All Products
Search
Document Center

Web Application Firewall:CreateDefenseRule

Last Updated:Jul 13, 2026

Creates a Web core protection rule.

Try it now

Try this API in OpenAPI Explorer, no manual signing needed. Successful calls auto-generate SDK code matching your parameters. Download it with built-in credential security for local usage.

Test

RAM authorization

The table below describes the authorization required to call this API. You can define it in a Resource Access Management (RAM) policy. The table's columns are detailed below:

  • Action: The actions can be used in the Action element of RAM permission policy statements to grant permissions to perform the operation.

  • API: The API that you can call to perform the action.

  • Access level: The predefined level of access granted for each API. Valid values: create, list, get, update, and delete.

  • Resource type: The type of the resource that supports authorization to perform the action. It indicates if the action supports resource-level permission. The specified resource must be compatible with the action. Otherwise, the policy will be ineffective.

    • For APIs with resource-level permissions, required resource types are marked with an asterisk (*). Specify the corresponding Alibaba Cloud Resource Name (ARN) in the Resource element of the policy.

    • For APIs without resource-level permissions, it is shown as All Resources. Use an asterisk (*) in the Resource element of the policy.

  • Condition key: The condition keys defined by the service. The key allows for granular control, applying to either actions alone or actions associated with specific resources. In addition to service-specific condition keys, Alibaba Cloud provides a set of common condition keys applicable across all RAM-supported services.

  • Dependent action: The dependent actions required to run the action. To complete the action, the RAM user or the RAM role must have the permissions to perform all dependent actions.

Action

Access level

Resource type

Condition key

Dependent action

yundun-waf:CreateDefenseRule

create

*All Resource

*

  • acs:ResourceGroupId
None

Request parameters

Parameter

Type

Required

Description

Example

InstanceId

string

Yes

Instance ID of the WAF instance.

Note

You can call the DescribeInstance operation to query instance ID of your current WAF instance.

waf_v2_public_cn-****

TemplateId

integer

No

The ID of the protection template for the protection rule to be created.

Note

This parameter is required only when DefenseType is set to template.

1122

DefenseScene

string

Yes

The WAF protection scenario to be created.

When the protection rule type DefenseType is set to template, valid values:

  • waf_group: basic protection.

  • waf_base: new version of Web core protection.

  • antiscan: scan protection.

  • ip_blacklist: IP blacklist.

  • custom_acl: custom rule.

  • whitelist: whitelist.

  • region_block: Location Blacklist.

  • custom_response: legacy custom response.

  • cc: HTTP flood protection.

  • tamperproof: web tamper proofing.

  • dlp: information leak prevention.

  • spike_throttle: peak traffic throttling.

  • bot_manager: bot management.

When the protection rule type DefenseType is set to resource, valid values:

  • account_identifier: account extraction.

  • custom_response: new version of custom response.

  • waf_codec: decoding.

When the protection rule type DefenseType is set to global, valid values:

  • regular_custom: custom regular expression.

  • address_book: address book.

  • custom_response: new version of custom response.

Note

The custom response in global configuration can be referenced by protection objects or rules. When custom response rules are referenced at different levels, the effective priority is: rule level > protection object level > default page.

waf_group

Rules

string

Yes

The rule configuration content, which is a JSON string constructed from a series of parameters.

Note

The specific parameters vary depending on the specified protection rule type (DefenseScene). For more information, see Protection rule parameter description.

waf_group

ResourceManagerResourceGroupId

string

No

The ID of the Alibaba Cloud resource group.

rg-acfm***q

DefenseType

string

No

The type of the protection rule.

Valid values:

  • template :

    (Default) template-based protection rule.

  • resource :

    protection object-level rule.

  • global :

    global-level rule.

template

RegionId

string

No

The region where the WAF instance resides. Valid values:

  • cn-hangzhou: the Chinese mainland.

  • ap-southeast-1: outside the Chinese mainland.

cn-hangzhou

Resource

string

No

The protection object associated with the rule to be created.

Note

This parameter is required only when DefenseType is set to resource.

sec****-waf

Protection rule parameter description

Template-based protection rules (template)

When the protection rule type DefenseType is set to template, the specific rule configuration content is as follows.

