition List of automatic protection periods. Constraints N/A Range 1 to 7 items Default Value N/A |
|
timing_range_list |
No |
Array of TimingRangeConfigRequestInfo objects |
Definition Automatic unprotection period. Constraints N/A Range 1 to 5 items Default Value N/A |
|
Parameter |
Mandatory |
Type |
Description |
|---|---|---|---|
|
time_range |
No |
String |
Definition Time range during which protection is automatically disabled. The start time and end time are separated by a hyphen (-), for example, 15:00-15:30. Constraints A time range must be at least 5 minutes. Time ranges (except for those starting at 00:00 or ending at 23:59) cannot overlap and must have at least a 5-minute interval. Range Length: 0 to 20 characters Default Value N/A |
|
description |
No |
String |
Definition Description of the automatic unprotection period. Constraints N/A Range Length**: 0 to 20 characters Default Value N/A |
|
Parameter |
Mandatory |
Type |
Description |
|---|---|---|---|
|
privileged_process_path_list |
No |
Array of strings |
Definition List of privileged process file paths. Constraints N/A Range 0 to 10 items Default Value N/A |
|
privileged_child_status |
No |
Boolean |
Definition Trustworthy status of a privileged process and its subprocesses. Constraints N/A Range
Default Value False |
Response Parameters
Status code: 200
Request succeeded.
None
Example Requests
Enable web tamper protection for servers in batches.
PUT https://{endpoint}/v5/{project_id}/webtamper/protection/batch-open
{
"host_id_list" : [ "f8b8c960-0057-4c32-9ece-567a3641ff25" ],
"resource_id" : "",
"charging_mode" : "packet_cycle",
"protect_dir_info" : {
"protect_dir_list" : [ {
"local_backup_dir" : "/root/test2",
"protect_dir" : "/root/test1"
}, {
"exclude_child_dir" : "pro",
"exclude_file_path" : "path",
"local_backup_dir" : "/root/test4",
"protect_dir" : "/root/test3"
} ],
"exclude_file_type" : "log;pid;text",
"protect_mode" : "recovery"
},
"enable_timing_off" : true,
"enable_privileged_process" : true,
"enable_rasp_protect" : true,
"timing_off_config_info" : {
"week_off_list" : [ 5, 7 ],
"timing_range_list" : [ {
"time_range" : "02:00-04:00",
"description" : "close"
}, {
"time_range" : "12:05-14:00"
} ]
},
"privileged_process_info" : {
"privileged_process_path_list" : [ "/usr/bin/echo" ],
"privileged_child_status" : true
},
"rasp_path" : "/usr/bin/tomcat/bin"
}
Example Responses
None
SDK Sample Code
The SDK sample code is as follows.
Enable web tamper protection for servers in batches.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 |
package com.huaweicloud.sdk.test; import com.huaweicloud.sdk.core.auth.ICredential; import com.huaweicloud.sdk.core.auth.BasicCredentials; import com.huaweicloud.sdk.core.exception.ConnectionException; import com.huaweicloud.sdk.core.exception.RequestTimeoutException; import com.huaweicloud.sdk.core.exception.ServiceResponseException; import com.huaweicloud.sdk.hss.v5.region.HssRegion; import com.huaweicloud.sdk.hss.v5.*; import com.huaweicloud.sdk.hss.v5.model.*; import java.util.List; import java.util.ArrayList; public class BatchStartWebTamperProtectionSolution { public static void main(String[] args) { // The AK and SK used for authentication are hard-coded or stored in plaintext, which has great security risks. It is recommended that the AK and SK be stored in ciphertext in configuration files or environment variables and decrypted during use to ensure security. // In this example, AK and SK are stored in environment variables for authentication. Before running this example, set environment variables CLOUD_SDK_AK and CLOUD_SDK_SK in the local environment String