Web Application Firewall (WAF)
The Organizations service provides Service Control Policies (SCPs) to set access control policies.
SCPs do not actually grant any permissions to a principal. They only set the permissions boundary for the principal. When SCPs are attached to a member account or an organizational unit (OU), they do not directly grant permissions to that member account or OU. Instead, the SCPs just determine what permissions are available for that member account or the member accounts under that OU.
This section describes the elements used by IAM custom identity policies and Organizations SCPs. The elements include actions, resources, and conditions.
For details about how to use these elements to create a custom SCP, see Creating an SCP.
Actions
Actions are specific operations that are allowed or denied in an SCP.
- The Access Level column describes how the action is classified (List, Read, or Write). This classification helps you understand the level of access that an action grants when you use it in an SCP.
- The Resource Type column indicates whether the action supports resource-level permissions.
- You can use a wildcard (*) to indicate all resource types. If this column is empty (-), the action does not support resource-level permissions, and you must specify all resources ("*") in your SCP statements.
- If this column includes a resource type, you must specify the URN in the Resource element of your statements.
- Required resources are marked with asterisks (*) in the table. If you specify a resource in a statement using this action, then it must be of this type.
For details about the resource types defined by Web Application Firewall (WAF), see Resources.
- The Condition Key column contains keys that you can specify in the Condition element of an SCP statement.
- If the Resource Type column has values for an action, the condition key takes effect only for the listed resource types.
- If the Resource Type column is empty (-) for an action, the condition key takes effect for all resources that action supports.
- If the Condition Key column is empty (-) for an action, the action does not support any condition keys.
For details about the condition keys for Web Application Firewall (WAF), see Condition.
The following table lists the actions that you can define in SCP statements for WAF.
Action |
Description |
Access Level |
Resource Type (*: Required) |
Condition Key |
---|---|---|---|---|
waf:host:list |
Grants the permission to query the protected domain name list. |
list |
host * |
- |
- |
g:EnterpriseProjectId |
|||
waf:host:create |
Grants the permission to create a protected domain name. |
write |
host * |
- |
policy |
- |
|||
certificate |
- |
|||
- |
g:EnterpriseProjectId |
|||
waf:host:get |
Grants the permission to query a specific protected domain name. |
read |
host * |
g:EnterpriseProjectId |
waf:host:put |
Grants the permission to update a specific protected domain name. |
write |
host * |
g:EnterpriseProjectId |
certificate |
- |
|||
waf:host:delete |
Grants the permission to delete a specific protected domain name. |
write |
host * |
g:EnterpriseProjectId |
waf:sourceIp:get |
Grants the permission to query back-to-source IP addresses. |
read |
- |
- |
waf:policy:list |
Grants the permission to query the protection policy list. |
list |
policy * |
- |
- |
g:EnterpriseProjectId |
|||
waf:policy:create |
Grants the permission to create protection policies. |
write |
policy * |
- |
- |
g:EnterpriseProjectId |
|||
waf:policy:get |