Basic protection rules (waf_group)

Parameter description

NameTypeRequiredExampleDescription
statusIntegerYes1The status of the protection rule. This parameter is used only when creating a protection rule. To modify the status of a protection rule, use the RuleStatus parameter of the ModifyDefenseRuleStatus operation. Valid values:
- 0: disabled.
- 1 (default): enabled.
actionStringYesblockThe action of the protection rule. Valid values:
- block: block.
- monitor: monitor.
policyIdLongNo1012The ID of the protection rule group. Default value: 1012 (medium rule group).
protectionTypeStringNosemaThe type of the protection rule. Valid values:
- regular (default): regular expression-based protection.
- sema: semantic-based protection.
configStringNo{"nonInjectionSql":1}The custom configuration in JSON string format. For more information, see config detailed configuration.

config detailed configuration

  • When protectionType is set to sema (basic protection rule configured as semantic-based protection)

NameTypeRequiredExampleDescription
nonInjectionSqlIntegerYes1The status of non-injection attack detection. Valid values:
- 0: disabled.
- 1 (default): enabled.

Example

{
    "DefenseScene": "waf_group",
    "TemplateId": 322,
    "InstaneId": "waf_cn****",
    "Rules": "[{\"status\":1,\"policyId\":1012,\"action\":\"block\"},{\"status\":1,\"action\":\"block\",\"protectionType\":\"sema\",\"config\":\"{\\\"nonInjectionSql\\\":1}\"}]"
}

New version Web core protection rules (waf_base)

Parameter description

NameTypeRequiredExampleDescription
autoUpdateBooleanYestrueSpecifies whether to enable automatic updates. Valid values:
- true: enabled.
- false: disabled.
configArrayYes[{"ruleType":"system","ruleDetail":[{"ruleId":13000412,"ruleStatus":1,"ruleAction":"block"}]}]The rule configuration to be modified. For more information, see config detailed configuration.
Important You can call the DescribeBaseSystemRules operation to query the system protection rule configuration of this template, and call the DescribeDefenseRules operation to query the custom regular expression rule configuration of this template.

config detailed configuration

NameTypeRequiredExampleDescription
ruleTypeStringYessystemThe rule type. Valid values:
- system: system rules in basic protection.
- custom: custom regular expression rules in basic protection.
ruleBatchOperationConfigStringNodefaultThe batch rule modification operation. When this field is not empty, the RuleDetail field must be empty. Valid values:
- default: restore defaults.
- all_on: enable all rules.
- all_off: disable all rules.
- all_block: set all rule actions to block.
- all_monitor: set all rule actions to monitor.
ruleDetailArrayNo[{"ruleId":13000412,"ruleStatus":1,"ruleAction":"block"}]]The rule configuration to be modified. Fields:
- ruleId: the rule ID.
- ruleStatus: the rule status.
- ruleAction: the rule action.

Example

{
    "DefenseScene": "waf_base",
    "TemplateId": 322,
    "InstaneId": "waf_cn****",
    "Rules": "[{\"autoUpdate\":true,\"config\":[{\"ruleType\":\"system\",\"ruleDetail\":[{\"ruleId\":13000412,\"ruleStatus\":1,\"ruleAction\":\"block\"}]}]}]"
}

Scan protection rules (antiscan)

Parameter description

NameTypeRequiredExampleDescription
protectionTypeStringYeshighfreqThe subtype of the scan protection rule. Valid values:
- highfreq: high-frequency scan blocking.
- dirscan: directory traversal blocking.
- scantools: scan tool blocking.
statusIntegerYes1The status of the protection rule. This parameter is used only when creating a protection rule. To modify the status of a protection rule, use the RuleStatus parameter of the ModifyDefenseRuleStatus operation. Valid values:
- 0: disabled.
- 1 (default): enabled.
actionStringYesblockThe action of the protection rule. Valid values:
- block: block.
- monitor: monitor.
actionExternalJSONNo{"responseRuleId":123444}The extended configuration of the protection rule action. Only the new version of custom response supports this configuration. When action is set to block, you can specify a custom block page.
configStringNo{"target":"remote_addr","interval":60,"ttl":180,"count":20}The custom configuration in JSON string format. For more information, see config detailed configuration.

config detailed configuration

  • When protectionType is set to highfreq (scan protection rule configured as high-frequency scan blocking)

NameTypeRequiredExampleDescription
targetStringYesremote_addrThe object type for statistics. Valid values:
- remote_addr (default): IP address.
- cookie.acw_tc: session.
- header: custom header. When you select custom header, you must specify the header content to be counted in the subkey parameter.
- queryarg: custom parameter. When you select custom parameter, you must specify the custom parameter name to be counted in the subkey parameter.
- cookie: custom cookie. When you select custom cookie, you must specify the cookie content to be counted in the subkey parameter.
subKeyStringNoabcThe sub-character of the statistical object. When the target parameter is set to cookie, header, or queryarg, you must specify the corresponding information in the subkey parameter.
intervalIntegerNo60The detection period, in seconds. Default value: 60.
Valid values: 5 to 1800.
ttlIntegerNo1800The blocking duration, in seconds. Default value: 1800.
Valid values: 60 to 86400.
countIntegerNo20The maximum number of times a basic protection rule is triggered. Default value: 20.
Valid values: 3 to 50000.
ruleIdCountIntegerNo2The maximum number of triggered rules. Default value: 2.
Valid values: 1 to 50.
  • When protectionType is set to dirscan (scan protection rule configured as directory traversal blocking)

NameTypeRequiredExampleDescription
targetStringYesremote_addrThe statistical and blocking object. Valid values:
- remote_addr (default): IP address.
- cookie.acw_tc: session.
- header: custom header.
- queryarg: custom parameter.
- cookie: custom cookie.
subKeyStringNo1The sub-character of the statistical and blocking object. Configure this parameter only when target is set to header, queryarg, or cookie.
intervalIntegerNo60The detection period, in seconds. Default value: 60.
Valid values: 5 to 1800.
ttlIntegerNo1800The blocking duration, in seconds. Default value: 1800.
Valid values: 60 to 86400.
countIntegerNo20The maximum number of times a basic protection rule is triggered. Default value: 20.
Valid values: 3 to 50000.
weightFloatNo2The percentage of 404 response codes. Default value: 0.7.
Valid values: 0.01 to 1.0, accurate to two decimal places.
uriNumIntegerNo2The maximum number of nonexistent directories. Default value: 50.
Valid values: 2 to 50000.

Example

{
    "InstanceId": "waf_v2_public_****",
    "TemplateId": 2222,
    "DefenseScene": "antiscan",
    "Rules": "[{\"protectionType\":\"scantools\",\"action\":\"block\",\"status\":1},{\"protectionType\":\"dirscan\",\"status\":1,\"action\":\"block\",\"config\":\"{\\\"target\\\":\\\"remote_addr\\\",\\\"interval\\\":10,\\\"ttl\\\":1800,\\\"weight\\\":0.7,\\\"uriNum\\\":50,\\\"count\\\":50}\"},{\"protectionType\":\"highfreq\",\"status\":1,\"action\":\"block\",\"config\":\"{\\\"target\\\":\\\"remote_addr\\\",\\\"interval\\\":60,\\\"ttl\\\":1800,\\\"count\\\":20,\\\"ruleIdCount\\\":2}\"}]"
}

IP blacklist rules (ip_blacklist)

Parameter description

NameTypeRequiredExampleDescription
nameStringYesiptestThe name of the IP blacklist rule. The name must be 1 to 255 characters in length and can contain Chinese characters, letters, digits, underscores (_), periods (.), or hyphens (-).
statusIntegerYes1The status of the protection rule. This parameter is used only when creating a protection rule. To modify the status of a protection rule, use the RuleStatus parameter of the ModifyDefenseRuleStatus operation. Valid values:
- 0: disabled.
- 1 (default): enabled.
actionStringYesblockThe action of the protection rule. Valid values:
- block: block.
- monitor: monitor.
actionExternalJSONNo{"responseRuleId":123444}The extended configuration of the protection rule action. Only the new version of custom response supports this configuration. When action is set to block, you can specify a custom block page.
remoteAddrArrayYes["1.1.XX.XX", "3.1.XX.XX/24"]The list of IP addresses to be added to the IP blacklist. Use the format ["ip1","ip2",...].

Example

{
    "InstanceId": "waf_v2_public_****",
    "TemplateId": 2222,
    "DefenseScene": "ip_blacklist",
    "Rules": "[{\"name\":\"iptest1\",\"remoteAddr\":[\"1.1.1.2\",\"3.3.3.3/24\"],\"action\":\"monitor\",\"status\":1},{\"name\":\"iptest2\",\"remoteAddr\":[\"4.4.4.4\",\"5.5.5.5/32\"],\"action\":\"block\",\"status\":1}]"
}

Custom rules (custom_acl)

Parameter description

NameTypeRequiredExampleDescription
nameStringYesiptestThe name of the custom ACL rule. The name must be 1 to 255 characters in length and can contain Chinese characters, letters, digits, underscores (_), periods (.), or hyphens (-).
statusIntegerYes1The status of the protection rule. This parameter is used only when creating a protection rule. To modify the status of a protection rule, use the RuleStatus parameter of the ModifyDefenseRuleStatus operation. Valid values:
- 0: disabled.
- 1 (default): enabled.
actionStringYesblockThe action of the protection rule. Valid values:
- block: block.
- monitor: monitor.
- js: JavaScript challenge.
- captcha: slider CAPTCHA.
- captcha_strict: strict slider CAPTCHA.
Note The supported protection rule actions for custom ACL rules are subject to the custom rule actions displayed in the WAF console.
actionExternalJSONNo{"responseRuleId":123444}The extended configuration of the protection rule action. Only the new version of custom response supports this configuration. When action is set to block, you can specify a custom block page. When action is set to captcha or captcha_strict, you can specify a custom slider CAPTCHA page.
conditionsArrayYes[{"key":"IP","opValue":"eq","values":"11.XX.XX.1"},{"key":"Header","subKey":"abc","opValue":"contains","values":"test"}]The traffic characteristics of the ACL rule, described in JSON string format. A maximum of five match conditions are supported. For more information, see the conditions configuration description in Protection rule parameter settings.
ccStatusIntegerYes1Specifies whether to enable rate limiting. Valid values:
- 0: disabled.
- 1: enabled.
ratelimitJSONNo{"target":"remote_addr","interval":5,"threshold":2,"ttl":1800,"status":{"code":404,"count":2}}The detailed rate limiting configuration, described in JSON string format. Configure this parameter only when ccStatus is set to 1. For more information, see the ratelimit detailed configuration in Protection rule parameter settings.
effectStringNoruleThe scope of rate limiting. Configure this parameter only when ccStatus is set to 1. Valid values:
- service: the protection object.
- rule: the individual rule.
grayStatusIntegerNo1Specifies whether to enable canary release for the rule. Valid values:
- 0 (default): disabled.
- 1: enabled.
grayConfigJSONNo{"grayTarget":"header","grayRate":80,"graySubKey":"test"}The canary release environment configuration for the rule, described in JSON string format. Configure this parameter only when grayStatus is set to 1. For more information, see the grayConfig detailed configuration in Protection rule parameter settings.
timeConfigJSONNo{"timeScope":"period","timeZone":8,"timePeriods":[{"start":1758771729787,"end":1758816000000}]}The scheduled configuration for the rule, described in JSON string format. For more information, see the timeConfig detailed configuration in Protection rule parameter settings.

Example

{
    "InstanceId": "waf_v2_public_****",
    "TemplateId": 6242,
    "DefenseScene": "custom_acl",
    "Rules":"[{\"name\":\"acl_test\",\"action\":\"block\",\"conditions\":[{\"key\":\"URL\",\"opValue\":\"contain\",\"values\":\"abc\"}],\"ratelimit\":{\"target\":\"remote_addr\",\"interval\":5,\"threshold\":2,\"ttl\":1800,\"status\":{\"code\":404,\"count\":2}},\"ccStatus\":1,\"effect\":\"rule\",\"status\":1,\"origin\":\"custom\",\"timeConfig\":{\"timeScope\":\"cycle\",\"timeZone\":8,\"weekTimePeriods\":[{\"day\":\"1\",\"dayPeriods\":[{\"start\":0,\"end\":51644084}]},{\"day\":\"1,2,5\",\"dayPeriods\":[{\"start\":0,\"end\":42928908}]}]},\"grayStatus\":1,\"grayConfig\":{\"grayRate\":80,\"graySubKey\":\"test\",\"grayTarget\":\"header\"}}]"
}

Whitelist rules (whitelist)

Parameter description

NameTypeRequiredExampleDescription
nameStringYeswhitelistTestThe name of the whitelist rule. The name must be 1 to 255 characters in length and can contain Chinese characters, letters, digits, underscores (_), periods (.), or hyphens (-).
statusIntegerYes1The status of the protection rule. This parameter is used only when creating a protection rule. To modify the status of a protection rule, use the RuleStatus parameter of the ModifyDefenseRuleStatus operation. Valid values:
- 0: disabled.
- 1 (default): enabled.
conditionsArrayYes[{"key":"IP","opValue":"eq","values":"11.XX.XX.1"},{"key":"Header","subKey":"abc","opValue":"contains","values":"test"}]The traffic characteristics of the whitelist, described in JSON string format. A maximum of five match conditions are supported. For more information, see the conditions configuration description in Protection rule parameter settings.
tagsArrayYes["waf", "regular"]The list of modules to which the whitelist applies, in the format ["XX1", "XX2",...]. Valid values:
- waf: all modules.
- customrule_rule: specific custom rules.
- customrule: custom rules.
- blacklist: IP blacklist.
- blacklist_rule: specific IP blacklist rules.
- antiscan: scan protection.
- regular: basic protection rules.
- regular_rule: specific basic protection regular expression rules.
- regular_type: specific basic protection regular expression rule types.
- regular_field: specific basic protection fields.
- major_protection: major event protection.
- cc: HTTP flood protection.
- region_block: Location Blacklist.
- antibot_scene: bot scenario protection.
- antibot_scene_rule: specific bot scenario protection rule IDs.
- antibot_scene_label: specific bot scenario protection rule types.
- dlp: information leak prevention.
- tamperproof: web tamper proofing.
- spike_throttle: peak traffic throttling protection.
regularRulesArrayNo[ "111111", "222222" ]The list of regular expression rule IDs to skip, in the format ["XX1", "XX2",...]. Configure this parameter only when the whitelist module is set to specific basic protection regular expression rules (the tags parameter is set to regular_rule).
regularTypesArrayNo[ "xss", "css" ]The list of regular expression rule types to skip, in the format ["XX1", "XX2",...]. Configure this parameter only when the whitelist module is set to Web application regular expression types (the tags parameter is set to regular_type). Valid values:
- sqli: SQL injection.
- xss: cross-site scripting.
- code_exec: code execution.
- crlf: CRLF.
- lfilei: local file inclusion.
- rfilei: remote file inclusion.
- webshell: WebShell.
- csrf: CSRF.
- other: other.
regularFieldsArrayNo[{"key":"URL"},{"key":"Header","subKey":"abc"}]The list of basic protection fields to skip, described in JSON string format. A maximum of five match conditions are supported. For more information, see regularFields detailed configuration. Configure this parameter only when the whitelist module is set to specific basic protection fields (the tags parameter is set to regular_field).
customRulesArrayNo[ "111111", "222222" ]The list of custom rule IDs to skip, in the format ["XX1", "XX2",...]. Configure this parameter only when the whitelist module is set to specific custom rules (the tags parameter is set to customrule_rule).
blacklistRulesArrayNo[ "111111", "222222" ]The list of IP blacklist rule IDs to skip, in the format ["XX1", "XX2",...]. Configure this parameter only when the whitelist module is set to specific IP blacklist rules (the tags parameter is set to blacklist_rule).
botRulesArrayNo[ "111111", "222222" ]The list of bot scenario protection rule IDs to skip, in the format ["XX1", "XX2",...]. Configure this parameter only when the whitelist module is set to specific bot scenario protection rule IDs (the tags parameter is set to antibot_scene_rule).
botLablesArrayNo[ "abc", "cdcc" ]The list of bot scenario protection rule types to skip, in the format ["XX1", "XX2",...]. Configure this parameter only when the whitelist module is set to specific bot scenario protection rule types (the tags parameter is set to antibot_scene_label). You can invoke the DescribeBotRuleLabels operation to query the bot rule type information.

regularFields detailed configuration

NameTypeRequiredExampleDescription
keyStringYesURLThe field to skip. Valid values:
- URL-All: all URI-related fields.
- URL: specified URI field.
- URLPath: URI path.
- Query-All: all query-related fields.
- Query-Arg: specified query parameter.
- Cookie-All: all cookie-related fields.
- Cookie-Exact: specified cookie name.
- Header-All: all header-related fields.
- Header: specified header field.
- Body-All: all body parameters.
subKeyStringNoabcThe specified field. Configure this parameter when the field to skip (key) is set to URLPath, Query-Arg, Cookie-Exact, or Header.

