You can call this operation to query the configuration records of DescribeProtectionModuleRules in a specific WAF feature, such as Web intrusion prevention, data security, Bot management, access control or throttling, and website whitelist.

You can set the DefenseType parameter to specify the protection module. For more information about the values of this parameter, see the description of DefenseType in the following section.

Debugging

OpenAPI Explorer automatically calculates the signature value. For your convenience, we recommend that you call this operation in OpenAPI Explorer. OpenAPI Explorer dynamically generates the sample code of the operation for different SDKs.

Request parameters

Parameter Type Required Example Description
Action Boolean No DescribeProtectionModuleRules

The operation that you want to perform. Set the value to DescribeProtectionModuleRules.

DefenseType String No ac_highfreq

Specify the protection module. Valid values:

  • waf-codec: configures RegEx protection engine decoding settings.
  • tamperproof: tamper protection.
  • dlp: data leakage prevention.
  • ng_account: account security rule configuration
  • bot_crawler: configuration of valid crawler rules
  • bot_intelligence: Bot Threat Intelligence rule configuration
  • antifraud: data risk control.
  • antifraud_js: data risk control JavaScript.
  • bot_algorithm: Configure Smart algorithm rules
  • bot_wxbb_pkg: version protection rules for App protection
  • bot_wxbb: Path protection rules for App protection
  • ac_blacklist: the IP blacklist.
  • ac_highfreq: IP blocking based on the request rate.
  • block_dirscan: directory traversal.
  • ac_custom: custom protection policies.
  • whitelist: the whitelist.
InstanceId String No waf_elasticity-cn-0xldbqtm005

The ID of the WAF instance.

Note You can call the DescribeInstanceInfo operation to query the ID of the WAF instance.
PageSize String Optional 10

The number of entries to return on each page.

PageNumber String Optional 1

The number of the page to return. Pages start from page 1. Default value: 1

Domain String Yes www.example.com

The domain that has been added to WAF.

Note Only when querying the project security module rules (that is DefenseType the parameter value is account you must specify the domain name configuration when querying other functional modules.
Query String Yes e2ZpbHRlcjp7InJ1bGVJZCI6NDI3NTV9LG9yZGVyQnk6ImdtdF9tb2RpZmllZCIsZGVzYzp0cnVlfQ==

Configure the filtering and sorting of rules, in JSON format strings, including the following parameters:

Note Query the parameter must be base64-encoded. Construct a JSON string and convert it to the base64-encoded format based on the following parameter description.
  • filter: Optional. The filter conditions in a JSON string. Describe the filter conditions in a JSON string that contains the following parameters:
    • nameId: Optional. This parameter queries rules whose IDs are the same as the value of this parameter, or names contain the parameter value. Data type: string.
    • scene: Optional. This parameter specifies the protection module. Set the value to the same as that of the DefenseType parameter. Data type: string.
    • enabled: Optional. This parameter specifies whether the rule is enabled. Data type: Boolean. Valid values:
      • false: No
      • true: Yes
    • status: Optional. This parameter specifies the rule status. The description of this parameter is the same as that of the enabled parameter. Data type: integer. Valid values:
      • 0: diabled
      • 1: enabled
    • ruleId: Optional. This parameter specifies the ID of the rule. Data type: integer.
    • ruleIdList: Optional. This parameter specifies the list of rule IDs. Separate multiple rule IDs with commas (,). Data type: array.
    • sceneList: Optional. This parameter specifies the list of protection modules. Set the value to the same as that of the DefenseType parameter. Separate multiple protection modules with commas (,). Data type: array.
    • originList: Optional. This parameter specifies the source of the rule. Valid values: system (automatically generated by the system) and custom (customized by the user). Separate multiple rule sources with commas (,). Data type: array.
    • tag: Optional. If the specified protection module is in the whitelist, you can set this parameter to skip detection on the whitelist rules of the module. Data type: string.For more information about tag, see the descriptions of whitelist rules in the response.
    • category: Optional. If the specified protection module is in the whitelist, you can set this parameter to query a specific type of whitelists. Data type: string. Valid values:
      • waf: website whitelists
      • ws: attack whitelists
      • ac: access control or traffic throttling whitelists
      • ds: data security whitelists
  • orderBy: Optional. Specifies the order of rules. Data type: string. Valid values:
    • action: This parameter specifies the action defined in the rule. This parameter is valid only when you query custom protection policies.
    • gmt_modified: The last time when the rule was modified. This parameter is set to the default value.
    • name: The name of the rule.
    • status: The status of the rule.
  • desc: Optional. This parameter specifies whether the rules are arranged in descending order. Data type: Boolean. Valid values:
    • false: ascending order
    • true: descending order (default)
Lang String Yes zh

The language attribute of the rule name. Valid values:

  • zh: Chinese name
  • En: English name
  • Ja: Japanese name

Response parameters

Parameter Type Example Description
RequestId String D7861F61-5B61-46CE-A47C-6B19160D5EB0

The ID of the request.

