All Products
Search
Document Center

Web Application Firewall:CreateDefenseRule

最終更新日:Nov 15, 2024

Creates a protection rule.

Debugging

You can run this interface directly in OpenAPI Explorer, saving you the trouble of calculating signatures. After running successfully, OpenAPI Explorer can automatically generate SDK code samples.

Authorization information

The following table shows the authorization information corresponding to the API. The authorization information can be used in the Action policy element to grant a RAM user or RAM role the permissions to call this API operation. Description:

  • Operation: the value that you can use in the Action element to specify the operation on a resource.
  • Access level: the access level of each operation. The levels are read, write, and list.
  • Resource type: the type of the resource on which you can authorize the RAM user or the RAM role to perform the operation. Take note of the following items:
    • The required resource types are displayed in bold characters.
    • If the permissions cannot be granted at the resource level, All Resources is used in the Resource type column of the operation.
  • Condition Key: the condition key that is defined by the cloud service.
  • Associated operation: other operations that the RAM user or the RAM role must have permissions to perform to complete the operation. To complete the operation, the RAM user or the RAM role must have the permissions to perform the associated operations.
OperationAccess levelResource typeCondition keyAssociated operation
yundun-waf:CreateDefenseRulecreate
*All Resources
*
    none
none

Request parameters

ParameterTypeRequiredDescriptionExample
InstanceIdstringYes

The ID of the Web Application Firewall (WAF) instance.

Note You can call the DescribeInstance operation to obtain the ID of the WAF instance.
waf_v2_public_cn-****
TemplateIdlongYes

The ID of the rule template for which you want to create a protection rule.

1122
DefenseScenestringYes

The module to which the protection rule that you want to create belongs.

  • waf_group: the basic protection rule module.
  • antiscan: the scan protection module.
  • ip_blacklist: the IP address blacklist module.
  • custom_acl: the custom rule module.
  • whitelist: the whitelist module.
  • region_block: the region blacklist module.
  • custom_response: the custom response module.
  • cc: the HTTP flood protection module.
  • tamperproof: the website tamper-proofing module.
  • dlp: the data leakage prevention module.
waf_group
RulesstringYes

The configurations of the protection rule. The value is a JSON string that contains multiple parameters.

Note The parameters vary based on the protection module, which is specified by DefenseScene. For more information, see the "Parameters of protection rules" section in this topic.
For more information, see the following section
ResourceManagerResourceGroupIdstringNo

The ID of the resource group.

rg-acfm***q
RegionIdstringNo

The region where the WAF instance resides. Valid values:

  • cn-hangzhou: the Chinese mainland.
  • ap-southeast-1: outside the Chinese mainland.
cn-hangzhou

Parameters of protection rules

Protection rules of the basic protection rule module (waf_group)

Parameters

ParameterTypeRequiredExampleDescription
statusIntegerYes1The status of the protection rule. When you create a protection rule, you can use this parameter. When you modify a protection rule by calling the ModifyDefenseRuleStatus operation, you must use RuleStatus. Valid values:- 0: disabled.- 1 (default): enabled.
actionStringYesblockThe action that you want WAF to perform on the matched requests. Valid values:- block: blocks requests that match the protection rule.- monitor: monitors requests that match the protection rule.
policyIdLongNo1012The ID of the protection rule group. Default value: 1012, which specifies the medium rule group.
protectionTypeStringNosemaThe type of the protection rule. Valid values:- regular (default): regular expression-based protection rules.- sema: semantic-based protection rules.
configStringNo{"nonInjectionSql":1}The custom configuration information. The value is a JSON string. For more information, see config description.

config description

  • If protectionType is set to sema, specify the following parameter.
ParameterTypeRequiredExampleDescription
nonInjectionSqlIntegerYes1The status of non-injection attack detection. Valid values:- 0: disabled.- 1 (default): enabled.

