CreateDefenseRule - Web Application Firewall - Alibaba Cloud Documentation Center

Creates a protection rule.

Debugging

OpenAPI Explorer automatically calculates the signature value. For your convenience, we recommend that you call this operation in OpenAPI Explorer.

Debug

Authorization information

The following table shows the authorization information corresponding to the API. The authorization information can be used in the Action policy element to grant a RAM user or RAM role the permissions to call this API operation. Description:

Operation: the value that you can use in the Action element to specify the operation on a resource.
Access level: the access level of each operation. The levels are read, write, and list.
Resource type: the type of the resource on which you can authorize the RAM user or the RAM role to perform the operation. Take note of the following items:
- The required resource types are displayed in bold characters.
- If the permissions cannot be granted at the resource level, All Resources is used in the Resource type column of the operation.
Condition Key: the condition key that is defined by the cloud service.
Associated operation: other operations that the RAM user or the RAM role must have permissions to perform to complete the operation. To complete the operation, the RAM user or the RAM role must have the permissions to perform the associated operations.

Operation	Access level	Resource type	Condition key	Associated operation
yundun-waf:CreateDefenseRule	Write	All Resources *	none	none

Request parameters

Parameter	Type	Required	Description	Example
InstanceId	string	Yes	The ID of the Web Application Firewall (WAF) instance. Note You can call the DescribeInstance operation to obtain the ID of the WAF instance.	waf_v2_public_cn-****
TemplateId	long	Yes	The ID of the protection rule template for which you want to create a protection rule.	1122
DefenseScene	string	Yes	The module to which the protection rule that you want to create belongs. waf_group: the basic protection rule module. antiscan: the scan protection module. ip_blacklist: the IP address blacklist module. custom_acl: the custom rule module. whitelist: the whitelist module. region_block: the region blacklist module. custom_response: the custom response module. cc: the HTTP flood protection module. tamperproof: the website tamper-proofing module. dlp: the data leakage prevention module.	waf_group
Rules	string	Yes	The configurations of the protection rule. Specify a string that contains multiple parameters in the JSON format. Note The parameters vary based on the value of the DefenseScene parameter. For more information, see the "Protection rule parameters" section in this topic.	For more information, see the following section.
ResourceManagerResourceGroupId	string	No	The ID of the resource group.	rg-acfm***q
RegionId	string	No	The region where the WAF instance resides. Valid values: cn-hangzhou: the Chinese mainland. ap-southeast-1: outside the Chinese mainland.	cn-hangzhou

Parameters of protection rules

Parameters of basic protection rules (waf_group)

Parameter description

Parameter	Type	Required	Example	Description
status	Integer	Yes	1	The status of the protection rule. This parameter is the same as the RuleStatus parameter of the ModifyDefenseRuleStatus operation and is used only when you call the CreateDefenseRule operation to create a protection rule. Valid values:- 0: disabled.- 1 (default): enabled.
action	String	Yes	block	The action that you want WAF to perform on requests that match the protection rule. Valid values:- block: blocks requests that match the protection rule.- monitor: monitors requests that match the protection rule.
policyId	Long	No	1012	The ID of the protection rule group to which you want to add the protection rule. Default value: 1012. This value specifies a medium protection rule group.
protectionType	String	No	sema	The type of the protection rule that you want to create. Valid values:- regular (default): regular expression protection rule.-sema: semantic-based protection rule.
config	String	No	{"nonInjectionSql":1}	The custom configurations. Set the value to a JSON string. For more information, see Configuration parameters.

Configuration parameters

If you set protectionType to sema, the following parameters are used.

Parameter	Type	Required	Example	Description
nonInjectionSql	Integer	Yes	1	The status of non-injection attack detection. Valid values:- 0: disabled.- 1 (default): enabled.

Examples

{
    "DefenseScene": "waf_group",
    "TemplateId": 322,
    "InstaneId": "waf_cn****",
    "Rules": "[{\"status\":1,\"policyId\":1012,\"action\":\"block\"},{\"status\":1,\"action\":\"block\",\"protectionType\":\"sema\",\"config\":\"{\\\"nonInjectionSql\\\":1}\"}]"
}

Parameters of scan protection rules (antiscan)

Parameter description

Parameter	Type	Required	Example	Description
protectionType	String	Yes	highfreq	The subtype of the scan protection rule. Valid values:- highfreq: high-frequency scan blocking.- dirscan: directory traversal blocking.- scantools: scanner blocking.
status	Integer	Yes	1	The status of the protection rule. This parameter is the same as the RuleStatus parameter of the ModifyDefenseRuleStatus operation and is used only when you call the CreateDefenseRule operation to create a protection rule. Valid values:- 0: disabled.- 1 (default): enabled.
action	String	Yes	block	The action that you want WAF to perform on requests that match the protection rule. Valid values:- block: blocks requests that match the protection rule.- monitor: monitors requests that match the protection rule.
config	String	No	{"target":"remote_addr","interval":60,"ttl":180,"count":20}	The custom configurations. Set the value to a JSON string. For more information, see Configuration parameters.

Configuration parameters

If you set protectionType to highfreq, the following parameters are used.

Parameter	Type	Required	Example	Description
target	String	Yes	remote_addr	The type of the statistical object. Valid values:- remote_addr (default): IP addresses.- cookie.acw_tc: sessions.- header: custom headers. If you set the value to header, you must specify custom headers in the subKey parameter.- queryarg: custom parameters. If you set the value to queryarg, you must specify custom parameters in the subKey parameter.- cookie: custom cookies. If you set the value to cookie, you must specify custom cookies in the subKey parameter.
subKey	String	No	abc	The sub-characteristic of the statistical object. If you set target to cookie, header, or queryarg, you must specify the custom statistical objects in the subKey parameter.
interval	Integer	No	60	The detection period. Unit: seconds. Default value: 60.Valid values: 5 to 1800.
ttl	Integer	No	1800	The blocking period. Unit: seconds. Default value: 1800.Valid values: 60 to 86400.
count	Integer	No	20	The maximum number of times that basic protection rules can be triggered. Default value: 20.Valid values: 3 to 50000.
ruleIdCount	Integer	No	2	The maximum number of protection rules that can be triggered. Default value: 2.Valid values: 1 to 50.

If you set protectionType to dirscan, the following parameters are used.

Parameter	Type	Required	Example	Description
target	String	Yes	remote_addr	The type of the statistical and blocked object. Valid values:- remote_addr (default): IP addresses.- cookie.acw_tc: sessions.- header: custom headers.- queryarg: custom parameters.- cookie: custom cookies.
subKey	String	No	1	The sub-characteristic of the statistical and blocked object. This parameter is available only if you set target to header, queryarg, or cookie.
interval	Integer	No	60	The detection period. Unit: seconds. Default value: 60.Valid values: 5 to 1800.
ttl	Integer	No	1800	The blocking period. Unit: seconds. Default value: 1800.Valid values: 60 to 86400.
count	Integer	No	20	The maximum number of times that basic protection rules can be triggered. Default value: 20.Valid values: 3 to 50000.
weight	Float	No	2	The maximum percentage of the 404 status code. Default value: 0.7.Valid values: 0.01 to 1.0. The value is accurate to two decimal places.
uriNum	Integer	No	2	The maximum number of non-existent directories. Default value: 50.Valid values: 2 to 50000.

Examples

{
    "InstanceId": "waf_v2_public_****",
    "TemplateId": 2222,
    "DefenseScene": "antiscan",
    "Rules": "[{\"protectionType\":\"scantools\",\"action\":\"block\",\"status\":1},{\"protectionType\":\"dirscan\",\"status\":1,\"action\":\"block\",\"config\":\"{\\\"target\\\":\\\"remote_addr\\\",\\\"interval\\\":10,\\\"ttl\\\":1800,\\\"weight\\\":0.7,\\\"uriNum\\\":50,\\\"count\\\":50}\"},{\"protectionType\":\"highfreq\",\"status\":1,\"action\":\"block\",\"config\":\"{\\\"target\\\":\\\"remote_addr\\\",\\\"interval\\\":60,\\\"ttl\\\":1800,\\\"count\\\":20,\\\"ruleIdCount\\\":2}\"}]"
}

Parameters of IP address blacklist rules (ip_blacklist)

Parameter description

Parameter	Type	Required	Example	Description
name	String	Yes	iptest	The name of the IP address blacklist rule.
status	Integer	Yes	1	The status of the protection rule. This parameter is the same as the RuleStatus parameter of the ModifyDefenseRuleStatus operation and is used only when you call the CreateDefenseRule operation to create a protection rule. Valid values:- 0: disabled.- 1 (default): enabled.
action	String	Yes	block	The action that you want WAF to perform on requests that match the protection rule. Valid values:- block: blocks requests that match the protection rule.- monitor: monitors requests that match the protection rule.
remoteAddr	Array	Yes	["1.1.XX.XX", "3.1.XX.XX/24"]	The IP addresses that you want to add to the IP address blacklist. Specify the value of this parameter in the ["ip1","ip2",...] format.

Examples

{
    "InstanceId": "waf_v2_public_****",
    "TemplateId": 2222,
    "DefenseScene": "ip_blacklist",
    "Rules": "[{\"name\":\"iptest1\",\"remoteAddr\":[\"1.1.1.2\",\"3.3.3.3/24\"],\"action\":\"monitor\",\"status\":1},{\"name\":\"iptest2\",\"remoteAddr\":[\"4.4.4.4\",\"5.5.5.5/32\"],\"action\":\"block\",\"status\":1}]"
}

Parameters of custom rules (custom_acl)

Parameter description

Parameter	Type	Required	Example	Description
name	String	Yes	iptest	The name of the custom access control rule.
status	Integer	Yes	1	The status of the protection rule. This parameter is the same as the RuleStatus parameter of the ModifyDefenseRuleStatus operation and is used only when you call the CreateDefenseRule operation to create a protection rule. Valid values:- 0: disabled.- 1 (default): enabled.
action	String	Yes	block	The action that you want WAF to perform on requests that match the protection rule. Valid values:- block: blocks requests that match the protection rule.- monitor: monitors requests that match the protection rule.- js: performs JavaScript verification on requests that match the protection rule.- captcha: performs slider CAPTCHA verification on requests that match the protection rule.- captcha_strict: performs strict CAPTCHA verification on requests that match the protection rule.Note For more information about the protection actions that can be specified in custom access control rules, log on to the WAF console.
conditions	Array	Yes	[{"key":"IP","opValue":"eq","values":"11.XX.XX.1"},{"key":"Header","subKey":"abc","opValue":"contains","values":"test"}]	The match conditions. Set the value to a JSON string. You can specify up to five match conditions. For more information, see Match condition parameters.
ccStatus	Integer	Yes	1	Specifies whether to enable the rate limiting feature. Valid values:- 0: disables the rate limiting feature.- 1: enables the rate limiting feature.
ratelimit	JSON	No	{"target":"remote_addr","interval":5,"threshold":2,"ttl":1800,"status":{"code":404,"count":2}}	The configurations of the rate limiting feature. Set the value to a JSON string. This parameter is available only if you set ccStatus to 1. For more information, see Rate limiting parameters in this section.
effect	String	No	rule	The effective scope of the rate limiting feature. This parameter is available only if you set ccStatus to 1. Valid values:- service: The rate limiting feature takes effect for all protected objects.- rule: The rate limiting feature takes effect for the current protection rule.

Match condition parameters

Parameter	Type	Required	Example	Description
key	String	Yes	IP	The match field. Valid values: URL, URLPath, IP, Referer, User-Agent, Params, Cookie, Content-Type, Content-Length, X-Forwarded-For, Post-Body, Http-Method, and Header.
subKey	String	No	abc	The child match field.Note Not every match field (key) of a custom rule contains a child match field (subKey). For information about the child match fields that are supported by each match field, log on to the WAF console.
opValue	String	Yes	contain	The logical operator. Valid values:- not-contain: does not contain.- contain: contains.- none: does not exist.- ne: not equal to.- eq: equal to.- lt: value less than.- gt: value greater than.- len-lt: length less than.- len-eq: length equal to.- len-gt: length greater than.-not-match: does not match.- match-one: equal to one of multiple values.- all-not-match: not equal to a value.- all-not-contain: does not contain a value.- contain-one: contains one of multiple values.-not-regex: does not match a regular expression.- regex: matches regular expressions.- all-not-regex: does not match a regular expression.- regex-one: matches one of multiple regular expressions.- prefix-match: matches by prefix.- suffix-match: matches by suffix.- empty: empty content.- exists: exists.- inl: exists in a list.Note When you create a custom rule, the valid values of the opValue parameter vary based on the value of the key parameter. For information about the logical operators that are supported by each match field, log on to the WAF console.
values	String	Yes	abc	The match content.Note The valid values of the opValue and values parameters in the match conditions vary based on the value of the key parameter.

Rate limiting parameters

Parameter	Type	Required	Example	Description
target	String	Yes	remote_addr	The type of the statistical object. Valid values:- remote_addr (default): IP addresses.- cookie.acw_tc: sessions.- header: custom headers. If you set the value to header, you must specify custom headers in the subKey parameter.- queryarg: custom parameters. If you set the value to queryarg, you must specify custom parameters in the subKey parameter.- cookie: custom cookies. If you set the value to cookie, you must specify custom cookies in the subKey parameter.
subKey	String	No	abc	The sub-characteristic of the statistical object. If you set target to cookie, header, or queryarg, you must specify the statistical objects in the subKey parameter.
interval	Integer	Yes	60	The statistical interval. Unit: seconds. The statistical interval of the number of requests. If you specify this parameter, you must specify threshold.Valid values: 5 to 1800.
threshold	Integer	Yes	200	The maximum number of requests that can be sent from a statistical object.
ttl	Integer	Yes	1800	The validity period of the protection action. Unit: seconds.Valid values: 60 to 86400.
status	JSON	No	{"code":404,"count":200}	The frequency of an HTTP status code. Set the value to a JSON string. The JSON string contains the following parameters:code: the HTTP status code. This parameter is required. Data type: integer.count: the maximum number of times that the specified HTTP status code is returned. If the actual value is greater than the threshold, the custom access control rule is matched. This parameter is optional. Data type: integer. Valid values: 2 to 50000. You can specify the count parameter or ratio parameter. You cannot specify the two parameters at the same time.ratio: the maximum percentage of times that the specified HTTP status code is returned. If the actual percentage is greater than the threshold, the custom access control rule is matched. This parameter is optional. Data type: integer. Valid values: 1 to 100. You can specify the count parameter or ratio parameter. You cannot specify the two parameters at the same time.

Examples

{
    "InstanceId": "waf_v2_public_****",
    "TemplateId": 6242,
    "DefenseScene": "custom_acl",
    "Rules":"[{\"name\":\"acl_test\",\"action\":\"block\",\"conditions\":[{\"key\":\"URL\",\"opValue\":\"contain\",\"values\":\"abc\"}],\"ratelimit\":{\"target\":\"remote_addr\",\"interval\":5,\"threshold\":2,\"ttl\":1800,\"status\":{\"code\":404,\"count\":2}},\"ccStatus\":1,\"effect\":\"rule\",\"status\":1,\"origin\":\"custom\"}]"
}

Parameters of whitelist rules (whitelist)

Parameter description

Parameter	Type	Required	Example	Description
name	String	Yes	whitelistTest	The name of the whitelist rule.
status	Integer	Yes	1	The status of the whitelist rule. This parameter is the same as the RuleStatus parameter of the ModifyDefenseRuleStatus operation and is used only when you call the CreateDefenseRule operation to create a protection rule. Valid values:- 0: disabled.- 1 (default): enabled.
conditions	Array	Yes	[{"key":"IP","opValue":"eq","values":"11.XX.XX.1"},{"key":"Header","subKey":"abc","opValue":"contains","values":"test"}]	The match conditions. Set the value to a JSON string. You can specify up to five match conditions. For more information, see Match condition parameters.
tags	Array	Yes	["waf", "regular"]	The protection modules for which you want the whitelist rule to take effect. Specify multiple protection modules in the ["XX1", "XX2",...] format. Valid values:- waf: all modules.- customrule: the custom rule module.- blacklist: the IP address blacklist module.- antiscan: the scan protection module.- regular: the basic protection rule module.- regular_rule: the specific regular expression rules of the basic protection rule module.- regular_type: the specific types of regular expression rules of the basic protection rule module.- major_protection: the major event protection module.- cc: the HTTP flood protection module.- region_block: the region blacklist module.- antibot_scene: the bot management module.- dlp: the data leakage prevention module.- tamperproof: the website tamper-proofing module.
regularRules	Array	No	[ "111111", "222222" ]	An array of the IDs of regular expression rules that you want requests to bypass. Specify multiple IDs in the ["XX1", "XX2",...] format. This parameter is available only if you set tags to regular_rule.
regularTypes	Array	No	[ "xss", "css" ]	An array of the types of regular expression rules that you want requests to bypass. Specify multiple regular expression rule types in the [" XX1 ", "XX2 ",...] format. This parameter is available only if you set tags to regular_type. Valid values:- sqli: SQL injection.- xss: cross-site scripting (XSS) attacks.- code_exec: code execution.- crlf: carriage return line feed (CRLF) injection.- lfilei: local file inclusion.- rfilei: remote file inclusion.- webshell: webshell.- csrf: cross site request forgery (CSRF).- other: other types.

Match condition parameters

Parameter	Type	Required	Example	Description
key	String	Yes	IP	The match field. Valid values: URL, URLPath, IP, Referer, User-Agent, Params, Cookie, Content-Type, Content-Length, X-Forwarded-For, Post-Body, Http-Method, and Header.
subKey	String	No	abc	The child match field.Note Not every match field (key) of a whitelist rule contains a child match field (subKey). For information about the child match fields that are supported by each match field, log on to the WAF console.
opValue	String	Yes	contain	The logical operator. Valid values:- not-contain: does not contain.- contain: contains.- none: does not exist.- ne: not equal to.- eq: equal to.- lt: value less than.- gt: value greater than.- len-lt: length less than.- len-eq: length equal to.- len-gt: length greater than.-not-match: does not match.- match-one: equal to one of multiple values.- all-not-match: not equal to a value.- all-not-contain: does not contain a value.- contain-one: contains one of multiple values.-not-regex: does not match a regular expression.- regex: matches regular expressions.- all-not-regex: does not match a regular expression.- regex-one: matches one of multiple regular expressions.- prefix-match: matches by prefix.- suffix-match: matches by suffix.- empty: empty content.- exists: exists.- inl: exists in a list.Note When you create a whitelist rule, the valid values of the opValue parameter vary based on the value of the key parameter. For information about the logical operators that are supported for each match field, log on to the WAF console.
values	String	Yes	abc	The match content.Note The valid values of the opValue and values parameters in the match conditions vary based on the value of the key parameter.

Examples

{
    "InstanceId": "waf_v2_public_****",
    "TemplateId": 9242,
    "DefenseScene": "whitelist",
    "Rules":"[{\"name\":\"whitelistTest\",\"tags\":[\"regular_rule\",\"customrule\"],\"status\":1,\"origin\":\"custom\",\"conditions\":[{\"key\":\"URL\",\"opValue\":\"contain\",\"values\":\"/test\"},{\"key\":\"Header\",\"opValue\":\"eq\",\"values\":\"ffff\",\"subKey\":\"abc\"}],\"regularRules\":[\"123444\",\"444444\"]}]"
}

Parameters of custom response rules (custom_response)

Parameter description

Parameter	Type	Required	Example	Description
responseType	String	Yes	response_block	The type of the custom response. Set this parameter to response_block to configure custom block pages that you want to return to clients when requests are blocked.
status	Integer	Yes	1	The status of the protection rule. This parameter is the same as the RuleStatus parameter of the ModifyDefenseRuleStatus operation and is used only when you call the CreateDefenseRule operation to create a protection rule. Valid values:- 0: disabled.- 1 (default): enabled.
config	String	Yes	{"responseCode":400,"responseHeaders":[{"key":"custom","value":"123"},{"key":"aaa","value":"2223"}],"responseContent":"HelloWorld"}	The custom configurations. Set the value to a JSON string. For more information, see Configuration parameters.

Configuration parameters

Parameter	Type	Required	Example	Description
responseCode	Integer	Yes	400	The HTTP status code.
responseHeaders	Array	No	[{"key":"custom","value":"123"},{"key":"aaaa","value":"2223"}]	The custom response headers. Set the value to a JSON string. The values of the key parameter are the field names of the response headers, and the values of the value parameter are the values of the response headers.
responseContent	String	Yes	helloworld	The response body.

Examples

{
    "InstanceId": "waf_v2_public_****",
    "TemplateId": 2841,
    "DefenseScene": "custom_response",
    "Rules":"[{\"responseType\":\"response_block\",\"config\":\"{\\\"templateName\\\":\\\"aaa\\\",\\\"responseCode\\\":\\\"400\\\",\\\"responseContent\\\":\\\"helloWorld\\\",\\\"responseHeaders\\\":[{\\\"key\\\":\\\"test1\\\",\\\"value\\\":\\\"abc\\\"}]}\",\"status\":1}]"
}

Parameters of region blacklist rules (region_block)

Parameter description

Parameter	Type	Required	Example	Description
cnRegionList	String	No	610000,230000	The regions in China from where you want to block requests. If you set this parameter to CN, the requests that are sent from IP addresses in the Chinese mainland are blocked. Separate multiple regions with commas (,). For more information about region codes, see Codes of administrative regions in China.
abroadRegionList	String	No	KE,KG	The regions outside China from where you want to block requests. Separate multiple region codes with commas (,). For information about region codes, see Codes of countries and regions outside China.
status	Integer	Yes	1	The status of the protection rule. This parameter is the same as the RuleStatus parameter of the ModifyDefenseRuleStatus operation and is used only when you call the CreateDefenseRule operation to create a protection rule. Valid values:- 0: disabled.- 1 (default): enabled.
action	String	Yes	block	The action that you want WAF to perform on requests that match the protection rule. Valid values:- block: blocks requests that match the protection rule.- monitor: monitors requests that match the protection rule.

Codes of administrative regions in China

{
"110000": "Beijing",
"120000": "Tianjin",
"130000": "Hebei",
"140000": "Shanxi",
"150000": "Nei Monggol",
"210000": "Liaoning",
"220000": "Jilin",
"230000": "Heilongjiang",
"310000": "Shanghai",
"320000": "Jiangsu",
"330000": "Zhejiang",
"340000": "Anhui",
"350000": "Fujian",
"360000": "Jiangxi",
"370000": "Shandong",
"410000": "Henan",
"420000": "Hubei",
"430000": "Hunan",
"440000": "Guangdong",
"450000": "Guangxi Zhuang Autonomous Region",
"460000": "Hainan",
"500000": "Chongqing",
"510000": "Sichuan",
"520000": "Guizhou",
"530000": "Yunnan",
"610000": "Shaanxi",
"620000": "Gansu ",
"630000": "Qinghai",
"640000": "Ningxia Hui Autonomous Region",
"MO_01": "Macao (China)",
"HK_01": "Hong Kong (China)",
"TW_01": "Taiwan (China)",
"CN": "Chinese mainland",
}

Codes of countries and regions outside China

{
"KE": "Kenya",
"KG": "Kyrgyzstan",
"KH": "Kampuchea",
"KI": "Kiribati",
"KM": "Comoros",
"KN": "The Federation of Saint Kitts and Nevis",
"KP": "The Democratic People's Republic of Korea",
"KR": "The Republic of Korea",
"KW": "Kuwait",
"KY": "Cayman Islands",
"KZ": "Kazakhstan",
"LA": "Laos",
"LB": "Lebanon",
"LC": "Saint Lucia",
"LI": "Liechtenstein",
"LK": "Sri Lanka",
"LR": "Liberia",
"LS": "Lesotho",
"LT": "Lithuania",
"LU": "Luxembourg",
"LV": "Latvia",
"LY": "Libya",
"MA": "Morocco",
"MC": "Monaco",
"MD": "Moldova",
"ME": "Montenegro",
"MF": "Saint Martin",
"MG": "Madagascar",
"MH": "Marshall Islands",
"MK": "Macedonia",
"ML": "Mali",
"MM": "Myanmar",
"MN": "Mongolia",
"MP": "Northern Mariana Islands",
"MQ": "Martinique",
"MR": "Mauritania",
"MS": "Montserrat",
"MT": "Malta",
"MU": "Mauritius",
"MV": "Maldives",
"MW": "Malawi",
"MX": "Mexico",
"MY": "Malaysia",
"MZ": "Mozambique",
"NA": "Namibia",
"NC": "New Caledonia",
"NE": "Niger",
"NF": "Norfolk Island",
"NG": "Nigeria",
"NI": "Nicaragua",
"NL": "The Netherlands",
"NO": "Norway",
"NP": "Nepal",
"NR": "Nauru",
"NU": "Niue",
"NZ": "New Zealand",
"GA": "Gabon",
"GB": "United Kingdom",
"WS": "Samoa",
"GD": "Grenada",
"GE": "Georgia",
"GF": "French Guiana",
"GG": "Guernsey",
"GH": "Ghana",
"GI": "Gibraltar",
"GL": "Greenland",
"GM": "The Gambia",
"GN": "Guinea",
"GP": "Guadeloupe",
"GQ": "Equatorial Guinea",
"GR": "Greece",
"GT": "Guatemala",
"GU": "Guam",
"GW": "The Republic of Guinea-Bissau",
"GY": "Guyana",
"HN": "Honduras",
"HR": "Croatia",
"HT": "Haiti",
"YE": "Yemen",
"HU": "Hungary",
"YT": "Mayotte",
"ID": "Indonesia",
"IE": "Ireland",
"IL": "Israel",
"IM": "Isle of Mann",
"IN": "India",
"IO": "British Indian Ocean Territory",
"ZA": "South Africa",
"IQ": "The Republic of Iraq",
"IR": "Iran",
"IS": "Iceland",
"IT": "Italy",
"ZM": "Zambia",
"JE": "Jersey",
"ZW": "Zimbabwe",
"JM": "Jamaica",
"JO": "Jordan",
"JP": "Japan",
"SI": "Slovenia",
"BY": "Belarus",
"SK": "Slovakia",
"BZ": "Belize",
"SL": "Sierra Leone",
"SM": "San Marino",
"SN": "Senegal",
"SO": "Somalia",
"CA": "Canada",
"SR": "Suriname",
"SS": "South Sudan",
"ST": "Sao Tome and Principe",
"CD": "The Democratic Republic of the Congo",
"CF": "Central African Republic",
"SV": "El Salvador",
"CG": "The Republic of the Congo",
"CH": "Switzerland",
"SX": "Sint Maarten",
"SY": "Syrian Arab Republic",
"CI": "Côte d'Ivoire",
"SZ": "Eswatini",
"CK": "Cook Islands",
"CL": "Chile",
"CM": "Cameroon",
"CN": "The People's Republic of China",
"CO": "Colombia",
"TC": "Turks and Caicos Island",
"CR": "Costa Rica",
"TD": "Chad",
"CU": "Cuba",
"CV": "Cabo Verde",
"TG": "Togo",
"CW": "Curacao",
"TH": "Thailand",
"CX": "Christmas Island",
"TJ": "Tajikistan",
"CY": "Cyprus",
"CZ": "Czech Republic",
"TK": "Tokelau",
"TL": "Timor-Leste",
"TM": "Turkmenistan",
"TN": "Tunisia",
"TO": "Tonga",
"TR": "Türkiye",
"TT": "Trinidad and Tobago",
"DE": "Germany",
"TV": "Tuvalu",
"DJ": "Djibouti",
"TZ": "Tanzania",
"DK": "Denmark",
"DM": "The Commonwealth of Dominica",
"DO": "Dominican Republic",
"UA": "Ukraine",
"UG": "Uganda",
"DZ": "Algeria",
"UM": "United States Minor Outlying Islands",
"US": "United States",
"EC": "Ecuador",
"EE": "Estonia",
"EG": "Egypt",
"UY": "Uruguay",
"UZ": "Uzbekistan",
"VA": "Vatican City",
"VC": "Saint Vincent and the Grenadines",
"ER": "Eritrea",
"ES": "Spain",
"VE": "Venezuela",
"ET": "Ethiopia",
"VG": "British Virgin Islands",
"VI": "United States Virgin Islands",
"VN": "Vietnam",
"VU": "Vanuatu",
"FI": "Finland",
"FJ": "Fiji",
"FK": "Falkland Islands",
"FM": "Federated States of Micronesia",
"FO": "Faroe Islands",
"FR": "France",
"WF": "Wallis and Futuna Islands",
"OM": "Oman",
"PA": "Panama",
"PE": "Peru",
"PF": "French Polynesia",
"PG": "Papua New Guinea",
"PH": "Philippines",
"PK": "Pakistan",
"PL": "Poland",
"PM": "Saint Pierre and Miquelon",
"PR": "Puerto Rico",
"PS": "Palestine",
"PT": "Portugal",
"PW": "Palau",
"PY": "Paraguay",
"QA": "Qatar",
"AD": "Andorra",
"AE": "United Arab Emirates",
"AF": "Afghanistan",
"AG": "Antigua and Barbuda",
"AI": "Anguilla",
"AL": "Albania",
"AM": "Armenia",
"AO": "Angola",
"AP": "Asia-Pacific",
"AQ": "Antarctica",
"AR": "Argentina",
"AS": "American Samoa",
"RE": "Reunion",
"AT": "Austria",
"AU": "Australia",
"AW": "Aruba",
"AX": "Åland Islands",
"AZ": "Azerbaijan",
"RO": "Romania",
"BA": "Bosnia and Herzegovina",
"BB": "Barbados",
"RS": "Serbia",
"BD": "Bangladesh",
"BE": "Belgium",
"RU": "Russia",
"BF": "Burkina Faso",
"RW": "Rwanda",
"BG": "Bulgaria",
"BH": "Bahrain",
"BI": "The Republic of Burundi",
"BJ": "Benin",
"BL": "Saint Barthélemy",
"BM": "Bermuda",
"BN": "Brunei",
"BO": "Bolivia",
"SA": "Saudi Arabia",
"BQ": "Caribbean Netherlands",
"SB": "Solomon Islands",
"BR": "Brazil",
"SC": "Seychelles",
"SD": "Sudan",
"BS": "Bahamas",
"SE": "Sweden",
"BT": "Bhutan",
"SG": "Singapore",
"BW": "Botswana"
}

Examples

{
    "InstanceId": "waf_v2_public_****",
    "TemplateId": 2341,
    "DefenseScene": "region_block",
    "Rules": "[{\"cnRegionList\":\"CN,HK_01,TW_01,MO_01\",\"abroadRegionList\":\"AU,NZ\",\"action\":\"block\",\"status\":1}]"
}

Parameters of HTTP flood protection rules (cc)

Parameter description

Parameter	Type	Required	Example	Description
mode	Integer	Yes	0	The HTTP flood protection mode. Valid values:- 0 (default): the protection mode.- 1: the protection-emergency mode.
status	Integer	Yes	1	The status of the protection rule. This parameter is the same as the RuleStatus parameter of the ModifyDefenseRuleStatus operation and is used only when you call the CreateDefenseRule operation to create a protection rule. Valid values:- 0: disabled.- 1 (default): enabled.

Examples

{
    "InstanceId": "waf_v2_public_****",
    "TemplateId": 2241,
    "DefenseScene": "cc",
    "Rules":"[{\"mode\":0,\"status\":1}]"
}

Parameters of website tamper-proofing rules (tamperproof)

Parameter description

Parameter	Type	Required	Example	Description
name	String	Yes	test	The name of the protection rule.
url	String	Yes	/abc	The address of the cached page.
ua	String	No	app	The User-Agent header that can be used to access the address.
protocol	String	Yes	https	The protocol type of the cached page address. Valid values: http and https.
status	Integer	Yes	1	The status of the protection rule. This parameter is the same as the RuleStatus parameter of the ModifyDefenseRuleStatus operation and is used only when you call the CreateDefenseRule operation to create a protection rule. Valid values:- 0: disabled.- 1 (default): enabled.

Examples

{
    "InstanceId": "waf_v2_public_****",
    "TemplateId": 1241,
    "DefenseScene": "tamperproof",
    "Rules": "[{\"name\":\"test1\",\"url\":\"www.test1.com\",\"ua\":\"firefox\",\"protocol\":\"https\",\"status\":1}]"
}

Parameters of data leakage prevention rules (dlp)

Parameter description

Parameter	Type	Required	Example	Description
name	String	Yes	test	The name of the protection rule.
conditions	Array	Yes	[{"key":"HttpCode","opValue":"contain","values":"400,401,402,403,404,405,500,501,502,503,504,505"},{"key":"URL","opValue":"contain","values":"test"}]	The match conditions. Set the value to a JSON string. You can specify up to two match conditions by using the logical operator AND. For more information, see Match condition parameters.
status	Integer	Yes	1	The status of the protection rule. This parameter is the same as the RuleStatus parameter of the ModifyDefenseRuleStatus operation and is used only when you call the CreateDefenseRule operation to create a protection rule. Valid values:- 0: disabled.- 1 (default): enabled.
action	String	Yes	block	The action that you want WAF to perform on requests that match the protection rule. Valid values:- block: blocks requests that match the protection rule.- monitor: monitors requests that match the protection rule.- filter: filters sensitive information that matches the protection rule.

Match condition parameters

Parameter	Type	Required	Example	Description
key	String	Yes	URL	The match field. Valid values: URL, HttpCode, and SensitiveInfo.
opValue	String	Yes	contain	The logical operator. Set the value to contain.
values	String	Yes	abc	The match content. Separate multiple match contents with commas (,).Valid values of the values parameter if you set key to HttpCode: 400, 401, 402, 403, 404, 405 (405–499), 500, 501, 502, 503, 504, and 505 (505–599).Valid values of the values parameter if you set key to SensitiveInfo:- phone: mobile phone numbers.- card: credit card numbers.- id: ID card numbers.- word: default sensitive words.

Examples

{
    "InstanceId": "waf_v2_public_****",
    "TemplateId": 5241,
    "DefenseScene": "dlp",
    "Rules":"[{\"name\":\"test\",\"action\":\"filter\",\"status\":1,\"conditions\":[{\"key\":\"SensitiveInfo\",\"opValue\":\"contain\",\"values\":\"id,card\"},{\"key\":\"URL\",\"opValue\":\"contain\",\"values\":\"/test.html\"}]}]"
}

Response parameters

Parameter	Type	Description	Example
	object	The returned data.
RequestId	string	The ID of the request.	26E46541-7AAB-5565-801D-F14DBDC5F186

Examples

Sample success responses

JSONformat

{
  "RequestId": "26E46541-7AAB-5565-801D-F14DBDC5F186"
}

Error codes

For a list of error codes, visit the Service error codes.

Change history

Change time

Summary of changes

Operation

2023-05-17

The internal configuration of the API is changed, but the call is not affected

see changesets

Change item	Change content
	The internal configuration of the API is changed, but the call is not affected.