Help Center/ Web Application Firewall/ API Reference/ APIs/ Managing Policies/ Querying a Policy by ID

Updated on 2026-05-12 GMT+08:00

View PDF

Querying a Policy by ID

Function

This API is used to query a policy by ID.

Calling Method

For details, see Calling APIs.

URI

GET /v1/{project_id}/waf/policy/{policy_id}

**Table 1** Path Parameters
Parameter	Mandatory	Type	Description
project_id	Yes	String	Project ID. To obtain it, log in to the Huawei Cloud console, click the username, choose My Credentials, and find the project ID in the Projects list.
policy_id	Yes	String	Protection policy ID. You can call the ListPolicy API to obtain the policy ID.

**Table 2** Query Parameters
Parameter	Mandatory	Type	Description
enterprise_project_id	No	String	Obtain the enterprise project ID by calling the ListEnterpriseProject API of Enterprise Project Management Service (EPS). To obtain the resource details in all enterprise projects of a user, set this parameter to all_granted_eps.

Request Parameters

**Table 3** Request header parameters
Parameter	Mandatory	Type	Description
X-Auth-Token	Yes	String	Definition User token. It can be obtained by calling the IAM API (value of X-Subject-Token in the response header). Constraints N/A Range N/A Default Value N/A
Content-Type	Yes	String	Content type.

Response Parameters

Status code: 200

**Table 4** Response body parameters
Parameter	Type	Description
id	String	Protection policy ID.
name	String	Protection policy name.
level	Integer	Basic web protection level. 1: low. At this level, only requests with obvious attack characteristics are blocked. If a large number of false alarms are reported, this level is recommended. 2: medium. This is the default level, which meets web protection requirements in most scenarios. 3: strict. At this level, WAF provides the finest granular protection and can intercept attacks with complex bypass features, such as Jolokia cyber attacks, common gateway interface (CGI) vulnerability detection, and Druid SQL injection attacks.
full_detection	Boolean	Detection mode in the precise protection rule. false: Instant detection. If a request matches a configured precise protection rule, WAF immediately ends threat detection and blocks the request. true: Full detection. If a request matches a configured precise protection rule, WAF does not block the request immediately. Instead, WAF continues to detect other threats and then blocks the request.
robot_action	Action object	Protective actions for each rule in anti-crawler protection.
action	PolicyAction object	Protective action
options	PolicyOption object	Whether a protection type is enabled in protection policy.
modulex_options	Map<String,Object>	Configurations of intelligent access control protection items. Currently, this feature is still in the open beta test (OBT) phase and available only in certain sites.
hosts	Array of strings	ID array of protected domain names bound to the protection policy.
bind_host	Array of BindHost objects	Array of domain names protected with the protection policy. Compared with the hosts field, this field contains more details.
extend	Map<String,String>	Extended field, which is used to store the switch configuration of basic web protection.
timestamp	Long	Time the protection policy was created.

**Table 5** Action
Parameter	Type	Description
category	String	Protective action information in feature anti-crawler. log: WAF only logs detected attacks. block: WAF blocks detected attacks.

**Table 6** PolicyAction
Parameter	Type	Description
category	String	Protective action for basic web protection (log: log only; block: block).
followed_action_id	String	ID of the known attack source rule.

**Table 7** PolicyOption
Parameter	Type	Description
webattack	Boolean	Whether basic web protection is enabled.
common	Boolean	Whether general check is enabled.
crawler	Boolean	This parameter is reserved. The value of this parameter is fixed at true. You can ignore this parameter.
crawler_engine	Boolean	Whether the search engine check is enabled.
crawler_scanner	Boolean	Whether the anti-crawler inspection is enabled.
crawler_script	Boolean	Whether the JavaScript anti-crawler is enabled.
crawler_other	Boolean	Whether other crawler check is enabled.
webshell	Boolean	Whether web shell detection is enabled.
cc	Boolean	Whether CC attack protection is enabled.
custom	Boolean	Whether precise protection is enabled.
whiteblackip	Boolean	Whether blacklist and whitelist protection is enabled
geoip	Boolean	Whether geolocation access control is enabled.
ignore	Boolean	Whether global protection whitelist protection is enabled.
privacy	Boolean	Whether data masking is enabled.
antitamper	Boolean	Whether web tamper protection is enabled.
antileakage	Boolean	Whether information leakage prevention is enabled.
bot_enable	Boolean	Whether website anti-crawler is enabled.
modulex_enabled	Boolean	Whether CC attack protection for moduleX is enabled. This feature is in the open beta test (OBT). During the OBT, only the log only mode is supported.