Example

{
    "DefenseScene": "waf_group",
    "TemplateId": 322,
    "InstaneId": "waf_cn****",
    "Rules": "[{\"status\":1,\"policyId\":1012,\"action\":\"block\"},{\"status\":1,\"action\":\"block\",\"protectionType\":\"sema\",\"config\":\"{\\\"nonInjectionSql\\\":1}\"}]"
}

Protection rules of the scan protection module (antiscan)

Parameters

ParameterTypeRequiredExampleDescription
protectionTypeStringYeshighfreqThe type of the protection rule. Valid values:- highfreq: high-frequency scan blocking.- dirscan: directory traversal blocking.- scantools: scanner blocking.
statusIntegerYes1The status of the protection rule. When you create a protection rule, you can use this parameter. When you modify a protection rule by calling the ModifyDefenseRuleStatus operation, you must use RuleStatus. Valid values:- 0: disabled.- 1 (default): enabled.
actionStringYesblockThe action that you want WAF to perform on the matched requests. Valid values:- block: blocks requests that match the protection rule.- monitor: monitors requests that match the protection rule.
configStringNo{"target":"remote_addr","interval":60,"ttl":180,"count":20}The custom configuration information. The value is a JSON string. For more information, see config description.

config description

  • If protectionType is set to highfreq, specify the following parameters.
ParameterTypeRequiredExampleDescription
targetStringYesremote_addrThe type of the statistical object. Valid values:- remote_addr (default): IP addresses.- cookie.acw_tc: sessions.- header: custom headers. If you use custom headers, you must specify the headers in subkey.- queryarg: custom parameters. If you use custom parameters, you must specify the parameters in subkey.- cookie: custom cookies. If you use custom cookies, you must specify the cookies in subkey.
subKeyStringNoabcThe characteristics of the statistical object. This parameter is required only if target is set to cookie, header, or queryarg.
intervalIntegerNo60The detection period. Unit: seconds. Default value: 60.Valid values: 5 to 1800.
ttlIntegerNo1800The blocking period. Unit: seconds. Default value: 1800.Valid values: 60 to 86400.
countIntegerNo20The maximum number of times that the protection rules of the basic protection rule module can be triggered. Default value: 20.Valid values: 3 to 50000.
ruleIdCountIntegerNo2The maximum number of protection rules that can be triggered. Default value: 2.Valid values: 1 to 50.
  • If protectionType is set to dirscan, specify the following parameters.
ParameterTypeRequiredExampleDescription
targetStringYesremote_addrThe type of the statistical object. Valid values:- remote_addr (default): IP addresses.- cookie.acw_tc: sessions.- header: custom headers.- queryarg: custom parameters.- cookie: custom cookies.
subKeyStringNo1The characteristics of the statistical object. This parameter is required only if target is set to header, queryarg, or cookie.
intervalIntegerNo60The detection period. Unit: seconds. Default value: 60.Valid values: 5 to 1800.
ttlIntegerNo1800The blocking period. Unit: seconds. Default value: 1800.Valid values: 60 to 86400.
countIntegerNo20The maximum number of times that the protection rules of the basic protection rule module can be triggered. Default value: 20.Valid values: 3 to 50000.
weightFloatNo2The maximum proportion of 404 status codes allowed. Default value: 0.7.Valid values: 0.01 to 1.0. The value is accurate to two decimal places.
uriNumIntegerNo2The maximum number of non-existent directories allowed. Default value: 50.Valid values: 2 to 50000.

Example

{
    "InstanceId": "waf_v2_public_****",
    "TemplateId": 2222,
    "DefenseScene": "antiscan",
    "Rules": "[{\"protectionType\":\"scantools\",\"action\":\"block\",\"status\":1},{\"protectionType\":\"dirscan\",\"status\":1,\"action\":\"block\",\"config\":\"{\\\"target\\\":\\\"remote_addr\\\",\\\"interval\\\":10,\\\"ttl\\\":1800,\\\"weight\\\":0.7,\\\"uriNum\\\":50,\\\"count\\\":50}\"},{\"protectionType\":\"highfreq\",\"status\":1,\"action\":\"block\",\"config\":\"{\\\"target\\\":\\\"remote_addr\\\",\\\"interval\\\":60,\\\"ttl\\\":1800,\\\"count\\\":20,\\\"ruleIdCount\\\":2}\"}]"
}

Protection rules of the IP address blacklist module (ip_blacklist)

Parameters

ParameterTypeRequiredExampleDescription
nameStringYesiptestThe name of the protection rule.
statusIntegerYes1The status of the protection rule. When you create a protection rule, you can use this parameter. When you modify a protection rule by calling the ModifyDefenseRuleStatus operation, you must use RuleStatus. Valid values:- 0: disabled.- 1 (default): enabled.
actionStringYesblockThe action that you want WAF to perform on the matched requests. Valid values:- block: blocks requests that match the protection rule.- monitor: monitors requests that match the protection rule.
remoteAddrArrayYes["1.1.XX.XX", "3.1.XX.XX/24"]The IP addresses that you want to add to the blacklist. The value is in the ["ip1","ip2",...] format.

