Queries a paginated list of protection rules.

Try it now

Try this API in OpenAPI Explorer, no manual signing needed. Successful calls auto-generate SDK code matching your parameters. Download it with built-in credential security for local usage.

Test

RAM authorization

The table below describes the authorization required to call this API. You can define it in a Resource Access Management (RAM) policy. The table's columns are detailed below:

Action: The actions can be used in the Action element of RAM permission policy statements to grant permissions to perform the operation.
API: The API that you can call to perform the action.
Access level: The predefined level of access granted for each API. Valid values: create, list, get, update, and delete.
Resource type: The type of the resource that supports authorization to perform the action. It indicates if the action supports resource-level permission. The specified resource must be compatible with the action. Otherwise, the policy will be ineffective.
- For APIs with resource-level permissions, required resource types are marked with an asterisk (*). Specify the corresponding Alibaba Cloud Resource Name (ARN) in the Resource element of the policy.
- For APIs without resource-level permissions, it is shown as All Resources. Use an asterisk (*) in the Resource element of the policy.
Condition key: The condition keys defined by the service. The key allows for granular control, applying to either actions alone or actions associated with specific resources. In addition to service-specific condition keys, Alibaba Cloud provides a set of common condition keys applicable across all RAM-supported services.
Dependent action: The dependent actions required to run the action. To complete the action, the RAM user or the RAM role must have the permissions to perform all dependent actions.

Action

Access level

Resource type

Condition key

Dependent action

yundun-waf:DescribeDefenseRules

list

*All Resource

*

acs:ResourceGroupId

None

Request parameters

Parameter	Type	Required	Description	Example
InstanceId	string	Yes	The ID of the WAF instance. Note You can call the DescribeInstance operation to obtain the ID of the WAF instance.	waf_cdnsdf3****
RuleType	string	No	The type of the protection rule. Valid values: whitelist: a whitelist rule defense (default): a protection rule Note This parameter is required only when DefenseType is set to template.	whitelist
Query	string	No	The query conditions. This is a JSON string that contains a set of parameters. Note The query results for protection rules vary based on the query conditions. For more information, see Query parameter details.	{\"name\":\"IP压制_20220822_10\",\"scene\":\"custom_acl\",\"templateId\":5327}
PageNumber	integer	No	The page number of the page to return. Default value: 1.	1
PageSize	integer	No	The number of entries to return on each page. Default value: 10.	10
DefenseType	string	No	The type of the protection rule. Valid values: template (default): template protection rules. resource: rules for protected objects. global: global rules. Valid values: template : template resource : resource global : global	template
RegionId	string	No	The region where the WAF instance resides. Valid values: cn-hangzhou: the Chinese mainland. ap-southeast-1: outside the Chinese mainland.	cn-hangzhou
ResourceManagerResourceGroupId	string	No	The ID of the Alibaba Cloud resource group.	rg-acfm***q

Query parameter details

Template protection rules (template)

If you set DefenseType to template, the following parameters are available.

Parameter descriptions

Name	Type	Required	Example	Description
name	String	No	test	The name of the protection rule to query. You can set this parameter to perform a term query for a protection rule.
nameId	String	No	test1	The ID or name of the protection rule to query. You can set this parameter to perform a fuzzy query for a protection rule.
nameLike	String	No	test.aliyundoc.c	The name of the protection rule to query. You can set this parameter to perform a fuzzy query for a protection rule.
scene	String	No	waf_group	The protection scenario that you want to query. You can set this parameter to perform a term query for the protection rules in a specific scenario. Valid values: - waf_group: regular expression rules for basic protection. - waf_base: rules for the new web core protection feature. - waf_base_compliance: protocol compliance rules for basic protection. - waf_base_sema: semantic rules for basic protection. - cc: CC protection. - antiscan_dirscan: directory traversal blocking for scan protection. - antiscan_highfreq: high-frequency scan blocking for scan protection. - antiscan_scantools: scanner blocking for scan protection. - ip_blacklist: IP address blacklist. - custom_acl: custom rules. - region_block: Geo-blocking. - tamperproof: web tamper-proofing. - dlp: data leakage prevention. - custom_response_block: custom response.
ruleId	Long	No	33444	The ID of the protection rule to query. You can set this parameter to perform a term query for a protection rule.
ruleIdIn	Array	No	[3334455643,345555]	The range of protection rule IDs to query. You can set this parameter to query multiple protection rules. Separate multiple rule IDs with commas (,).
templateId	Long	No	24354	The ID of the protection template to query. You can set this parameter to query the protection rules in a protection template.
orderBy	String	No	name	The sorting method for protection rules. Valid values: - name: sorts the rules by name. - gmtModified: sorts the rules by modification time. - id: sorts the rules by ID. - templateId: sorts the rules by template ID.
desc	Boolean	No	true	The sorting order. Valid values: - false: ascending order. - true: descending order.

Example

{
    "name": "test",
    "nameId ": "test1,
    "nameLike": "test.aliyundoc.c",
    "nameIn": "test.aliyundoc.c",
    "InstaneId": "test1.aliyundoc.com,test2.aliyundoc.com",
    "templateId": 24354
}

Rules for protected objects (resource)

If you set DefenseType to resource, the following parameters are available.

Parameter descriptions

Name	Type	Required	Example	Description
resource	String	No	sec****-waf	The protected object to which the rule is applied.
scene	String	No	waf_group	The protection scenario that you want to query. You can set this parameter to perform a term query for the protection rules in a specific scenario. Valid values: - account_identifier: account fetch rules. - custom_response: new custom response.

Example

{
    "resource": "sec****-waf",
    "scene ": "account_identifier"
}

Global rules (global)

If you set DefenseType to global, the following parameters are available.

Parameter descriptions

Name	Type	Required	Example	Description
scene	String	No	regular_custom	The protection scenario that you want to query. You can set this parameter to perform a term query for the protection rules in a specific scenario. Valid values: - regular_custom: custom regular expression rules. - custom_response: new custom response.
detectType	String	No	sqli	The detection module to query. Valid values: - sqli: SQL injection. - xss: cross-site scripting (XSS). - cmdi: OS command injection. - expression_injection: expression injection. - java_deserialization: Java deserialization. - dot_net_deserialization: .NET deserialization. - php_deserialization: PHP deserialization. - code_exec: code execution. - ssrf: server-side request forgery (SSRF). - path_traversal: path traversal. - arbitrary_file_uploading: arbitrary file upload. - webshell: webshell. - rfilei: remote file inclusion (RFI). - lfilei: local file inclusion (LFI). - protocol_violation: protocol violation. - scanner_behavior: scanner behavior. - logic_flaw: business logic bug. - arbitrary_file_reading: arbitrary file read. - arbitrary_file_download: arbitrary file download. - xxe: external entity injection. - csrf: cross-site request forgery. - crlf: CRLF. - other: other. Important This parameter is supported only when scene is set to regular_custom.
riskLevel	String	No	strict	The threat level to query. Valid values: - super_strict: Super Strict. - strict: Strict. - medium: Medium. - loose: Loose. Important This parameter is supported only when scene is set to regular_custom.
templateId	Long	No	24354	The ID of the protection template to query. You can set this parameter to query the protection rules in a protection template. Important This parameter is supported only when scene is set to regular_custom.

Example

{
    "detectType": "sqli",
    "riskLevel ": "strict",
    "templateId": 24354
}

Response elements

Element	Type	Description	Example
	object	The data returned.
TotalCount	integer	The total number of returned entries.	2
RequestId	string	The ID of the request.	80736FA5-FA87-55F6-AA69-C5477C6FE6D0
Rules	array<object>	The list of protection rules.
	object	The list of protection rules.
Status	integer	The status of the protection rule. Valid values: 0: disabled. 1: enabled.	1
DefenseOrigin	string	The source of the protection rule. Valid values: custom: The rule is created by the user. system: The rule is automatically generated by the system.	custom
Config	string	The details of the protection rule. This is a JSON string that contains a set of parameters. For more information, see the description of the Rule parameter in CreateDefenseRule.	{\"policyId\":1012,\"action\":\"block\"}
RuleId	integer	The ID of the protection rule.	42755
DefenseScene	string	The protection scenario. If the DefenseType request parameter is set to template, the valid values are: waf_group: regular expression rules for basic protection. waf_base: rules for the new web core protection feature. waf_base_compliance: protocol compliance rules for basic protection. waf_base_sema: semantic rules for basic protection. cc: CC protection. antiscan_dirscan: directory traversal blocking for scan protection. antiscan_highfreq: high-frequency scan blocking for scan protection. antiscan_scantools: scanner blocking for scan protection. ip_blacklist: IP address blacklist. custom_acl: custom rules. region_block: Geo-blocking. tamperproof: web tamper-proofing. dlp: data leakage prevention. custom_response_block: custom response. spike_throttle: peak traffic throttling. If the DefenseType request parameter is set to resource, the valid values are: account_identifier: account fetch. custom_response: new custom response. waf_codec: decoding. If the DefenseType request parameter is set to global, the valid values are: regular_custom: custom regular expression. address_book: address book. custom_response: new custom response.	waf_group
GmtModified	integer	The time when the protection rule was modified.	1665460629000
RuleName	string	The name of the protection rule.	rules_41
TemplateId	integer	The ID of the protection rule template.	5673
GmtCreate	integer	The time when the protection rule was created.	1665460629000
Resource	string	The protected object to which the rule is applied. Note This parameter is returned only when the DefenseType request parameter is set to resource.	rencs***-waf
DefenseType	string	The type of the protection rule. Valid values: template (default): template protection rules. resource: rules for protected objects. global: global rules.	template
Description `deprecated`	string	This parameter is deprecated.	rule description
RuleType `deprecated`	string	This parameter is deprecated.	custom_cc
ActionExternal `deprecated`	string	This parameter is deprecated.	42755
DetailRuleIds `deprecated`	string	This parameter is deprecated.	42755
ExternalInfo `deprecated`	string	This parameter is deprecated.	{\"DetectType\":\"sqli\"}

Examples

Success response

JSON format

{
  "TotalCount": 2,
  "RequestId": "80736FA5-FA87-55F6-AA69-C5477C6FE6D0",
  "Rules": [
    {
      "Status": 1,
      "DefenseOrigin": "custom",
      "Config": "{\\\"policyId\\\":1012,\\\"action\\\":\\\"block\\\"}",
      "RuleId": 42755,
      "DefenseScene": "waf_group",
      "GmtModified": 1665460629000,
      "RuleName": "rules_41",
      "TemplateId": 5673,
      "GmtCreate": 1665460629000,
      "Resource": "rencs***-waf",
      "DefenseType": "template",
      "Description": "rule description",
      "RuleType": "custom_cc",
      "ActionExternal": "42755",
      "DetailRuleIds": "42755",
      "ExternalInfo": "{\\\"DetectType\\\":\\\"sqli\\\"}"
    }
  ]
}

Error codes

See Error Codes for a complete list.

Release notes

See Release Notes for a complete list.