Grants the permission to query a protection policy. |
read |
policy * |
g:EnterpriseProjectId |
waf:policy:put |
Grants the permission to update protection policies. |
write |
policy * |
g:EnterpriseProjectId |
host |
- |
|||
waf:policy:delete |
Grants the permission to delete protection policies. |
write |
policy * |
g:EnterpriseProjectId |
waf:ccRule:list |
Grants the permission to query the CC attack protection rule list. |
list |
policy * |
- |
- |
g:EnterpriseProjectId |
|||
waf:ccRule:create |
Grants the permission to create a CC attack protection rule. |
write |
policy * |
- |
- |
g:EnterpriseProjectId |
|||
waf:ccRule:get |
Grants the permission to query a CC attack protection rule. |
read |
policy * |
g:EnterpriseProjectId |
waf:ccRule:put |
Grants the permission to upgrade a CC attack protection rule. |
write |
policy * |
g:EnterpriseProjectId |
waf:ccRule:delete |
Grants the permission to delete a CC attack protection rule. |
write |
policy * |
g:EnterpriseProjectId |
waf:preciseProtectionRule:list |
Grants the permission to query the list of precise protection rules. |
list |
policy * |
- |
- |
g:EnterpriseProjectId |
|||
waf:preciseProtectionRule:create |
Grants the permission to create a precise protection rule. |
write |
policy * |
- |
- |
g:EnterpriseProjectId |
|||
waf:preciseProtectionRule:get |
Grants the permission to query a precise protection rule. |
read |
policy * |
g:EnterpriseProjectId |
waf:preciseProtectionRule:put |
Grants the permission to update a precise protection rule. |
write |
policy * |
g:EnterpriseProjectId |
waf:preciseProtectionRule:delete |
Grants the permission to delete a precise protection rule. |
write |
policy * |
g:EnterpriseProjectId |
waf:whiteBlackIpRule:list |
Grants the permission to query the list of blacklist and whitelist rules. |
list |
policy * |
- |
- |
g:EnterpriseProjectId |
|||
waf:whiteBlackIpRule:create |
Grants the permission to create an IP address blacklist or whitelist. |
write |
policy * |
- |
- |
g:EnterpriseProjectId |
|||
waf:whiteBlackIpRule:get |
Grants the permission to query a blacklist or whitelist rule. |
read |
policy * |
g:EnterpriseProjectId |
waf:whiteBlackIpRule:put |
Grants the permission to update a blacklist or whitelist rule. |
write |
policy * |
g:EnterpriseProjectId |
waf:whiteBlackIpRule:delete |
Grants the permission to delete a blacklist or whitelist rule. |
write |
policy * |
g:EnterpriseProjectId |
waf:privacyRule:list |
Grants the permission to query the list of data masking rules. |
list |
policy * |
- |
- |
g:EnterpriseProjectId |
|||
waf:privacyRule:create |
Grants the permission to create a data masking rule. |
write |
policy * |
- |
- |
g:EnterpriseProjectId |
|||
waf:privacyRule:get |
Grants the permission to query a data masking rule. |
read |
policy * |
g:EnterpriseProjectId |
waf:privacyRule:put |
Grants the permission to update a data masking rule. |
write |
policy * |
g:EnterpriseProjectId |
waf:privacyRule:delete |
Grants the permission to delete a data masking rule. |
write |
policy * |
g:EnterpriseProjectId |
waf:falseAlarmMaskRule:list |
Grants the permission to query the list of false alarm masking rules. |
list |
policy * |
- |
- |
g:EnterpriseProjectId |
|||
waf:falseAlarmMaskRule:create |
Grants the permission to create a false alarm masking rule. |
write |
policy * |
- |
- |
g:EnterpriseProjectId |
|||
waf:falseAlarmMaskRule:get |
Grants the permission to query a false alarm masking rule. |
read |
policy * |
g:EnterpriseProjectId |