ak = System.getenv("CLOUD_SDK_AK"); String sk = System.getenv("CLOUD_SDK_SK"); String projectId = "{project_id}"; ICredential auth = new BasicCredentials() .withProjectId(projectId) .withAk(ak) .withSk(sk); HssClient client = HssClient.newBuilder() .withCredential(auth) .withRegion(HssRegion.valueOf("<YOUR REGION>")) .build(); BatchStartWebTamperProtectionRequest request = new BatchStartWebTamperProtectionRequest(); BatchStartWebTamperProtectionRequestInfo body = new BatchStartWebTamperProtectionRequestInfo(); List<String> listPrivilegedProcessInfoPrivilegedProcessPathList = new ArrayList<>(); listPrivilegedProcessInfoPrivilegedProcessPathList.add("/usr/bin/echo"); WebTamperPrivilegedProcessRequestInfo privilegedProcessInfobody = new WebTamperPrivilegedProcessRequestInfo(); privilegedProcessInfobody.withPrivilegedProcessPathList(listPrivilegedProcessInfoPrivilegedProcessPathList) .withPrivilegedChildStatus(true); List<TimingRangeConfigRequestInfo> listTimingOffConfigInfoTimingRangeList = new ArrayList<>(); listTimingOffConfigInfoTimingRangeList.add( new TimingRangeConfigRequestInfo() .withTimeRange("02:00-04:00") .withDescription("close") ); listTimingOffConfigInfoTimingRangeList.add( new TimingRangeConfigRequestInfo() .withTimeRange("12:05-14:00") ); List<Integer> listTimingOffConfigInfoWeekOffList = new ArrayList<>(); listTimingOffConfigInfoWeekOffList.add(5); listTimingOffConfigInfoWeekOffList.add(7); WebTamperTimingOffConfigInfoRequestInfo timingOffConfigInfobody = new WebTamperTimingOffConfigInfoRequestInfo(); timingOffConfigInfobody.withWeekOffList(listTimingOffConfigInfoWeekOffList) .withTimingRangeList(listTimingOffConfigInfoTimingRangeList); List<WebTamperProtectHostDirRequestInfo> listProtectDirInfoProtectDirList = new ArrayList<>(); listProtectDirInfoProtectDirList.add( new WebTamperProtectHostDirRequestInfo() .withProtectDir("/root/test1") .withLocalBackupDir("/root/test2") ); listProtectDirInfoProtectDirList.add( new WebTamperProtectHostDirRequestInfo() .withProtectDir("/root/test3") .withExcludeChildDir("pro") .withExcludeFilePath("path") .withLocalBackupDir("/root/test4") ); WebTamperProtectDirRequestInfo protectDirInfobody = new WebTamperProtectDirRequestInfo(); protectDirInfobody.withProtectDirList(listProtectDirInfoProtectDirList) .withExcludeFileType("log;pid;text") .withProtectMode("recovery"); List<String> listbodyHostIdList = new ArrayList<>(); listbodyHostIdList.add("f8b8c960-0057-4c32-9ece-567a3641ff25"); body.withPrivilegedProcessInfo(privilegedProcessInfobody); body.withEnablePrivilegedProcess(true); body.withRaspPath("/usr/bin/tomcat/bin"); body.withEnableRaspProtect(true); body.withTimingOffConfigInfo(timingOffConfigInfobody); body.withEnableTimingOff(true); body.withProtectDirInfo(protectDirInfobody); body.withResourceId(""); body.withChargingMode("packet_cycle"); body.withHostIdList(listbodyHostIdList); request.withBody(body); try { BatchStartWebTamperProtectionResponse response = client.batchStartWebTamperProtection(request); System.out.println(response.toString()); } catch (ConnectionException e) { e.printStackTrace(); } catch (RequestTimeoutException e) { e.printStackTrace(); } catch (ServiceResponseException e) { e.printStackTrace(); System.out.println(e.getHttpStatusCode()); System.out.println(e.getRequestId()); System.out.println(e.getErrorCode()); System.out.println(e.getErrorMsg()); } } } |
Enable web tamper protection for servers in batches.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 |
