Queries the details of a Web Application Firewall (WAF) ruleset for a specified instance.
Operation description
You can call the GetUserWafRuleset operation to retrieve information about a specific Web Application Firewall (WAF) ruleset. Provide the instance ID and ruleset ID. The operation returns details about the ruleset, such as its position, name, description, status, and the rules it contains. Provide all required parameters to prevent request failures.
Try it now
Test
RAM authorization
Request parameters
Parameter | Type | Required | Description | Example |
InstanceId | string | Yes | The instance ID. | esa-xxxxxxx |
Id | integer | Yes | The WAF ruleset ID. | 10000001 |
Response elements
Element | Type | Description | Example |
object | The response schema. | ||
RequestId | string | The request ID. | 36af3fcc-43d0-441c-86b1-428951dc8225 |
| Ruleset | object | The WAF ruleset. | {} |
Id | integer | The WAF ruleset ID. | 10000001 |
Position | integer | The position of the WAF ruleset. | 1 |
Name | string | The name of the WAF ruleset. | example |
Description | string | The description of the WAF ruleset. | example |
Status | string | The status of the WAF ruleset. | on |
Expression | string | The expression for the WAF ruleset. | ip.src == 1.1.1.1 |
Phase | string | The WAF phase. | http_custom |
Shared | The shared configuration of the WAF ruleset. | {} | |
| Rules | array<object> | A list of rule configurations in the WAF ruleset. | [{}] |
object | The configuration of a rule in the WAF ruleset. | {} | |
UpdateTime | string | The time when the WAF rule was last updated. | 2025-07-07T15:00:00Z |
RulesetId | integer | The WAF ruleset ID. | 10000001 |
Id | integer | The WAF rule ID. | 20000001 |
Position | integer | The position of the WAF rule. | 1 |
Phase | string | The WAF phase. | http_custom |
Type | string | The type of the WAF rule. | ●http_ratelimit ●http_high_frequency ●http_directory_traversal |
Name | string | The name of the WAF rule. | example |
Status | string | The status of the WAF rule. | on |
| Fields | array | A list of match fields for the WAF rule. | ["ip.src"] |
string | A match field for the WAF rule. | ip.src | |
| CharacteristicsFields | array | A list of statistical fields for the WAF rule. | ["http.host"] |
string | A statistical field for the WAF rule. | http.host | |
Action | string | The action of the WAF rule. | deny |
Skip | string | The method for skipping the WAF rule. | all |
| Tags | array | A list of phases to skip for the WAF rule. | ["http_custom"] |
string | A phase to skip for the WAF rule. | http_custom | |
Config | The configuration of the WAF rule. | { "Id": 20000001, "Name": "rule1", "Expression": "ip.src eq 1.1.1.1", "Action": "deny" } |
Examples
Success response
JSON format
{
"RequestId": "36af3fcc-43d0-441c-86b1-428951dc8225",
"Ruleset": {
"Id": 10000001,
"Position": 1,
"Name": "example",
"Description": "example",
"Status": "on",
"Expression": "ip.src == 1.1.1.1",
"Phase": "http_custom",
"Shared": {
"Target": "web",
"Mode": "automatic",
"CrossSiteId": 10000001,
"Name": "example",
"Match": {
"Logic": "and",
"Criteria": [
{
"Logic": "and",
"Criteria": [
{
"Logic": "and",
"Criteria": [
{
"MatchType": "ip.src",
"MatchOperator": "eq",
"MatchValue": "1.1.1.1",
"Negate": true,