waf:falseAlarmMaskRule:put |
Grants the permission to update a false alarm masking rule. |
write |
policy * |
g:EnterpriseProjectId |
waf:falseAlarmMaskRule:delete |
Grants the permission to delete a false alarm masking rule. |
write |
policy * |
g:EnterpriseProjectId |
waf:geoIpRule:list |
Grants the permission to query the list of geolocation access control rules. |
list |
policy * |
- |
- |
g:EnterpriseProjectId |
|||
waf:geoIpRule:create |
Grants the permission to create a geolocation access control rule. |
write |
policy * |
- |
- |
g:EnterpriseProjectId |
|||
waf:geoIpRule:get |
Grants the permission to query a geolocation access control rule. |
read |
policy * |
g:EnterpriseProjectId |
waf:geoIpRule:put |
Grants the permission to update a geolocation access control rule. |
write |
policy * |
g:EnterpriseProjectId |
waf:geoIpRule:delete |
Grants the permission to delete a geolocation access control rule. |
write |
policy * |
g:EnterpriseProjectId |
waf:antiTamperRule:list |
Grants the permission to query the list of web tamper protection rules. |
list |
policy * |
- |
- |
g:EnterpriseProjectId |
|||
waf:antiTamperRule:create |
Grants the permission to create a web tamper protection rule. |
write |
policy * |
- |
- |
g:EnterpriseProjectId |
|||
waf:antiTamperRule:get |
Grants the permission to query a web tamper protection rule. |
read |
policy * |
g:EnterpriseProjectId |
waf:antiTamperRule:put |
Grants the permission to update a web tamper protection rule. |
write |
policy * |
g:EnterpriseProjectId |
waf:antiTamperRule:delete |
Grants the permission to delete a web tamper protection rule. |
write |
policy * |
g:EnterpriseProjectId |
waf:antiLeakageRule:list |
Grants the permission to query the list of information leakage prevention rules. |
list |
policy * |
- |
- |
g:EnterpriseProjectId |
|||
waf:antiLeakageRule:create |
Grants the permission to create an information leakage prevention rule. |
write |
policy * |
- |
- |
g:EnterpriseProjectId |
|||
waf:antiLeakageRule:get |
Grants the permission to query an information leakage prevention rule. |
read |
policy * |
g:EnterpriseProjectId |
waf:antiLeakageRule:put |
Grants the permission to update an information leakage prevention rule. |
write |
policy * |
g:EnterpriseProjectId |
waf:antiLeakageRule:delete |
Grants the permission to delete an information leakage prevention rule. |
write |
policy * |
g:EnterpriseProjectId |
waf:anticrawlerRule:list |
Grants the permission to query the list of anti-crawler rules. |
list |
policy * |
- |
- |
g:EnterpriseProjectId |
|||
waf:anticrawlerRule:create |
Grants the permission to create an anti-crawler rule. |
write |
policy * |
- |
- |
g:EnterpriseProjectId |
|||
waf:anticrawlerRule:get |
Grants the permission to query an anti-crawler rule. |
read |
policy * |
g:EnterpriseProjectId |
waf:anticrawlerRule:put |
Grants the permission to update an anti-crawler rule. |
write |
policy * |
g:EnterpriseProjectId |
waf:anticrawlerRule:delete |
Grants the permission to delete an anti-crawler rule. |
write |
policy * |
g:EnterpriseProjectId |
waf:punishmentRule:list |
Grants the permission to query the list of known attack source rules. |
list |
policy * |
- |
- |
g:EnterpriseProjectId |
|||
waf:punishmentRule:create |
Grants the permission to create a known attack source rule. |
write |
policy * |
- |
- |
g:EnterpriseProjectId |
|||
waf:punishmentRule:get |
Grants the permission to query a known attack source rule. |
read |
policy * |
g:EnterpriseProjectId |