Rules Array

The configurations of the rules.

Content String {"count":60,"interval":60,"ttl":300}

The content of the rule. It is a JSON string that contains multiple parameters.

Note According to the specified protection function module configuration ( DefenseType), the specific parameters involved vary. For more information, see Content parameter description.
RuleId Long 42755

The ID of the rule.

Status Long 1

Indicates the rule status. Valid values:

  • 0: disabled
  • 1: enabled
Time Long 1570700044

The time when the rule was created. The timestamp is accurate to the second.

Version Long 2

The system data identifier that is used to control optimistic locking.

TotalCount Integer 1

The total number of entries returned.

Content

  • The JSON string that describes the decoding settings of the RegEx protection engine (DefenseType is set to waf-codec) contains the following parameters:
    • codecList: Required. The specified decoding settings. Data type: string.
    • Sample response
      
          {
              "codecList":["url","base64"]
          }
      							
  • To modify a tamper protection rule, set DefenseType to tamperproof and construct a JSON string that includes the following parameters:
    • uri: Required. The URL that needs protection. Data type: string.
    • name: Required. The name of the rule. Data type: string.
    • status: Optional. The protection status of the rule. Data type: integer.
      • 0: disabled (default).
      • 1: enabled.
    • Sample request
      
          {
              "name":"example",
              "uri":"http://www.example.com/example",
              "Status":1
          }
      							
  • To modify a data leakage prevention rule, set DefenseType to dlp and construct a JSON string that includes the following parameters:
    • name: Required. The name of the rule. Data type: string.
    • conditions: Required. The matching condition, which is described in a JSON string. You can specify up to two conditions that have the AND logical relation to apply the conditions at the same time. Data type: array. The array must include the following parameters:
      • key: The matching items.
        • 0: Sets the matching item to URLs.
        • 10: indicates sensitive information.
        • 11: indicates the response code.
      • operation: The matching logic. This value is set to 1 by default, which specifies the INCLUDES logical operator.
      • value: The matching condition values, which are formulated in a JSON string. You can specify multiple values. The JSON string must include the following parameters:
        • v: only applies to scenarios where the matching condition (key) is set to URLs (0) or HTTP status codes (11).
          • URL: when"key":0 the parameter value is the URL address.
          • Response Code: when"key":11 valid values for the parameter include400,401,402,403,404,405-499,500,501,502,503,504,505-599.
        • k: only applies to scenarios where the matching item (key) is set to sensitive information (10). Valid values:
          • 100: masks resident ID card numbers.
          • 101: masks credit card numbers.
          • 102: masks phone numbers.
          • 103: masks the default sensitive words.
    • action: The matching action.
      • 3: sets the matching action to warn.
      • 10: filters sensitive information. This action only applies to scenarios where sensitive information is contained ("key":10) to find matching conditions.
      • 11: indicates that the system returns to the built-in intercept page, this action only applies to response codes ("key":11) to find matching conditions.
    • Sample request
      
        {
          "name":"example",
          "conditions":[{"key":11,"operation":1,"value":[{"v":401}]},{"key":"0","operation":1,"value":[{"v":"www.example.com"}]}],
          "action":3
        }
      							
  • Configure account security rules ( ng_account) corresponding to the JSON string contains the following parameters:
    • domain: Required. The domain that is protected. Data type: string.
    • Method: The request method to be moderated. Valid values: POST, GET, PUT, and DELETE. Data Type: String. You can set multiple request methods. Separate multiple request methods with commas (,).
    • url_path: Required. The URL to the operation that runs detection tasks. The URL must start with a slash (/). Data type: string.
    • account_left: Required. The parameter that specifies the account. Data type: string.
    • password_left: Optional. The password of the account. Data type: string.
    • Action: Required. The protection action. Valid values:
      • Monitor: indicates an alert.
      • Block: indicates interception.
    • Sample request
      
          {
              "domain":"www.example.com",
              "method":"GET,POST",
              "url_path":"/example",
              "account_left":"aaa",
              "action":"monitor"
          }
      							
  • Configure valid crawler rules ( bot_crawler) corresponding to the JSON string contains the following parameters:
    • Status: Required. Data type: integer. Valid values:
      • 0: Disabled
      • 1: enabled
    • Version: Required. The version of the rule. Data type: integer.
    • Content: Required. The details of the rule, in JSON format. Data type: string. This parameter includes the following parameters:
      • name: Required. The name of the rule. Data type: string.
      • Conditions: Optional. The Path Protection Condition. Data type: array. In the valid crawler rule configuration, it is fixed to empty, indicating the full path.
      • expressions: Required. The regular expression that represents the matching conditions of all rules in a readable way. Data type: array.
      • bypassTags: Required. The module to be ignored. Data type: string. Set it in the configuration of valid crawler rules. antibot, indicating the Bot management module.
      • Tags: Required. The protection module to which the rule belongs. Data type: array. Set it in the configuration of valid crawler rules. ["antibot"], indicating the Bot management module.
    • RuleId: Required. The ID of the rule. Data type: integer.
    • Time: Required. The time when the rule is last modified, in seconds. Data type: string.
    • Sample request
      
          {
              "Status":0,
              "Version":1,
              "Content":{
                  "name":"Baidu Spider whitelist",
                  "conditions":[],
                  "expressions":["remote_addr inl 'ioc.210d077a-cf34-49ad-a9b3-0aa48095c595' && uri =^ '/'"],
                  "bypassTags":"antibot",
                  "tags":["antibot"]
              },
          "RuleId":20384,
          "Time":1585818161
          }
      							
  • Bot Threat Intelligence configurations ( bot_intelligence) corresponding to the JSON string contains the following parameters:
    • Status: Required. Data type: integer. Valid values:
      • 0: disabled
      • 1: enabled
    • Version: Required. The version of the rule. Data type: Integer.
    • Content: Required. The details of the rule, in JSON format. Data type: string. It includes the following parameters:
      • name: Required. The name of the rule. Data type: string.
      • action: Required. The action performed after the rule is matched. Data type: string. Valid values:
        • monitor: monitors requests
        • captcha: requires CAPTCHA verification
        • captcha_strict: requires more strict CAPTCHA verification
        • JS: indicates JavaScript validation.
        • block: blocks requests
      • urlList: Required. The protected paths. You can specify a maximum of ten protected paths. Data type: array. The parameter is represented as a JSON string, which includes the following parameters:
        • Mode: Required. The matching method. This parameter must be the same as the path keyword ( URL) parameter in combination with the specified protected path. Optional values: EQ(Precise matching), prefix-match(Prefix matching), regex(Regular expression matching).
        • URL: Required. The path keyword, which must start with a forward slash (/). Data type: string.
      • keyType: Required. The type of the intelligence database, including the IP address Library ( IP), fingerprint Library ( UA) two types.
    • RuleId: Required. The ID of the rule. Data type: integer.
    • Time: Required. The time when the rule is last modified, in seconds. Data type: string.
    • Sample request
      
          {
              "Status":1,
              "Version":1,
              "Content":{
                  "name":"IDC IP Address Library-Tencent Cloud",
                  "action":"captcha_strict",
                  "urlList":[{"mode":"prefix-match","url":"/indexa"}, {"mode":"regex","url":"/"},{"mode":"eq","url":"/"}],
                  "keyType":"ip"
              },
              "RuleId":922777,
              "Time":1585907112
          }
      							
  • To modify a data risk control request, set DefenseType to antifraud and construct a JSON string that includes the following parameters:
    • uri: Required. The request URL. Data type: string.
    • Sample request
      
          {
              "uri": "http://1.example.com/example"
          }
      							
  • The JSON string that describes the data risk control JavaScript insertion feature (DefenseType is set to antifraud_js) contains the following parameters:
    • uri: Required. The URL of the web page into which you want to insert the data risk control JavaScript. The system inserts data risk control JavaScript into all the pages under the specified URL directory.
    • Sample request
      
          {
              "uri": "/example/example"
          }
      							
  • Bot management intelligent algorithm rule configuration ( bot_algorithm) corresponding to the JSON string contains the following parameters:
    • Status: Required. Data type: integer. Valid values:
      • 0: Disabled
      • 1: enabled
    • Version: Required. The version of the rule. Data type: integer.
    • Content: Required. The details of the rule, in JSON format. Data type: string. The parameter includes the following parameters:
      • name: Required. The name of the rule. Data type: string.
      • timeInterval: Required. The detection period. Valid values: 30, 60, 120, 300, and 600. Unit: Seconds. Data type: integer.
      • action: Required. The action performed after the rule is matched. Data type: string. Valid values:
        • Monitor: indicates observation.
        • CAPTCHA: indicates the slider.
        • JS: indicates JavaScript validation.
        • Block: indicates the block. When blocking is selected as the disposal action, the blocking duration ( blocktime) parameter.
      • blocktime: Optional. The blocking duration. Unit: Minutes. Value range: 1 to 600.
      • algorithmName: Required. The name of the algorithm. Valid values:
        • RR: indicates the Crawler identification algorithm for special resources.
        • PR: indicates a targeted path Crawler identification algorithm.
        • DPR: indicates the round-robin Crawler identification algorithm.
        • SR: indicates the dynamic IP Crawler identification algorithm.
        • IND: indicates the proxy Crawler identification algorithm.
        • Periodicity: indicates the periodic crawler recognition algorithm.
      • config: Required. The algorithm configuration, in JSON format. Data Type: String. The specific sub-parameters in the algorithm configuration and the selected algorithm name ( algorithmName) related.
        • Crawler identification algorithm for special resources ( RR) the corresponding configuration information shall contain the following sub-parameters:
          • resourceType: The type of the requested resource. Valid values:
            • 1: represents a dynamic resource type.
            • 2: represents a static resource type.
            • -1: indicates custom resource types. If you select a custom Resource Group, extensions the parameter that specifies the resource suffix in string format. Separate multiple file extensions with commas (,), for example, css,jpg,xls.
          • minRequestCountPerIp: Required. The IP address range in the detection period. Only IP addresses that have a specified number of access requests are detected. Data type: integer. This parameter specifies the minimum number of requests. Valid values: 5 to 10000.
          • minRatio: Required. The risk determination condition. A risk is determined when the proportion of requests sent by an IP address exceeds the threshold. Valid values: 0.01 to 1.
        • Directed path Crawler identification algorithm ( PR) the corresponding configuration information shall contain the following sub-parameters:
          • keyPathConfiguration: The request path. You can specify a maximum of 10 Paths. This parameter is required only when a Crawler identification algorithm is used. Data type: array. The parameters must be in a JSON string. The following parameters must be included:
            • Method: Required. The request method. Valid values: POST, GET, PUT, DELETE, HEAD, OPTIONS.
            • URL: Required. The request path keyword, which must start with a forward slash (/). Data type: string.
            • matchType: Required. The matching method. This parameter must be the same as the request path keyword ( URL parameter in combination with the specified request path. Optional values: all(Precise matching), prefix(Prefix matching), regex(Regular expression matching).
          • minRequestCountPerIp: Required. The IP address range in the detection period. Only IP addresses that have a specified number of access requests are detected. Data type: integer. This parameter specifies the minimum number of requests. Valid values: 5 to 10000.
          • minRatio: Required. The risk determination condition, that is, the threshold of the percentage of accesses to the specified path in IP access requests (applicable to the Crawler identification algorithm for specific specific paths). If the threshold is exceeded, a risk is determined. Valid values: 0.01 to 1.
        • Parameter polling Crawler identification algorithm ( DPR) the corresponding configuration information shall contain the following sub-parameters:
          • Method: Required. The request method. Valid values: POST, GET, PUT, DELETE, HEAD, OPTIONS.
          • urlPattern: Required. The path of the key parameter, which must start with a forward slash (/). Data Type: String. Key parameters are indicated by braces ({}). When multiple braces ({}) are set, these parameters are joined as key parameters. For example, /company/{}/{}/{}/user.php? uid={} .
          • minRequestCountPerIp: Required. The IP address range in the detection period. Only IP addresses that have a specified number of access requests are detected. Data type: integer. This parameter specifies the minimum number of requests. Valid values: 5 to 10000.
          • minRatio: Required. The risk determination condition. If the value of a key parameter exceeds the threshold, the request is considered as a risk. A value of 0.01 to 1 indicates a risk.
        • Dynamic IP Crawler identification algorithm ( SR) the corresponding configuration information shall contain the following sub-parameters:
          • maxRequestCountPerSrSession: Required. It specifies the minimum number of requests in each session. If the number of requests in each session is smaller than the value of this parameter, a session is abnormal. Valid values: 1 to 8.
          • minSrSessionCountPerIp: Required. The risky condition. The value is the threshold for the number of abnormal sessions in an IP access request. If the number of abnormal sessions exceeds this threshold, a risk is detected. Valid values: 5 to 300.
        • Proxy Crawler identification algorithm ( IND) the corresponding configuration information shall contain the following sub-parameters:
          • minIpCount: Required. The condition for determining the number of IP addresses associated with the Wi-Fi connection of a malicious device. If the threshold is exceeded, a risk is detected. Valid values: 5 to 500.
          • keyPathConfiguration: The detection path information. You can specify up to 10 paths. Data type: array. The parameters must be in a JSON string. The following parameters must be included:
            • Method: Required. The request method. Valid values: POST, GET, PUT, DELETE, HEAD, OPTIONS.
            • URL: Required. The keyword of the detection path, which must start with a forward slash (/). Data Type: String.
            • matchType: Required. The matching method. This parameter must be the same as the keyword of the detection path ( URL parameter in combination with the specified request path. Optional values: all(Precise matching), prefix(Prefix matching), regex(Regular expression matching).
        • Periodic Crawler identification algorithm ( Periodicity) the corresponding configuration information shall contain the following sub-parameters:
          • minRequestCountPerIp: Required. The IP address range in the detection period. Only IP addresses that have a specified number of access requests are detected. Data type: integer. This parameter specifies the minimum number of requests. Valid values: 5 to 10000.
          • level: Required. The risk level of the Accessed IP address. It indicates the visibility of the periodic features of the IP address. Data type: Integer. Valid values:
            • 0: indicates obvious
            • 1: Medium
            • 2: indicates weak.
    • RuleId: Required. The ID of the rule. Data type: Integer.
    • Time: Required. The time when the rule is last modified, in seconds. Data type: string.
    • Sample request
      
          {
              "Status":1,
              "Version":1,
              "Content":{
                  "name":"Dynamic IP",
                  "timeInterval":60,
                  "action":"warn",
                  "algorithmName":"IND",
                  "config":{"minIpCount":5,"keyPathConfiguration":[{"method":"GET","matchType":"prefix","url":"/index"}]}
              },
              "RuleId":940180,
              "Time":1585832957
          }
      							
  • Version protection rule configuration for App protection ( bot_wxbb_pkg) corresponding to the JSON string contains the following parameters:
    • Version: Required. The version of the rule. Data type: integer.
    • Content: Required. the details of the rule, in JSON format. Data of the String type includes the following parameters:
      • name: Required. The name of the rule. Data type: string.
      • action: Required. The action performed after the rule is matched. Data type: string. Valid values:
        • Test: indicates observation.
        • Close: indicates the block.
      • nameList: Required. The version information. You can specify up to five rules. Data type: array. The code is represented as a JSON string, which includes the following parameters:
        • Name: Required. The name of the valid package. Data type: string.
        • signList: Required. The signature of the corresponding package. You can specify a maximum of 15 signatures. Separate multiple signatures with commas (,). Data type: array.
    • RuleId: Required. The ID of the rule. Data type: integer.
    • Time: Required. The time when the rule is last modified, in seconds. Data type: string.
    • Sample request
      
          {
              "Version":0,
              "Content":{
                  "nameList":[{"signList":["xxxxxx","xxxxx","xxxx","xx"],"name":"apk-xxxx"}],
                  "name":"test",
                  "action":"close"
              },
              "RuleId":271,
              "Time":1585836143
          }
      							
  • Configure the path protection rule for App protection bot_wxbb) corresponding to the JSON string contains the following parameters:
    • Version: Required. The version of the rule. Data type: integer.
    • Content: Required. The details of the rule, in JSON format. Data of the String type includes the following parameters:
      • name: Required. The name of the rule. Data type: string.
      • uri: Required. The path, which must start with a forward slash (/). Data Type: String.
      • matchType: Required. The matching method. Data type: string. Optional values: all(Precise matching), prefix(Prefix matching), regex(Regular expression matching).
      • Arg: Required. The parameter value. Data type: string. Together with the matchType parameter, it specifies protected path configuration.
      • action: Required. The action performed after the rule is matched. Data type: string. Valid values:
        • Test: indicates observation.
        • Close: indicates the block.
      • wxbbVmpFieldType: Optional. The type of the user-defined field. Data type: Integer. If no user-defined field is set in the rule, this parameter is not returned. Set the value to:
        • 0: indicates the header.
        • 1: represents the parameter.
        • 2: indicates a cookie.
      • wxbbVmpFieldValue: Optional. The value of the user-defined field. Data type: string. If no user-defined field is set in the rule, this parameter is not returned.
      • blockInvalidSign: Required. The action to be taken against an invalid signature. Data type: Boolean.
      • blockProxy: Required. The action to perform on the proxy. Data type: Boolean.
      • blockSimulator: Required. The action to be processed by the simulator. Data type: Boolean.
    • RuleId: Required. The ID of the rule. Data type: Integer.
    • Time: Required. The time when the rule is last modified, in seconds. Data type: String.
    • Sample request
      
          {
              "Version":6,
              "Content":{
                  "blockInvalidSign":true,
                  "wxbbVmpFieldValue":"test",
                  "blockSimulator":true,
                  "matchType":"all",
                  "arg":"test",
                  "name":"test",
                  "action":"close",
                  "blockProxy":true,
                  "uri":"/index",
                  "wxbbVmpFieldType":1
              },
              "RuleId":2585,
              "Time":1586241849
          }
      							
  • The JSON string that describes the IP blacklist rule (DefenseType is set toac_blacklist) contains the following parameters:
    • empty: Required. This parameter indicates whether the blacklist is empty. Data type: Boolean.
    • remoteAddr: Required. This parameter represents the IP addresses in the blacklist. Data type: Array.
    • Area: Required. the region blocking rule. Data type: String. It must be a JSON String. These parameters include countryCodes, regionCodes, and whether to allow (not). The blocked countries and regions are returned by using annotations. We recommend that you go to the console to view the blocked countries and regions.
    • Sample request
      
          {
              "empty":false,
              "remoteAddr":["1.1.1.1","12.11.1.2"]
          }
      							
  • To modify the rule that automatically blocks IP addresses initiating attacks, set DefenseType to ac_highfreq, and construct a JSON string that contains the following parameters:
    • Interval Required. The time range to be detected, in seconds. Valid values:[5,1800].
    • TTL: Required. The duration of blocked IP addresses. Unit: Seconds. Value range: 60 to 86400.
    • count: Required. The maximum number of requests allowed from an IP address. If the number of requests initiated from an IP address during the specified time period exceeds this limit, the IP address is blocked. Data type: integer. Value range: 2-50000.
    • Sample request
      
          {
              "interval":60,
              "ttl":300,
              "count":60
           }
      							
  • To modify a directory traversal protection rule, set DefenseType to block_dirscan and construct a JSON string that includes the following parameters:
    • Interval: Required. The time range to be detected, in seconds. Valid values:[5,1800].
    • ttl: Required. The time period (in seconds) during which an IP address is blocked. Data type: Integer.
    • Count: Required. The number of visits. Valid values:[2,50000].
    • Weight: Required. The threshold of HTTP status codes 404 (as a percentage). Valid values:(0,1].
    • uriNum: Required. The threshold of the number of directories to be scanned. Valid values:[2,50000].
    • Sample request
      
          {
              "interval":10,
              "ttl":1800,
              "count":50,
              "weight":0.7,
              "uriNum":20 
          }
      							
  • Custom protection policies rule configuration ( ac_custom), its corresponding JSON string scene to set ACL access control rules and HTTP flood protection rules.
    • To modify an ACL rule, set scene to custom_acl, and construct a JSON string that includes the following parameters.
      • name: Required. The name of the rule. Data type: string.
      • scene: Required. The type of the protection policy. Data type: string. If you need to modify an ACL rule, set the value to custom_acl.
      • action: Required. The action performed after the rule is matched. Data type: string. Valid values:
        • monitor: monitors requests
        • captcha: requires CAPTCHA verification
        • captcha_strict: requires more strict CAPTCHA verification
        • js: requires JavaScript verification
        • block: blocks the request.
      • conditions: Required. The matching conditions. Data type: array. The conditions are described in a JSON string that contains the following parameters:
        • Key: the matching field. Valid values: URL, IP, Referer, user-Agent, Params, Cookie, content-Type, content-Length, x-Forwarded-For, post-Body, http-Method, Header, URLPath.
        • opCode: The logical operator. Valid values:
          • 0: does not include
          • 1: includes
          • 2: does not exist
          • 10: does not equal
          • 11: equals
          • 20: length smaller than
          • 21: length equals
          • 22: length greater than
          • 30: value smaller than
          • 31: value equals
          • 32: value greater than
          • 40: does not belong to
          • 41: belongs to
        • values: The matching content. Set the content as required, in String format.
        • contain: The logical operator. Valid values are the same as those of the opCode parameter.
        • opValue: The description of the abbreviated logical operator. For more information, see the description of opCode.
        • pattern: The description of the abbreviated logical operator. Valid values are the same as those of the opValue parameter.
      • expressions: Required. The regular expression that represents the matching conditions of all rules in a readable way. Data type: array.
      • Sample request
        
                {
                    "name":"test2",
                    "action":"monitor",
                    "conditions":[{"contain":1,"values":"login","pattern":"contain","opCode":1,"opValue":"contain","key":"URL"}],
                    "expressions":["request_uri contains 'login' "],
                    "scene":"custom_acl"
                }
        									
    • Set HTTP flood protection rules ( scene the parameter value is custom_cc), the corresponding JSON string contains the following parameters:
      • name: Required. The name of the rule. Data type: string.
      • scene: Required. The type of the protection policy. Data type: string. If you need to modify a protection rule against HTTP flood attacks, set the value to custom_cc.
      • conditions: Required. The matching conditions. Data type: array. The conditions are described in a JSON string that contains the following parameters:
        • Key: the matching field. Valid values: URL, IP, Referer, user-Agent, Params, Cookie, content-Type, content-Length, x-Forwarded-For, post-Body, http-Method, Header, URLPath.
        • opCode: The logical operator. Valid values:
          • 0: does not include
          • 1: includes
          • 2: does not exist
          • 10: does not equal
          • 11: equals
          • 20: length smaller than
          • 21: length equals
          • 22: length greater than
          • 30: value smaller than
          • 31: value equals
          • 32: value greater than
          • 40: does not belong to
          • 41: belongs to
        • values: The matching content. Set the content as required, in String format.
        • contain: The logical operator. Valid values are the same as those of the opCode parameter.
        • opValue: The description of the abbreviated logical operator. For more information, see the description of opCode.
        • pattern: The description of the abbreviated logical operator. Valid values are the same as those of the opValue parameter.
      • expressions: Required. The regular expression that represents the matching conditions of all rules in a readable way. Data type: array.
      • action: Required. The action performed after the rule is matched. Data type: string. Valid values:
        • monitor: monitors requests
        • captcha: requires CAPTCHA verification
        • captcha_strict: requires more strict CAPTCHA verification
        • js: requires JavaScript verification
        • block: block requests
      • ratelimit: Required. The maximum request rate from an object. Data type: JSON. Describe the rate in a JSON string that includes the following parameters:
        • target: Required. The type of the object whose request rate is calculated. Data type: string. Valid values:
          • remote_addr: IP addresses.
          • cookie.acw_tc: sessions.
          • queryarg: custom parameters. If you choose to use custom parameters, specify the name of the object in the subkey parameter.
          • cookie: custom cookies. If you choose to use custom cookies, specify the cookie content in the subkey parameter.
          • header: custom headers. If you choose to use custom headers, specify the header content in the subkey parameter.
        • subkey: Optional. When target is set to cookie, header, or queryarg, you must specify the required information in the subkey parameter. Data type: string.
        • interval: Required. The time period (in seconds) during which the number of requests from the specified object is calculated. This parameter must be used together with the threshold parameter. Data type: integer.
        • threshold: Required. During the specified time period, the maximum number of requests that are allowed from an individual object. Data type: integer.
        • status: Optional. The maximum number of an HTTP status code. Data type: string. It is described in a JSON string that contains the following parameters:
          • code: Required. The specified HTTP status code. Data type: integer.
          • Count: Optional. It indicates the occurrence threshold. If the number of occurrences exceeds the threshold, a protection rule is hit. Valid values:[1,999999999]. You can select either Count or ratio parameter.
          • Ratio: Optional. The threshold (in percentage) of the response code. If the occurrence ratio of a specified response code exceeds this threshold, the rule is hit. Valid values:[1,100]. You can select either Count or ratio parameter.
        • scope: Required. This parameter specifies where the settings take effect. Data type: string. Valid values:
          • rule: objects that match the specified conditions.
          • domain: domains where the rule is applied.
        • TTL: Required. The validity period of the action. Unit: Seconds. Data type: integer. Valid values:[60,86400].
        • Sample request
          
                  {
                      "name":"anti-HTTP flood attacks",
                      "conditions":[{"contain":1,"values":"login","pattern":"contain","opCode":1,"opValue":"contain","key":"URL"}],
                      "expressions":["request_uri contains 'login' "],
                      "action":"block", 
                      "scene":"custom_cc",  
                      "ratelimit":{
                          "target": "remote_addr", 
                          "interval": 300,
                          "threshold": 2000,
                          "status": {
                              "code": 404,
                              "count": 200
                          },
                          "scope": "rule",
                          "ttl": 1800
                      }
                  }
          											
  • To modify a whitelist rule, set DefenseType to whitelist, and construct a JSON string that includes the following parameters:
    • name: Required. The name of the rule. Data type: string.
    • tags: Required. The protection modules that can be skipped. You can specify multiple modules. Valid values:
      • waf: the website whitelist
      • cc: system HTTP flood protection
      • customrule: custom rules
      • blacklist: the IP blacklist
      • antiscan: anti-scan protection
      • regular: web application protection
      • deeplearning: deep learning
      • antifraud: data risk control
      • dlp: data leakage prevention
      • tamperproof: tamper protection
      • bot_intelligence: indicates bot threat intelligence.
      • bot_algorithm: indicates an intelligent algorithm.
      • bot_wxbb: indicates App protection.
    • bypassTags: Required. The list of protection modules that skip detection. Data type: string.
    • conditions: Required. The matching conditions. Data type: array. The conditions are described in a JSON string that contains the following parameters:
      • Key: the matching field. Valid values: URL, IP, Referer, user-Agent, Params, Cookie, content-Type, content-Length, x-Forwarded-For, post-Body, http-Method, Header, URLPath.
      • opCode: The logical operator. Valid values:
        • 0: does not include
        • 1: includes
        • 2: does not exist
        • 10: does not equal
        • 11: equals
        • 20: length smaller than
        • 21: length equals
        • 22: length greater than
        • 30: value smaller than
        • 31: value equals
        • 32: value greater than
        • 40: does not belong to
        • 41: belongs to
      • values: The matching content. Set the content as required, in String format.
      • contain: The logical operator. Valid values are the same as those of the opCode parameter.
      • opValue: The description of the abbreviated logical operator. For more information, see the description of opCode.
      • pattern: The description of the abbreviated logical operator. Valid values are the same as those of the opValue parameter.
    • expressions: Required. The regular expression that represents the matching conditions of all rules in a readable way. Data type: array.
    • Sample request
      
          {
              "name": "test",
              "tags": ["cc","customrule"],
              "bypassTags":"antifraud,dlp,tamperproof", 
              "conditions":[{"contain":1,"values":"login","pattern":"contain","opCode":1,"opValue":"contain","key":"URL"}],
              "expressions":["request_uri contains 'login' "]
         }
      							

Samples

Sample request

http(s)://[Endpoint]/? Action=DescribeProtectionModuleRules
&InstanceId=waf_elasticity-cn-0xldbqtm005
&Domain=www.example.com
&DefenseType=ac_highfreq
&<Common request parameters>

Sample success responses

XML format

<TotalCount>1</TotalCount>
<Rules>
    <Version>2</Version>
    <Status>1</Status>
    <Content>
        <count>60</count>
        <interval>60</interval>
        <ttl>300</ttl>
    </Content>
    <RuleId>42755</RuleId>
    <Time>1570700044</Time>
</Rules>
<RequestId>D7861F61-5B61-46CE-A47C-6B19160D5EB0</RequestId>

JSON format

{
    "TotalCount":1,
    "Rules":[
        {
            "Version":2,
            "Status":1,
            "Content":{"count":60,"interval":60,"ttl":300},
            "RuleId":42755,
            "Time":1570700044
        }
    ],
    "RequestId":"D7861F61-5B61-46CE-A47C-6B19160D5EB0"
}

Error codes.

For a list of error codes, visit the API Error Center.