Deleting a Policy¶

Function¶

This API is used to delete a policy.

URI¶

DELETE /v1/{project_id}/waf/policy/{policy_id}

**Table 1** Path Parameters¶
Parameter	Mandatory	Type	Description
project_id	Yes	String	Project ID
policy_id	Yes	String	Policy ID. It can be obtained by calling the API Querying Protection Policies.

Request Parameters¶

**Table 2** Request header parameters¶
Parameter	Mandatory	Type	Description
X-Auth-Token	Yes	String	User token. It can be obtained by calling the IAM API (value of X-Subject-Token in the response header).
Content-Type	No	String	Content type. Default value: application/json;charset=utf8 Default: application/json;charset=utf8

Response Parameters¶

Status code: 200

**Table 3** Response body parameters¶
Parameter	Type	Description
id	String	Policy ID
name	String	Array of details of policies
action	PolicyAction object	PolicyAction
options	PolicyOption object	PolicyOption
level	Integer	Protection level 1: WAF detects wget, cURL, and more but does not detect XSS and command injection attacks in the header, so you may miss more vulnerabilities that actually exist. If you find out that configured protection rules are affecting your services, adjust the protection level to 1. 2: Medium. WAF detects remote file inclusion, third-party software vulnerabilities, web shell, and cp and ftp commands. This is the default value. 3: If you need a stricter protection level, set this parameter to 3. This may increase the false positive rate but decrease the false negative rate, such as nc, nmap, and kill.
full_detection	Boolean	Detection mode in the precise protection rule true: full detection. WAF blocks all requests that hit the configured precise protection rule when it finishes all threat detections. false: instant detection. WAF immediately ends threat detection and blocks the request that hits the configured precise protection rule.
bind_host	Array of BindHost objects	Basic information about the protected domain.
hosts	Array of strings	Array of IDs of protected domain names. The ID of a protected domain name is unique and generated by WAF when you add the domain name to WAF. To obtain the IDs, call the API Querying Domain Names Protected by Dedicated WAF Engines. To add a domain name to WAF, call the API Adding a Protected Domain Name.
robot_action	Action object	Feature-based anti-crawler protection mode. This parameter is unavailable for newly created protection policies. The default protection mode is Log only.
extend	PolicyExtend object	Switch for enabling or disabling Deep Inspection and Header Inspection in Basic Web Protection.
modulex_options	ModulexOptions object	Whether to enable intelligent CC protection. This parameter is reserved and can be ignored currently.
timestamp	Integer	Time the policy was created.

**Table 4** PolicyAction¶
Parameter	Type	Description
category	String	Protection level. The value can be: block: WAF blocks attacks. log: WAF only logs detected attacks. Enumeration values: block log

**Table 5** PolicyOption¶
Parameter	Type	Description
webattack	Boolean	Basic web protection includes many specific checks under Advanced Settings, and there is a specific parameter allocated for each check, for example, common for General Check. To enable any of these checks, keep this parameter enabled first. The value can be: true: enabled false: disabled
common	Boolean	Whether general check is enabled. The value can be: true: enabled false: disabled
anticrawler	Boolean	Whether to enable the JavaScript anti-crawler function. true: Enabled false: Disabled
crawler_engine	Boolean	Whether the search engine is enabled. The value can be: true: enabled false: disabled
crawler_scanner	Boolean	Whether the scanner check in anti-crawler detection is enabled. The value can be: true: enabled false: disabled
crawler_script	Boolean	Whether the JavaScript anti-crawler is enabled. The value can be: true: enabled false: disabled
crawler_other	Boolean	Whether other crawler check is enabled. The value can be: true: enabled false: disabled
webshell	Boolean	Whether webshell check is enabled. The value can be: true: enabled false: disabled
cc	Boolean	Whether the CC attack protection rule is enabled. The value can be: true: enabled false: disabled
custom	Boolean	Whether precise protection is enabled. The value can be: true: enabled false: disabled
whiteblackip	Boolean	Whether blacklist and whitelist protection is enabled. The value can be: true: enabled false: disabled
geoip	Boolean	Whether geolocation access control is enabled. The value can be: true: enabled false: disabled
ignore	Boolean	Whether false alarm masking is enabled. The value can be: true: enabled false: disabled
privacy	Boolean	Whether data masking is enabled. The value can be: true: enabled false: disabled
antitamper	Boolean	Whether the web tamper protection is enabled. The value can be: true: enabled false: disabled
antileakage	Boolean	Whether the information leakage prevention is enabled. The value can be: true: enabled false: disabled
followed_action	Boolean	Whether the Known Attack Source protection is enabled.. The value can be: true: enabled false: disabled
bot_enable	Boolean	Feature-based anti-crawler. This feature includes many specific anti-crawler checks, such as crawler_engine, crawler_scanner, crawler_script, and crawler_other. To enable any of these checks, keep anti-crawler protection enabled. The value can be: true: Enabled false: Disabled
crawler	Boolean	This parameter is reserved and can be ignored currently.
precise	Boolean	This parameter is reserved and can be ignored currently.
modulex_enabled	Boolean	This parameter is reserved and can be ignored currently. Enumeration values: true false

