CreateDefenseRule

更新时间:
复制 MD 格式

Create a web core protection rule.

Try it now

Try this API in OpenAPI Explorer, no manual signing needed. Successful calls auto-generate SDK code matching your parameters. Download it with built-in credential security for local usage.

Test

RAM authorization

The table below describes the authorization required to call this API. You can define it in a Resource Access Management (RAM) policy. The table's columns are detailed below:

  • Action: The actions can be used in the Action element of RAM permission policy statements to grant permissions to perform the operation.

  • API: The API that you can call to perform the action.

  • Access level: The predefined level of access granted for each API. Valid values: create, list, get, update, and delete.

  • Resource type: The type of the resource that supports authorization to perform the action. It indicates if the action supports resource-level permission. The specified resource must be compatible with the action. Otherwise, the policy will be ineffective.

    • For APIs with resource-level permissions, required resource types are marked with an asterisk (*). Specify the corresponding Alibaba Cloud Resource Name (ARN) in the Resource element of the policy.

    • For APIs without resource-level permissions, it is shown as All Resources. Use an asterisk (*) in the Resource element of the policy.

  • Condition key: The condition keys defined by the service. The key allows for granular control, applying to either actions alone or actions associated with specific resources. In addition to service-specific condition keys, Alibaba Cloud provides a set of common condition keys applicable across all RAM-supported services.

  • Dependent action: The dependent actions required to run the action. To complete the action, the RAM user or the RAM role must have the permissions to perform all dependent actions.

Action

Access level

Resource type

Condition key

Dependent action

yundun-waf:CreateDefenseRule

create

*All Resource

*

  • acs:ResourceGroupId
None

Request parameters

Parameter

Type

Required

Description

Example

InstanceId

string

Yes

The ID of the WAF instance.

Note

You can call the DescribeInstance operation to get the ID of your WAF instance.

waf_v2_public_cn-****

TemplateId

integer

No

The ID of the protection rule template.

Note

This parameter is required only when DefenseType is set to template.

1122

DefenseScene

string

Yes

The scenario to which the protection rule is applied.

If DefenseType is set to template, valid values are:

  • waf_group: basic protection.

  • waf_base: web core protection.

  • antiscan: scan protection.

  • ip_blacklist: IP address blacklist.

  • custom_acl: custom rule.

  • whitelist: whitelist.

  • region_block: geo-blocking.

  • custom_response: custom response.

  • cc: HTTP flood protection.

  • tamperproof: webpage tamper-proofing.

  • dlp: data leakage prevention.

  • spike_throttle: rate limiting for bursts of traffic.

  • bot_manager: bot management.

If DefenseType is set to resource, valid values are:

  • account_identifier: account identification.

  • custom_response: custom response.

  • waf_codec: decoding.

If DefenseType is set to global, valid values are:

  • regular_custom: custom regular expression.

  • address_book: address book.

  • custom_response: custom response.

Note

You can apply a global custom response to a protected object or a rule. If you configure custom response rules at different levels, the rule with the finest-grained scope takes precedence. The priority is as follows: rule > protected object > default page.

waf_group

Rules

string

Yes

The details of the protection rule. This value is a JSON string.

Note

The parameters in the JSON string vary based on the value of DefenseScene. For more information, see Protection rule parameters.

waf_group

ResourceManagerResourceGroupId

string

No

The ID of the resource group.

rg-acfm***q

DefenseType

string

No

The type of the protection rule. Valid values:

  • template (default): a template-based protection rule.

  • resource: a rule for a specific protected object.

  • global: a global protection rule.

template

RegionId

string

No

The region where the WAF instance is deployed. Valid values:

  • cn-hangzhou: Chinese mainland.

  • ap-southeast-1: outside the Chinese mainland.

cn-hangzhou

Resource

string

No

The protected object to which the rule applies.

Note

This parameter is required only when DefenseType is set to resource.

sec****-waf

Protection rule parameters

Template protection rule (template)

When DefenseType is set to template, the rule configuration is as follows.

Basic protection rules (waf_group)

Parameters

ParameterTypeRequiredExampleDescription
statusIntegerRequired1Specifies the initial status of the defense rule. To change the status later, call the ModifyDefenseRuleStatus operation. Valid values:
- 0: disabled.
- 1 (default): enabled.

actionStringRequiredblockSpecifies the action for the defense rule. Valid values:
- block: blocks matching requests.
- monitor: monitors matching requests.

policyIdLongOptional1012Specifies the ID of the defense rule group. Defaults to the medium rule group (1012).
protectionTypeStringOptionalsemaSpecifies the type of defense rule. Valid values:
- regular (default): regular expression protection.
- sema: semantic protection.

configStringOptional{"nonInjectionSql":1}Specifies the custom configuration as a JSON string. For a detailed list of settings, refer to the config object documentation.

Parameters

  • When protectionType is set to sema, where the basic protection rule is semantic protection.

ParameterTypeRequiredExampleDescription
nonInjectionSqlIntegerYes1Indicates whether non-injection attack detection is enabled. Valid values:
- 0: disabled.
- 1 (default): enabled.

Example

{
    "DefenseScene": "waf_group",
    "TemplateId": 322,
    "InstanceId": "waf_cn****",
    "Rules": "[{\"status\":1,\"policyId\":1012,\"action\":\"block\"},{\"status\":1,\"action\":\"block\",\"protectionType\":\"sema\",\"config\":\"{\\\"nonInjectionSql\\\":1}\"}]"
}

New core web protection (waf_base)

Parameters

ParameterTypeRequiredExample valueDescription
autoUpdateBooleanRequiredtrueSpecifies whether to enable automatic updates. Valid values:
- true: Enables automatic updates.
- false: Disables automatic updates.

configArrayRequired[{"ruleType":"system","ruleDetail":[{"ruleId":13000412,"ruleStatus":1,"ruleAction":"block"}]}]The rule configuration to modify.
Important Call the DescribeBaseSystemRules operation to query the template's system protection rule configuration. Call the DescribeDefenseRules operation to query the template's custom regular expression rule configuration.

config: Configuration details

ParameterTypeRequiredExample valueDescription
ruleTypeStringRequiredsystemThe rule type. Valid values:
- system: A system rule for Basic Protection.
- custom: A custom regular expression rule for Basic Protection.

ruleBatchOperationConfigStringOptionaldefaultSpecifies the batch operation for rules. This parameter cannot be used with the RuleDetail parameter. Valid values:
- default: Restores the default settings.
- all_on: Enables all rules.
- all_off: Disables all rules.
- all_block: Sets the action of all rules to Block.
- all_monitor: Sets the action of all rules to Monitor.




ruleDetailArrayOptional[{"ruleId":13000412,"ruleStatus":1,"ruleAction":"block"}]]The details of the rules to modify. Properties:
- ruleId: The rule ID.
- ruleStatus: The rule status.
- ruleAction: The rule action.


Example

{
    "DefenseScene": "waf_base",
    "TemplateId": 322,
    "InstanceId": "waf_cn****",
    "Rules": "[{\"autoUpdate\":true,\"config\":[{\"ruleType\":\"system\",\"ruleDetail\":[{\"ruleId\":13000412,\"ruleStatus\":1,\"ruleAction\":\"block\"}]}]}]"
}

Antiscan rules

Parameters

ParameterTypeRequiredExample valueDescription
protectionTypeStringrequiredhighfreqThe subtype of the scan protection rule. Valid values:
- highfreq: high-frequency scan blocking.
- dirscan: directory traversal blocking.
- scantools: scan tool blocking.


statusIntegerrequired1The status of the protection rule. This parameter is used only when you create a protection rule. To modify the status, use the RuleStatus parameter of the ModifyDefenseRuleStatus operation. Valid values:
- 0: disabled.
- 1 (default): enabled.

actionStringrequiredblockThe action for the protection rule. Valid values:
- block: blocks matching requests.
- monitor: monitors matching requests.

actionExternalJSONoptional{"responseRuleId":123444}Specifies the extended configuration for the rule's action, allowing you to define a custom response. For example, if the action parameter is set to block, you can specify a custom block page.
configStringoptional{"target":"remote_addr","interval":60,"ttl":180,"count":20}Custom configuration, specified as a JSON string. For more information, see Details of the config parameter.

Detailed configuration

  • When protectionType is set to highfreq (for high-frequency scan blocking)

ParameterTypeRequiredExampleDescription
targetStringYesremote_addrThe statistic object type. Valid values:
- remote_addr (default): IP address.
- cookie.acw_tc: session.
- header: custom header. If you select this value, specify the header field in the subKey parameter.
- queryarg: custom parameter. If you select this value, specify the parameter name in the subKey parameter.
- cookie: custom cookie. If you select this value, specify the cookie name in the subKey parameter.




subKeyStringNoabcThe specific field of the statistic object. Required when target is set to cookie, header, or queryarg.
intervalIntegerNo60The detection duration in seconds. The default value is 60.
The value must be an integer from 5 to 1,800.
ttlIntegerNo1800The blocking duration in seconds. The default value is 1,800.
The value must be an integer from 60 to 86,400.
countIntegerNo20Maximum number of times a basic protection rule can be triggered. The default value is 20.
The value must be an integer from 3 to 50,000.
ruleIdCountIntegerNo2Maximum number of triggered rules. The default value is 2.
The value must be an integer from 1 to 50.
  • When protectionType is set to dirscan (the scan protection rule for blocking directory traversal)

ParameterTypeRequiredValueDescription
targetStringRequiredremote_addrThe target object for statistics and blocking. Valid values:
- remote_addr (default): IP
- cookie.acw_tc: session
- header: custom header
- queryarg: custom parameter
- cookie: custom cookie




subKeyStringOptional1The sub-key of the target object. Specify this parameter only when target is set to header, queryarg, or cookie.
intervalIntegerOptional60The detection duration, in seconds.
Valid values: 5 to 1,800. Default: 60.
ttlIntegerOptional1800The block duration, in seconds.
Valid values: 60 to 86,400. Default: 1,800.
countIntegerOptional20The maximum number of times a basic protection rule can be triggered.
Valid values: 3 to 50,000. Default: 20.
weightFloatOptional0.5The ratio of 404 response codes.
Valid values: 0.01 to 1.0 (with a precision of two decimal places). Default: 0.7.
uriNumIntegerOptional50The maximum number of non-existent directories.
Valid values: 2 to 50,000. Default: 50.

Example

{
    "InstanceId": "waf_v2_public_****",
    "TemplateId": 2222,
    "DefenseScene": "antiscan",
    "Rules": "[{\"protectionType\":\"scantools\",\"action\":\"block\",\"status\":1},{\"protectionType\":\"dirscan\",\"status\":1,\"action\":\"block\",\"config\":\"{\\\"target\\\":\\\"remote_addr\\\",\\\"interval\\\":10,\\\"ttl\\\":1800,\\\"weight\\\":0.7,\\\"uriNum\\\":50,\\\"count\\\":50}\"},{\"protectionType\":\"highfreq\",\"status\":1,\"action\":\"block\",\"config\":\"{\\\"target\\\":\\\"remote_addr\\\",\\\"interval\\\":60,\\\"ttl\\\":1800,\\\"count\\\":20,\\\"ruleIdCount\\\":2}\"}]"
}

IP blacklist (ip_blacklist)

Parameters

ParameterTypeRequiredExample valueDescription
nameStringRequirediptestThe name of the ip blacklist rule. The name must be 1 to 255 characters long and can contain Chinese characters, letters, digits, underscores (_), periods (.), and hyphens (-).
statusIntegerRequired1The rule status. Use this parameter only when you create a protection rule. To modify the rule status, use the RuleStatus parameter of the ModifyDefenseRuleStatus operation. Valid values:
- 0: disable
- 1 (default): enable

actionStringRequiredblockThe rule action. Valid values:
- block: Blocks requests.
- monitor: Monitors requests.

actionExternalJSONOptional{"responseRuleId":123444}Extended configuration for the rule action. This parameter applies only to the new custom response feature. When action is set to block, you can specify a custom block page.
remoteAddrArrayRequired["1.1.XX.XX", "3.1.XX.XX/24"]The IP addresses or CIDR blocks to add to the ip blacklist. Use the format ["ip1","ip2",...].