"ConvertToLower": true
}
],
"MatchType": "ip.src",
"MatchOperator": "eq",
"MatchValue": "1.1.1.1",
"Negate": true,
"ConvertToLower": true
}
],
"MatchType": "ip.src",
"MatchOperator": "eq",
"MatchValue": "1.1.1.1",
"Negate": true,
"ConvertToLower": true
}
],
"MatchType": "ip.src",
"MatchOperator": "eq",
"MatchValue": "1.1.1.1",
"Negate": true,
"ConvertToLower": true
},
"Action": "deny",
"Actions": {
"Response": {
"Id": 50000001,
"Code": 403
}
},
"Expression": "ip.src eq 1.1.1.1"
},
"Rules": [
{
"UpdateTime": "2025-07-07T15:00:00Z",
"RulesetId": 10000001,
"Id": 20000001,
"Position": 1,
"Phase": "http_custom",
"Type": "●http_ratelimit\n●http_high_frequency\n●http_directory_traversal",
"Name": "example",
"Status": "on",
"Fields": [
"ip.src"
],
"CharacteristicsFields": [
"http.host"
],
"Action": "deny",
"Skip": "all",
"Tags": [
"http_custom"
],
"Config": {
"Status": "on",
"Action": "deny",
"Actions": {
"Response": {
"Id": 50000001,
"Code": 403
},
"Bypass": {
"Skip": "part",
"RegularRules": [
100001
],
"CustomRules": [
20000001
],
"RegularTypes": [
"sqli"
],
"Tags": [
"http_custom"
]
}
},
"ManagedList": "intelligence_crawler",
"ManagedRulesets": [
{
"ProtectionLevel": 4,
"Action": "deny",
"ManagedRules": [
{
"Status": "on",
"Action": "deny",
"Id": 100001
}
],
"AttackType": 11,
"NumberTotal": 100,
"NumberEnabled": 50
}
],
"Sigchl": [
"sig"
],
"Name": "example",
"AppSdk": {
"CustomSign": {
"Value": "examplesignvalue",
"Key": "sign"
},
"CustomSignStatus": "on",
"FeatureAbnormal": [
"wxbb_invalid_sign"
]
},
"RateLimit": {
"Characteristics": {
"Logic": "and",
"Criteria": [
{
"Logic": "and",
"Criteria": [
{
"Logic": "and",
"Criteria": [
{
"MatchType": "ip.src",
"MatchOperator": "eq",
"MatchValue": "1.1.1.1",
"Negate": true,
"ConvertToLower": true
}
],
"MatchType": "ip.src",
"MatchOperator": "eq",
"MatchValue": "1.1.1.1",
"Negate": true,
"ConvertToLower": true
}
],
"MatchType": "ip.src",
"MatchOperator": "eq",
"MatchValue": "1.1.1.1",
"Negate": true,
"ConvertToLower": true
}
],
"MatchType": "ip.src",
"MatchOperator": "eq",
"MatchValue": "1.1.1.1",
"Negate": true,
"ConvertToLower": true
},
"OnHit": true,
"TTL": 10,
"Threshold": {
"ManagedRulesBlocked": 10,
"DistinctManagedRules": 10,
"ResponseStatus": {
"Ratio": 10,
"Count": 10,
"Code": 404
},
"Traffic": "10Gb",
"Request": 10
},
"Interval": 10
},
"Type": "http_custom",
"AppPackage": {
"PackageSigns": [
{
"Sign": "sign",
"Name": "name"
}
]
},
"ManagedGroupId": 30000001,
"Timer": {
"Scopes": "permanent",
"Zone": 8,
"Periods": [
{
"Start": "2025-01-01T00:00:00Z",
"End": "2025-01-01T01:00:00Z"
}
],
"WeeklyPeriods": [
{
"Days": "1",
"DailyPeriods": [
{
"Start": "00:00:00",
"End": "01:00:00"
}
]
}
]
},
"Expression": "ip.src eq 1.1.1.1",
"SecurityLevel": {
"Value": "low"
},
"Value": "10.0.0.1",
"Id": 20000001,
"Notes": "example notes"
}
}
]
}
}Error codes
HTTP status code | Error code | Error message | Description |
400 | InvalidParameter | The specified parameter is invalid. | The specified parameter is invalid. |
400 | InternalException | Failed to call the service. Try again later or contact technical support. | Failed to call the service. Try again later or contact technical support. |
See Error Codes for a complete list.
Release notes
See Release Notes for a complete list.