Build WAF Rulesets at Instance Level with ESA API - Edge Security Acceleration

Operation description

Description

You can use this API to create a Web Application Firewall (WAF) ruleset for a specific instance.
The required InstanceId parameter specifies the instance for which to create the ruleset.
The Phase parameter defines the execution phase of the ruleset, such as a custom rule or rate limiting.
The required Name and Expression parameters specify the ruleset's name and match expression.
The optional Description parameter describes the purpose of the ruleset.
The Status parameter controls whether the ruleset is immediately enabled (on) or disabled (off).
Use the Rules parameter to configure a detailed rule list. Each rule includes properties such as name, position, expression, and action.
A successful response returns the unique ID of the new ruleset in Id and a list of associated rule IDs in RuleIds.

Try it now

Try this API in OpenAPI Explorer, no manual signing needed. Successful calls auto-generate SDK code matching your parameters. Download it with built-in credential security for local usage.

Test

RAM authorization

The table below describes the authorization required to call this API. You can define it in a Resource Access Management (RAM) policy. The table's columns are detailed below:

Action: The actions can be used in the Action element of RAM permission policy statements to grant permissions to perform the operation.
API: The API that you can call to perform the action.
Access level: The predefined level of access granted for each API. Valid values: create, list, get, update, and delete.
Resource type: The type of the resource that supports authorization to perform the action. It indicates if the action supports resource-level permission. The specified resource must be compatible with the action. Otherwise, the policy will be ineffective.
- For APIs with resource-level permissions, required resource types are marked with an asterisk (*). Specify the corresponding Alibaba Cloud Resource Name (ARN) in the Resource element of the policy.
- For APIs without resource-level permissions, it is shown as All Resources. Use an asterisk (*) in the Resource element of the policy.
Condition key: The condition keys defined by the service. The key allows for granular control, applying to either actions alone or actions associated with specific resources. In addition to service-specific condition keys, Alibaba Cloud provides a set of common condition keys applicable across all RAM-supported services.
Dependent action: The dependent actions required to run the action. To complete the action, the RAM user or the RAM role must have the permissions to perform all dependent actions.

Action

Access level

Resource type

Condition key

Dependent action

esa:CreateUserWafRuleset

none

*All Resource

*

None

Request syntax

POST / HTTP/1.1

Request parameters

Parameter	Type	Required	Description	Example
InstanceId	string	Yes	The instance ID.	esa-site-ads11w
Phase	string	Yes	The execution phase of the WAF ruleset. `http_whitelist`: whitelist rule `http_custom`: custom rule `http_managed`: managed rule `http_anti_scan`: scan protection rule `http_ratelimit`: rate limiting rule `ip_access_rule`: IP access rule `http_bot`: advanced bot `http_security_level_rule`: security rule	http_custom
Name	string	Yes	The name of the WAF ruleset.	example
Description	string	No	The description of the WAF ruleset.	this is a test ruleset.
Status	string	Yes	The status of the WAF ruleset.	on
Expression	string	Yes	The expression for the WAF ruleset.	ip.src == 1.1.1.1
Shared	WafBatchRuleShared	No	The shared configuration for WAF batch rules.
Rules	array	No	A list of rule configurations within the WAF ruleset.
	WafRuleConfig	No	The configuration for a rule within the WAF ruleset.

Response elements

Element	Type	Description	Example
	object	The response object.
RequestId	string	The request ID.	15C66C7B-671A-4297-9187-2C4477247A74
Id	integer	The WAF ruleset ID.	665d3af3621bccf3fe29e1a4
RuleIds	array	A list of rule IDs within the WAF ruleset.
	integer	The ID of a rule within the WAF ruleset.	87570

Examples

Success response

JSON format

{
  "RequestId": "15C66C7B-671A-4297-9187-2C4477247A74",
  "Id": 0,
  "RuleIds": [
    87570
  ]
}

Error codes

HTTP status code	Error code	Error message	Description
400	InvalidParameter	The specified parameter is invalid.	The specified parameter is invalid.
400	InstanceNotExist	The instance does not exist. Check whether the specified instance ID is correct or whether the instance belongs to your account.	The instance does not exist. Check whether the specified instance ID is correct or whether the instance belongs to your account.
400	InternalException	Failed to call the service. Try again later or contact technical support.	Failed to call the service. Try again later or contact technical support.
403	Rule.Config.Noncompliance	The specified rule configuration does not meet the compliance requirements.Check and adjust your configurations.	The specified rule configuration does not meet the compliance requirements.Check and adjust your configurations.
403	Rule.Config.Malformed	The format of the rule configuration is invalid.Check the configuration for syntax errors or structural inconsistencies and correct them to meet the requirements.	The format of the rule configuration is invalid.Check the configuration for syntax errors or structural inconsistencies and correct them to meet the requirements.
403	%s.NotSupport	The specified resource type %s is not supported.	The specified resource type is not supported. To use this type of resource, please contact us.
403	%s.OverQuota	The quantity of %s exceeds the quota.	The amount of this resource exceeds the quota. If you need to apply for more quota, please contact us.
403	%s.WrongValueMatched	The value of specified parameter %s can not pass the matching check.	The value of the specified parameter can not pass the matching check. If you determine that you need to use this parameter value, please contact us.

See Error Codes for a complete list.

Release notes

See Release Notes for a complete list.