All Products
Search

This Product

    Web Application Firewall:DescribeBaseSystemRules

    Document Center

    Web Application Firewall:DescribeBaseSystemRules

    Last Updated:Jan 05, 2026

    Describes the system rules for web application protection.

    Try it now

    Try this API in OpenAPI Explorer, no manual signing needed. Successful calls auto-generate SDK code matching your parameters. Download it with built-in credential security for local usage.

    Test

    RAM authorization

    The table below describes the authorization required to call this API. You can define it in a Resource Access Management (RAM) policy. The table's columns are detailed below:

    • Action: The actions can be used in the Action element of RAM permission policy statements to grant permissions to perform the operation.

    • API: The API that you can call to perform the action.

    • Access level: The predefined level of access granted for each API. Valid values: create, list, get, update, and delete.

    • Resource type: The type of the resource that supports authorization to perform the action. It indicates if the action supports resource-level permission. The specified resource must be compatible with the action. Otherwise, the policy will be ineffective.

      • For APIs with resource-level permissions, required resource types are marked with an asterisk (*). Specify the corresponding Alibaba Cloud Resource Name (ARN) in the Resource element of the policy.

      • For APIs without resource-level permissions, it is shown as All Resources. Use an asterisk (*) in the Resource element of the policy.

    • Condition key: The condition keys defined by the service. The key allows for granular control, applying to either actions alone or actions associated with specific resources. In addition to service-specific condition keys, Alibaba Cloud provides a set of common condition keys applicable across all RAM-supported services.

    • Dependent action: The dependent actions required to run the action. To complete the action, the RAM user or the RAM role must have the permissions to perform all dependent actions.

    Action

    Access level

    Resource type

    Condition key

    Dependent action

    yundun-waf:DescribeBaseSystemRules

    get

    *All Resource

    *
    • acs:ResourceGroupId
    		 None

    Request parameters

    Parameter

    Type

    Required

    Description

    Example
    InstanceId

    string

    Yes

    The ID of the WAF instance.

    Note

    Call DescribeInstance to query the ID of your WAF instance.

    waf_cdnsdf3****
    PageNumber

    integer

    No

    The number of the page to return. Default value: 1.

    1
    PageSize

    integer

    No

    The number of entries to return on each page. Default value: 100.

    100
    RuleId

    integer

    No

    The ID of the system protection rule to query.

    113089
    RuleStatus

    integer

    No

    The status of the rule. Valid values:

    • 1: disabled.

    • 0: enabled.

    1
    RuleAction

    string

    No

    The action of the rule. Valid values:

    • block: Block.

    • monitor: Monitor.

    block
    Lang

    string

    No

    The language of the response. Valid values:

    • zh (default): Chinese.

    • en: English.

    zh
    RegionId

    string

    No

    The region where the WAF instance is deployed. Valid values:

    • cn-hangzhou: the Chinese mainland.

    • ap-southeast-1: outside the Chinese mainland.

    cn-hangzhou
    DetectType

    string

    No

    The detection module. Valid values:

    • sqli: SQL injection.

    • xss: cross-site scripting (XSS).

    • cmdi: OS command injection.

    • expression_injection: expression injection.

    • java_deserialization: Java deserialization.

    • dot_net_deserialization: .NET deserialization.

    • php_deserialization: PHP deserialization.

    • code_exec: code execution.

    • ssrf: server-side request forgery (SSRF).

    • path_traversal: path traversal.

    • arbitrary_file_uploading: arbitrary file upload.

    • webshell: webshell.

    • rfilei: remote file inclusion (RFI).

    • lfilei: local file inclusion (LFI).

    • protocol_violation: protocol violation.

    • scanner_behavior: scanner behavior.

    • logic_flaw: logic flaw.

    • arbitrary_file_reading: arbitrary file read.

    • arbitrary_file_download: arbitrary file download.

    • xxe: external entity injection.

    • csrf: cross-site request forgery (CSRF).

    • crlf: CRLF injection.

    • other: other.

    sqli
    RiskLevel

    string

    No

    The risk level. Valid values:

    • super_strict: Very Strict.

    • strict: Strict.

    • medium: Medium.

    • loose: Loose.

    loose
    RuleName

    string

    No

    The name of the system protection rule.

    systemRuleTest
    TemplateId

    integer

    No

    The ID of the protection template.

    Note

    • Set this parameter to query the system protection rules in a web application protection template.

    • If you leave this parameter empty, the default configurations of the system protection rules are queried.

    24354
    ResourceManagerResourceGroupId

    string

    No

    The ID of the resource group.

    rg-acfm***q

    Response elements

    Element

    Type

    Description

    Example

    object

    The response.

    RequestId

    string

    The ID of the request.

    80736FA5-FA87-55F6-AA69-C5477C6FE6D0
    Rules

    array<object>

    The list of system protection rules.

    object

    The system protection rule.

    RuleId

    integer

    The rule ID.

    113089
    UpdateTime

    integer

    The time when the rule was updated.

    1665460629000
    RuleName

    string

    The name of the protection rule.

    systemRuleTest
    RuleStatus

    integer

    The status of the rule. Valid values:

    • 1: disabled.

    • 0: enabled.

    1
    Description

    string

    The description of the rule.

    rule description
    RuleAction

    string

    The action of the rule. Valid values:

    • block: Block.

    • monitor: Monitor.

    block
    CveId

    string

    The CVE ID of the vulnerability that is associated with the system rule.

    CVE-2021-34538
    RiskLevel

    string

    The risk level. Valid values:

    • super_strict: Very Strict.

    • strict: Strict.

    • medium: Medium.

    • loose: Loose.

    super_strict
    DetectType

    string

    The detection module. Valid values:

    • sqli: SQL injection.

    • xss: cross-site scripting (XSS).

    • cmdi: OS command injection.

    • expression_injection: expression injection.

    • java_deserialization: Java deserialization.

    • dot_net_deserialization: .NET deserialization.

    • php_deserialization: PHP deserialization.

    • code_exec: code execution.

    • ssrf: server-side request forgery (SSRF).

    • path_traversal: path traversal.

    • arbitrary_file_uploading: arbitrary file upload.

    • webshell: webshell.

    • rfilei: remote file inclusion (RFI).

    • lfilei: local file inclusion (LFI).

    • protocol_violation: protocol violation.

    • scanner_behavior: scanner behavior.

    • logic_flaw: logic flaw.

    • arbitrary_file_reading: arbitrary file read.

    • arbitrary_file_download: arbitrary file download.

    • xxe: external entity injection.

    • csrf: cross-site request forgery (CSRF).

    • crlf: CRLF injection.

    • other: other.

    sqli
    TotalCount

    integer

    The total number of entries returned.

    2

    Examples

    Success response

    JSON format

    {
  "RequestId": "80736FA5-FA87-55F6-AA69-C5477C6FE6D0",
  "Rules": [
    {
      "RuleId": 113089,
      "UpdateTime": 1665460629000,
      "RuleName": "systemRuleTest",
      "RuleStatus": 1,
      "Description": "rule description",
      "RuleAction": "block",
      "CveId": "CVE-2021-34538",
      "RiskLevel": "super_strict",
      "DetectType": "sqli"
    }
  ],
  "TotalCount": 2
}

    Error codes

    See Error Codes for a complete list.

    Release notes

    See Release Notes for a complete list.