# coding: utf-8 import os from huaweicloudsdkcore.auth.credentials import BasicCredentials from huaweicloudsdkhss.v5.region.hss_region import HssRegion from huaweicloudsdkcore.exceptions import exceptions from huaweicloudsdkhss.v5 import * if __name__ == "__main__": # The AK and SK used for authentication are hard-coded or stored in plaintext, which has great security risks. It is recommended that the AK and SK be stored in ciphertext in configuration files or environment variables and decrypted during use to ensure security. # In this example, AK and SK are stored in environment variables for authentication. Before running this example, set environment variables CLOUD_SDK_AK and CLOUD_SDK_SK in the local environment ak = os.environ["CLOUD_SDK_AK"] sk = os.environ["CLOUD_SDK_SK"] projectId = "{project_id}" credentials = BasicCredentials(ak, sk, projectId) client = HssClient.new_builder() \ .with_credentials(credentials) \ .with_region(HssRegion.value_of("<YOUR REGION>")) \ .build() try: request = BatchStartWebTamperProtectionRequest() listPrivilegedProcessPathListPrivilegedProcessInfo = [ "/usr/bin/echo" ] privilegedProcessInfobody = WebTamperPrivilegedProcessRequestInfo( privileged_process_path_list=listPrivilegedProcessPathListPrivilegedProcessInfo, privileged_child_status=True ) listTimingRangeListTimingOffConfigInfo = [ TimingRangeConfigRequestInfo( time_range="02:00-04:00", description="close" ), TimingRangeConfigRequestInfo( time_range="12:05-14:00" ) ] listWeekOffListTimingOffConfigInfo = [ 5, 7 ] timingOffConfigInfobody = WebTamperTimingOffConfigInfoRequestInfo( week_off_list=listWeekOffListTimingOffConfigInfo, timing_range_list=listTimingRangeListTimingOffConfigInfo ) listProtectDirListProtectDirInfo = [ WebTamperProtectHostDirRequestInfo( protect_dir="/root/test1", local_backup_dir="/root/test2" ), WebTamperProtectHostDirRequestInfo( protect_dir="/root/test3", exclude_child_dir="pro", exclude_file_path="path", local_backup_dir="/root/test4" ) ] protectDirInfobody = WebTamperProtectDirRequestInfo( protect_dir_list=listProtectDirListProtectDirInfo, exclude_file_type="log;pid;text", protect_mode="recovery" ) listHostIdListbody = [ "f8b8c960-0057-4c32-9ece-567a3641ff25" ] request.body = BatchStartWebTamperProtectionRequestInfo( privileged_process_info=privilegedProcessInfobody, enable_privileged_process=True, rasp_path="/usr/bin/tomcat/bin", enable_rasp_protect=True, timing_off_config_info=timingOffConfigInfobody, enable_timing_off=True, protect_dir_info=protectDirInfobody, resource_id="", charging_mode="packet_cycle", host_id_list=listHostIdListbody ) response = client.batch_start_web_tamper_protection(request) print(response) except exceptions.ClientRequestException as e: print(e.status_code) print(e.request_id) print(e.error_code) print(e.error_msg) |
Enable web tamper protection for servers in batches.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 |
package main import ( "fmt" "github.com/huaweicloud/huaweicloud-sdk-go-v3/core/auth/basic" hss "github.com/huaweicloud/huaweicloud-sdk-go-v3/services/hss/v5" "github.com/huaweicloud/huaweicloud-sdk-go-v3/services/hss/v5/model" region "github.com/huaweicloud/huaweicloud-sdk-go-v3/services/hss/v5/region" ) func main() { // The AK and SK used for authentication are hard-coded or stored in plaintext, which has great security risks. It is recommended that the AK and SK be stored in ciphertext in configuration files or environment variables and decrypted during use to ensure security. // In this example, AK and SK are stored in environment variables for authentication. Before running this example, set environment variables CLOUD_SDK_AK and CLOUD_SDK_SK in the local environment ak := os.Getenv("CLOUD_SDK_AK") sk := os.Getenv("CLOUD_SDK_SK") projectId := "{project_id}" auth := basic.NewCredentialsBuilder(). WithAk(ak). WithSk(sk). WithProjectId(projectId). Build() client := hss.NewHssClient( hss.HssClientBuilder(). WithRegion(region.ValueOf("<YOUR REGION>")). WithCredential(auth). Build()) request := &model.BatchStartWebTamperProtectionRequest{} var listPrivilegedProcessPathListPrivilegedProcessInfo = []string{ "/usr/bin/echo", } privilegedChildStatusPrivilegedProcessInfo:= true privilegedProcessInfobody := &model.WebTamperPrivilegedProcessRequestInfo{ PrivilegedProcessPathList: &listPrivilegedProcessPathListPrivilegedProcessInfo, PrivilegedChildStatus: &privilegedChildStatusPrivilegedProcessInfo, } timeRangeTimingRangeList:= "02:00-04:00" descriptionTimingRangeList:= "close" timeRangeTimingRangeList1:= "12:05-14:00" var listTimingRangeListTimingOffConfigInfo = []model.TimingRangeConfigRequestInfo{ { TimeRange: &timeRangeTimingRangeList, Description: &descriptionTimingRangeList, }, { TimeRange: &timeRangeTimingRangeList1, }, } var listWeekOffListTimingOffConfigInfo = []int32{ int32(5), int32(7), } timingOffConfigInfobody := &model.WebTamperTimingOffConfigInfoRequestInfo{ WeekOffList: &listWeekOffListTimingOffConfigInfo, TimingRangeList: &listTimingRangeListTimingOffConfigInfo, } localBackupDirProtectDirList:= "/root/test2" excludeChildDirProtectDirList:= "pro" excludeFilePathProtectDirList:= "path" localBackupDirProtectDirList1:= "/root/test4" var listProtectDirListProtectDirInfo = []model.WebTamperProtectHostDirRequestInfo{ { ProtectDir: "/root/test1", LocalBackupDir: &localBackupDirProtectDirList, }, { ProtectDir: "/root/test3", ExcludeChildDir: &excludeChildDirProtectDirList, ExcludeFilePath: &excludeFilePathProtectDirList, LocalBackupDir: &localBackupDirProtectDirList1, }, } excludeFileTypeProtectDirInfo:= "log;pid;text" protectModeProtectDirInfo:= "recovery" protectDirInfobody := &model.WebTamperProtectDirRequestInfo{ ProtectDirList: listProtectDirListProtectDirInfo, ExcludeFileType: &excludeFileTypeProtectDirInfo, ProtectMode: &protectModeProtectDirInfo, } var listHostIdListbody = []string{ "f8b8c960-0057-4c32-9ece-567a3641ff25", } enablePrivilegedProcessBatchStartWebTamperProtectionRequestInfo:= true raspPathBatchStartWebTamperProtectionRequestInfo:= "/usr/bin/tomcat/bin" enableRaspProtectBatchStartWebTamperProtectionRequestInfo:= true enableTimingOffBatchStartWebTamperProtectionRequestInfo:= true resourceIdBatchStartWebTamperProtectionRequestInfo:= "" chargingModeBatchStartWebTamperProtectionRequestInfo:= "packet_cycle" request.Body = &model.BatchStartWebTamperProtectionRequestInfo{ PrivilegedProcessInfo: privilegedProcessInfobody, EnablePrivilegedProcess: &enablePrivilegedProcessBatchStartWebTamperProtectionRequestInfo, RaspPath: &raspPathBatchStartWebTamperProtectionRequestInfo, EnableRaspProtect: &enableRaspProtectBatchStartWebTamperProtectionRequestInfo, TimingOffConfigInfo: timingOffConfigInfobody, EnableTimingOff: &enableTimingOffBatchStartWebTamperProtectionRequestInfo, ProtectDirInfo: protectDirInfobody, ResourceId: &resourceIdBatchStartWebTamperProtectionRequestInfo, ChargingMode: &chargingModeBatchStartWebTamperProtectionRequestInfo, HostIdList: listHostIdListbody, } response, err := client.BatchStartWebTamperProtection(request) if err == nil { fmt.Printf("%+v\n", response) } else { fmt.Println(err) } } |
For SDK sample code of more programming languages, see the Sample Code tab in API Explorer. SDK sample code can be automatically generated.
Status Codes
|
Status Code |
Description |
|---|---|
|
200 |
Request succeeded. |
Error Codes
See Error Codes.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot
