Updated on 2022-08-09 GMT+08:00

Creating a Protection Policy

Function

This API is used to create a protection policy.

URI

POST /v1/{project_id}/waf/policy

Table 1 Path parameters

Parameter

Mandatory

Type

Description

project_id

Yes

String

Project ID

Request Parameters

Table 2 Request header parameters

Parameter

Mandatory

Type

Description

X-Auth-Token

Yes

String

User token. It can be obtained by calling the IAM API (value of X-Subject-Token in the response header).

Content-Type

Yes

String

Content type

Default: application/json;charset=utf8

Table 3 Request body parameters

Parameter

Mandatory

Type

Description

name

Yes

String

Policy name. A policy name can contain only digits, letters, and underscores (_), and contains a maximum of 64 characters.

Response Parameters

Status code: 200

Table 4 Response body parameters

Parameter

Type

Description

id

String

Policy ID

name

String

Policy name

level

Integer

Protection level

action

PolicyAction object

Operation

options

PolicyOption object

Option

full_detection

Boolean

Detection mode in a precise protection rule

hosts

Array of strings

ID of the protected website.

bind_host

Array of BindHost objects

Information about the protected website

timestamp

Long

Time the policy was created

extend

Object

Extended field

Table 5 PolicyAction

Parameter

Type

Description

category

String

Protection level. The options are log and block.

Table 6 PolicyOption

Parameter

Type

Description

webattack

Boolean

Whether basic web protection is enabled

common

Boolean

Whether general check is enabled

crawler

Boolean

Whether anti-crawler is enabled

crawler_engine

Boolean

Whether the search engine check is enabled

crawler_scanner

Boolean

Whether anti-crawler is enabled

crawler_script

Boolean

Whether JavaScript-based anti-crawler is enabled

crawler_other

Boolean

Whether the other check item of anti-crawler is enabled

webshell

Boolean

Whether web shell check is enabled

cc

Boolean

Whether the CC attack protection is enabled

custom

Boolean

Whether precise protection is enabled

whiteblackip

Boolean

Whether blacklist and whitelist protection is enabled

ignore

Boolean

Whether false alarm masking is enabled

privacy

Boolean

Whether data masking is enabled

antitamper

Boolean

Whether web tamper protection is enabled

Table 7 BindHost

Parameter

Type

Description

id

String

Domain name ID

hostname

String

Domain name

waf_type

String

WAF edition for the domain name. The options are cloud and premium.

mode

String

(Dedicated mode only) Special domain name mode

Status code: 400

Table 8 Response body parameters

Parameter

Type

Description

error_code

String

Error code

error_msg

String

Error code message

Status code: 401

Table 9 Response body parameters

Parameter

Type

Description

error_code

String

Error code

error_msg

String

Error code message

Status code: 500

Table 10 Response body parameters

Parameter

Type

Description

error_code

String

Error code

error_msg

String

Error code message

Example Requests

None

Example Responses

None

Status Codes

Status Code

Description

200

OK

400

Request failed

401

Insufficient token permissions

500

Internal server error

Error Codes

See Error Codes.