waf:punishmentRule:put |
Grants the permission to update a known attack source rule. |
write |
policy * |
g:EnterpriseProjectId |
waf:punishmentRule:delete |
Grants the permission to delete a known attack source rule. |
write |
policy * |
g:EnterpriseProjectId |
waf:valueList:list |
Grants the permission to query the list of reference tables. |
list |
- |
g:EnterpriseProjectId |
waf:valueList:create |
Grants the permission to create a reference table. |
write |
- |
g:EnterpriseProjectId |
waf:valueList:get |
Grants the permission to query a reference table. |
read |
- |
g:EnterpriseProjectId |
waf:valueList:put |
Grants the permission to update a reference table. |
write |
- |
g:EnterpriseProjectId |
waf:valueList:delete |
Grants the permission to delete a reference table. |
write |
- |
g:EnterpriseProjectId |
waf:ipgroup:list |
Grants permission to query IP address groups. |
list |
- |
g:EnterpriseProjectId |
waf:ipgroup:create |
Grants permission to create an IP address group. |
write |
- |
g:EnterpriseProjectId |
waf:ipgroup:get |
Grants the permission to query an IP address group. |
read |
- |
g:EnterpriseProjectId |
waf:ipgroup:put |
Grants permission to modify an IP address group. |
write |
- |
g:EnterpriseProjectId |
waf:ipgroup:delete |
Grants permission to delete an IP address group. |
write |
- |
g:EnterpriseProjectId |
waf:certificate:list |
Grants the permission to query the certificate list. |
list |
certificate * |
- |
- |
g:EnterpriseProjectId |
|||
waf:certificate:create |
Grants permission to add a certificate. |
write |
certificate * |
- |
- |
g:EnterpriseProjectId |
|||
waf:certificate:get |
Grants the permission to query a certificate. |
read |
certificate * |
g:EnterpriseProjectId |
waf:certificate:put |
Grants the permission to modify a certificate in WAF. |
write |
certificate * |
g:EnterpriseProjectId |
waf:certificate:delete |
Delete a certificate. |
write |
certificate * |
g:EnterpriseProjectId |
waf:certificate:apply |
Grants the permission to apply a certificate to a domain name. |
write |
certificate * |
g:EnterpriseProjectId |
host * |
- |
|||
waf:premiumInstance:list |
Grants the permission to query the dedicated engine instance list. |
list |
premiumInstance * |
- |
- |
g:EnterpriseProjectId |
|||
waf:premiumInstance:create |
Grants the permission to create a dedicated engine instance. |
write |
premiumInstance * |
- |
- |
|
|||
waf:premiumInstance:get |
Grants the permission to query a dedicated engine instance. |
read |
premiumInstance * |
|
waf:premiumInstance:put |
Grants the permission to update a dedicated engine instance. |
write |
premiumInstance * |
|
waf:premiumInstance:delete |
Grants the permission to delete a dedicated engine instance. |
write |
premiumInstance * |
|
waf:event:get |
Grants the permission to query protection events. |
read |
- |
g:EnterpriseProjectId |
waf:ltsConfig:get |
Grants the permission to query the configuration of the interconnection with LTS. |
list |
- |
g:EnterpriseProjectId |
waf:ltsConfig:put |
Grants the permission to update the configuration of the interconnection with LTS. |
write |
- |
g:EnterpriseProjectId |
waf:postpaid:create |
Grants the permission to enable the pay-per-use billing mode. |
write |
- |
g:EnterpriseProjectId |
waf:postpaid:delete |
Grants the permission to disable pay-per-use billing. |
write |
- |
g:EnterpriseProjectId |
waf:prepaid:create |
Grants the permission to create a yearly/monthly order. |
write |
- |
|
waf:subscription:get |