Example

{
    "InstanceId": "waf_v2_public_****",
    "TemplateId": 2222,
    "DefenseScene": "ip_blacklist",
    "Rules": "[{\"name\":\"iptest1\",\"remoteAddr\":[\"1.1.1.2\",\"3.3.3.3/24\"],\"action\":\"monitor\",\"status\":1},{\"name\":\"iptest2\",\"remoteAddr\":[\"4.4.4.4\",\"5.5.5.5/32\"],\"action\":\"block\",\"status\":1}]"
}

Protection rules of the custom rule module (custom_acl)

Parameters

ParameterTypeRequiredExampleDescription
nameStringYesiptestThe name of the protection rule. You can specify a custom name.
statusIntegerYes1The status of the protection rule. When you create a protection rule, you can use this parameter. When you modify a protection rule by calling the ModifyDefenseRuleStatus operation, you must use RuleStatus. Valid values:- 0: disabled.- 1 (default): enabled.
actionStringYesblockThe action that you want WAF to perform on the matched requests. Valid values:- block: blocks requests that match the protection rule.- monitor: monitors requests that match the protection rule.- js: performs JavaScript verification on requests that match the protection rule.- captcha: performs slider CAPTCHA verification on requests that match the protection rule.- captcha_strict: performs strict CAPTCHA verification on requests that match the protection rule.Note For more information about the actions that are supported for the protection rules of the custom rule module, log on to the WAF console.
conditionsArrayYes[{"key":"IP","opValue":"eq","values":"11.XX.XX.1"},{"key":"Header","subKey":"abc","opValue":"contains","values":"test"}]The traffic characteristics of the protection rule. The value is a JSON string. You can configure up to five conditions in a protection rule. For more information, see conditions description.
ccStatusIntegerYes1Specifies whether to enable the rate limiting feature. Valid values:- 0: no.- 1: yes.
ratelimitJSONNo{"target":"remote_addr","interval":5,"threshold":2,"ttl":1800,"status":{"code":404,"count":2}}The configuration information of the rate limiting feature. The value is a JSON string. This parameter is required only if ccStatus is set to 1. For more information, see ratelimit description.
effectStringNoruleThe effective scope of the rate limiting feature. This parameter is required only if ccStatus is set to 1. Valid values:- service: The rate limiting feature takes effect for all protected objects.- rule: The rate limiting feature takes effect for the current protection rule.

conditions description

ParameterTypeRequiredExampleDescription
keyStringYesIPThe match field. Valid values: URL, URLPath, IP, Referer, User-Agent, Params, Cookie, Content-Type, Content-Length, X-Forwarded-For, Post-Body, Http-Method, and Header.
subKeyStringNoabcThe child match field.Note Not every match field (key) of a protection rule contains a child match field (subKey). For more information about the child match fields that are supported by each match field, log on to the WAF console.
opValueStringYescontainThe logical operator. Valid values:- not-contain: does not contain.- contain: contains.- none: does not exist.- ne: not equal to.- eq: equal to.- lt: value less than.- gt: value greater than.- len-lt: length less than.- len-eq: length equal to.- len-gt: length greater than.-not-match: does not match.- match-one: equal to one of multiple values.- all-not-match: not equal to any value.- all-not-contain: does not contain any value.- contain-one: contains one of multiple values.-not-regex: does not match regular expressions.- regex: matches regular expressions.- all-not-regex: does not match any regular expression.- regex-one: matches one of multiple regular expressions.- prefix-match: matches by prefix.- suffix-match: matches by suffix.- empty: empty content.- exists: exists.- inl: exists in a list.Note When you create a protection rule, the valid values of opValue vary based on the value of key. For more information about the logical operators that are supported by each match field, log on to the WAF console.
valuesStringYesabcThe match content.Note The valid values of opValue and values in a match condition vary based on the value of key.

