All Products
Search
Document Center

Web Application Firewall:CreateDefenseRule

Last Updated:Sep 13, 2024

Creates a protection rule.

Debugging

OpenAPI Explorer automatically calculates the signature value. For your convenience, we recommend that you call this operation in OpenAPI Explorer.

Authorization information

The following table shows the authorization information corresponding to the API. The authorization information can be used in the Action policy element to grant a RAM user or RAM role the permissions to call this API operation. Description:

  • Operation: the value that you can use in the Action element to specify the operation on a resource.
  • Access level: the access level of each operation. The levels are read, write, and list.
  • Resource type: the type of the resource on which you can authorize the RAM user or the RAM role to perform the operation. Take note of the following items:
    • The required resource types are displayed in bold characters.
    • If the permissions cannot be granted at the resource level, All Resources is used in the Resource type column of the operation.
  • Condition Key: the condition key that is defined by the cloud service.
  • Associated operation: other operations that the RAM user or the RAM role must have permissions to perform to complete the operation. To complete the operation, the RAM user or the RAM role must have the permissions to perform the associated operations.
OperationAccess levelResource typeCondition keyAssociated operation
yundun-waf:CreateDefenseRulecreate
  • All Resources
    *
    none
none

Request parameters

ParameterTypeRequiredDescriptionExample
InstanceIdstringYes

The ID of the Web Application Firewall (WAF) instance.

Note You can call the DescribeInstance operation to obtain the ID of the WAF instance.
waf_v2_public_cn-****
TemplateIdlongYes

The ID of the rule template for which you want to create a protection rule.

1122
DefenseScenestringYes

The module to which the protection rule that you want to create belongs.

  • waf_group: the basic protection rule module.
  • antiscan: the scan protection module.
  • ip_blacklist: the IP address blacklist module.
  • custom_acl: the custom rule module.
  • whitelist: the whitelist module.
  • region_block: the region blacklist module.
  • custom_response: the custom response module.
  • cc: the HTTP flood protection module.
  • tamperproof: the website tamper-proofing module.
  • dlp: the data leakage prevention module.
waf_group
RulesstringYes

The configurations of the protection rule. Specify a string that contains multiple parameters in the JSON format.

Note The parameters vary based on the value of the DefenseScene parameter.**** For more information, see the "Protection rule parameters" section in this topic.
For more information, see the following section
ResourceManagerResourceGroupIdstringNo

The ID of the resource group.

rg-acfm***q
RegionIdstringNo

The region where the WAF instance resides. Valid values:

  • cn-hangzhou: the Chinese mainland.
  • ap-southeast-1: outside the Chinese mainland.
cn-hangzhou

Protection rule parameters

Parameters of basic protection rules (waf_group)

Parameters

ParameterTypeRequiredExampleDescription
statusIntegerYes1The status of the protection rule. This parameter is the same as the RuleStatus parameter of the ModifyDefenseRuleStatus operation and is used only when you call the CreateDefenseRule operation to create a protection rule. Valid values:- 0: disabled.- 1: enabled. This is the default value.
actionStringYesblockThe action that you want WAF to perform on requests that match the protection rule. Valid values:- block: WAF blocks requests that match the protection rule.- monitor: WAF monitors requests that match the protection rule.
policyIdLongNo1012The ID of the protection rule group to which the protection rule that you want to create belongs. Default value: 1012.

Examples

{
    "DefenseScene": "waf_group",
    "TemplateId": 322,
    "InstaneId": "waf_cn****",
    "Rules": "[{\"status\":1,\"policyId\":1012,\"action\":\"block\"}]"
}

Parameters of scan protection rules (antiscan)

Parameters

ParameterTypeRequiredExampleDescription
protectionTypeStringYeshighfreqThe type of the scan protection rule. Valid values:- highfreq: high-frequency scan blocking.- dirscan: directory traversal blocking.- scantools: scanner blocking.
statusIntegerYes1The status of the protection rule. This parameter is the same as the RuleStatus parameter of the ModifyDefenseRuleStatus operation and is used only when you call the CreateDefenseRule operation to create a protection rule. Valid values:- 0: disabled.- 1: enabled. This is the default value.
actionStringYesblockThe action that you want WAF to perform on requests that match the protection rule. Valid values:- block: WAF blocks requests that match the protection rule.- monitor: WAF monitors requests that match the protection rule.
configStringNo{"target":"IP","interval":60,"ttl":180,"count":20}The custom configurations of the protection rule. Specify a string that contains multiple parameters in the JSON format. For more information, see Configuration parameters.

Configuration parameters

  • The following parameters are used if you set the protectionType parameter to highfreq.
ParameterTypeRequiredExampleDescription
targetStringYesIPThe type of the statistical object. Valid values:- remote_addr: IP addresses. This is the default value.- cookie.acw_tc: sessions.- header: custom headers. If you use custom headers, you must specify the headers in the subKey parameter.- queryarg: custom parameters. If you use custom parameters, you must specify the custom parameters in the subKey parameter.- cookie: custom cookies. If you use custom cookies, you must specify the cookie content in the subKey parameter.
subKeyStringNoabcThe sub-characteristic of the statistical object. If you set the target parameter to cookie, header, or queryarg, you must specify these custom statistical objects in the subKey parameter.
intervalIntegerNo60The detection period. Unit: seconds. Default value: 60.Valid values: 5 to 1800.
ttlIntegerNo1800The blocking period. Unit: seconds. Default value: 1800.Valid values: 60 to 86400.
countIntegerNo20The maximum number of times that basic protection rules can be triggered. Default value: 20.Valid values: 3 to 50000.
ruleIdCountIntegerNo2The maximum number of basic protection rules that can be triggered. Default value: 2.Valid values: 1 to 50.
  • The following parameters are used if you set the protectionType parameter to dirscan.
ParameterTypeRequiredExampleDescription
targetStringYesIPThe type of the statistical and blocked object. Valid values:- remote_addr: IP addresses. This is the default value.- cookie.acw_tc: sessions.- header: custom headers.- queryarg: custom parameters.- cookie: custom cookies.
subKeyStringNo1The sub-characteristic of the statistical and blocked object. You must specify this parameter only when you set the target parameter to header, queryarg, or cookie.
intervalIntegerNo60The detection period. Unit: seconds. Default value: 60.Valid values: 5 to 1800.
ttlIntegerNo1800The blocking period. Unit: seconds. Default value: 1800.Valid values: 60 to 86400.
countIntegerNo20The maximum number of times that basic protection rules can be triggered. Default value: 20.Valid values of: 3 to 50000.
weightFloatNo2The maximum percentage of the 404 status codes. Default value: 0.7.Valid values: 0.01 to 1.0. The value is accurate to two decimal places.
uriNumIntegerNo2The maximum number of non-existent directories. Default value: 50.Valid values: 2 to 50000.

Examples

{
    "InstanceId": "waf_v2_public_****",
    "TemplateId": 2222,
    "DefenseScene": "antiscan",
    "Rules": "[{\"protectionType\":\"scantools\",\"action\":\"block\",\"status\":1},{\"protectionType\":\"dirscan\",\"status\":1,\"action\":\"block\",\"config\":\"{\\\"target\\\":\\\"remote_addr\\\",\\\"interval\\\":10,\\\"ttl\\\":1800,\\\"weight\\\":0.7,\\\"uriNum\\\":50,\\\"count\\\":50}\"},{\"protectionType\":\"highfreq\",\"status\":1,\"action\":\"block\",\"config\":\"{\\\"target\\\":\\\"remote_addr\\\",\\\"interval\\\":60,\\\"ttl\\\":1800,\\\"count\\\":20,\\\"ruleIdCount\\\":2}\"}]"
}

Parameters of IP address blacklist rules (ip_blacklist)

Parameters

ParameterTypeRequiredExampleDescription
nameStringYesiptestThe name of the IP address blacklist rule.
statusIntegerYes1The status of the protection rule. This parameter is the same as the RuleStatus parameter of the ModifyDefenseRuleStatus operation and is used only when you call the CreateDefenseRule operation to create a protection rule. Valid values:- 0: disabled.- 1: enabled. This is the default value.
actionStringYesblockThe action that you want WAF to perform on requests that match the protection rule. Valid values:- block: WAF blocks requests that match the protection rule.- monitor: WAF monitors requests that match the protection rule.
remoteAddrArrayRequired["1.1.XX.XX", "3.1.XX.XX/24"]An array of IP addresses that you want to add to the IP address blacklist. Specify multiple IP addresses in the ["ip1","ip2",...] format.

Examples

{
    "InstanceId": "waf_v2_public_****",
    "TemplateId": 2222,
    "DefenseScene": "ip_blacklist",
    "Rules": "[{\"name\":\"iptest1\",\"remoteAddr\":[\"1.1.1.2\",\"3.3.3.3/24\"],\"action\":\"monitor\",\"status\":1},{\"name\":\"iptest2\",\"remoteAddr\":[\"4.4.4.4\",\"5.5.5.5/32\"],\"action\":\"block\",\"status\":1}]"
}

Parameters of custom access control rules (custom_acl)

Parameters

ParameterTypeRequiredExampleDescription
nameStringRequirediptestThe name of the custom access control rule.
statusIntegerYes1The status of the protection rule. This parameter is the same as the RuleStatus parameter of the ModifyDefenseRuleStatus operation and is used only when you call the CreateDefenseRule operation to create a protection rule. Valid values:- 0: disabled.- 1: enabled. This is the default value.
actionStringYesblockThe action that you want WAF to perform on requests that match the protection rule. Valid values:- block: WAF blocks requests that match the protection rule.- monitor: WAF monitors requests that match the protection rule.- js: WAF performs JavaScript verification on requests that match the protection rule.- captcha: WAF performs slider CAPTCHA verification on requests that match the protection rule.- captcha_strict: WAF performs strict CAPTCHA verification on requests that match the protection rule.Note: For more information about the protection actions that can be specified in custom access control rules, log on to the WAF console.
conditionsArrayYes[{"key":"IP","opValue":"eq","values":"11.XX.XX.1"},{"key":"Header","subKey":"abc","opValue":"contains","values":"test"}]An array of match conditions. Specify a string that contains multiple parameters in the JSON format. You can specify up to five match conditions. For more information, see Match condition parameters.
ccStatusIntegerYes1Specifies whether to enable the rate limiting feature. Valid values:- 0: disables the rate limiting feature.- 1: enables the rate limiting feature.
ratelimitJSONNo{"target":"remote_addr","interval":5,"threshold":2,"ttl":1800,"status":{"code":404,"count":2}}The configurations of the rate limiting feature. Specify a string that contains multiple parameters in the JSON format. You must specify this parameter only when the ccStatus parameter is set to 1. For more information, see Rate limiting parameters in this section.
effectStringNoruleThe effective scope of the rate limiting feature. This parameter is available only when you set the ccStatus parameter to 1. Valid values:- service: specifies that the rate limiting feature is enabled for all protected objects.- rule: specifies that the rate limiting feature is enabled for the current protection rule.

Match condition parameters

ParameterTypeRequiredExampleDescription
keyStringYesIPThe match field. Valid values: URL, URLPath, IP, Referer, User-Agent, Params, Cookie, Content-Type, Content-Length, X-Forwarded-For, Post-Body, Http-Method, and Header.
subKeyStringNoabcThe child match field.Note: Not every match field (key) of a custom rule contains a child match field (subKey). For information about the child match fields that are supported by each match field, log on to the WAF console.
opValueStringYescontainThe logical operator. Valid values:- not-contain: does not contain.- contain: contains.- none: does not exist.- ne: not equal to.- eq: equal to.- lt: value less than.- gt: value greater than.- len-lt: length less than.- len-eq: length equal to.- len-gt: length greater than.-not-match: does not match.- match-one: equal to one of multiple values.- all-not-match: not equal to any value.- all-not-contain: does not contain any value.- contain-one: contains one of multiple values.-not-regex: does not match a regular expression.- regex: matches regular expressions.- all-not-regex: does not match any regular expression.- regex-one: matches one of multiple regular expressions.- prefix-match: matches by prefix.- suffix-match: matches by suffix.- empty: empty content.- exists: exists.- inl: exists in a list.Note: When you create a custom rule, the valid values of the opValue parameter vary based on the value of the key parameter. For information about the logical operators that are supported by each match field, log on to the WAF console.
valuesStringYesabcThe match content.Note: The valid values of the opValue and values parameters in the match conditions vary based on the value of the key parameter.

Rate limiting parameters

ParameterTypeRequiredExampleDescription
targetStringRequiredIPThe type of the statistical object. Valid values:- remote_addr: IP addresses. This is the default value.- cookie.acw_tc: sessions.- header: custom headers. If you use custom headers, you must specify the headers in the subKey parameter.- queryarg: custom parameters. If you use custom parameters, you must specify the custom parameters in the subKey parameter.- cookie: custom cookies. If you use custom cookies, you must specify the cookie content in the subKey parameter.
subKeyStringNoabcThe sub-characteristic of the statistical object. If you set the target parameter to cookie, header, or queryarg, you must specify these statistical objects in the subKey parameter.
intervalIntegerYes60The statistical interval. Unit: seconds. The statistical interval of the number of requests. If you specify this parameter, the threshold parameter is required.Valid values: 5 to 1800.
thresholdIntegerYes200The maximum number of requests that can be sent from a statistical object.
ttlIntegerYes1800The period of time during which you want the specified action to take effect. Unit: seconds.Valid values: 60 to 86400.
statusJSONNo{"code":404,"count":200}The frequency of an HTTP status code. Specify a string that contains the following parameters in the JSON format:code: the HTTP status code. This parameter is required. Data type: integer.count: the maximum number of times that the specified HTTP status code is returned. If the actual value is greater than the threshold, the custom access control rule is matched. This parameter is optional. Data type: integer. Valid values: 2 to 50000. You can specify the count parameter or ratio parameter. You cannot specify the two parameters at the same time.ratio: the maximum percentage of times that the specified HTTP status code is returned. If the actual percentage is greater than the threshold, the custom access control rule is matched. This parameter is optional. Data type: integer. Valid values: 1 to 100. You can specify the count parameter or ratio parameter. You cannot specify the two parameters at the same time.

Examples

{
    "InstanceId": "waf_v2_public_****",
    "TemplateId": 6242,
    "DefenseScene": "custom_acl",
    "Rules":"[{\"name\":\"acl_test\",\"action\":\"block\",\"conditions\":[{\"key\":\"URL\",\"opValue\":\"contain\",\"values\":\"abc\"}],\"ratelimit\":{\"target\":\"remote_addr\",\"interval\":5,\"threshold\":2,\"ttl\":1800,\"status\":{\"code\":404,\"count\":2}},\"ccStatus\":1,\"effect\":\"rule\",\"status\":1,\"origin\":\"custom\"}]"
}

Parameters of whitelist rules (whitelist)

Parameters

ParameterTypeRequiredExampleDescription
nameStringRequiredwhitelistTestThe name of the whitelist rule.
statusIntegerYes1The status of the protection rule. This parameter is the same as the RuleStatus parameter of the ModifyDefenseRuleStatus operation and is used only when you call the CreateDefenseRule operation to create a protection rule. Valid values:- 0: disabled.- 1: enabled. This is the default value.
conditionsArrayYes[{"key":"IP","opValue":"eq","values":"11.XX.XX.1"},{"key":"Header","subKey":"abc","opValue":"contains","values":"test"}]An array of match conditions. Specify a string that contains multiple parameters in the JSON format. You can specify up to five match conditions. For more information, see Match condition parameters.
tagsArrayYes["waf", "regular"]An array of protection modules for which you want the whitelist rule to take effect. Specify multiple protection modules in the ["XX1", "XX2",...] format. Valid values:- waf: all modules.- customrule: the custom rule module.- blacklist: the IP address blacklist module.- antiscan: the scan protection module.- regular: the basic protection rule module.- regular_rule: the specific regular expression rules of the basic protection rule module.- regular_type: the specific types of regular expression rules of the basic protection rule module.- major_protection: the major event protection module.- cc: the HTTP flood protection module.- region_block: the region blacklist module.- antibot_scene: the bot management module.- dlp: the data leakage prevention module.- tamperproof: the website tamper-proofing module.
regularRulesArrayNo[ "111111", "222222" ]An array of the IDs of regular expression rules that you want requests to bypass. Specify multiple IDs in the ["XX1", "XX2",...] format. This parameter is available only when you set the tags parameter to regular_rule.
regularTypesArrayNo[ "xss", "css" ]An array of the types of regular expression rules that you want requests to bypass. Specify multiple regular expression rule types in the [" XX1 ", "XX2 ",...] format. This parameter is available only when you set the tags parameter to regular_type. Valid values:- sqli: SQL injection.- xss: cross-site scripting (XSS) attacks.- code_exec: code execution.- crlf: carriage return line feed (CRLF) injection.- lfilei: local file inclusion.- rfilei: remote file inclusion.- webshell:: webshell.- csrf: cross site request forgery (CSRF).- other: other types.

Match condition parameters

ParameterTypeRequiredExampleDescription
keyStringYesIPThe match field. Valid values: URL, URLPath, IP, Referer, User-Agent, Params, Cookie, Content-Type, Content-Length, X-Forwarded-For, Post-Body, Http-Method, and Header.
subKeyStringNoabcThe child match field.Note: Not every match field (key) of a whitelist rule contains a child match field (subKey). For information about the child match fields that are supported by each match field, log on to the WAF console.
opValueStringYescontainThe logical operator. Valid values:- not-contain: does not contain.- contain: contains.- none: does not exist.- ne: not equal to.- eq: equal to.- lt: value less than.- gt: value greater than.- len-lt: length less than.- len-eq: length equal to.- len-gt: length greater than.-not-match: does not match.- match-one: equal to one of multiple values.- all-not-match: not equal to any value.- all-not-contain: does not contain any value.- contain-one: contains one of multiple values.-not-regex: does not match a regular expression.- regex: matches regular expressions.- all-not-regex: does not match any regular expression.- regex-one: matches one of multiple regular expressions.- prefix-match: matches by prefix.- suffix-match: matches by suffix.- empty: empty content.- exists: exists.- inl: exists in a list.Note: When you create a whitelist rule, the valid values of the opValue parameter vary based on the value of the key parameter. For information about the logical operators that are supported for each match field, log on to the WAF console.
valuesStringYesabcThe match content.Note: The valid values of the opValue and values parameters in the match conditions vary based on the value of the key parameter.

Examples

{
    "InstanceId": "waf_v2_public_****",
    "TemplateId": 9242,
    "DefenseScene": "whitelist",
    "Rules":"[{\"name\":\"whitelistTest\",\"tags\":[\"regular_rule\",\"customrule\"],\"status\":1,\"origin\":\"custom\",\"conditions\":[{\"key\":\"URL\",\"opValue\":\"contain\",\"values\":\"/test\"},{\"key\":\"Header\",\"opValue\":\"eq\",\"values\":\"ffff\",\"subKey\":\"abc\"}],\"regularRules\":[\"123444\",\"444444\"]}]"
}

Parameters of custom response rules (custom_response)

Parameters

ParameterTypeRequiredExampleDescription
responseTypeStringRequiredresponse_blockThe type of the custom response. Set this parameter to response_block to configure custom block pages that you want to return to clients when requests are blocked.
statusIntegerYes1The status of the protection rule. This parameter is the same as the RuleStatus parameter of the ModifyDefenseRuleStatus operation and is used only when you call the CreateDefenseRule operation to create a protection rule. Valid values:- 0: disabled.- 1: enabled. This is the default value.
configStringYes{"responseCode":400,"responseHeaders":[{"key":"custom","value":"123"},{"key":"aaa","value":"2223"}],"responseContent":"HelloWorld"}The custom configurations of the protection rule. Specify a string that contains multiple parameters in the JSON format. For more information, see Configuration parameters.

Configuration parameters

ParameterTypeRequiredExampleDescription
responseCodeIntegerYes400The HTTP status code.
responseHeadersArrayNo[{"key":"custom","value":"123"},{"key":"aaaa","value":"2223"}]An array of custom response headers. Specify a string that contains multiple parameters in the JSON format. The values of the key parameter are the field names of the response headers, and the values of the value parameter are the values of the response headers.
responseContentStringYeshelloworldThe response body.

Examples

{
    "InstanceId": "waf_v2_public_****",
    "TemplateId": 2841,
    "DefenseScene": "custom_response",
    "Rules":"[{\"responseType\":\"response_block\",\"config\":\"{\\\"templateName\\\":\\\"aaa\\\",\\\"responseCode\\\":\\\"400\\\",\\\"responseContent\\\":\\\"helloWorld\\\",\\\"responseHeaders\\\":[{\\\"key\\\":\\\"test1\\\",\\\"value\\\":\\\"abc\\\"}]}\",\"status\":1}]"
}

Parameters of region blacklist rules (region_block)

Parameters

ParameterTypeRequiredExampleDescription
cnRegionListStringNo610000,230000The regions in China from where you want to block requests. If you set this parameter to CN, requests that are sent from IP addresses in the Chinese mainland are blocked. Separate multiple regions with commas (,). For more information about region codes, see Codes of administrative regions in China.
abroadRegionListStringNoKE,KGThe regions outside China from where you want to block requests. Separate multiple region codes with commas (,). For information about region codes, see Codes of countries and regions outside China.
statusIntegerYes1The status of the protection rule. This parameter is the same as the RuleStatus parameter of the ModifyDefenseRuleStatus operation and is used only when you call the CreateDefenseRule operation to create a protection rule. Valid values:- 0: disabled.- 1: enabled. This is the default value.
actionStringYesblockThe action that you want WAF to perform on requests that match the protection rule. Valid values:- block: WAF blocks requests that match the protection rule.- monitor: WAF monitors requests that match the protection rule.

Codes of administrative regions in China

{
    "110000": "Beijing",
    "120000": "Tianjin",
    "130000": "Hebei",
    "140000": "Shanxi",
    "150000": "Nei Mongol",
    "210000": "Liaoning",
    "220000": "Jilin",
    "230000": "Heilongjiang"
    "310000": "Shanghai",
    "320000": "Jiangsu",
    "330000": "Zhejiang",
    "340000": "Anhui",
    "350000": "Fujian",
    "360000": "Jiangxi",
    "370000": "Shandong",
    "410000": "Henan",
    "420000": "Hubei",
    "430000": "Hunan",
    "440000": "Guangdong",
    "450000": "Guangxi",
    "460000": "Hainan",
    "500000": "Chongqing",
    "510000": "Sichuan",
    "520000": "Guizhou",
    "530000": "Yunnan",
    "610000": "Shaanxi",
    "620000": "Gansu",
    "630000": "Qinghai",
    "640000": "Ningxia",
    "MO_01": "Macao (China)",
    "HK_01": "Hong Kong (China)",
    "TW_01": "Taiwan (China)"
    "CN": "Chinese mainland"
}

Codes of countries and regions outside China

{
    "KE": "Kenya",
    "KG": "Kyrgyzstan",
    "KH": "Kampuchea",
    "KI": "Kiribati",
    "KM": "Comoros",
    "KN": "Saint Kitts and Nevis",
    "KP": "The Democratic People's Republic of Korea",
    "KR": "The Republic of Korea",
    "KW": "Kuwait",
    "KY": "Cayman Islands",
    "KZ": "Kazakhstan",
    "LA": "Laos",
    "LB": "Lebanon",
    "LC": "Saint Lucia",
    "LI": "Liechtenstein",
    "LK": "Sri Lanka",
    "LR": "Liberia",
    "LS": "Lesotho",
    "LT": "Lithuania",
    "LU": "Luxembourg",
    "LV": "Latvia",
    "LY": "Libya",
    "MA": "Morocco",
    "MC": "Monaco",
    "MD": "Moldova",
    "ME": "Montenegro",
    "MF": "Saint Martin",
    "MG": "Madagascar",
    "MH": "Marshall Islands",
    "MK": "Macedonia",
    "ML": "Mali",
    "MM": "Myanmar",
    "MN": "Mongolia",
    "MP": "Northern Mariana Islands",
    "MQ": "Martinique",
    "MR": "Mauritania",
    "MS": "Montserrat",
    "MT": "Malta",
    "MU": "Mauritius",
    "MV": "Maldives",
    "MW": "Malawi",
    "MX": "Mexico",
    "MY": "Malaysia",
    "MZ": "Mozambique",
    "NA": "Namibia",
    "NC": "New Caledonia",
    "NE": "Niger",
    "NF": "Norfolk Island",
    "NG": "Nigeria",
    "NI": "Nicaragua",
    "NL": "The Netherlands",
    "NO": "Norway",
    "O1": "Other countries",
    "NP": "Nepal",
    "NR": "Nauru",
    "NU": "Niue",
    "NZ": "New Zealand",
    "GA": "Gabon",
    "GB": "United Kingdom",
    "WS": "Samoa",
    "GD": "Grenada",
    "GE": "Georgia",
    "GF": "French Guiana",
    "GG": "Guernsey",
    "GH": "Ghana",
    "GI": "Gibraltar",
    "GL": "Greenland",
    "GM": "The Gambia,
    "GN": "Guinea",
    "GP": "Guadeloupe",
    "GQ": "Equatorial Guinea",
    "GR": "Greece",
    "GS": "South Georgia and the South Sandwich Islands",
    "GT": "Guatemala",
    "GU": "Guam",
    "GW": "Guinea-Bissau",
    "GY": "Guyana",
    "HM": "Heard Island and McDonald Islands",
    "HN": "Honduras",
    "HR": "Croatia",
    "HT": "Haiti",
    "YE": "Yemen",
    "HU": "Hungary",
    "YT": "Mayotte",
    "ID": "Indonesia",
    "IE": "Ireland",
    "IL": "Israel",
    "IM": "Isle of Man",
    "IN": "India Closing Down",
    "IO": "British Indian Ocean Territory",
    "ZA": "South Africa",
    "IQ": "Iraq",
    "IR": "Iran",
    "IS": "Iceland",
    "IT": "Italy",
    "ZM": "Zambia",
    "JE": "Jersey",
    "ZW": "Zimbabwe",
    "JM": "Jamaica",
    "JO": "Jordan",
    "JP": "Japan",
    "SI": "Slovenia",
    "SJ": "Svalbard and Jan Mayen Islands",
    "BY": "Belarus",
    "SK": "Slovakia",
    "BZ": "Belize",
    "SL": "Sierra Leone",
    "SM": "San Marino",
    "SN": "Senegal",
    "SO": "Somalia",
    "CA": "Canada",
    "SR": "Suriname",
    "SS": "South Sudan",
    "CC": "Cocos (Keeling) Islands",
    "ST": "Sao Tome and Principe",
    "CD": "The Democratic Republic of the Congo",
    "CF": "Central African Republic",
    "SV": "El Salvador",
    "CG": "The Republic of the Congo",
    "CH": "Switzerland",
    "SX": "Sint Maarten",
    "SY": "Syrian Arab Republic",
    "CI": "Côte d'Ivoire",
    "SZ": "Eswatini",
    "CK": "Cook Islands",
    "CL": "Chile",
    "CM": "Cameroon",
    "CO": "Colombia",
    "TC": "Turks and Caicos Islands",
    "CR": "Costa Rica",
    "TD": "Chad",
    "CU": "Cuba",
    "TF": "French Southern and Antarctic Lands",
    "CV": "Cabo Verde",
    "TG": "Togo",
    "CW": "Curacao",
    "TH": "Thailand",
    "CX": "Christmas Island",
    "TJ": "Tajikistan",
    "CY": "Cyprus",
    "CZ": "Czech Republic",
    "TK": "Tokelau",
    "TL": "Timor-Leste",
    "TM": "Turkmenistan",
    "TN": "Tunisia",
    "TO": "Tonga",
    "TR": "Turkey",
    "TT": "Trinidad and Tobago",
    "DE": "Germany",
    "TV": "Tuvalu",
    "DJ": "Djibouti",
    "TZ": "Tanzania",
    "DK": "Denmark",
    "DM": "Dominica",
    "DO": "Dominican Republic",
    "UA": "Ukraine",
    "UG": "Uganda",
    "DZ": "Algeria",
    "UM": "United States Minor Outlying Islands",
    "US": "United States",
    "EC": "Ecuador",
    "EE": "Estonia",
    "EG": "Egypt",
    "EH": "Western Sahara",
    "UY": "Uruguay",
    "UZ": "Uzbekistan",
    "VA": "Vatican City",
    "VC": "Saint Vincent and the Grenadines",
    "ER": "Eritrea",
    "ES": "Spain",
    "VE": "Venezuela",
    "ET": "Ethiopia",
    "EU": "Europe",
    "VG": "British Virgin Islands",
    "VI": "United States Virgin Islands",
    "VN": "Vietnam",
    "VU": "Vanuatu",
    "FI": "Finland",
    "FJ": "Fiji",
    "FK": "Falkland Islands",
    "FM": "Federated States of Micronesia",
    "FO": "Faroe Islands",
    "FR": "France",
    "WF": "Wallis and Futuna Islands",
    "OM": "Oman",
    "PA": "Panama",
    "PE": "Peru",
    "PF": "French Polynesia",
    "PG": "Papua New Guinea",
    "PH": "Philippines",
    "PK": "Pakistan",
    "PL": "Poland",
    "PM": "Saint Pierre and Miquelon",
    "PN": "Pitcairn Islands",
    "PR": "Puerto Rico",
    "PS": "Palestine",
    "PT": "Portugal",
    "PW": "Palau",
    "PY": "Paraguay",
    "QA": "Qatar",
    "A1": "Anonymous proxy",
    "A2": "Satellite transmission",
    "AD": "Andorra",
    "AE": "United Arab Emirates",
    "AF": "Afghanistan",
    "AG": "Antigua and Barbuda",
    "AI": "Anguilla",
    "AL": "Albania",
    "AM": "Armenia",
    "AO": "Angola",
    "AP": "Asia-Pacific",
    "AQ": "Antarctica",
    "AR": "Argentina",
    "AS": "American Samoa",
    "RE": "Reunion",
    "AT": "Austria",
    "AU": "Australia",
    "AW": "Aruba",
    "AX": "Aland Islands",
    "AZ": "Azerbaijan",
    "RO": "Romania",
    "BA": "Bosnia and Herzegovina",
    "BB": "Barbados",
    "RS": "Serbia",
    "BD": "Bangladesh",
    "BE": "Belgium",
    "RU": "Russia",
    "BF": "Burkina Faso",
    "RW": "Rwanda",
    "BG": "Bulgaria",
    "BH": "Bahrain",
    "BI": "Burundi",
    "BJ": "Benin",
    "BL": "Saint Barthelemy",
    "BM": "Bermuda",
    "BN": "Brunei",
    "BO": "Bolivia",
    "SA": "Saudi Arabia",
    "BQ": "Caribbean Netherlands",
    "SB": "Solomon Islands",
    "BR": "Brazil",
    "SC": "Seychelles",
    "SD": "Sudan",
    "BS": "Bahamas",
    "SE": "Sweden",
    "BT": "Bhutan",
    "BV": "Bouvet Island",
    "SG": "Singapore",
    "SH": "Saint Helena",
    "BW": "Botswana"
}
Examples
{
    "InstanceId": "waf_v2_public_****",
    "TemplateId": 2341,
    "DefenseScene": "region_block",
    "Rules": "[{\"cnRegionList\":\"CN,HK_01,TW_01,MO_01\",\"abroadRegionList\":\"AU,NZ\",\"action\":\"block\",\"status\":1}]"
}

Parameters of HTTP flood protection rules (cc)

Parameters

ParameterTypeRequiredExampleDescription
modeIntegerYes0The HTTP flood protection mode. Valid values:- 0: the protection mode. This is the default value.- 1: the protection-emergency mode.
statusIntegerYes1The status of the protection rule. This parameter is the same as the RuleStatus parameter of the ModifyDefenseRuleStatus operation and is used only when you call the CreateDefenseRule operation to create a protection rule. Valid values:- 0: disabled.- 1: enabled. This is the default value.

Examples

{
    "InstanceId": "waf_v2_public_****",
    "TemplateId": 2241,
    "DefenseScene": "cc",
    "Rules":"[{\"mode\":0,\"status\":1}]"
}

Parameters of website tamper-proofing rules (tamperproof)

Parameters

ParameterTypeRequiredExampleDescription
nameStringYestestThe name of the protection rule.
urlStringYes/abcThe address of the cached page.
uaStringNoappThe User-Agent header that you want to use to access the website that is protected by the protection rule.
protocolStringYeshttpsThe protocol type of the cached page address. Valid values: http and https.
statusIntegerYes1The status of the protection rule. This parameter is the same as the RuleStatus parameter of the ModifyDefenseRuleStatus operation and is used only when you call the CreateDefenseRule operation to create a protection rule. Valid values:- 0: disabled.- 1: enabled. This is the default value.

Examples

{
    "InstanceId": "waf_v2_public_****",
    "TemplateId": 1241,
    "DefenseScene": "tamperproof",
    "Rules": "[{\"name\":\"test1\",\"url\":\"www.test1.com\",\"ua\":\"firefox\",\"protocol\":\"https\",\"status\":1}]"
}

Parameters of data leakage prevention rules (dlp)

Parameters

ParameterTypeRequiredExampleDescription
nameStringYestestThe name of the protection rule.
conditionsArrayYes[{"key":"HttpCode","opValue":"contain","values":"400,401,402,403,404,405,500,501,502,503,504,505"},{"key":"URL","opValue":"contain","values":"test"}]The match conditions. Specify a string that contains multiple parameters in the JSON format. You can specify up to two match conditions by using the logical operator AND. For more information, see Match condition parameters.
statusIntegerYes1The status of the protection rule. This parameter is the same as the RuleStatus parameter of the ModifyDefenseRuleStatus operation and is used only when you call the CreateDefenseRule operation to create a protection rule. Valid values:- 0: disabled.- 1: enabled. This is the default value.
actionStringYesblockThe action that you want WAF to perform on requests that match the protection rule. Valid values:- block: WAF blocks requests that match the protection rule.- monitor: WAF monitors requests that match the protection rule.- filter: WAF filters sensitive information that matches the protection rule.

Match condition parameters

ParameterTypeRequiredExampleDescription
keyStringYesURLThe match field. Valid values: URL, HttpCode, and SensitiveInfo.
opValueStringYescontainThe logical operator. The value is fixed to contain.
valuesStringYesabcThe match content. Separate multiple match contents with commas (,).Valid values of the values parameter if you set the key parameter to HttpCode: 400, 401, 402, 403, 404, 405 (405–499), 500, 501, 502, 503, 504, and 505 (505–599).Valid values of the values parameter if you set the key parameter to SensitiveInfo:- phone: mobile phone numbers.- card: credit card numbers.- id: ID card numbers.- word: default sensitive words.

Examples

{
    "InstanceId": "waf_v2_public_****",
    "TemplateId": 5241,
    "DefenseScene": "dlp",
    "Rules":"[{\"name\":\"test\",\"action\":\"filter\",\"status\":1,\"conditions\":[{\"key\":\"SensitiveInfo\",\"opValue\":\"contain\",\"values\":\"id,card\"},{\"key\":\"URL\",\"opValue\":\"contain\",\"values\":\"/test.html\"}]}]"
}

Response parameters

ParameterTypeDescriptionExample
object

The result of the request.

RequestIdstring

The ID of the request.

26E46541-7AAB-5565-801D-F14DBDC5F186

Examples

Sample success responses

JSONformat

{
  "RequestId": "26E46541-7AAB-5565-801D-F14DBDC5F186"
}

Error codes

For a list of error codes, visit the Service error codes.

Change history

Change timeSummary of changesOperation
2024-09-02The request parameters of the API has changed. The response structure of the API has changedView Change Details
2023-05-17The internal configuration of the API is changed, but the call is not affectedView Change Details