Example

{
    "InstanceId": "waf_v2_public_****",
    "TemplateId": 2222,
    "DefenseScene": "ip_blacklist",
    "Rules": "[{\"name\":\"iptest1\",\"remoteAddr\":[\"1.1.1.2\",\"3.3.3.3/24\"],\"action\":\"monitor\",\"status\":1},{\"name\":\"iptest2\",\"remoteAddr\":[\"4.4.4.4\",\"5.5.5.5/32\"],\"action\":\"block\",\"status\":1}]"
}

Custom rule (custom_acl)

Parameters

ParameterTypeRequiredExampleDescription
nameStringYesiptestThe name of the custom ACL rule. The name must be 1 to 255 characters long and can contain Chinese characters, letters, digits, underscores (_), periods (.), and hyphens (-).
statusIntegerYes1Specifies the status of the protection rule. This parameter applies only when you create a protection rule. To change the status of an existing rule, use the RuleStatus parameter of the ModifyDefenseRuleStatus operation. Valid values:
- 0: disabled
- 1 (default): enabled

actionStringYesblockSpecifies the action of the protection rule. Valid values:
- block: Blocks the request.
- monitor: Monitors the request.
- js: Triggers a JS challenge.
- captcha: Triggers a CAPTCHA.
- captcha_strict: Triggers a strict CAPTCHA.
Note The actions available for custom ACL rules are limited to those shown in the WAF console.





actionExternalJSONNo{"responseRuleId":123444}Specifies the extended configuration for the protection rule action. This parameter is available only for the new version of custom responses. When action is set to block, you can specify a custom block page. When action is set to captcha/ captcha_strict, you can specify a custom CAPTCHA page.
conditionsArrayYes[{"key":"IP","opValue":"eq","values":"11.XX.XX.1"},{"key":"Header","subKey":"abc","opValue":"contains","values":"test"}]Specifies the match conditions for the ACL rule. The value is a JSON string. You can specify up to five match conditions. For more information, see the description of conditions in Parameters of protection rules.
ccStatusIntegerYes1Specifies whether to enable rate limiting. Valid values:
- 0: Disables rate limiting.
- 1: Enables rate limiting.

ratelimitJSONNo{"target":"remote_addr","interval":5,"threshold":2,"ttl":1800,"status":{"code":404,"count":2}}Specifies the detailed configuration for rate limiting. The value is a JSON string. This parameter is required only when ccStatus is set to 1. For more information, see the description of ratelimit in Parameters of protection rules.
effectStringNoruleSpecifies the scope of rate limiting. This parameter is required only when ccStatus is set to 1. Valid values:
- service: Applies to the protected object.
- rule: Applies to the single rule.

grayStatusIntegerNo1Specifies whether to enable grayscale release for the rule. Valid values:
- 0 (default): Disables grayscale release.
- 1: Enables grayscale release.

grayConfigJSONNo{"grayTarget":"header","grayRate":80,"graySubKey":"test"}Specifies the configuration for the grayscale release. The value is a JSON string. This parameter is required only when grayStatus is set to 1. For more information, see the description of grayConfig in Parameters of protection rules.
timeConfigJSONNo{"timeScope":"period","timeZone":8,"timePeriods":[{"start":1758771729787,"end":1758816000000}]}Specifies the schedule that determines when the rule is active. The value is a JSON string. For more information, see the description of timeConfig in Parameters of protection rules.

Example

The provided document was analyzed for user interface (UI) terms according to the established criteria.

The document contains a JSON code example, which consists of API parameters and code variables. Per the exclusion criteria, these are not considered UI elements such as buttons, menus, or labels.
{
    "InstanceId": "waf_v2_public_****",
    "TemplateId": 6242,
    "DefenseScene": "custom_acl",
    "Rules":"[{\"name\":\"acl_test\",\"action\":\"block\",\"conditions\":[{\"key\":\"URL\",\"opValue\":\"contain\",\"values\":\"abc\"}],\"ratelimit\":{\"target\":\"remote_addr\",\"interval\":5,\"threshold\":2,\"ttl\":1800,\"status\":{\"code\":404,\"count\":2}},\"ccStatus\":1,\"effect\":\"rule\",\"status\":1,\"origin\":\"custom\",\"timeConfig\":{\"timeScope\":\"cycle\",\"timeZone\":8,\"weekTimePeriods\":[{\"day\":\"1\",\"dayPeriods\":[{\"start\":0,\"end\":51644084}]},{\"day\":\"1,2,5\",\"dayPeriods\":[{\"start\":0,\"end\":42928908}]}]},\"grayStatus\":1,\"grayConfig\":{\"grayRate\":80,\"graySubKey\":\"test\",\"grayTarget\":\"header\"}}]"
}



Therefore, no UI terms were extracted from the document.

UI term extraction requires documentation containing interface descriptions, operational steps, or screenshots.

Whitelist

Parameters

ParameterTypeRequiredExample valueDescription
nameStringRequiredwhitelistTestThe name of the whitelist rule. The name must be 1 to 255 characters long and can contain Chinese characters, letters, digits, underscores (_), periods (.), and hyphens (-).
statusIntegerRequired1The status of the protection rule. Use this parameter only when you create a protection rule. To modify the rule's status, use the RuleStatus parameter of the ModifyDefenseRuleStatus operation. Valid values:
- 0: Disabled.
- 1 (default): Enabled.

conditionsArrayRequired[{"key":"IP","opValue":"eq","values":"11.XX.XX.1"},{"key":"Header","subKey":"abc","opValue":"contains","values":"test"}]A JSON string that contains an array of match conditions for the whitelist. You can specify up to five match conditions. For more information, see the description of conditions in Protection Rule Parameter Configuration.
tagsArrayRequired["waf", "regular"]The protection modules to which the whitelist rule applies. Specify the values in the ["XX1", "XX2",...] format. Valid values:
- waf: All modules
- customrule_rule: Specific custom rule
- customrule: custom rules
- blacklist: IP blacklist
- blacklist_rule: Specific IP blacklist rule
- antiscan: scan protection
- regular: basic protection rules
- regular_rule: Specific basic protection rule
- regular_type: Specific basic protection rule type
- regular_field: Specific basic protection field
- major_protection: Major event protection
- cc: CC protection
- region_block: region blocking
- antibot_scene: bot protection
- antibot_scene_rule: Specific bot protection rule ID
- antibot_scene_label: Specific bot protection rule type
- dlp: data loss prevention
- tamperproof: web tamper proofing
- spike_throttle: spike throttling protection


















regularRulesArrayOptional[ "111111", "222222" ]A list of basic protection rule IDs to exclude from detection. Specify the values in the ["XX1", "XX2",...] format. Configure this parameter only when the tags parameter is set to regular_rule.
regularTypesArrayOptional[ "xss", "css" ]A list of basic protection rule types to exclude from detection. Specify the values in the ["XX1", "XX2",...] format. Configure this parameter only when the tags parameter is set to regular_type. Valid values:
- sqli: SQL injection
- xss: cross-site scripting
- code_exec: code execution
- crlf: CRLF
- lfilei: local file inclusion
- rfilei: remote file inclusion
- webshell: webshell
- csrf: CSRF
- other: Other








regularFieldsArrayOptional[{"key":"URL"},{"key":"Header","subKey":"abc"}]A JSON string that contains an array of fields to exclude from basic protection. You can specify up to five fields. For more information, see regularFields Configuration. Configure this parameter only when the tags parameter is set to regular_field.
customRulesArrayOptional[ "111111", "222222" ]A list of custom rule IDs to exclude from detection. Specify the values in the ["XX1", "XX2",...] format. Configure this parameter only when the tags parameter is set to customrule_rule.
blacklistRulesArrayOptional[ "111111", "222222" ]A list of IP blacklist rule IDs to exclude from detection. Specify the values in the ["XX1", "XX2",...] format. Configure this parameter only when the tags parameter is set to blacklist_rule.
botRulesArrayOptional[ "111111", "222222" ]A list of bot protection rule IDs to exclude from detection. Specify the values in the ["XX1", "XX2",...] format. Configure this parameter only when the tags parameter is set to antibot_scene_rule.
botLablesArrayOptional[ "abc", "cdcc" ]A list of bot protection rule types to exclude from detection. Specify the values in the ["XX1", "XX2",...] format. Configure this parameter only when the tags parameter is set to antibot_scene_label. You can call the DescribeBotRuleLabels operation to query the available rule types.

Configuring regularFields

ParameterTypeRequiredExample valueDescription
keyStringrequiredURLThe field to ignore. Valid values:
- URL-All: all fields of the URI.
- URL: the entire URI.
- URLPath: the URI path.
- Query-All: all query arguments.
- Query-Arg: a specified query argument.
- Cookie-All: all cookies.
- Cookie-Exact: a specified cookie name.
- Header-All: all headers.
- Header: a specified header field.
- Body-All: all arguments in the request body.









subKeyStringoptionalabcThe specific field to ignore. Required if key is URLPath, Query-Arg, Cookie-Exact, or Header.

Example

Custom response rule (custom_response)

Parameters

ParameterTypeRequiredExample valueDescription
responseTypeStringYesresponse_blockThe custom response type. Set this to response_block to block the request.
statusIntegerYes1The status of the defense rule. This parameter is used only when you create a defense rule. To modify the status of an existing rule, use the RuleStatus parameter of the ModifyDefenseRuleStatus operation. Valid values:
- 0: disabled.
- 1 (default): enabled.

configStringYes{"responseCode":400,"responseHeaders":[{"key":"custom","value":"123"},{"key":"aaa","value":"2223"}],"responseContent":"HelloWorld"}The custom configuration, specified as a JSON string. For details, see config parameter details.

Config

ParameterTypeRequiredExampleDescription
responseCodeIntegerrequired400The response code.
responseHeadersArrayoptional[{"key":"custom","value":"123"},{"key":"aaaa","value":"2223"}]A list of custom response headers, formatted as a JSON string. The key is the header field, and the value is the header value.
responseContentStringrequiredhelloworldThe content of the custom response.

Example

{
    "InstanceId": "waf_v2_public_****",
    "TemplateId": 2841,
    "DefenseScene": "custom_response",
    "Rules":"[{\"responseType\":\"response_block\",\"config\":\"{\\\"templateName\\\":\\\"aaa\\\",\\\"responseCode\\\":\\\"400\\\",\\\"responseContent\\\":\\\"helloWorld\\\",\\\"responseHeaders\\\":[{\\\"key\\\":\\\"test1\\\",\\\"value\\\":\\\"abc\\\"}]}\",\"status\":1}]"
}

Region block rule (region_block)

Parameters

ParameterTypeRequiredExample valueDescription
cnRegionListStringOptional610000,230000A comma-separated list of region codes for Chinese mainland regions. Specify ["CN"] to block all Chinese mainland regions (excluding Hong Kong, Macao, and Taiwan). For the definitions of the region codes, see Description of region codes in the Chinese mainland.
abroadRegionListStringOptionalKE,KGA comma-separated list of country and region codes for regions outside the Chinese mainland. Call the DescribeIpAbroadCountryInfos operation to query the supported country and region codes.
statusIntegerRequired1Specifies the status of the protection rule. This parameter applies only when creating a protection rule. To modify the status of an existing protection rule, use the RuleStatus parameter of the ModifyDefenseRuleStatus operation. Valid values:
- 0: Disabled.
- 1 (default): Enabled.

actionStringRequiredblockSpecifies the action to perform. Valid values:
- block: blocks matching requests.
- monitor: monitors matching requests; captcha: performs a CAPTCHA challenge on matching requests; captcha_strict: performs a strict CAPTCHA challenge on matching requests.

actionExternalJSONOptional{"responseRuleId":123444}Specifies the extended configuration for the action. This parameter is available only with the custom response feature. When action is set to block, you can specify a custom block page. When action is set to captcha or captcha_strict, you can specify a custom CAPTCHA page.

Chinese mainland region IDs

{
    "110000": "Beijing",
    "120000": "Tianjin",
    "130000": "Hebei",
    "140000": "Shanxi",
    "150000": "Inner Mongolia",
    "210000": "Liaoning",
    "220000": "Jilin",
    "230000": "Heilongjiang",
    "310000": "Shanghai",
    "320000": "Jiangsu",
    "330000": "Zhejiang",
    "340000": "Anhui",
    "350000": "Fujian",
    "360000": "Jiangxi",
    "370000": "Shandong",
    "410000": "Henan",
    "420000": "Hubei",
    "430000": "Hunan",
    "440000": "Guangdong",
    "450000": "Guangxi",
    "460000": "Hainan",
    "500000": "Chongqing",
    "510000": "Sichuan",
    "520000": "Guizhou",
    "530000": "Yunnan",
    "540000": "Tibet",
    "610000": "Shaanxi",
    "620000": "Gansu",
    "630000": "Qinghai",
    "640000": "Ningxia",
    "650000": "Xinjiang",
    "MO_01": "Macao SAR, China",
    "HK_01": "Hong Kong SAR, China",
    "TW_01": "Taiwan, China",
    "CN": "Mainland China"
}
Example
{
    "InstanceId": "waf_v2_public_****",
    "TemplateId": 2341,
    "DefenseScene": "region_block",
    "Rules": "[{\"cnRegionList\":\"CN,HK_01,TW_01,MO_01\",\"abroadRegionList\":\"AU,NZ\",\"action\":\"block\",\"status\":1}]"
}

Protection rules (CC)

Parameters

ParameterTypeRequiredExampleDescription
modeIntegerYes0The CC protection mode. Valid values:
- 0 (default): normal protection.
- 1: emergency protection.

statusIntegerYes1The protection rule status. Set this parameter only when you create a protection rule. To modify the protection rule status, use the RuleStatus parameter of the ModifyDefenseRuleStatus operation. Valid values:
- 0: disabled.
- 1 (default): enabled.

actionStringNojsThe protection rule action. Valid values:
- js (default): JS challenge.
- monitor: monitor.

Example

{
    "InstanceId": "waf_v2_public_****",
    "TemplateId": 2241,
    "DefenseScene": "cc",
    "Rules":"[{\"mode\":0,\"status\":1,\"action\":\"js\"}]"
}

Website tamper-proofing rule (tamperproof)

Parameters

ParameterTypeRequiredExampleDescription
nameStringYestestThe name of the defense rule. The name must be 1 to 255 characters long and can contain Chinese characters, letters, digits, underscores (_), periods (.), and hyphens (-).
urlStringYes/abcThe URL of the cached page.
uaStringNoappThe user-agent for accessing this path.
protocolStringYeshttpsThe protocol of the cached page URL. Valid values: http and https.
statusIntegerYes1The status of the defense rule. This parameter is for rule creation only. To modify the status, use the RuleStatus parameter of the ModifyDefenseRuleStatus operation. Valid values:
- 0: disabled.
- 1 (default): enabled.

Example

{
    "InstanceId": "waf_v2_public_****",
    "TemplateId": 1241,
    "DefenseScene": "tamperproof",
    "Rules": "[{\"name\":\"test1\",\"url\":\"www.test1.com\",\"ua\":\"firefox\",\"protocol\":\"https\",\"status\":1}]"
}

DLP rules

Parameters

ParameterTypeRequiredExample valueDescription
nameStringRequiredtestThe name of the protection rule. It must be 1 to 255 characters long and can contain Chinese characters, letters, digits, underscores (_), periods (.), and hyphens (-).
conditionsArrayRequired[{"key":"HttpCode","opValue":"contain","values":"400,401,402,403,404,405,500,501,502,503,504,505"},{"key":"URL","opValue":"contain","values":"test"}]The match conditions, specified as a JSON string. You can specify up to two match conditions, which are combined with a logical AND. For details, see Detailed conditions configuration.
statusIntegerRequired1The status of the protection rule. This parameter applies only when creating a protection rule. To modify the status of a protection rule, use the RuleStatus parameter of the ModifyDefenseRuleStatus operation. Valid values:
- 0: Disabled
- 1 (default): Enabled

actionStringRequiredblockThe action to perform when a request matches the rule. Valid values:
- block: Blocks the request. This action is available only if the match conditions include a response code.
- monitor: Monitors the request.
- filter: Filters for sensitive information. This action is available only if a sensitive information match condition is configured.


Condition parameters

ParameterTypeRequiredExampleDescription
keyStringrequiredURLThe match field. Valid values: URL, HttpCode, and SensitiveInfo.
opValueStringrequiredcontainThe logical operator. The value is always contain.
valuesStringrequiredabcThe content to match. Separate multiple values with a comma (,).
For HttpCode, the valid values are: 400, 401, 402, 403, 404, 405 (for the 405–499 range), 500, 501, 502, 503, 504, and 505 (for the 505–599 range).
For SensitiveInfo, the valid values are:
- phone: Phone number.
- card: Credit card.
- id: ID card.
- word: Default sensitive word.





Example

Spike throttle (spike_throttle)

Parameters

ParameterTypeRequiredExampleDescription
nameStringYesiptestThe name of the rate limiting rule. The name must be 1 to 255 characters long and can contain Chinese characters, letters, digits, underscores (_), periods (.), and hyphens (-).
statusIntegerYes1The status of the defense rule. This parameter is for rule creation only. To modify the status of a defense rule, use the RuleStatus parameter of the ModifyDefenseRuleStatus operation. Valid values:
- 0: Disabled.
- 1 (default): Enabled.

actionStringYesblockThe rule action. Valid values:
- block: Blocks matching requests.
- monitor: Monitors matching requests.

actionExternalJSONNo{"responseRuleId":123444}The extended configuration for the rule action. This is used to specify a custom block page when action is set to block.
conditionsArrayYes[{"key":"IP","opValue":"eq","values":"11.XX.XX.1"},{"key":"Header","subKey":"abc","opValue":"contains","values":"test"}]The match conditions for the ACL, specified as a JSON array. You can define up to five match conditions. For detailed configuration, see the conditions description in Defense Rule Parameter Configuration.
cnRegionListStringNo610000,230000The regions in the Chinese mainland to block. To block all regions in the Chinese mainland (excluding Hong Kong, Macao, and Taiwan), specify "CN". Separate multiple region codes with commas (,). For a list of region codes, see Region Codes for the Chinese mainland.
abroadRegionListStringNoKE,KGThe regions outside the Chinese mainland to block. Separate multiple region codes with commas (,). You can call the DescribeIpAbroadCountryInfos operation to query the supported countries and regions.
typeStringYesqpsThe rate limiting mode. Valid values:
- qps: Limits traffic based on queries per second (QPS).
- ratio (default): Limits traffic by percentage.

thresholdIntegerYes500The rate limiting threshold. Its meaning depends on the type parameter:
- If the type is qps: Specifies the QPS threshold. The valid range is 1 to 5,000,000. Requests exceeding this threshold are blocked.
- If the type is ratio: Specifies the percentage of requests to allow. The valid range is 1 to 99. For example, a value of 80 allows 80% of requests.

Region IDs in Chinese mainland

{
    "110000": "Beijing Municipality",
    "120000": "Tianjin Municipality",
    "130000": "Hebei Province",
    "140000": "Shanxi Province",
    "150000": "Inner Mongolia Autonomous Region",
    "210000": "Liaoning Province",
    "220000": "Jilin Province",
    "230000": "Heilongjiang Province",
    "310000": "Shanghai Municipality",
    "320000": "Jiangsu Province",
    "330000": "Zhejiang Province",
    "340000": "Anhui Province",
    "350000": "Fujian Province",
    "360000": "Jiangxi Province",
    "370000": "Shandong Province",
    "410000": "Henan Province",
    "420000": "Hubei Province",
    "430000": "Hunan Province",
    "440000": "Guangdong Province",
    "450000": "Guangxi Zhuang Autonomous Region",
    "460000": "Hainan Province",
    "500000": "Chongqing Municipality",
    "510000": "Sichuan Province",
    "520000": "Guizhou Province",
    "530000": "Yunnan Province",
    "540000": "Tibet Autonomous Region",
    "610000": "Shaanxi Province",
    "620000": "Gansu Province",
    "630000": "Qinghai Province",
    "640000": "Ningxia Hui Autonomous Region",
    "650000": "Xinjiang Uygur Autonomous Region",
    "MO_01": "Macao, China",
    "HK_01": "Hong Kong, China",
    "TW_01": "Taiwan, China",
    "CN": "Chinese mainland",
}
Example
{
    "InstanceId": "waf_v2_public_****",
    "TemplateId": 2341,
    "DefenseScene": "spike_throttle",
    "Rules":"[{\"name\":\"test\",\"action\":\"monitor\",\"conditions\":[{\"key\":\"URL\",\"opValue\":\"contain-one\",\"values\":\"abctest,abctest2\"}],\"status\":1,\"type\":\"qps\",\"threshold\":1000,\"cnRegionList\":\"110000,140000\",\"abroadRegionList\":\"AD,AL\"}]"}
}

Bot management rules (bot_manager)

Parameters

ParameterTypeRequiredExample valueDescription
nameStringRequirediptestThe name of the advanced custom BOT ACL rule. The name must be 1 to 255 characters long and can contain Chinese characters, letters, digits, underscores (_), periods (.), and hyphens (-).
statusIntegerRequired1The rule status. This parameter applies only when you create a rule. To modify the status of an existing rule, use the RuleStatus parameter of the ModifyDefenseRuleStatus operation. Valid values:
- 0: Disabled.
- 1 (default): Enabled.

actionStringRequiredblockThe rule action. Valid values:
- block: Block.
- monitor: Monitor.
- js: JS challenge.
- captcha: CAPTCHA.
- captcha_strict: Strict CAPTCHA.
- upstream_tag: Upstream tagging.
Note Refer to the WAF console for the list of supported actions.






actionExternalJSONOptional{"responseRuleId":123444} or
{"upstreamHeader":{"header":"test","systemKey":["type","id"]}}
A JSON string that contains the extended configuration for the rule action. The JSON string contains the following fields:
- upstreamHeader: The configuration for upstream tagging. This field applies only when action is set to upstream_tag. For more information, see Upstream Tagging upstreamHeader Configuration.
- responseRuleId: The ID of the custom response rule.
If action is block, responseRuleId is the ID of a custom block page rule.
If action is captcha or captcha_strict, responseRuleId is the ID of a custom CAPTCHA page rule.



conditionsArrayRequired[{"key":"IP","opValue":"eq","values":"11.XX.XX.1"},{"key":"Header","subKey":"abc","opValue":"contains","values":"test"}]The match conditions for the ACL rule, specified as a JSON array. You can specify up to 10 match conditions. For more information about the configuration, see the description of conditions in Protection Rule Parameter Configuration.
ccStatusIntegerRequired1Specifies whether the rate limit is enabled. Valid values:
- 0: Disabled.
- 1: Enabled.

ratelimitJSONOptional{"target":"remote_addr","interval":5,"threshold":2,"ttl":1800,"status":{"code":404,"count":2}}A JSON string that contains the detailed configuration for the rate limit. This parameter applies only when ccStatus is set to 1. For more information about the configuration, see the description of ratelimit in Protection Rule Parameter Configuration.
effectStringOptionalruleThe scope of the rate limit. This parameter applies only when ccStatus is set to 1. Valid values:
- service: The rate limit applies to the protected object.
- rule: The rate limit applies to a single rule.

botBehaviorStringOptionalmaliciousThe rule category. Valid values:
- suspicious (default): Suspicious bot.
- malicious: Malicious bot.

grayStatusIntegerOptional1Specifies whether a canary release is enabled. Valid values:
- 0 (default): Disabled.
- 1: Enabled.

grayConfigJSONOptional{"grayTarget":"header","grayRate":80,"graySubKey":"test"}A JSON string that contains the configuration for the canary release. This parameter applies only when grayStatus is set to 1. For more information about the configuration, see the description of grayConfig in Protection Rule Parameter Configuration.
timeConfigJSONOptional{"timeScope":"period","timeZone":8,"timePeriods":[{"start":1758771729787,"end":1758816000000}]}A JSON string that contains the schedule configuration for the rule. For more information about the configuration, see the description of timeConfig in Protection Rule Parameter Configuration.

Back-to-source tagging with upstreamHeader

ParameterTypeRequiredExample valueDescription
headerStringYesabcThe header name for back-to-origin tagging.
systemKeyArrayYes["id","type"]The system fields for back-to-origin tagging. The order of these fields determines the content of the header. Valid values:
- id: The rule ID.
- type: The rule type.
- websdk.umid: The UMID from the web client.
- ssl_client_ja3_fingerprinting_md5: The JA3 fingerprint.
- ssl_client_ja4_fingerprinting_md5: The JA4 fingerprint.
- http2_client_fingerprint_md5: The HTTP/2 fingerprint.
- appsdk.eeid_umid: The device UMID.
- appsdk.eeid_running_frame_magisk: Indicates whether the Magisk framework is used.
- appsdk.eeid_running_frame_frida: Indicates whether Frida injection is present.
- appsdk.eeid_running_frame_fishhook: Indicates whether FishHook injection is present.
- appsdk.eeid_running_frame_edxposed: Indicates whether the EdXposed framework is used.
- appsdk.is_xposed: Indicates whether the Xposed framework is used.
- appsdk.eeid_running_frame_va: Indicates whether the VirtualApp framework is used.
- appsdk.eeid_running_frame_cydia: Indicates whether Cydia is installed.
- appsdk.eeid_is_batch: Indicates whether the device is a device farm device.
- appsdk.eeid_is_root: Indicates whether the device is rooted.
- appsdk.eeid_is_fake: Indicates whether the device is a fake device.
- appsdk.eeid_is_virtual: Indicates whether app cloning or a virtual environment is used.
- appsdk.pkguncrypted: Indicates whether app decryption has occurred.
- appsdk.eeid_is_hook: Indicates whether hooking behavior is present.
- appsdk.eeid_is_debugged: Indicates whether the app is being debugged.
- appsdk.eeid_is_simulator: Indicates whether the device is an emulator.
- appsdk.eeid_is_proxy: Indicates whether a proxy is used.
- appsdk.eeid_is_highrisk: Indicates whether the device is high-risk.
- appsdk.adbstate: Indicates whether ADB is enabled.
- appsdk.eeid_abnormal_time: Indicates whether the device time is abnormal.
- appsdk.eeid_short_uptime: Indicates whether the device uptime is short.
- appsdk.screenon: Indicates whether the screen is on.
- appsdk.collectend: Indicates whether data collection has ended.
- appsdk.pkgreleasemode: Indicates whether the app is in debug mode.
- appsdk.elapsedtime: The elapsed time since boot.
- appsdk.isfront: Indicates whether the app is running in the foreground.
- appsdk.passwordunlock: Indicates whether the device is screen-locked.
- appsdk.fingerprintauth: Indicates whether fingerprint authentication is enabled.
- appsdk.brand: The device brand.
- appsdk.model: The device model.
- appsdk.batterychange: The change in battery level since the last collection.
- appsdk.batterystatus: The battery charging status.
- appsdk.batterylevel: The battery level.
- appsdk.brightness: The screen brightness.
- appsdk.packagesign: The package signature hash.
- appsdk.screenres: The screen resolution.
- appsdk.packagename: The application package name.
- appsdk.platform: The platform.
- appsdk.hookframe: The hooking framework.
-appsdk.version: The APPSDK version.
- appsdk.appname: The application name.
- appsdk.appversion: The application version.
- appsdk.hardware: The hardware name.
- appsdk.timestamp: The data collection timestamp.
- appsdk.devicename: The device name.
- appsdk.product: The product code name.
- appsdk.eeid_running_frame_script: Indicates whether automation accessibility tools are installed.
Note: The fields available for back-to-origin tagging depend on the specific bot feature. For a list of supported fields, see the bot custom rule settings in the WAF console.





















































customValueStringNotestA custom string to include in the header.

Resource-level rules (resource)

When DefenseType is set to resource, the rule configuration is as follows.

Account extraction (account_identifier)

Each protected object can have only one account extraction rule.

Parameters

ParameterTypeRequiredExample valueDescription
accountIdentifiersarrayYes[ { "key": "Header","subKey": "header-test", "decodeType": "jwt", "position": "username", "priority": 1 }, { "key": "Post-Arg", "subKey": "body_test", "decodeType": "plain", "priority": 2 } ]An array of JSON objects that specifies the account identifier configurations. You can provide up to 5 objects. For field descriptions, see the accountIdentifiers data structure.

accountIdentifiers configuration

ParameterTypeRequiredExample valueDescription
keyStringYesQuery-ArgThe location of the field to extract. Valid values: Query-Arg, Cookie-Exact, Post-Arg, and Header.
subKeyStringYesquery-testThe name of the field to extract from the source specified by the key parameter.
decodeTypeStringNojwtThe authentication method. Valid values:
- plain: plaintext.
- basic: Basic authentication.
- jwt: JWT authentication. For JWT authentication, use the position parameter to specify the decoded account field.


priorityIntegerYes1The matching priority of the extraction policy. A traffic request can match at most one policy. Valid values are integers from 0 to 20, where a lower value indicates a higher priority. Priority values must be unique.
positionStringNoaccountThe field in the decoded JWT payload that contains the account identifier. Required for JWT authentication.

Example

{
    "DefenseScene": "account_identifier",
    "Resource": "example.**.com-waf",
    "DefenseType": "resource",
    "InstanceId": "waf_cn****",
    "Rules": "[{\"accountIdentifiers\":[{\"key\":\"Header\",\"subKey\":\"header-test\",\"decodeType\":\"jwt\",\"position\":\"username\",\"priority\":1},{\"key\":\"Post-Arg\",\"subKey\":\"body_test\",\"decodeType\":\"plain\",\"priority\":2}]}]"
}

Custom response rules (custom_response)

You can configure only one custom response rule per protected object. The priority for response pages is as follows: rule level > protected object level > default page.

Parameters

ParameterTypeRequiredExample valueDescription
blockRuleIdLongOptional1123The rule ID for the custom block page that is returned when a protected object triggers a block.
captchaRuleIdLongOptional1123The rule ID for the custom slider page that is returned when a protected object triggers a slider challenge.

Example

{
    "DefenseScene": "custom_response",
    "Resource": "example.**.com-waf",
    "DefenseType": "resource",
    "InstanceId": "waf_cn****",
    "Rules": "[{\"blockRuleId\":900000,\"captchaRuleId\":900001}]"
}

Protected object decoding (waf_codec)

You can configure only one decoding rule per protected object.

Parameters

ParameterTypeRequiredExample valueDescription
codecListArrayYes["comment","space-zip","json","xml","form","multipart","graphql","js-unicode","url","hex","html","php","java","utf7","oct"]Specifies the transformations to enable. Valid values:
- url: URL decoding (Always enabled).
- js-unicode: Unicode decoding (Always enabled).
- oct: OCT decoding (Always enabled).
- hex: hex decoding (Always enabled).
- comment: comment decoding (Always enabled).
- space-zip: space decoding (Always enabled).
- multipart: Multipart parsing.
- json: JSON parsing.
- xml: XML parsing.
- php: PHP deserialization.
- html: HTML entity decoding.
- utf7: UTF-7 decoding.
- base64: Base64 decoding.
- form: Form parsing.
- gzip: Gzip decompression.
- java: Java deserialization.
- graphql: GraphQL parsing.
















Example

{
    "DefenseScene": "waf_codec",
    "Resource": "example.**.com-waf",
    "DefenseType": "resource",
    "InstanceId": "waf_cn****",
    "Rules": "[{\"codecList\":[\"comment\",\"space-zip\",\"json\",\"xml\",\"form\",\"multipart\",\"graphql\",\"js-unicode\",\"url\",\"hex\",\"html\",\"php\",\"java\",\"utf7\",\"gzip\",\"oct\",\"base64\"]}]"
}

Global dimension (global)

When DefenseType is set to global, the rule configuration is as follows.

Custom regular expression rule (regular_custom)

Parameters

ParameterTypeRequiredExample valueDescription
nameStringRequiredruleTestThe name of the custom regular expression rule. The name must be 1 to 255 characters in length and can contain Chinese characters, letters, digits, underscores (_), periods (.), and hyphens (-).
detectTypeStringRequiredsqliThe detection type. Valid values:
- sqli: SQL injection.
- xss: cross-site scripting.
- cmdi: OS command injection.
- expression_injection: expression injection (including EL, SpEL, and OGNL expressions).
- java_deserialization: Java deserialization.
- dot_net_deserialization: .NET deserialization.
- php_deserialization: PHP deserialization.
- code_exec: remote code execution (JNDI/XPATH).
- ssrf: server-side request forgery (SSRF).
- path_traversal: path traversal.
- arbitrary_file_uploading: arbitrary file upload.
- webshell: webshell.
- rfilei: remote file inclusion (RFI).
- lfilei: local file inclusion (LFI).
- protocol_violation: protocol violation.
- scanner_behavior: scanner behavior.
- logic_flaw: logic flaw.
- arbitrary_file_reading: arbitrary file read.
- arbitrary_file_download: arbitrary file download.
- xxe: XML external entity injection (XXE).
- csrf: cross-site request forgery (CSRF).
- crlf: CRLF injection.
- other: other.






















riskLevelStringRequiredstrictThe risk level. Valid values:
- super_strict: super strict.
- strict: strict.
- medium: medium.
- loose: loose.



descriptionStringOptionalRule description.The description of the rule.
conditionArrayRequired[{"key":"IP","opValue":"eq","values":"11.XX.XX.1"},{"key":"Header","subKey":"abc","opValue":"contains","values":"test"}]The match conditions for the rule, specified as a JSON string. You can specify up to five match conditions. For details, see condition details.

Condition configuration

ParameterTypeRequiredValueDescription
keyStringrequiredQuery-ArgThe custom match field. Valid values: File-Name, Url, Raw-Url, Request-Url, Http-Method, Directory, Query, Raw-Header, Body, Extension, Union-Args, All-Data, All-Keys, Multipart-Keys, Multipart-Values, Header-Keys, Header-Values, Post-Arg-Keys, Post-Arg-Values, Query-Arg-Keys, Query-Arg-Values, Cookie-Keys, Cookie-Values, Header, Query-Arg, Post-Arg, and Multipart.
subKeyStringoptionalquery-testThe sub-match field.
Important A sub-match field is supported only when the match field is Header, Query-Arg, Post-Arg, or Multipart.
opValueStringrequiredcontainThe logical operator. Valid values: regex, prefix-match, suffix-match, eq, and contain.
valuesStringrequiredabcThe content to match. Separate multiple values with a comma (,).

Example

{
  "name": "ruleTest",
  "detectType": "sqli",
  "riskLevel": "strict",
  "condition": [{"key": "FileName","opValue": "eq","values": "test"}]
}

Address book (address_book)

Parameters

ParameterTypeRequiredExample valueDescription
nameStringRequiredbookTestThe name of the address book. It must be 1 to 255 characters long and can contain letters, digits, underscores (_), periods (.), and hyphens (-).
valueTypeStringRequiredIPThe type of the address book. Valid values:
- IP: The address book contains IP addresses.
descriptionStringOptionaladdressbookTestThe description of the address book.

Example

{
  "name": "bookTest",
  "valueType": "ip",
  "description": "addressbookTest"
}

Custom response (custom_response)

Parameters

ParameterTypeRequiredExample valueDescription
nameStringRequiredtestThe name of the custom response rule. It must be 1–255 characters long and can contain letters, digits, Chinese characters, underscores (_), periods (.), and hyphens (-).
actionStringRequiredblockThe protection rule action. Valid values:
- block: Blocks the request.
- captcha: Triggers a captcha challenge.

responseCodeIntegerOptional400The response code to return.
- Required for a custom block page.
- Not supported for a custom captcha page, which returns a 200 response code.

responseHeadersArrayOptional[{"key":"custom","value":"123"},{"key":"aaaa","value":"2223"}]A list of custom response headers, specified as a JSON string. In each object, key is the header field and value is the header value.
designTypeStringOptionalcustomThe response configuration type. This parameter is required only when action is set to captcha. Valid values:
- custom: A custom configuration.
- preDefine: A predefined configuration.

responseContentStringOptionalhelloworldThe custom response content. This parameter is required for custom captcha or custom block pages.
preDefineContentArrayOptional[{"language":"cn","title":"test","description":"desc","captchaColor":"#FFFF","showTraceId":false},{"language":"en","title":"titel","description":"desc","captchaColor":"#FFFF","showTraceId":false}]The predefined configuration content. This parameter is required when designType is set to preDefine. For details, see the Detailed predefined configuration section.

Predefined Configuration Details

ParameterTypeRequiredExample valueDescription
languageStringYesenThe language configuration. Valid values:
- en: English.
- cn: Chinese.

iconStringYeshttps://img.alicdn.com/imgextra/i1/O1CN01L12MaQ1ZwfYKk7Yrc_!!6000000003259-2-tps-900-594.pngThe URL of a publicly accessible icon.
titleStringYestest_titleThe custom title for the slider page.
descriptionStringYesFor a better experience, slide to complete the verification before accessing the web page.The custom description for the slider page.
captchaColorStringYes#ff6a00The color of the slider.
showTraceIdbooleanYestrueSpecifies whether to display the Trace ID on the slider page. Valid values:
- true: Displays the Trace ID.
- false: Hides the Trace ID.

Custom block page configuration

{
  "name": "test",
  "action": "block",
  "responseContent": "helloworld",
  "responseCode": 401,
  "responseHeaders": [{"key":"t1","value":"v1"}],
}

Predefined slider page configuration

{
"name": "test",
"designType": "preDefine",
"action": "captcha",
"responseHeaders": [
    {
    "key": "Content-Type",
    "value": "text/html"
    }
],
"preDefineContent": [
    {
    "language": "en",
    "icon": "https://img.alicdn.com/imgextra/i1/O1CN01L12MaQ1ZwfYKk7Yrc_!!6000000003259-2-tps-900-594.png",
    "title": "Access Verification",
    "description": "Slide to complete verification.",
    "captchaColor": "#ff6a00",
    "showTraceId": true
    }
]
}

Response elements

Element

Type

Description

Example

object

The response is an object with the following structure.

RequestId

string

The request ID.

26E46541-7AAB-5565-801D-F14DBDC5****

RuleIds

string

The comma-separated IDs of the created protection rules.

22215,23354,462165

Examples

Success response

JSON format

{
  "RequestId": "26E46541-7AAB-5565-801D-F14DBDC5****",
  "RuleIds": "22215,23354,462165"
}

Error codes

HTTP status code

Error code

Error message

Description

400 Defense.Control.DefenseWhitelistBypassRuleNotExist The whitelist protection rule does not exist. The whitelist protection rule does not exist. Rule ID:%s.
400 Defense.Control.DefenseWhitelistConfigInvalid The whitelist rule is misconfigured. Error configuring whitelist rule: %s.
400 Defense.Control.DefenseBookTypeInvalid The address book type is illegal. The address book type is illegal.
400 Defense.Control.DefenseThreatIntelligenceConfigInvalid Threat Intelligence Rule configuration error. Threat Intelligence Rule configuration error. %s
400 Defense.Control.DefenseIpCountOversize The number of IPs exceeds the limit. The number of IPs exceeds the limit.

See Error Codes for a complete list.

Release notes

See Release Notes for a complete list.