Adding a Precise Protection Rule¶

Function Description¶

This API is used to add a precise protection rule.

URI¶

URI format
POST /v1/{project_id}/waf/policy/{policy_id}/custom
Parameter description
Table 1 Path parameters¶
Parameter
Mandatory
Type
Description
project_id
Yes
String
Specifies the project ID.
policy_id
Yes
String
Specifies the policy ID.

**Table 1** Path parameters¶
Parameter	Mandatory	Type	Description
project_id	Yes	String	Specifies the project ID.
policy_id	Yes	String	Specifies the policy ID.

Request¶

Request parameters

**Table 2** Parameter description¶
Parameter	Mandatory	Type	Description
name	Yes	String	Specifies the name of a precise protection rule. The maximum length is 256 characters. Only digits, letters, underscores (_), and hyphens (-) are allowed.
time	No	Boolean	Specifies the effect time of the precise protection rule. false: The rule takes effect immediately. true: The rule takes effect at the scheduled time.
start	No	Long	Specifies the time when the precise protection rule takes effect. If time is set to true, either the start time or the end time must be set.
end	No	Long	Specifies the time when the precise protection rule expires. If time is set to true, either the start time or the end time must be set.
conditions	Yes	Table 3	Specifies the condition parameters.
action	Yes	Table 4	Specifies the protective action after the precise protection rule is matched.
priority	No	Integer	Specifies the priority of a rule being executed. Smaller values correspond to higher priorities. If two rules are assigned with the same priority, the rule added earlier has higher priority. The value ranges from 0 to 65535.

**Table 3** **conditions**¶
Parameter	Mandatory	Type	Description
category	Yes	String	Specifies the condition type. The value can be path, user-agent, ip, params, cookie, referer, or header.
index	No	String	If category is set to cookie, index indicates cookie name. If category is set to params, index indicates param name. If category is set to header, index indicates an option in the header.
logic	Yes	String	contain, not_contain, equal, not_equal, prefix, not_prefix, suffix, and not_suffix indicate Include, Exclude, Equal to, Not equal to, Prefix is, Prefix is not, Suffix is, and Suffix is not respectively. If category is set to ip, logic can only be equal or not_equal.
contents	Yes	List	Specifies content matching the condition. Currently, only one value is accepted.

**Table 4** **action**¶
Parameter	Mandatory	Type	Description
category	Yes	String	Specifies the protective action. block: block. pass: allow.

Response¶

Response parameters

**Table 5** Parameter description¶
Parameter	Type	Description
id	String	Specifies the ID of a precise protection rule.
policy_id	String	Specifies the ID of the policy to which the rule belongs.
name	String	Specifies the rule name.
conditions	Table 6	Specifies the condition parameters in the precise protection rule.
action	Table 7	Specifies the protective action after the precise protection rule is matched.
priority	Integer	Specifies the priority of a rule being executed. Smaller values correspond to higher priorities. If two rules are assigned with the same priority, the rule added earlier has higher priority. The value ranges from 0 to 65535.
time	Boolean	Specifies the effect time of the precise protection rule. false: The rule takes effect immediately. true: The rule takes effect at the scheduled time.
start	Long	Specifies the time when the precise protection rule takes effect.
end	Long	Specifies the time when the precise protection rule expires.
timestamp	Long	Specifies the time when a precise protection rule is added.

**Table 6** **conditions**¶
Parameter	Type	Description
category	String	Specifies the condition type. The value can be path, user-agent, ip, params, cookie, referer, or header.
index	String	If category is set to cookie, index indicates cookie name. If category is set to params, index indicates param name. If category is set to header, index indicates an option in the header.
logic	String	contain, not_contain, equal, not_equal, prefix, not_prefix, suffix, and not_suffix indicate Include, Exclude, Equal to, Not equal to, Prefix is, Prefix is not, Suffix is, and Suffix is not respectively. If category is set to ip, logic can only be equal or not_equal.
contents	List	Specifies content matching the condition.

**Table 7** **action**¶
Parameter	Type	Description
category	String	Specifies the protective action. block: block. pass: allow.

Examples¶

A rule named rule1 is used as an example.

Request example

{
      "name": "rule1",
      "time": true,
      "start": 1499817600,
      "end": 1567817600,
      "conditions": [{
          "category": "path",
          "contents": ["/login"],
          "logic": "contain"
        },{
          "category": "ip",
           "logic": "equal",
           "contents": ["X.X.1.1"]
        }
      ],
      "action": {
        "category": "block"
      },
     "priority": 10
}

Response example

{
      "id": "7374ad99c6c448e9a9ca35cb46660a39",
      "policy_id": "9tre832yf96784ec8abd8ba61a98064ef",
      "name": "rule1",
      "time": true,
      "start": 1499817600,
      "end": 1567817600,
      "conditions": [{
          "category": "path",
          "contents": ["/login"],
          "logic": "contain"
        },{
          "category": "ip",
           "logic": "equal",
           "contents": ["X.X.1.1"]
        }
      ],
      "action": {
        "category": "block"
      },

     "priority": 10,
     "timestamp": 1499817600
}

Status Code¶

Table 8 describes the normal status code returned by the API.

**Table 8** Status code¶
Status Code	Description	Meaning
200	OK	The request has succeeded.

For details about error status codes, see Status Codes.

last updated: 2024-04-19 00:03