**Table 8** BindHost
Parameter	Type	Description
id	String	Domain name ID.
hostname	String	Domain name.
waf_type	String	Domain name mode. cloud: cloud mode. premium: dedicated mode.
mode	String	This parameter is required only in dedicated mode.

Status code: 400

**Table 9** Response body parameters
Parameter	Type	Description
error_code	String	Error code.
error_msg	String	Error message.
encoded_authorization_message	String	You can call the decode-authorization-message interface of the STS service to decode the rejection reason. For details, see the STS5 joint commissioning and self-verification. This parameter is returned only when an IAM 5 authentication error occurs.
details	Array of IAM5ErrorDetails objects	The set of error messages reported when a downstream service is invoked. This parameter is returned only when an IAM 5 authentication error occurs.

**Table 10** IAM5ErrorDetails
Parameter	Type	Description
error_code	String	Error codes of the downstream service.
error_msg	String	Error messages of the downstream service.

Status code: 401

**Table 11** Response body parameters
Parameter	Type	Description
error_code	String	Error code.
error_msg	String	Error message.
encoded_authorization_message	String	You can call the decode-authorization-message interface of the STS service to decode the rejection reason. For details, see the STS5 joint commissioning and self-verification. This parameter is returned only when an IAM 5 authentication error occurs.
details	Array of IAM5ErrorDetails objects	The set of error messages reported when a downstream service is invoked. This parameter is returned only when an IAM 5 authentication error occurs.

**Table 12** IAM5ErrorDetails
Parameter	Type	Description
error_code	String	Error codes of the downstream service.
error_msg	String	Error messages of the downstream service.

Status code: 500

**Table 13** Response body parameters
Parameter	Type	Description
error_code	String	Error code.
error_msg	String	Error message.
encoded_authorization_message	String	You can call the decode-authorization-message interface of the STS service to decode the rejection reason. For details, see the STS5 joint commissioning and self-verification. This parameter is returned only when an IAM 5 authentication error occurs.
details	Array of IAM5ErrorDetails objects	The set of error messages reported when a downstream service is invoked. This parameter is returned only when an IAM 5 authentication error occurs.

**Table 14** IAM5ErrorDetails
Parameter	Type	Description
error_code	String	Error codes of the downstream service.
error_msg	String	Error messages of the downstream service.

Example Requests

The following example shows how to query details about a protection policy in a specific project. The project is specified by project_id, and the policy is specified by policy_id.

GET https://{Endpoint}/v1/{project_id}/waf/policy/{policy_id}?enterprise_project_id=0

Example Responses

Status code: 200

{
  "id" : "38ff0cb9a10e4d5293c642bc0350fa6d",
  "name" : "demo",
  "level" : 2,
  "action" : {
    "category" : "log"
  },
  "options" : {
    "webattack" : true,
    "common" : true,
    "crawler" : true,
    "crawler_engine" : false,
    "crawler_scanner" : true,
    "crawler_script" : false,
    "crawler_other" : false,
    "webshell" : false,
    "cc" : true,
    "custom" : true,
    "whiteblackip" : true,
    "geoip" : true,
    "ignore" : true,
    "privacy" : true,
    "antitamper" : true,
    "antileakage" : false,
    "bot_enable" : true,
    "modulex_enabled" : false
  },
  "hosts" : [ ],
  "extend" : { },
  "timestamp" : 1650529538732,
  "full_detection" : false,
  "bind_host" : [ ]
}

SDK Sample Code

The SDK sample code is as follows.

     package com.huaweicloud.sdk.test;

import com.huaweicloud.sdk.core.auth.ICredential;
import com.huaweicloud.sdk.core.auth.BasicCredentials;
import com.huaweicloud.sdk.core.exception.ConnectionException;
import com.huaweicloud.sdk.core.exception.RequestTimeoutException;
import com.huaweicloud.sdk.core.exception.ServiceResponseException;
import com.huaweicloud.sdk.waf.v1.region.WafRegion;
import com.huaweicloud.sdk.waf.v1.*;
import com.huaweicloud.sdk.waf.v1.model.*;


public class ShowPolicySolution {

    public static void main(String[] args) {
        // The AK and SK used for authentication are hard-coded or stored in plaintext, which has great security risks. It is recommended that the AK and SK be stored in ciphertext in configuration files or environment variables and decrypted during use to ensure security.
        // In this example, AK and SK are stored in environment variables for authentication. Before running this example, set environment variables CLOUD_SDK_AK and CLOUD_SDK_SK in the local environment
        String ak = System.getenv("CLOUD_SDK_AK");
        String sk = System.getenv("CLOUD_SDK_SK");
        String projectId = "{project_id}";

        ICredential auth = new BasicCredentials()
                .withProjectId(projectId)
                .withAk(ak)
                .withSk(sk);

        WafClient client = WafClient.newBuilder()
                .withCredential(auth)
                .withRegion(WafRegion.valueOf("<YOUR REGION>"))
                .build();
        ShowPolicyRequest request = new ShowPolicyRequest();
        request.withPolicyId("{policy_id}");
        try {
            ShowPolicyResponse response = client.showPolicy(request);
            System.out.println(response.toString());
        } catch (ConnectionException e) {
            e.printStackTrace();
        } catch (RequestTimeoutException e) {
            e.printStackTrace();
        } catch (ServiceResponseException e) {
            e.printStackTrace();
            System.out.println(e.getHttpStatusCode());
            System.out.println(e.getRequestId());
            System.out.println(e.getErrorCode());
            System.out.println(e.getErrorMsg());
        }
    }
}
 
 
  

     # coding: utf-8

import os
from huaweicloudsdkcore.auth.credentials import BasicCredentials
from huaweicloudsdkwaf.v1.region.waf_region import WafRegion
from huaweicloudsdkcore.exceptions import exceptions
from huaweicloudsdkwaf.v1 import *

if __name__ == "__main__":
    # The AK and SK used for authentication are hard-coded or stored in plaintext, which has great security risks. It is recommended that the AK and SK be stored in ciphertext in configuration files or environment variables and decrypted during use to ensure security.
    # In this example, AK and SK are stored in environment variables for authentication. Before running this example, set environment variables CLOUD_SDK_AK and CLOUD_SDK_SK in the local environment
    ak = os.environ["CLOUD_SDK_AK"]
    sk = os.environ["CLOUD_SDK_SK"]
    projectId = "{project_id}"

    credentials = BasicCredentials(ak, sk, projectId)

    client = WafClient.new_builder() \
        .with_credentials(credentials) \
        .with_region(WafRegion.value_of("<YOUR REGION>")) \
        .build()

    try:
        request = ShowPolicyRequest()
        request.policy_id = "{policy_id}"
        response = client.show_policy(request)
        print(response)
    except exceptions.ClientRequestException as e:
        print(e.status_code)
        print(e.request_id)
        print(e.error_code)
        print(e.error_msg)
 
 
  

     package main

import (
	"fmt"
	"github.com/huaweicloud/huaweicloud-sdk-go-v3/core/auth/basic"
    waf "github.com/huaweicloud/huaweicloud-sdk-go-v3/services/waf/v1"
	"github.com/huaweicloud/huaweicloud-sdk-go-v3/services/waf/v1/model"
    region "github.com/huaweicloud/huaweicloud-sdk-go-v3/services/waf/v1/region"
)

func main() {
    // The AK and SK used for authentication are hard-coded or stored in plaintext, which has great security risks. It is recommended that the AK and SK be stored in ciphertext in configuration files or environment variables and decrypted during use to ensure security.
    // In this example, AK and SK are stored in environment variables for authentication. Before running this example, set environment variables CLOUD_SDK_AK and CLOUD_SDK_SK in the local environment
    ak := os.Getenv("CLOUD_SDK_AK")
    sk := os.Getenv("CLOUD_SDK_SK")
    projectId := "{project_id}"

    auth, err := basic.NewCredentialsBuilder().
        WithAk(ak).
        WithSk(sk).
        WithProjectId(projectId).
        SafeBuild()

    if err != nil {
        fmt.Println(err)
        return
    }

    hcClient, err := waf.WafClientBuilder().
         WithRegion(region.ValueOf("<YOUR REGION>")).
         WithCredential(auth).
         SafeBuild()


    if err != nil {
        fmt.Println(err)
        return
    }

    client := waf.NewWafClient(hcClient)

    request := &model.ShowPolicyRequest{}
	request.PolicyId = "{policy_id}"
	response, err := client.ShowPolicy(request)
	if err == nil {
        fmt.Printf("%+v\n", response)
    } else {
        fmt.Println(err)
    }
}
 
 
  

For SDK sample code of more programming languages, see the Sample Code tab in API Explorer. SDK sample code can be automatically generated.

Status Codes

Status Code	Description
200	OK
400	Request failed.
401	The token does not have required permissions.
500	Internal server error.

Error Codes

See Error Codes.

Parent Topic: Managing Policies

Previous topic: Creating a Protection Policy

Next topic: Updating the Domain Name Protection Policy

Feedback

Was this page helpful?

Helpful Not helpful

Provide feedback

Thank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.

The system is busy. Please try again later.

For any further questions, feel free to contact us through the chatbot.

Chatbot