Example

{
    "InstanceId": "waf_v2_public_****",
    "TemplateId": 9242,
    "DefenseScene": "whitelist",
    "Rules":"[{\"name\":\"whitelistTest\",\"tags\":[\"regular_rule\",\"customrule\"],\"status\":1,\"origin\":\"custom\",\"conditions\":[{\"key\":\"URL\",\"opValue\":\"contain\",\"values\":\"/test\"},{\"key\":\"Header\",\"opValue\":\"eq\",\"values\":\"ffff\",\"subKey\":\"abc\"}],\"regularRules\":[\"123444\",\"444444\"]}]"
}

Custom response rules (custom_response)

Parameter description

NameTypeRequiredExampleDescription
responseTypeStringYesresponse_blockThe type of the custom response. Set the value to response_block, which indicates a block response.
statusIntegerYes1The status of the protection rule. This parameter is used only when creating a protection rule. To modify the status of a protection rule, use the RuleStatus parameter of the ModifyDefenseRuleStatus operation. Valid values:
- 0: disabled.
- 1 (default): enabled.
configStringYes{"responseCode":400,"responseHeaders":[{"key":"custom","value":"123"},{"key":"aaa","value":"2223"}],"responseContent":"HelloWorld"}The custom configuration in JSON string format. For more information, see config detailed configuration.

config detailed configuration

NameTypeRequiredExampleDescription
responseCodeIntegerYes400The specified response code.
responseHeadersArrayNo[{"key":"custom","value":"123"},{"key":"aaaa","value":"2223"}]The list of custom response headers, described in JSON string format. key is the header field, and value is the header value.
responseContentStringYeshelloworldThe content of the custom response.

Example

{
    "InstanceId": "waf_v2_public_****",
    "TemplateId": 2841,
    "DefenseScene": "custom_response",
    "Rules":"[{\"responseType\":\"response_block\",\"config\":\"{\\\"templateName\\\":\\\"aaa\\\",\\\"responseCode\\\":\\\"400\\\",\\\"responseContent\\\":\\\"helloWorld\\\",\\\"responseHeaders\\\":[{\\\"key\\\":\\\"test1\\\",\\\"value\\\":\\\"abc\\\"}]}\",\"status\":1}]"
}

Location Blacklist rules (region_block)

Parameter description

NameTypeRequiredExampleDescription
cnRegionListStringNo610000,230000The list of regions within China. Set the value to ["CN"] to block the Chinese mainland (excluding Hong Kong (China), Macao (China), and Taiwan (China)). Separate multiple regions with commas (,). For the meanings of region codes, see Region codes within China.
abroadRegionListStringNoKE,KGThe list of regions outside China. Separate multiple regions with commas (,). You can call the DescribeIpAbroadCountryInfos operation to query the supported overseas countries and regions for blocking.
statusIntegerYes1The status of the protection rule. This parameter is used only when creating a protection rule. To modify the status of a protection rule, use the RuleStatus parameter of the ModifyDefenseRuleStatus operation. Valid values:
- 0: disabled.
- 1 (default): enabled.
actionStringYesblockThe action of the protection rule. Valid values:
- block: block.
- monitor: monitor.
actionExternalJSONNo{"responseRuleId":123444}The extended configuration of the protection rule action. Only the new version of custom response supports this configuration. When action is set to block, you can specify a custom block page. When action is set to captcha or captcha_strict, you can specify a custom slider CAPTCHA page.

Region codes within China

{
    "110000": "Beijing",
    "120000": "Tianjin",
    "130000": "Hebei",
    "140000": "Shanxi",
    "150000": "Inner Mongolia",
    "210000": "Liaoning",
    "220000": "Jilin",
    "230000": "Heilongjiang",
    "310000": "Shanghai",
    "320000": "Jiangsu",
    "330000":

Response elements

Element

Type

Description

Example

object

The response struct.

RequestId

string

The ID of the request.

26E46541-7AAB-5565-801D-F14DBDC5****

RuleIds

string

The IDs of the created protection rules. Multiple IDs are separated by commas (,).

22215,23354,462165

Examples

Success response

JSON format

{
  "RequestId": "26E46541-7AAB-5565-801D-F14DBDC5****",
  "RuleIds": "22215,23354,462165"
}

Error codes

HTTP status code

Error code

Error message

Description

400 Defense.Control.DefenseWhitelistBypassRuleNotExist The whitelist protection rule does not exist. The whitelist protection rule does not exist. Rule ID:%s.
400 Defense.Control.DefenseWhitelistConfigInvalid The whitelist rule is misconfigured. Error configuring whitelist rule: %s.
400 Defense.Control.DefenseBookTypeInvalid The address book type is illegal. The address book type is illegal.
400 Defense.Control.DefenseThreatIntelligenceConfigInvalid Threat Intelligence Rule configuration error. Threat Intelligence Rule configuration error. %s
400 Defense.Control.DefenseIpCountOversize The number of IPs exceeds the limit. The number of IPs exceeds the limit.

See Error Codes for a complete list.

Release notes

See Release Notes for a complete list.