**Table 6** BindHost¶
Parameter	Type	Description
id	String	Domain name ID. It is the unique identifier generated by WAF for a domain name when you add the domain name to WAF
hostname	String	Domain name
waf_type	String	WAF mode of the domain name. The value is premium.

**Table 7** Action¶
Parameter	Type	Description
category	String	Protective action for feature-based anti-crawler rules: log: WAF only logs discovered attacks. block: WAF blocks discovered attacks. Enumeration values: log block

**Table 8** PolicyExtend¶
Parameter	Type	Description
extend	String	Protection statuses for advanced settings in basic web protection. By default, this parameter is left blank, and the Deep Inspection and Header Inspection are disabled. If deep_decode is set to true, the Deep Inspection is enabled. If check_all_headers is set to true, the Header Inspection is enabled. If deep_decode and check_all_headers are set to true, the Deep Inspection and Header Inspection are disabled.

**Table 9** ModulexOptions¶
Parameter	Type	Description
global_rate_enabled	Boolean	Status of the global rate limiting function (counting requests to all WAF instances when limiting traffic). false: Disabled. true: Enabled.
global_rate_mode	String	Protection mode of the global rate limiting function. WAF logs the event only. block: WAF blocks requests. Enumeration values: log block
precise_rules_enabled	Boolean	Status of the intelligent precise protection. false: Disabled. true: Enabled.
precise_rules_mode	String	Protection mode of the intelligent precise protection. log: WAF logs the event only. block: WAF blocks requests. Enumeration values: log block
precise_rules_managed_mode	String	Management mode of the intelligent precise protection. auto: Automatic Enumeration values: auto
precise_rules_aging_mode	String	Aging mode of the intelligent precise protection. auto: Automatic Enumeration values: auto
precise_rules_retention	Integer	Maximum age of the intelligent precise protection.
cc_rules_enabled	Boolean	Status of the intelligent CC attack protection. false: Disabled. true: Enabled.
cc_rules_mode	String	Protection mode of the intelligent CC attack protection rule. log: WAF logs the event only. block: WAF blocks requests. Enumeration values: log block
cc_rules_managed_mode	String	Management mode of the intelligent CC attack protection. auto: Automatic Enumeration values: auto
cc_rules_aging_mode	String	Aging mode of the intelligent CC attack protection. auto: Automatic Enumeration values: auto
cc_rules_retention	Integer	Maximum age of the intelligent CC attack protection.

Status code: 400

**Table 10** Response body parameters¶
Parameter	Type	Description
error_code	String	Error code
error_msg	String	Error message

Status code: 401

**Table 11** Response body parameters¶
Parameter	Type	Description
error_code	String	Error code
error_msg	String	Error message

Status code: 500

**Table 12** Response body parameters¶
Parameter	Type	Description
error_code	String	Error code
error_msg	String	Error message

Example Requests¶

DELETE https://{Endpoint}/v1/{project_id}/waf/policy/{policy_id}?

Example Responses¶

Status code: 200

Request succeeded.

{
  "id" : "62169e2fc4e64148b775ec01b24a1947",
  "name" : "demo",
  "level" : 2,
  "action" : {
    "category" : "log",
    "modulex_category" : "log"
  },
  "options" : {
    "webattack" : true,
    "common" : true,
    "crawler" : true,
    "crawler_engine" : false,
    "crawler_scanner" : true,
    "crawler_script" : false,
    "crawler_other" : false,
    "webshell" : false,
    "cc" : true,
    "custom" : true,
    "precise" : false,
    "whiteblackip" : true,
    "geoip" : true,
    "ignore" : true,
    "privacy" : true,
    "antitamper" : true,
    "anticrawler" : false,
    "antileakage" : false,
    "followed_action" : false,
    "bot_enable" : true
  },
  "hosts" : [ ],
  "extend" : { },
  "timestamp" : 1649316510603,
  "full_detection" : false,
  "bind_host" : [ ]
}

Status Codes¶

Status Code	Description
200	Request succeeded.
400	Request failed.
401	The token does not have required permissions.
500	Internal server error.

Error Codes¶

See Error Codes.

last updated: 2024-11-14 08:44 UTC - commit: 0dac5e70f288fcbceae9b3712e8d35da924d7c2c