Grants the permission to query subscriptions to the cloud mode. |
read |
- |
- |
waf:alert:get |
Grants the permission to query alarm notification configurations. |
list |
- |
- |
waf:alert:put |
Grants the permission to update alarm notification configurations. |
write |
- |
- |
waf:consoleConfig:get |
Grants the permission to query the console configurations. |
read |
- |
- |
A WAF API usually has one or more actions. Table 2 lists the supported actions and dependencies.
API |
Action |
Dependencies |
---|---|---|
POST /v1/{project_id}/waf/instance |
waf:host:create |
- |
DELETE /v1/{project_id}/waf/instance/{instance_id} |
waf:host:delete |
- |
GET /v1/{project_id}/waf/instance |
waf:host:list |
- |
GET /v1/{project_id}/waf/instance/{instance_id}/route |
waf:host:get |
- |
GET /v1/{project_id}/waf/instance/{instance_id} |
waf:host:get |
- |
PATCH /v1/{project_id}/waf/instance/{instance_id} |
waf:host:put |
- |
PUT /v1/{project_id}/waf/instance/{instance_id}/protect-status |
waf:host:put |
- |
POST /v1/{project_id}/premium-waf/host |
waf:host:create |
- |
DELETE /v1/{project_id}/premium-waf/host/{host_id} |
waf:host:delete |
- |
GET /v1/{project_id}/premium-waf/host |
waf:host:list |
- |
GET /v1/{project_id}/premium-waf/host/{host_id} |
waf:host:get |
- |
PUT /v1/{project_id}/premium-waf/host/{host_id} |
waf:host:put |
- |
PUT /v1/{project_id}/premium-waf/host/{host_id}/protect-status |
waf:host:put |
- |
POST /v1/{project_id}/waf/policy |
waf:policy:create |
- |
DELETE /v1/{project_id}/waf/policy/{policy_id} |
waf:policy:delete |
- |
GET /v1/{project_id}/waf/policy |
waf:policy:list |
- |
GET /v1/{project_id}/waf/policy/{policy_id} |
waf:policy:get |
- |
PATCH /v1/{project_id}/waf/policy/{policy_id} |
waf:policy:put |
- |
PUT /v1/{project_id}/waf/policy/{policy_id} |
waf:policy:put |
- |
POST /v1/{project_id}/waf/policy/{policy_id}/cc |
waf:ccRule:create |
- |
POST /v1/{project_id}/waf/policy/{policy_id}/custom |
waf:preciseProtectionRule:create |
- |
POST /v1/{project_id}/waf/policy/{policy_id}/antitamper |
waf:antiTamperRule:create |
- |
POST /v1/{project_id}/waf/policy/{policy_id}/antitamper/{rule_id}/refresh |
waf:antiTamperRule:create |
- |
POST /v1/{project_id}/waf/policy/{policy_id}/antileakage |
waf:antiLeakageRule:create |
- |
POST /v1/{project_id}/waf/policy/{policy_id}/anticrawler |
waf:anticrawlerRule:create |
- |
POST /v1/{project_id}/waf/policy/{policy_id}/punishment |
waf:punishmentRule:create |
- |
POST /v1/{project_id}/waf/policy/{policy_id}/geoip |
waf:geoIpRule:create |
- |
POST /v1/{project_id}/waf/policy/{policy_id}/ignore |
waf:falseAlarmMaskRule:create |
- |
POST /v1/{project_id}/waf/policy/{policy_id}/privacy |
waf:privacyRule:create |
- |
POST /v1/{project_id}/waf/valuelist |
waf:valueList:create |
- |
POST /v1/{project_id}/waf/policy/{policy_id}/whiteblackip |
waf:whiteBlackIpRule:create |
- |
DELETE /v1/{project_id}/waf/policy/{policy_id}/cc/{rule_id} |
waf:ccRule:delete |
- |
DELETE /v1/{project_id}/waf/policy/{policy_id}/custom/{rule_id} |
waf:preciseProtectionRule:delete |
- |
DELETE /v1/{project_id}/waf/policy/{policy_id}/antitamper/{rule_id} |
waf:antiTamperRule:delete |
- |
DELETE /v1/{project_id}/waf/policy/{policy_id}/antileakage/{rule_id} |
waf:antiLeakageRule:delete |
- |
DELETE /v1/{project_id}/waf/policy/{policy_id}/anticrawler/{rule_id} |
waf:anticrawlerRule:delete |
- |
DELETE /v1/{project_id}/waf/policy/{policy_id}/punishment/{rule_id} |
waf:punishmentRule:delete |
- |
DELETE /v1/{project_id}/waf/policy/{policy_id}/geoip/{rule_id} |
