DefenseRule protection rule parameters - WAF OpenAPI-Web Application Firewall(WAF)-阿里云帮助中心

Docs ICP Filing Console

Common OpenAPI parameters for configuring defense rules (DefenseRule) in WAF.

`conditions` parameters

Parameter	Type	Required	Example	Description
key	String	Required	IP	The match field. Valid values: `URL`, `URLPath`, `IP`, `Referer`, `User-Agent`, `Params`, `Cookie`, `Content-Type`, `Content-Length`, `X-Forwarded-For`, `Post-Body`, `Http-Method`, `Header`, `Extension`, `Filename`, `Server-Port`, `Host`, `Cookie-Exact`, `Query-Arg`, and `Post-Arg`. Bot advanced custom rules also support: `Client-ID`, `Ja3-Fingerprint`, `Ja4-Fingerprint`, `Http2-Fingerprint`, `Isp-ID`, `WebSdk`, and `AppSdk`. Important Available match fields vary by WAF edition. Check the supported fields for each rule type in the WAF console.
subKey	String	Optional	abc	The custom sub-field. Note Not all match fields (`key`) support a custom sub-field (`subKey`). Check the supported combinations in the WAF console.
opValue	String	Required	contain	The logical operator. Valid values: `not-contain`: Does not contain. If the `match field` (`key`) is `IP`, this means the IP address is not in the specified list. `contain`: Contains. If the match field (`key`) is `IP`, this means the IP address is in the specified list. `none`: Does not exist. `ne`: Is not equal to. `eq`: Is equal to. `lt`: Is less than. `gt`: Is greater than. `len-lt`: Length is less than. `len-eq`: Length is equal to. `len-gt`: Length is greater than. `not-match`: Does not match. `match-one`: Is equal to one of multiple values. `all-not-match`: Is not equal to any of multiple values. `all-not-contain`: Does not contain any of multiple values. `contain-one`: Contains one of multiple values. `not-regex`: Does not match the regular expression. `regex`: Matches the regular expression. `all-not-regex`: Does not match any of the regular expressions. `regex-one`: Matches one of the regular expressions. `prefix-match`: Matches the prefix. `suffix-match`: Matches the suffix. `empty`: Is empty. `exists`: Exists. `inl`: Is in the list. `in-list`: Is in the address book. `not-in-list`: Is not in the address book. Note Not all logical operators (`opValue`) are available for every match field (`key`). Check the available combinations for each rule type in the WAF console.
values	String	Required	abc	The match content. Separate multiple values with commas (,). Note Valid values for `opValue` and `values` depend on the specified match field (`key`).

`ratelimit` parameters

Parameter	Type	Required	Example	Description
target	String	Required	remote_addr	The statistical object. Valid values: `remote_addr` (Default): An IP address. `cookie.acw_tc`: A session. `header`: A custom header. Specify the header name in `subKey`. `queryarg`: A custom parameter. Specify the parameter name in `subKey`. `cookie`: A custom cookie. Specify the cookie name in `subKey`. `account`: An account. The following values are supported only by Bot advanced custom rules: `postarg`: A custom body parameter. Specify the parameter name in `subKey`. `websdk.umid`: A web UMID. `appsdk.eeid_umid`: An app UMID.
subKey	String	Optional	abc	The key name for the statistical object. Required when `target` is `cookie`, `header`, `queryarg`, or `postarg`.
interval	Integer	Required	60	The statistical period, in seconds. WAF counts requests within this period against the `threshold`. Valid range: 1 to 1,800.
threshold	Integer	Required	200	Maximum requests from a single statistical object to the protected resource within the statistical period.
ttl	Integer	Required	1800	The duration of the action, in seconds. Valid range: 60 to 86,400.
status	JSON	Optional	{"code":404,"count":200}	Rate limiting based on response codes. JSON string with these fields: `code`: Integer, required. The response code to monitor. `count`: Integer, optional. Occurrence threshold — the rule triggers when the response code count exceeds this value. Valid range: 2 to 50,000. Specify either `count` or `ratio`, not both. `ratio`: Integer, optional. Percentage threshold — the rule triggers when the response code percentage exceeds this value. Valid range: 1 to 100. Specify either `count` or `ratio`, not both.
distinctStat	Array	Optional	[{"key":"URL","opValue":"gt","values":"1"}]	The conditions for distinct statistics. Note Supported only for Bot advanced custom rules. Uses the `distinctStat` parameters described below.

`distinctStat` parameters

Parameter	Type	Required	Example	Description
key	String	Required	IP	The match field. Valid values: `URL`, `URLPath`, `IP`, `Cookie-Exact`, `Post-Arg`, `Header`, `Query-Arg`, `Ja3-Fingerprint`, `Ja4-Fingerprint`, `Http2-Fingerprint`, `WebSdk`, and `AppSdk`. Important Available match fields depend on your Bot Management subscription. Check the supported fields in the WAF console.
subKey	String	Optional	abc	The custom sub-field for the distinct statistics condition. Note Not all match fields (`key`) for distinct statistics support a custom sub-field (`subKey`). Check the supported combinations in the WAF console.
opValue	String	Required	Equal	The logical operator. Valid values: `eq`: The count of unique values is equal to the specified value. `lt`: The count of unique values is less than the specified value. `gt`: The count of unique values is greater than the specified value.
value	String	Required	abc	The value to compare with the count of unique values.

`grayConfig` parameters

Parameter	Type	Required	Example	Description
grayTarget	String	Required	remote_addr	The grayscale target. Determines which traffic the rule affects based on the grayscale percentage. Valid values: `remote_addr` (Default): An IP address. `cookie.acw_tc`: A session. `header`: A custom header. Specify the header name in `graySubKey`. `queryarg`: A custom parameter. Specify the parameter name in `graySubKey`. `cookie`: A custom cookie. Specify the cookie name in `graySubKey`. The following values are supported only by Bot advanced custom rules: `websdk.umid`: A web UMID. `appsdk.eeid_umid`: An app UMID.
graySubKey	String	Optional	abc	The key name for the grayscale object. Required when `grayTarget` is `cookie`, `header`, or `queryarg`.
grayRate	Integer	Required	20	The percentage of traffic to which the rule applies. Valid range: 1 to 100.

`timeConfig` parameters

Parameter	Type	Required	Example	Description
timeScope	String	Required	period	The rule effective time. Valid values: `permanent` (Default): The rule is always active. `period`: The rule is active within a specific time range. `cycle`: The rule is active on a recurring schedule.
timeZone	Integer	Required	8	The time zone offset, from -12 to 12. Default: `8` (UTC+8). Examples: `0` = UTC, `-8` = UTC-8.
timePeriods	Array	Optional	[{"start":1758771729787,"end":1758816000000}]	Active time periods for the rule. Required when `timeScope` is `period`. Each period includes: `start`: Long, required. Start time as a Unix timestamp in milliseconds. `end`: Long, required. End time as a Unix timestamp in milliseconds.
weekTimePeriods	Array	Optional	[{"day":"1","dayPeriods":[{"start":0,"end":51644084}]},{"day":"1,2,5","dayPeriods":[{"start":0,"end":42928908}]}]	Recurring schedule for the rule. Required when `timeScope` is `cycle`. Each schedule includes: `day`: String, required. Days of the week (1–7, where 1 = Monday). Separate multiple days with commas (,). `dayPeriods`: Array, required. Time periods within a day. Each period includes `start` and `end` times. `start`: Long, required. Start time in milliseconds from midnight (00:00). Valid range: [0, 86400000). `end`: Long, required. End time in milliseconds from midnight (00:00). Valid range: [0, 86400000).

Previous：Public error codesNext：CLI integration

该文章对您有帮助吗？