ratelimit description

ParameterTypeRequiredExampleDescription
targetStringYesremote_addrThe type of the statistical object. Valid values:- remote_addr (default): IP addresses.- cookie.acw_tc: sessions.- header: custom headers. If you use custom headers, you must specify the headers in subkey.- queryarg: custom parameters. If you use custom parameters, you must specify the parameters in subkey.- cookie: custom cookies. If you use custom cookies, you must specify the cookies in subkey.
subKeyStringNoabcThe characteristics of the statistical object. This parameter is required only if target is set to cookie, header, or queryarg.
intervalIntegerYes60The statistical period. Unit: seconds. This parameter specifies the interval at which the number of requests is counted. If you specify this parameter, you must also specify threshold.Valid values: 5 to 1800.
thresholdIntegerYes200The maximum number of requests that can be sent from the statistical object within the statistical period.
ttlIntegerYes1800The validity period of the protection action. Unit: seconds.Valid values: 60 to 86400.
statusJSONNo{"code":404,"count":200}The frequency of an HTTP status code. The value is a JSON string that contains the following parameters:code: the HTTP status code. This parameter is required. Data type: integer.count: the maximum number of times that the HTTP status code can be returned. If the actual number is greater than the value, the protection rule is matched. This parameter is optional. Data type: integer. Valid values: 2 to 50000. You can specify count or ratio. You cannot specify the two parameters at the same time.ratio: the maximum percentage of times that the HTTP status code can be returned. If the actual percentage is greater than the value, the protection rule is matched. This parameter is optional. Data type: integer. Valid values: 1 to 100. You can specify count or ratio. You cannot specify the two parameters at the same time.

Example

{
    "InstanceId": "waf_v2_public_****",
    "TemplateId": 6242,
    "DefenseScene": "custom_acl",
    "Rules":"[{\"name\":\"acl_test\",\"action\":\"block\",\"conditions\":[{\"key\":\"URL\",\"opValue\":\"contain\",\"values\":\"abc\"}],\"ratelimit\":{\"target\":\"remote_addr\",\"interval\":5,\"threshold\":2,\"ttl\":1800,\"status\":{\"code\":404,\"count\":2}},\"ccStatus\":1,\"effect\":\"rule\",\"status\":1,\"origin\":\"custom\"}]"
}

Protection rules of the whitelist module (whitelist)

Parameters

ParameterTypeRequiredExampleDescription
nameStringYeswhitelistTestThe name of the protection rule.
statusIntegerYes1The status of the protection rule. When you create a protection rule, you can use this parameter. When you modify a protection rule by calling the ModifyDefenseRuleStatus operation, you must use RuleStatus. Valid values:- 0: disabled.- 1 (default): enabled.
conditionsArrayYes[{"key":"IP","opValue":"eq","values":"11.XX.XX.1"},{"key":"Header","subKey":"abc","opValue":"contains","values":"test"}]The traffic characteristics of the protection rule. The value is a JSON string. You can configure up to five conditions in a protection rule. For more information, see conditions description.
tagsArrayYes["waf", "regular"]The protection modules for which you want the protection rule to take effect. The value is in the ["XX1", "XX2",...] format. Valid values:- waf: all modules.- customrule: the custom rule module.- blacklist: the IP address blacklist module.- antiscan: the scan protection module.- regular: the basic protection rule module.- regular_rule: the specific regular expression-based protection rules of the basic protection rule module.- regular_type: the specific types of regular expression-based protection rules of the basic protection rule module.- major_protection: the major event protection module.- cc: the HTTP flood protection module.- region_block: the region blacklist module.- antibot_scene: the bot management module.- dlp: the data leakage prevention module.- tamperproof: the website tamper-proofing module.
regularRulesArrayNo[ "111111", "222222" ]The IDs of the regular expression-based protection rules that you want requests to bypass. The value is in the ["XX1", "XX2",...] format. This parameter is required only if tags is set to regular_rule.
regularTypesArrayNo[ "xss", "css" ]The types of the regular expression-based protection rules that you want requests to bypass. The value is in the ["XX1", "XX2",...] format. This parameter is required only if tags is set to regular_type. Valid values:- sqli: SQL injection.- xss: cross-site scripting (XSS) attack.- code_exec: code execution.- crlf: carriage return line feed (CRLF) injection.- lfilei: local file inclusion.- rfilei: remote file inclusion.- webshell: webshell.- csrf: cross-site request forgery (CSRF).- other: other.

conditions description

ParameterTypeRequiredExampleDescription
keyStringYesIPThe match field. Valid values: URL, URLPath, IP, Referer, User-Agent, Params, Cookie, Content-Type, Content-Length, X-Forwarded-For, Post-Body, Http-Method, and Header.
subKeyStringNoabcThe child match field.Note Not every match field (key) of a protection rule contains a child match field (subKey). For more information about the child match fields that are supported by each match field, log on to the WAF console.
opValueStringYescontainThe logical operator. Valid values:- not-contain: does not contain.- contain: contains.- none: does not exist.- ne: not equal to.- eq: equal to.- lt: value less than.- gt: value greater than.- len-lt: length less than.- len-eq: length equal to.- len-gt: length greater than.-not-match: does not match.- match-one: equal to one of multiple values.- all-not-match: not equal to any value.- all-not-contain: does not contain any value.- contain-one: contains one of multiple values.-not-regex: does not match regular expressions.- regex: matches regular expressions.- all-not-regex: does not match any regular expression.- regex-one: matches one of multiple regular expressions.- prefix-match: matches by prefix.- suffix-match: matches by suffix.- empty: empty content.- exists: exists.- inl: exists in a list.Note When you create a protection rule, the valid values of opValue vary based on the value of key. For more information about the logical operators that are supported by each match field, log on to the WAF console.
valuesStringYesabcThe match content.Note The valid values of opValue and values in a match condition vary based on the value of key.

Example

{
    "InstanceId": "waf_v2_public_****",
    "TemplateId": 9242,
    "DefenseScene": "whitelist",
    "Rules":"[{\"name\":\"whitelistTest\",\"tags\":[\"regular_rule\",\"customrule\"],\"status\":1,\"origin\":\"custom\",\"conditions\":[{\"key\":\"URL\",\"opValue\":\"contain\",\"values\":\"/test\"},{\"key\":\"Header\",\"opValue\":\"eq\",\"values\":\"ffff\",\"subKey\":\"abc\"}],\"regularRules\":[\"123444\",\"444444\"]}]"
}

Protection rules of the custom response module (custom_response)

Parameters

ParameterTypeRequiredExampleDescription
responseTypeStringYesresponse_blockThe type of the custom response. Set the value to response_block.
statusIntegerYes1The status of the protection rule. When you create a protection rule, you can use this parameter. When you modify a protection rule by calling the ModifyDefenseRuleStatus operation, you must use RuleStatus. Valid values:- 0: disabled.- 1 (default): enabled.
configStringYes{"responseCode":400,"responseHeaders":[{"key":"custom","value":"123"},{"key":"aaa","value":"2223"}],"responseContent":"HelloWorld"}The custom configuration information. The value is a JSON string. For more information, see config description.

config description

ParameterTypeRequiredExampleDescription
responseCodeIntegerYes400The HTTP status code.
responseHeadersArrayNo[{"key":"custom","value":"123"},{"key":"aaaa","value":"2223"}]The custom header fields in the response. The value is a JSON string. Each field is a key-value pair.
responseContentStringYeshelloworldThe response body.

Example

{
    "InstanceId": "waf_v2_public_****",
    "TemplateId": 2841,
    "DefenseScene": "custom_response",
    "Rules":"[{\"responseType\":\"response_block\",\"config\":\"{\\\"templateName\\\":\\\"aaa\\\",\\\"responseCode\\\":\\\"400\\\",\\\"responseContent\\\":\\\"helloWorld\\\",\\\"responseHeaders\\\":[{\\\"key\\\":\\\"test1\\\",\\\"value\\\":\\\"abc\\\"}]}\",\"status\":1}]"
}

Protection rules of the region blacklist module (region_block)

Parameters

ParameterTypeRequiredExampleDescription
cnRegionListStringNo610000,230000The regions in China from which you want to block requests. If you set this parameter to CN, the requests that are sent from all IP addresses in the Chinese mainland are blocked. Separate multiple regions with commas (,). For more information about region codes, see Codes of administrative regions in China.
abroadRegionListStringNoKE,KGThe regions outside China from which you want to block requests. Separate multiple regions with commas (,). For more information about region codes, see Codes of countries and regions outside China.
statusIntegerYes1The status of the protection rule. When you create a protection rule, you can use this parameter. When you modify a protection rule by calling the ModifyDefenseRuleStatus operation, you must use RuleStatus. Valid values:- 0: disabled.- 1 (default): enabled.
actionStringYesblockThe action that you want WAF to perform on the matched requests. Valid values:- block: blocks requests that match the protection rule.- monitor: monitors requests that match the protection rule.

Codes of administrative regions in China

{
    "110000": "Beijing",
    "120000": "Tianjin",
    "130000": "Hebei",
    "140000": "Shanxi",
    "150000": "Nei Mongol",
    "210000": "Liaoning",
    "220000": "Jilin",
    "230000": "Heilongjiang",
    "310000": "Shanghai",
    "320000": "Jiangsu",
    "330000": "Zhejiang",
    "340000": "Anhui",
    "350000": "Fujian",
    "360000": "Jiangxi",
    "370000": "Shandong",
    "410000": "Henan",
    "420000": "Hubei",
    "430000": "Hunan",
    "440000": "Guangdong",
    "450000": "Guangxi",
    "460000": "Hainan",
    "500000": "Chongqing",
    "510000": "Sichuan",
    "520000": "Guizhou",
    "530000": "Yunnan",
    "540000": "Xizang",
    "610000": "Shaanxi",
    "620000": "Gansu",
    "630000": "Qinghai",
    "640000": "Ningxia",
    "650000": "Xinjiang",
    "MO_01": "Macao (China)",
    "HK_01": "Hong Kong (China)",
    "TW_01": "Taiwan (China)",
    "CN": "Chinese mainland",
}

Codes of countries and regions outside China

{
  "KE": "Kenya",
  "KG": "Kyrgyzstan",
  "KH": "Cambodia",
  "KI": "Kiribati",
  "KM": "Comoros",
  "KN": "Saint Kitts and Nevis",
  "KP": "Democratic People's Republic of Korea",
  "KR": "Republic of Korea",
  "KW": "Kuwait",
  "KY": "Cayman Islands",
  "KZ": "Kazakhstan",
  "LA": "Laos",
  "LB": "Lebanon",
  "LC": "Saint Lucia",
  "LI": "Liechtenstein",
  "LK": "Sri Lanka",
  "LR": "Liberia",
  "LS": "Lesotho",
  "LT": "Lithuania",
  "LU": "Luxembourg",
  "LV": "Latvia",
  "LY": "Libya",
  "MA": "Morocco",
  "MC": "Monaco",
  "MD": "Moldova",
  "ME": "Montenegro",
  "MF": "Saint Martin",
  "MG": "Madagascar",
  "MH": "Marshall Islands",
  "MK": "Macedonia",
  "ML": "Mali",
  "MM": "Myanmar",
  "MN": "Mongolia",
  "MP": "Northern Mariana Islands",
  "MQ": "Martinique",
  "MR": "Mauritania",
  "MS": "Montserrat",
  "MT": "Malta",
  "MU": "Mauritius",
  "MV": "Maldives",
  "MW": "Malawi",
  "MX": "Mexico",
  "MY": "Malaysia",
  "MZ": "Mozambique",
  "NA": "Namibia",
  "NC": "New Caledonia",
  "NE": "Niger",
  "NF": "Norfolk Island",
  "NG": "Nigeria",
  "NI": "Nicaragua",
  "NL": "Netherlands",
  "NO": "Norway",
  "NP": "Nepal",
  "NR": "Nauru",
  "NU": "Niue",
  "NZ": "New Zealand",
  "GA": "Gabon",
  "GB": "United Kingdom",
  "WS": "Samoa",
  "GD": "Grenada",
  "GE": "Georgia",
  "GF": "French Guiana",
  "GG": "Guernsey",
  "GH": "Ghana",
  "GI": "Gibraltar",
  "GL": "Greenland",
  "GM": "Gambia",
  "GN": "Guinea",
  "GP": "Guadeloupe",
  "GQ": "Equatorial Guinea",
  "GR": "Greece",
  "GT": "Guatemala",
  "GU": "Guam",
  "GW": "Guinea-Bissau",
  "GY": "Guyana",
  "HN": "Honduras",
  "HR": "Croatia",
  "HT": "Haiti",
  "YE": "Yemen",
  "HU": "Hungary",
  "YT": "Mayotte",
  "ID": "Indonesia",
  "IE": "Ireland",
  "IL": "Israel",
  "IM": "Isle of Man",
  "IN": "India",
  "IO": "British Indian Ocean Territory",
  "ZA": "South Africa",
  "IQ": "Iraq",
  "IR": "Iran",
  "IS": "Iceland",
  "IT": "Italy",
  "ZM": "Zambia",
  "JE": "Jersey",
  "ZW": "Zimbabwe",
  "JM": "Jamaica",
  "JO": "Jordan",
  "JP": "Japan",
  "SI": "Slovenia",
  "BY": "Belarus",
  "SK": "Slovakia",
  "BZ": "Belize",
  "SL": "Sierra Leone",
  "SM": "San Marino",
  "SN": "Senegal",
  "SO": "Somalia",
  "CA": "Canada",
  "SR": "Suriname",
  "SS": "South Sudan",
  "ST": "Sao Tome and Principe",
  "CD": "Democratic Republic of the Congo",
  "CF": "Central African Republic",
  "SV": "El Salvador",
  "CG": "Republic of the Congo",
  "CH": "Switzerland",
  "SX": "Sint Maarten",
  "SY": "Syrian Arab Republic",
  "CI": "Côte d'Ivoire",
  "SZ": "Eswatini",
  "CK": "Cook Islands",
  "CL": "Chile",
  "CM": "Cameroon",
  "CN": "China",
  "CO": "Colombia",
  "TC": "Turks and Caicos Islands",
  "CR": "Costa Rica",
  "TD": "Chad",
  "CU": "Cuba",
  "CV": "Cabo Verde",
  "TG": "Togo",
  "CW": "Curacao",
  "TH": "Thailand",
  "CX": "Christmas Island",
  "TJ": "Tajikistan",
  "CY": "Cyprus",
  "CZ": "Czech Republic",
  "TK": "Tokelau",
  "TL": "Timor-Leste",
  "TM": "Turkmenistan",
  "TN": "Tunisia",
  "TO": "Tonga",
  "TR": "Türkiye",
  "TT": "Trinidad and Tobago",
  "DE": "Germany",
  "TV": "Tuvalu",
  "DJ": "Djibouti",
  "TZ": "Tanzania",
  "DK": "Denmark",
  "DM": "Dominica",
  "DO": "Dominican Republic",
  "UA": "Ukraine",
  "UG": "Uganda",
  "DZ": "Algeria",
  "UM": "United States Minor Outlying Islands",
  "US": "United States of America",
  "EC": "Ecuador",
  "EE": "Estonia",
  "EG": "Egypt",
  "UY": "Uruguay",
  "UZ": "Uzbekistan",
  "VA": "Vatican City",
  "VC": "Saint Vincent and the Grenadines",
  "ER": "Eritrea",
  "ES": "Spain",
  "VE": "Venezuela",
  "ET": "Ethiopia",
  "VG": "British Virgin Islands",
  "VI": "United States Virgin Islands",
  "VN": "Vietnam",
  "VU": "Vanuatu",
  "FI": "Finland",
  "FJ": "Fiji",
  "FK": "Falkland Islands",
  "FM": "Federated States of Micronesia",
  "FO": "Faroe Islands",
  "FR": "France",
  "WF": "Wallis and Futuna Islands",
  "OM": "Oman",
  "PA": "Panama",
  "PE": "Peru",
  "PF": "French Polynesia",
  "PG": "Papua New Guinea",
  "PH": "Philippines",
  "PK": "Pakistan",
  "PL": "Poland",
  "PM": "Saint Pierre and Miquelon",
  "PR": "Puerto Rico",
  "PS": "Palestine",
  "PT": "Portugal",
  "PW": "Palau",
  "PY": "Paraguay",
  "QA": "Qatar",
  "AD": "Andorra",
  "AE": "United Arab Emirates",
  "AF": "Afghanistan",
  "AG": "Antigua and Barbuda",
  "AI": "Anguilla",
  "AL": "Albania",
  "AM": "Armenia",
  "AO": "Angola",
  "AP": "Asia-Pacific",
  "AQ": "Antarctica",
  "AR": "Argentina",
  "AS": "American Samoa",
  "RE": "Reunion",
  "AT": "Austria",
  "AU": "Australia",
  "AW": "Aruba",
  "AX": "Aland Islands",
  "AZ": "Azerbaijan",
  "RO": "Romania",
  "BA": "Bosnia and Herzegovina",
  "BB": "Barbados",
  "RS": "Serbia",
  "BD": "Bangladesh",
  "BE": "Belgium",
  "RU": "Russia",
  "BF": "Burkina Faso",
  "RW": "Rwanda",
  "BG": "Bulgaria",
  "BH": "Bahrain",
  "BI": "Burundi",
  "BJ": "Benin",
  "BL": "Saint Barthelemy",
  "BM": "Bermuda",
  "BN": "Brunei",
  "BO": "Bolivia",
  "SA": "Saudi Arabia",
  "BQ": "Caribbean Netherlands",
  "SB": "Solomon Islands",
  "BR": "Brazil",
  "SC": "Seychelles",
  "SD": "Sudan",
  "BS": "Bahamas",
  "SE": "Sweden",
  "BT": "Bhutan",
  "SG": "Singapore",
  "BW": "Botswana"
}
Example
{
    "InstanceId": "waf_v2_public_****",
    "TemplateId": 2341,
    "DefenseScene": "region_block",
    "Rules": "[{\"cnRegionList\":\"CN,HK_01,TW_01,MO_01\",\"abroadRegionList\":\"AU,NZ\",\"action\":\"block\",\"status\":1}]"
}

Protection rules of the HTTP flood protection module (cc)

Parameters

ParameterTypeRequiredExampleDescription
modeIntegerYes0The HTTP flood protection mode. Valid values:- 0 (default): the protection mode.- 1: the protection-emergency mode.
statusIntegerYes1The status of the protection rule. When you create a protection rule, you can use this parameter. When you modify a protection rule by calling the ModifyDefenseRuleStatus operation, you must use RuleStatus. Valid values:- 0: disabled.- 1 (default): enabled.

Example

{
    "InstanceId": "waf_v2_public_****",
    "TemplateId": 2241,
    "DefenseScene": "cc",
    "Rules":"[{\"mode\":0,\"status\":1}]"
}

Protection rules of the website tamper-proofing module (tamperproof)

Parameters

ParameterTypeRequiredExampleDescription
nameStringYestestThe name of the protection rule.
urlStringYes/abcThe address of the cached page.
uaStringNoappThe User-Agent string that is allowed for access to the address.
protocolStringYeshttpsThe protocol type of the cached page address. Valid values: http and https.
statusIntegerYes1The status of the protection rule. When you create a protection rule, you can use this parameter. When you modify a protection rule by calling the ModifyDefenseRuleStatus operation, you must use RuleStatus. Valid values:- 0: disabled.- 1 (default): enabled.

Example

{
    "InstanceId": "waf_v2_public_****",
    "TemplateId": 1241,
    "DefenseScene": "tamperproof",
    "Rules": "[{\"name\":\"test1\",\"url\":\"www.test1.com\",\"ua\":\"firefox\",\"protocol\":\"https\",\"status\":1}]"
}

Protection rules of the data leakage prevention module (dlp)

Parameters

ParameterTypeRequiredExampleDescription
nameStringYestestThe name of the protection rule.
conditionsArrayYes[{"key":"HttpCode","opValue":"contain","values":"400,401,402,403,404,405,500,501,502,503,504,505"},{"key":"URL","opValue":"contain","values":"test"}]The match conditions. The value is a JSON string. You can configure up to two match conditions. The match conditions are evaluated by using a logical AND. For more information, see conditions description.
statusIntegerYes1The status of the protection rule. When you create a protection rule, you can use this parameter. When you modify a protection rule by calling the ModifyDefenseRuleStatus operation, you must use RuleStatus. Valid values:- 0: disabled.- 1 (default): enabled.
actionStringYesblockThe action that you want WAF to perform on the matched requests. Valid values:- block: blocks requests that match the protection rule.- monitor: monitors requests that match the protection rule.- filter: filters sensitive information. You can specify this action only if you configure a condition to match sensitive information.

conditions description

ParameterTypeRequiredExampleDescription
keyStringYesURLThe match field. Valid values: URL, HttpCode, and SensitiveInfo.
opValueStringYescontainThe logical operator. Set the value to contain.
valuesStringYesabcThe match content. Separate multiple items with commas (,).If key is set to HttpCode, you can set this parameter to one of the following values: 400, 401, 402, 403, 404, 405 (405 - 499), 500, 501, 502, 503, 504, and 505 (505 - 599).If key is set to SensitiveInfo, you can set this parameter to one of the following values:- phone: mobile phone numbers.- card: credit card numbers.- id: ID card numbers.- word: default sensitive words.

Example

{
    "InstanceId": "waf_v2_public_****",
    "TemplateId": 5241,
    "DefenseScene": "dlp",
    "Rules":"[{\"name\":\"test\",\"action\":\"filter\",\"status\":1,\"conditions\":[{\"key\":\"SensitiveInfo\",\"opValue\":\"contain\",\"values\":\"id,card\"},{\"key\":\"URL\",\"opValue\":\"contain\",\"values\":\"/test.html\"}]}]"
}

Response parameters

ParameterTypeDescriptionExample
object

The returned data.

RequestIdstring

The request ID.

26E46541-7AAB-5565-801D-F14DBDC5F186
RuleIdsstring

The IDs of the protection rules. Multiple IDs are separated by commas (,).

22215,23354,462165

Examples

Sample success responses

JSONformat

{
  "RequestId": "26E46541-7AAB-5565-801D-F14DBDC5F186",
  "RuleIds": "22215,23354,462165"
}

Error codes

For a list of error codes, visit the Service error codes.

Change history

Change timeSummary of changesOperation
2024-09-02The request parameters of the API has changed. The response structure of the API has changedView Change Details
2023-05-17The internal configuration of the API is changed, but the call is not affectedView Change Details