waf:geoIpRule:delete |
- |
DELETE /v1/{project_id}/waf/policy/{policy_id}/ignore/{rule_id} |
waf:falseAlarmMaskRule:delete |
- |
DELETE /v1/{project_id}/waf/policy/{policy_id}/privacy/{rule_id} |
waf:privacyRule:delete |
- |
DELETE /v1/{project_id}/waf/valuelist/{valuelistid} |
waf:valueList:delete |
- |
DELETE /v1/{project_id}/waf/policy/{policy_id}/whiteblackip/{rule_id} |
waf:whiteBlackIpRule:delete |
- |
GET /v1/{project_id}/waf/policy/{policy_id}/custom |
waf:preciseProtectionRule:list |
- |
GET /v1/{project_id}/waf/policy/{policy_id}/cc |
waf:ccRule:list |
- |
GET /v1/{project_id}/waf/policy/{policy_id}/antitamper |
waf:antiTamperRule:list |
- |
GET /v1/{project_id}/waf/policy/{policy_id}/antileakage |
waf:antiLeakageRule:list |
- |
GET /v1/{project_id}/waf/policy/{policy_id}/anticrawler |
waf:anticrawlerRule:list |
- |
GET /v1/{project_id}/waf/policy/{policy_id}/punishment |
waf:punishmentRule:list |
- |
GET /v1/{project_id}/waf/policy/{policy_id}/geoip |
waf:geoIpRule:list |
- |
GET /v1/{project_id}/waf/policy/{policy_id}/ignore |
waf:falseAlarmMaskRule:list |
- |
GET /v1/{project_id}/waf/policy/{policy_id}/privacy |
waf:privacyRule:list |
- |
GET /v1/{project_id}/waf/valuelist |
waf:valueList:list |
- |
GET /v1/{project_id}/waf/policy/{policy_id}/whiteblackip |
waf:whiteBlackIpRule:list |
- |
PUT /v1/{project_id}/waf/policy/{policy_id}/cc/{rule_id} |
waf:ccRule:put |
- |
PUT /v1/{project_id}/waf/policy/{policy_id}/custom/{rule_id} |
waf:preciseProtectionRule:put |
- |
PUT /v1/{project_id}/waf/policy/{policy_id}/geoip/{rule_id} |
waf:geoIpRule:put |
- |
- |
waf:antiTamperRule:put |
- |
PUT /v1/{project_id}/waf/policy/{policy_id}/antileakage/{rule_id} |
waf:antiLeakageRule:put |
- |
PUT /v1/{project_id}/waf/policy/{policy_id}/anticrawler/{rule_id} |
waf:anticrawlerRule:put |
- |
PUT /v1/{project_id}/waf/policy/{policy_id}/anticrawler |
waf:anticrawlerRule:put |
- |
PUT /v1/{project_id}/waf/policy/{policy_id}/punishment/{rule_id} |
waf:punishmentRule:put |
- |
PUT /v1/{project_id}/waf/policy/{policy_id}/{ruletype}/{rule_id}/status |
waf:whiteBlackIpRule:put |
- |
PUT /v1/{project_id}/waf/policy/{policy_id}/privacy/{rule_id} |
waf:privacyRule:put |
- |
PUT /v1/{project_id}/waf/valuelist/{valuelistid} |
waf:valueList:put |
- |
PUT /v1/{project_id}/waf/policy/{policy_id}/whiteblackip/{rule_id} |
waf:whiteBlackIpRule:put |
- |
PUT /v1/{project_id}/waf/policy/{policy_id}/ignore/{rule_id} |
waf:falseAlarmMaskRule:put |
- |
GET /v1/{project_id}/waf/policy/{policy_id}/cc/{rule_id} |
waf:ccRule:get |
- |
GET /v1/{project_id}/waf/policy/{policy_id}/custom/{rule_id} |
waf:preciseProtectionRule:get |
- |
GET /v1/{project_id}/waf/policy/{policy_id}/whiteblackip/{rule_id} |
waf:whiteBlackIpRule:get |
- |
GET /v1/{project_id}/waf/policy/{policy_id}/privacy/{rule_id} |
waf:privacyRule:get |
- |
GET /v1/{project_id}/waf/policy/{policy_id}/ignore/{rule_id} |
waf:falseAlarmMaskRule:get |
- |
GET /v1/{project_id}/waf/policy/{policy_id}/geoip/{rule_id} |
waf:geoIpRule:get |
- |
GET /v1/{project_id}/waf/policy/{policy_id}/antitamper/{rule_id} |
waf:antiTamperRule:get |
- |
GET /v1/{project_id}/waf/policy/{policy_id}/antileakage/{rule_id} |
waf:antiLeakageRule:get |
- |
GET /v1/{project_id}/waf/policy/{policy_id}/anticrawler/{rule_id} |
waf:anticrawlerRule:get |
- |
GET /v1/{project_id}/waf/policy/{policy_id}/punishment/{rule_id} |
waf:punishmentRule:get |
- |
GET /v1/{project_id}/waf/valuelist/{valuelistid} |
waf:valueList:get |
- |
POST /v1/{project_id}/waf/ip-groups |
waf:ipgroup:create |
- |
DELETE /v1/{project_id}/waf/ip-group/{id} |
waf:ipgroup:delete |
- |
GET /v1/{project_id}/waf/ip-groups |
waf:ipgroup:list |
- |
GET /v1/{project_id}/waf/ip-group/{id} |
waf:ipgroup:get |
- |
PUT /v1/{project_id}/waf/ip-group/{id} |
waf:ipgroup:put |
- |
POST /v1/{project_id}/waf/certificate/{certificate_id}/apply-to-hosts |
waf:certificate:apply |
- |
POST /v1/{project_id}/waf/certificate |
waf:certificate:create |
- |
DELETE /v1/{project_id}/waf/certificate/{certificate_id} |
waf:certificate:delete |
- |
GET /v1/{project_id}/waf/certificate |
waf:certificate:list |
- |
GET /v1/{project_id}/waf/certificate/{certificate_id} |
waf:certificate:get |
- |
PUT /v1/{project_id}/waf/certificate/{certificate_id} |
waf:certificate:put |
- |
GET /v1/{project_id}/waf/event |
waf:event:get |
- |
GET /v1/{project_id}/waf/event/{eventid} |
waf:event:get |
- |
GET /v1/{project_id}/waf/overviews/bandwidth/timeline |
waf:event:get |
- |
GET /v1/{project_id}/waf/overviews/classification |
waf:event:get |
- |
GET /v1/{project_id}/waf/overviews/qps/timeline |
waf:event:get |
- |
GET /v1/{project_id}/waf/overviews/request/timeline |
waf:event:get |
- |
GET /v1/{project_id}/waf/overviews/statistics |
waf:event:get |
- |
GET /v1/{project_id}/waf/overviews/abnormal |
waf:event:get |
- |
GET /v1/{project_id}/waf/config/console |
waf:consoleConfig:get |
- |
POST /v1/{project_id}/premium-waf/instance |
waf:premiumInstance:create |
- |
DELETE /v1/{project_id}/premium-waf/instance/{instance_id} |
waf:premiumInstance:delete |
- |
GET /v1/{project_id}/premium-waf/instance |
waf:premiumInstance:list |
- |
PUT /v1/{project_id}/premium-waf/instance/{instance_id} |
waf:premiumInstance:put |
- |
GET /v1/{project_id}/premium-waf/instance/{instance_id} |
waf:premiumInstance:get |
- |
GET /v1/{project_id}/waf/config/lts |
waf:ltsConfig:get |
- |
PUT /v1/{project_id}/waf/config/lts/{ltsconfig_id} |
waf:ltsConfig:put |
- |
POST /v1/{project_id}/waf/subscription/batchalter/prepaid-cloud-waf |
waf:prepaid:create |
- |
POST /v1/{project_id}/waf/subscription/purchase/prepaid-cloud-waf |
waf:prepaid:create |
- |
GET /v1/{project_id}/waf/subscription |
waf:subscription:get |
- |
POST /v1/{project_id}/waf/postpaid |
waf:postpaid:create |
- |
DELETE /v1/{project_id}/waf/postpaid |
waf:postpaid:delete |
- |
GET /v2/{project_id}/waf/alerts |
waf:alert:get |
- |
PUT /v2/{project_id}/waf/alert/{alert_id} |
waf:alert:put |
- |
GET /v1/{project_id}/waf/config/source-ip |
waf:sourceIp:get |
- |
POST /v1/{project_id}/composite-waf/hosts/migration |
waf:host:create |
- |
GET /v1/{project_id}/composite-waf/host |
waf:host:list |
- |
GET /v1/{project_id}/composite-waf/host/{host_id} |
waf:host:get |
- |
Resources
A resource type indicates the resources that an SCP policy applies to. If you specify a resource type for any action in Table 3, the resource URN must be specified in the SCP statements using that action, and the SCP applies only to resources of this type. If no resource type is specified, the Resource element is marked with an asterisk (*) and the SCP applies to all resources. You can also set condition keys in an SCP to define resource types.
WAF defines the following resource types that can be used in the Resource element of a custom SCP.
Condition
WAF does not support service-level condition keys in an SCP. WAF can use global condition keys applicable to all services. For details, see Global Condition Keys.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot