ALIYUN::ESA::WafRule类型用于创建WAF规则。
语法
{
"Type": "ALIYUN::ESA::WafRule",
"Properties": {
"Phase": String,
"SiteId": Integer,
"Config": Map,
"RulesetId": Integer,
"Shared": Map,
"SiteVersion": Integer
}
}属性
|
属性名称 |
类型 |
必须 |
允许更新 |
描述 |
约束 |
|
Phase |
String |
是 |
是 |
网站版本。 |
无 |
|
SiteId |
Integer |
是 |
否 |
网站ID。 |
无 |
|
Config |
Map |
否 |
是 |
规则配置。 |
更多信息,请参考Config属性。 |
|
RulesetId |
Integer |
否 |
是 |
WAF规则集ID。 |
无 |
|
Shared |
Map |
否 |
否 |
多个规则共享的配置。 |
更多信息,请参考Shared属性。 |
|
SiteVersion |
Integer |
否 |
否 |
网站ID。 |
无 |
Config语法
"Config": {
"Status": String,
"Action": String,
"Actions": Map,
"ManagedList": String,
"ManagedRulesets": List,
"Sigchl": List,
"Name": String,
"AppSdk": Map,
"RateLimit": Map,
"Type": String,
"AppPackage": Map,
"ManagedGroupId": Integer,
"Timer": Map,
"Expression": String,
"SecurityLevel": Map,
"Value": String,
"Id": Integer,
"Notes": String
}Config属性
|
属性名称 |
类型 |
必须 |
允许更新 |
描述 |
约束 |
|
Action |
String |
否 |
是 |
执行动作。 |
无 |
|
Actions |
Map |
否 |
是 |
扩展动作。 |
更多信息,请参考Actions属性。 |
|
AppPackage |
Map |
否 |
是 |
二次打包检测。 |
更多信息,请参考AppPackage属性。 |
|
AppSdk |
Map |
否 |
是 |
App SDK。 |
更多信息,请参考AppSdk属性。 |
|
Expression |
String |
否 |
是 |
表达式。 |
无 |
|
Id |
Integer |
否 |
否 |
规则ID。 |
无 |
|
ManagedGroupId |
Integer |
否 |
是 |
托管规则组ID。 |
无 |
|
ManagedList |
String |
否 |
是 |
名称列表。 |
无 |
|
ManagedRulesets |
List |
否 |
是 |
托管规则集列表。 |
更多信息,请参考ManagedRulesets属性。 |
|
Name |
String |
否 |
是 |
规则名称。 |
无 |
|
Notes |
String |
否 |
是 |
备注。 |
无 |
|
RateLimit |
Map |
否 |
是 |
频率控制。 |
更多信息,请参考RateLimit属性。 |
|
SecurityLevel |
Map |
否 |
是 |
安全级别。 |
更多信息,请参考SecurityLevel属性。 |
|
Sigchl |
List |
否 |
是 |
令牌校验。 |
无 |
|
Status |
String |
否 |
是 |
规则状态。 |
无 |
|
Timer |
Map |
否 |
是 |
定时器。 |
更多信息,请参考Timer属性。 |
|
Type |
String |
否 |
是 |
规则类型。 |
无 |
|
Value |
String |
否 |
是 |
IP访问控制值。 |
无 |
Actions语法
"Actions": {
"Response": Map
}Actions属性
|
属性名称 |
类型 |
必须 |
允许更新 |
描述 |
约束 |
|
Response |
Map |
否 |
否 |
自定义响应。 |
更多信息,请参考Response属性。 |
Response语法
"Response": {
"Id": Integer,
"Code": Integer
}Response属性
|
属性名称 |
类型 |
必须 |
允许更新 |
描述 |
约束 |
|
Code |
Integer |
否 |
否 |
自定义响应码。 |
无 |
|
Id |
Integer |
否 |
否 |
自定义响应页面ID。 |
无 |
Bypass语法
"Bypass": {
"Skip": String,
"RegularRules": List,
"CustomRules": List,
"RegularTypes": List,
"Tags": List
}Bypass属性
|
属性名称 |
类型 |
必须 |
允许更新 |
描述 |
约束 |
|
CustomRules |
List |
否 |
是 |
自定义规则ID列表。 |
无 |
|
RegularRules |
List |
否 |
是 |
托管规则ID列表。 |
无 |
|
RegularTypes |
List |
否 |
是 |
托管规则类型列表。 |
无 |
|
Skip |
String |
否 |
是 |
跳过模块类型。 |
无 |
|
Tags |
List |
否 |
是 |
跳过模块列表。 |
无 |
ManagedRulesets语法
"ManagedRulesets": [
{
"ProtectionLevel": Integer,
"Action": String,
"ManagedRules": List,
"AttackType": Integer,
"NumberTotal": Integer,
"NumberEnabled": Integer
}
]ManagedRulesets属性
|
属性名称 |
类型 |
必须 |
允许更新 |
描述 |
约束 |
|
Action |
String |
否 |
是 |
执行动作。 |
无 |
|
AttackType |
Integer |
否 |
是 |
攻击类型。 |
无 |
|
ManagedRules |
List |
否 |
是 |
托管规则列表。 |
更多信息,请参考ManagedRules属性。 |
|
NumberEnabled |
Integer |
否 |
否 |
已开启规则数量。 |
无 |
|
NumberTotal |
Integer |
否 |
否 |
规则总数。 |
无 |
|
ProtectionLevel |
Integer |
否 |
是 |
防护级别。 |
无 |
ManagedRules语法
"ManagedRules": [
{
"Status": String,
"Action": String,
"Id": Integer
}
]ManagedRules属性
|
属性名称 |
类型 |
必须 |
允许更新 |
描述 |
约束 |
|
Action |
String |
否 |
是 |
托管规则动作。 |
无 |
|
Id |
Integer |
否 |
是 |
托管规则ID。 |
无 |
|
Status |
String |
否 |
是 |
托管规则状态。 |
无 |
AppSdk语法
"AppSdk": {
"CustomSign": Map,
"CustomSignStatus": String,
"FeatureAbnormal": List
}AppSdk属性
|
属性名称 |
类型 |
必须 |
允许更新 |
描述 |
约束 |
|
CustomSign |
Map |
否 |
是 |
自定义标签字段。 |
更多信息,请参考CustomSign属性。 |
|
CustomSignStatus |
String |
否 |
是 |
自定义标签字段开关。 |
无 |
|
FeatureAbnormal |
List |
否 |
是 |
特征异常。 |
无 |
CustomSign语法
"CustomSign": {
"Value": String,
"Key": String
}CustomSign属性
|
属性名称 |
类型 |
必须 |
允许更新 |
描述 |
约束 |
|
Key |
String |
否 |
是 |
字段名称。 |
无 |
|
Value |
String |
否 |
是 |
字段值。 |
无 |
RateLimit语法
"RateLimit": {
"Characteristics": Map,
"OnHit": Boolean,
"Ttl": Integer,
"Threshold": Map,
"Interval": Integer
}RateLimit属性
|
属性名称 |
类型 |
必须 |
允许更新 |
描述 |
约束 |
|
Characteristics |
Map |
否 |
是 |
统计对象。 |
更多信息,请参考Characteristics属性。 |
|
Interval |
Integer |
否 |
是 |
统计时长。 |
无 |
|
OnHit |
Boolean |
否 |
是 |
应用于命中缓存的请求。 |
无 |
|
Threshold |
Map |
否 |
是 |
阈值。 |
更多信息,请参考Threshold属性。 |
|
Ttl |
Integer |
否 |
是 |
超时时间。 |
无 |
Characteristics语法
"Characteristics": {
"Criteria": List,
"Logic": String
}Characteristics属性
|
属性名称 |
类型 |
必须 |
允许更新 |
描述 |
约束 |
|
Criteria |
List |
否 |
是 |
逻辑列表。 |
更多信息,请参考Criteria属性。 |
|
Logic |
String |
否 |
是 |
逻辑关系。 |
无 |
Criteria语法
"Criteria": [
{
"MatchType": String
}
]Criteria属性
|
属性名称 |
类型 |
必须 |
允许更新 |
描述 |
约束 |
|
MatchType |
String |
否 |
否 |
匹配域。 |
无 |
Threshold语法
"Threshold": {
"DistinctManagedRules": Integer,
"ManagedRulesBlocked": Integer,
"ResponseStatus": Map,
"Traffic": String,
"Request": Integer
}Threshold属性
|
属性名称 |
类型 |
必须 |
允许更新 |
描述 |
约束 |
|
DistinctManagedRules |
Integer |
否 |
是 |
不同托管规则阈值。 |
无 |
|
ManagedRulesBlocked |
Integer |
否 |
是 |
托管规则命中阈值。 |
无 |
|
Request |
Integer |
否 |
是 |
请求阈值。 |
无 |
|
ResponseStatus |
Map |
否 |
是 |
响应码阈值。 |
更多信息,请参考ResponseStatus属性。 |
|
Traffic |
String |
否 |
是 |
流量阈值。 |
无 |
ResponseStatus语法
"ResponseStatus": {
"Ratio": Integer,
"Count": Integer,
"Code": Integer
}ResponseStatus属性
|
属性名称 |
类型 |
必须 |
允许更新 |
描述 |
约束 |
|
Code |
Integer |
否 |
是 |
HTTP响应码。 |
无 |
|
Count |
Integer |
否 |
是 |
响应码次数阈值。 |
无 |
|
Ratio |
Integer |
否 |
是 |
响应码百分比。 |
无 |
AppPackage语法
"AppPackage": {
"PackageSigns": List
}AppPackage属性
|
属性名称 |
类型 |
必须 |
允许更新 |
描述 |
约束 |
|
PackageSigns |
List |
否 |
是 |
二次打包检测。 |
更多信息,请参考PackageSigns属性。 |
PackageSigns语法
"PackageSigns": [
{
"Sign": String,
"Name": String
}
]PackageSigns属性
|
属性名称 |
类型 |
必须 |
允许更新 |
描述 |
约束 |
|
Name |
String |
否 |
是 |
指定合法的包名。 |
无 |
|
Sign |
String |
否 |
是 |
包签名。 |
无 |
Timer语法
"Timer": {
"Periods": List,
"Scopes": String,
"Zone": Integer,
"WeeklyPeriods": List
}Timer属性
|
属性名称 |
类型 |
必须 |
允许更新 |
描述 |
约束 |
|
Periods |
List |
否 |
是 |
生效时间段。 |
更多信息,请参考Periods属性。 |
|
Scopes |
String |
否 |
是 |
定时类型。 |
取值:
|
|
WeeklyPeriods |
List |
否 |
是 |
每周生效时间段。 |
更多信息,请参考WeeklyPeriods属性。 |
|
Zone |
Integer |
否 |
是 |
时区。 |
如果不指定,默认值为UTC+00:00。 |
Periods语法
"Periods": [{
"Start": String,
"End": String
}]Periods属性
|
属性名称 |
类型 |
必须 |
允许更新 |
描述 |
约束 |
|
End |
String |
否 |
是 |
结束时间。 |
为RFC3339格式的UTC时间。 |
|
Start |
String |
否 |
是 |
开始时间, |
为RFC3339格式的UTC时间。 |
WeeklyPeriods语法
"WeeklyPeriods": [{
"Days": String,
"DailyPeriods": List
}]WeeklyPeriods属性
|
属性名称 |
类型 |
必须 |
允许更新 |
描述 |
约束 |
|
DailyPeriods |
List |
否 |
是 |
周期内的生效时间。 |
更多信息,请参考DailyPeriods属性。 |
|
Days |
String |
否 |
是 |
周期。 |
多个值用逗号分隔,1-7分别表示周一到周日。 |
DailyPeriods语法
"DailyPeriods": [{
"Start": String,
"End": String
}]DailyPeriods属性
|
属性名称 |
类型 |
必须 |
允许更新 |
描述 |
约束 |
|
End |
String |
否 |
是 |
结束时间。 |
格式为HH:mm:ss。 |
|
Start |
String |
否 |
是 |
开始时间。 |
格式为HH:mm:ss。 |
SecurityLevel语法
"SecurityLevel": {
"Value": String
}SecurityLevel属性
|
属性名称 |
类型 |
必须 |
允许更新 |
描述 |
约束 |
|
Value |
String |
否 |
是 |
安全级别值。 |
无 |
Shared语法
"Shared": {
"Target": String,
"Action": String,
"Actions": Map,
"Expression": String,
"Mode": String,
"CrossSiteId": Integer,
"Match": Map,
"Name": String
}Shared属性
|
属性名称 |
类型 |
必须 |
允许更新 |
描述 |
约束 |
|
Action |
String |
否 |
否 |
动作。 |
无 |
|
Actions |
Map |
否 |
否 |
动作扩展。 |
更多信息,请参考Actions属性。 |
|
CrossSiteId |
Integer |
否 |
否 |
指定跨域站点ID。 |
无 |
|
Expression |
String |
否 |
否 |
表达式。 |
无 |
|
Match |
Map |
否 |
否 |
匹配引擎。 |
更多信息,请参考Match属性。 |
|
Mode |
String |
否 |
否 |
Web SDK集成模式。 |
取值:
|
|
Name |
String |
否 |
否 |
规则集名称。 |
无 |
|
Target |
String |
否 |
否 |
防护目标类型。 |
取值:
|
Match语法
"Match": {
"MatchType": String,
"Criteria": List,
"Logic": String
}Match属性
|
属性名称 |
类型 |
必须 |
允许更新 |
描述 |
约束 |
|
Criteria |
List |
否 |
否 |
逻辑列表。 |
无 |
|
Logic |
String |
否 |
否 |
逻辑关系。 |
无 |
|
MatchType |
String |
否 |
否 |
匹配域。 |
无 |
返回值
Fn::GetAtt
-
RulesetId:WAF规则集ID。
-
Phase:网站版本。
-
WafRuleId:Waf规则ID。
-
Config:规则配置。
-
UpdateTime:规则最后修改时间。
示例
ROSTemplateFormatVersion: '2015-09-01'
Parameters:
SiteVersion:
Type: Number
Description:
en: The website ID, which can be obtained by calling the [ListSites](https://www.alibabacloud.com/help/en/doc-detail/2850189.html) operation.
Default: Null
Required: false
RulesetId:
Type: Number
Description:
en: The ID of the WAF ruleset, which can be obtained by calling the [ListWafRulesets](https://www.alibabacloud.com/help/en/doc-detail/2850233.html) operation.
Default: Null
Required: false
SiteId:
Type: Number
Description:
en: The website ID, which can be obtained by calling the [ListSites](https://www.alibabacloud.com/help/en/doc-detail/2850189.html) operation.
Required: true
Phase:
Type: String
Description:
en: The version of the website.
Required: true
Shared:
Description:
en: The configurations shared by multiple rules.
Required: false
Default: Null
Type: Json
AssociationPropertyMetadata:
Parameters:
Target:
Type: String
Description:
en: 'Protection target type: web/app.'
AllowedValues:
- web
- app
Default: Null
Required: false
Actions:
Description:
en: Action Extension.
Required: false
Default: Null
Type: Json
AssociationPropertyMetadata:
Parameters:
Response:
Description:
en: Custom Response.
Required: false
Default: Null
Type: Json
AssociationPropertyMetadata:
Parameters:
Code:
Type: Number
Description:
en: Custom Response Codes.
Default: Null
Required: false
Id:
Type: Number
Description:
en: Custom response page id.
Default: Null
Required: false
CrossSiteId:
Type: Number
Description:
en: Specify the cross-domain site id.
Default: Null
Required: false
Mode:
Type: String
Description:
en: |-
Web sdk integration mode:
- `automatic`
- `manual`.
AllowedValues:
- automatic
- manual
Default: Null
Required: false
Action:
Type: String
Description:
en: Action.
Default: Null
Required: false
Expression:
Type: String
Description:
en: Expression.
Default: Null
Required: false
Match:
Description:
en: Matching Engine.
Required: false
Default: Null
Type: Json
AssociationPropertyMetadata:
Parameters:
MatchType:
Type: String
Description:
en: Match Domain.
Default: Null
Required: false
Logic:
Type: String
Description:
en: Logical relationship.
Default: Null
Required: false
Criteria:
Description:
en: Logical List.
Required: false
Default: Null
Type: Json
AssociationProperty: List[Parameter]
AssociationPropertyMetadata:
Parameter:
Description:
en: Logical List.
Required: false
Default: Null
Type: Json
AssociationPropertyMetadata:
Parameters:
MatchType:
Type: String
Description:
en: Match Domain.
Default: Null
Required: false
Logic:
Type: String
Description:
en: Logical relationship.
Default: Null
Required: false
Criteria:
Description:
en: Logical List.
Required: false
Default: Null
Type: Json
AssociationProperty: List[Parameter]
AssociationPropertyMetadata:
Parameter:
Description:
en: Logical List.
Required: false
Default: Null
Type: Json
AssociationPropertyMetadata:
Parameters:
MatchType:
Type: String
Description:
en: Match Domain.
Default: Null
Required: false
Logic:
Type: String
Description:
en: Logical relationship.
Default: Null
Required: false
Criteria:
Description:
en: Logical List.
Required: false
Default: Null
Type: Json
AssociationProperty: List[Parameters]
AssociationPropertyMetadata:
Parameters:
MatchType:
Type: String
Description:
en: Match Domain.
Default: Null
Required: false
Name:
Type: String
Description:
en: Rule Set Name.
Default: Null
Required: false
Config:
Description:
en: The configuration of the rule.
Required: false
Default: Null
Type: Json
AssociationPropertyMetadata:
Parameters:
Status:
Type: String
Description:
en: Rule Status.
Default: Null
Required: false
ManagedGroupId:
Type: Number
Description:
en: Managed rule Group id.
Default: Null
Required: false
Type:
Type: String
Description:
en: Rule Type.
Default: Null
Required: false
Sigchl:
Description:
en: Token check.
Required: false
Default: Null
Type: Json
AssociationProperty: List[Parameter]
AssociationPropertyMetadata:
Parameter:
Type: String
Description:
en: Token check.
Default: Null
Required: false
Name:
Type: String
Description:
en: Rule Name.
Default: Null
Required: false
SecurityLevel:
Description:
en: Security Level.
Required: false
Default: Null
Type: Json
AssociationPropertyMetadata:
Parameters:
Value:
Type: String
Description:
en: Value of security level.
Default: Null
Required: false
ManagedRulesets:
Description:
en: Managed Rule Set List.
Required: false
Default: Null
Type: Json
AssociationProperty: List[Parameter]
AssociationPropertyMetadata:
Parameter:
Description:
en: Managed Rule Set List.
Required: false
Default: Null
Type: Json
AssociationPropertyMetadata:
Parameters:
NumberTotal:
Type: Number
Description:
en: Total number of rules.
Default: Null
Required: false
ProtectionLevel:
Type: Number
Description:
en: Protection level.
Default: Null
Required: false
ManagedRules:
Description:
en: Managed Rule List.
Required: false
Default: Null
Type: Json
AssociationProperty: List[Parameters]
AssociationPropertyMetadata:
Parameters:
Status:
Type: String
Description:
en: Managed Rule Status.
Default: Null
Required: false
Action:
Type: String
Description:
en: Managed Rule Action.
Default: Null
Required: false
Id:
Type: Number
Description:
en: Managed rule ID.
Default: Null
Required: false
NumberEnabled:
Type: Number
Description:
en: Number of rules opened.
Default: Null
Required: false
AttackType:
Type: Number
Description:
en: Attack Type.
Default: Null
Required: false
Action:
Type: String
Description:
en: Execute Action.
Default: Null
Required: false
Notes:
Type: String
Description:
en: Remarks.
Default: Null
Required: false
Value:
Type: String
Description:
en: IP access control value.
Default: Null
Required: false
Actions:
Description:
en: Extended Action.
Required: false
Default: Null
Type: Json
AssociationPropertyMetadata:
Parameters:
Response:
Description:
en: Customize Response Page.
Required: false
Default: Null
Type: Json
AssociationPropertyMetadata:
Parameters:
Code:
Type: Number
Description:
en: Custom Response Codes.
Default: Null
Required: false
Id:
Type: Number
Description:
en: Custom response page ID.
Default: Null
Required: false
Bypass:
Description:
en: Skip Module.
Required: false
Default: Null
Type: Json
AssociationPropertyMetadata:
Parameters:
Skip:
Type: String
Description:
en: Skip module type.
Default: Null
Required: false
Tags:
Description:
en: Skip Module List.
Required: false
Default: Null
Type: Json
AssociationProperty: List[Parameter]
AssociationPropertyMetadata:
Parameter:
Type: String
Description:
en: Skip Module List.
Default: Null
Required: false
ListMetadata:
Order:
- Key
- Value
RegularTypes:
Description:
en: Managed rule type list.
Required: false
Default: Null
Type: Json
AssociationProperty: List[Parameter]
AssociationPropertyMetadata:
Parameter:
Type: String
Description:
en: Managed rule type list.
Default: Null
Required: false
RegularRules:
Description:
en: Managed rule id list.
Required: false
Default: Null
Type: Json
AssociationProperty: List[Parameter]
AssociationPropertyMetadata:
Parameter:
Type: Number
Description:
en: Managed rule id list.
Default: Null
Required: false
CustomRules:
Description:
en: Custom rule id list.
Required: false
Default: Null
Type: Json
AssociationProperty: List[Parameter]
AssociationPropertyMetadata:
Parameter:
Type: Number
Description:
en: Custom rule id list.
Default: Null
Required: false
RateLimit:
Description:
en: Frequency Control.
Required: false
Default: Null
Type: Json
AssociationPropertyMetadata:
Parameters:
Threshold:
Description:
en: Threshold.
Required: false
Default: Null
Type: Json
AssociationPropertyMetadata:
Parameters:
DistinctManagedRules:
Type: Number
Description:
en: Different Managed Rules Threshold.
Default: Null
Required: false
Request:
Type: Number
Description:
en: Request Threshold.
Default: Null
Required: false
Traffic:
Type: String
Description:
en: Flow Threshold.
Default: Null
Required: false
ResponseStatus:
Description:
en: Response Code Threshold.
Required: false
Default: Null
Type: Json
AssociationPropertyMetadata:
Parameters:
Count:
Type: Number
Description:
en: Response code times threshold.
Default: Null
Required: false
Code:
Type: Number
Description:
en: HTTP response code.
Default: Null
Required: false
Ratio:
Type: Number
Description:
en: Percentage of response code.
Default: Null
Required: false
ManagedRulesBlocked:
Type: Number
Description:
en: Managed Rule Hit Threshold.
Default: Null
Required: false
Characteristics:
Description:
en: Statistical object.
Required: false
Default: Null
Type: Json
AssociationPropertyMetadata:
Parameters:
Logic:
Type: String
Description:
en: Logical relationship.
Default: Null
Required: false
Criteria:
Description:
en: Logical List.
Required: false
Default: Null
Type: Json
AssociationProperty: List[Parameter]
AssociationPropertyMetadata:
Parameter:
Description:
en: Logical List.
Required: false
Default: Null
Type: Json
AssociationPropertyMetadata:
Parameters:
MatchType:
Type: String
Description:
en: Match Domain.
Default: Null
Required: false
Logic:
Type: String
Description:
en: Logical relationship.
Default: Null
Required: false
Criteria:
Description:
en: Logical List.
Required: false
Default: Null
Type: Json
AssociationProperty: List[Parameter]
AssociationPropertyMetadata:
Parameter:
Description:
en: Logical List.
Required: false
Default: Null
Type: Json
AssociationPropertyMetadata:
Parameters:
MatchType:
Type: String
Description:
en: Match Domain.
Default: Null
Required: false
Logic:
Type: String
Description:
en: Logical relationship.
Default: Null
Required: false
Criteria:
Description:
en: Logical List.
Required: false
Default: Null
Type: Json
AssociationProperty: List[Parameters]
AssociationPropertyMetadata:
Parameters:
MatchType:
Type: String
Description:
en: Match Domain.
Default: Null
Required: false
Interval:
Type: Number
Description:
en: Statistical Duration.
Default: Null
Required: false
Ttl:
Type: Number
Description:
en: Timeout.
Default: Null
Required: false
OnHit:
Type: Boolean
Description:
en: Apply on requests that hit the cache.
Default: Null
Required: false
Expression:
Type: String
Description:
en: Expression.
Default: Null
Required: false
Timer:
Description:
en: Timer.
Required: false
Default: Null
Type: Json
AssociationPropertyMetadata:
Parameters:
Scopes:
Type: String
Description:
en: |-
Timing type:
- `permanent`
- `periods`
- `weekly`.
AllowedValues:
- permanent
- periods
- weekly
Default: Null
Required: false
WeeklyPeriods:
Description:
en: Weekly effective time period.
Required: false
Default: Null
Type: Json
AssociationProperty: List[Parameter]
AssociationPropertyMetadata:
Parameter:
Description:
en: Weekly effective time period.
Required: false
Default: Null
Type: Json
AssociationPropertyMetadata:
Parameters:
Days:
Type: String
Description:
en: 'Cycle, multiple use comma separated, 1-7 respectively represent Monday-Sunday. <br> Example: Monday, Wednesday value is "1,3".'
Default: Null
Required: false
DailyPeriods:
Description:
en: Effective time in the cycle.
Required: false
Default: Null
Type: Json
AssociationProperty: List[Parameters]
AssociationPropertyMetadata:
Parameters:
Start:
Type: String
Description:
en: Start time in HH:mm:ss format.
Default: Null
Required: false
End:
Type: String
Description:
en: End time in HH:mm:ss format.
Default: Null
Required: false
Periods:
Description:
en: Effective time period.
Required: false
Default: Null
Type: Json
AssociationProperty: List[Parameters]
AssociationPropertyMetadata:
Parameters:
Start:
Type: String
Description:
en: Start time, value is UTC time in RFC3339 format.
Default: Null
Required: false
End:
Type: String
Description:
en: The end time, which is a UTC time in RFC3339 format.
Default: Null
Required: false
Zone:
Type: Number
Description:
en: 'The time zone. If it is not specified, the default value is UTC +00:00. <br> Example: 8 means East Zone 8,-8 means West Zone 8 <br> Range:-12 -+14.'
Default: Null
Required: false
AppPackage:
Description:
en: Secondary packaging inspection.
Required: false
Default: Null
Type: Json
AssociationPropertyMetadata:
Parameters:
PackageSigns:
Description:
en: Secondary packaging inspection.
Required: false
Default: Null
Type: Json
AssociationProperty: List[Parameters]
AssociationPropertyMetadata:
Parameters:
Name:
Type: String
Description:
en: Specify a legal package name.
Default: Null
Required: false
Sign:
Type: String
Description:
en: Package Signing.
Default: Null
Required: false
Action:
Type: String
Description:
en: Execute Action.
Default: Null
Required: false
AppSdk:
Description:
en: App sdk.
Required: false
Default: Null
Type: Json
AssociationPropertyMetadata:
Parameters:
CustomSign:
Description:
en: Custom Tab Fields.
Required: false
Default: Null
Type: Json
AssociationPropertyMetadata:
Parameters:
Key:
Type: String
Description:
en: Field Name.
Default: Null
Required: false
Value:
Type: String
Description:
en: Field Value.
Default: Null
Required: false
CustomSignStatus:
Type: String
Description:
en: Custom Tab Field Switch.
Default: Null
Required: false
FeatureAbnormal:
Description:
en: Characteristic anomaly.
Required: false
Default: Null
Type: Json
AssociationProperty: List[Parameter]
AssociationPropertyMetadata:
Parameter:
Type: String
Description:
en: Characteristic anomaly.
Default: Null
Required: false
ManagedList:
Type: String
Description:
en: List of names.
Default: Null
Required: false
Id:
Type: Number
Description:
en: Rule id.
Default: Null
Required: false
Resources:
ExtensionResource:
Type: ALIYUN::ESA::WafRule
Properties:
SiteVersion:
Ref: SiteVersion
RulesetId:
Ref: RulesetId
SiteId:
Ref: SiteId
Phase:
Ref: Phase
Shared:
Ref: Shared
Config:
Ref: Config
Outputs:
Phase:
Value:
Fn::GetAtt:
- ExtensionResource
- Phase
Description: The version of the website.
RulesetId:
Value:
Fn::GetAtt:
- ExtensionResource
- RulesetId
Description: The ID of the WAF ruleset, which can be obtained by calling the [ListWafRulesets](https://www.alibabacloud.com/help/en/doc-detail/2850233.html) operation.
UpdateTime:
Value:
Fn::GetAtt:
- ExtensionResource
- UpdateTime
Description: The time when the rule was last modified.
Config:
Value:
Fn::GetAtt:
- ExtensionResource
- Config
Description: The configuration of the rule.
WafRuleId:
Value:
Fn::GetAtt:
- ExtensionResource
- WafRuleId
Description: WafRule Id.
{
"ROSTemplateFormatVersion": "2015-09-01",
"Parameters": {
"SiteVersion": {
"Type": "Number",
"Description": {
"en": "The website ID, which can be obtained by calling the [ListSites](https://www.alibabacloud.com/help/en/doc-detail/2850189.html) operation."
},
"Default": null,
"Required": false
},
"RulesetId": {
"Type": "Number",
"Description": {
"en": "The ID of the WAF ruleset, which can be obtained by calling the [ListWafRulesets](https://www.alibabacloud.com/help/en/doc-detail/2850233.html) operation."
},
"Default": null,
"Required": false
},
"SiteId": {
"Type": "Number",
"Description": {
"en": "The website ID, which can be obtained by calling the [ListSites](https://www.alibabacloud.com/help/en/doc-detail/2850189.html) operation."
},
"Required": true
},
"Phase": {
"Type": "String",
"Description": {
"en": "The version of the website."
},
"Required": true
},
"Shared": {
"Description": {
"en": "The configurations shared by multiple rules."
},
"Required": false,
"Default": null,
"Type": "Json",
"AssociationPropertyMetadata": {
"Parameters": {
"Target": {
"Type": "String",
"Description": {
"en": "Protection target type: web/app."
},
"AllowedValues": [
"web",
"app"
],
"Default": null,
"Required": false
},
"Actions": {
"Description": {
"en": "Action Extension."
},
"Required": false,
"Default": null,
"Type": "Json",
"AssociationPropertyMetadata": {
"Parameters": {
"Response": {
"Description": {
"en": "Custom Response."
},
"Required": false,
"Default": null,
"Type": "Json",
"AssociationPropertyMetadata": {
"Parameters": {
"Code": {
"Type": "Number",
"Description": {
"en": "Custom Response Codes."
},
"Default": null,
"Required": false
},
"Id": {
"Type": "Number",
"Description": {
"en": "Custom response page id."
},
"Default": null,
"Required": false
}
}
}
}
}
}
},
"CrossSiteId": {
"Type": "Number",
"Description": {
"en": "Specify the cross-domain site id."
},
"Default": null,
"Required": false
},
"Mode": {
"Type": "String",
"Description": {
"en": "Web sdk integration mode:\n- `automatic`\n- `manual`."
},
"AllowedValues": [
"automatic",
"manual"
],
"Default": null,
"Required": false
},
"Action": {
"Type": "String",
"Description": {
"en": "Action."
},
"Default": null,
"Required": false
},
"Expression": {
"Type": "String",
"Description": {
"en": "Expression."
},
"Default": null,
"Required": false
},
"Match": {
"Description": {
"en": "Matching Engine."
},
"Required": false,
"Default": null,
"Type": "Json",
"AssociationPropertyMetadata": {
"Parameters": {
"MatchType": {
"Type": "String",
"Description": {
"en": "Match Domain."
},
"Default": null,
"Required": false
},
"Logic": {
"Type": "String",
"Description": {
"en": "Logical relationship."
},
"Default": null,
"Required": false
},
"Criteria": {
"Description": {
"en": "Logical List."
},
"Required": false,
"Default": null,
"Type": "Json",
"AssociationProperty": "List[Parameter]",
"AssociationPropertyMetadata": {
"Parameter": {
"Description": {
"en": "Logical List."
},
"Required": false,
"Default": null,
"Type": "Json",
"AssociationPropertyMetadata": {
"Parameters": {
"MatchType": {
"Type": "String",
"Description": {
"en": "Match Domain."
},
"Default": null,
"Required": false
},
"Logic": {
"Type": "String",
"Description": {
"en": "Logical relationship."
},
"Default": null,
"Required": false
},
"Criteria": {
"Description": {
"en": "Logical List."
},
"Required": false,
"Default": null,
"Type": "Json",
"AssociationProperty": "List[Parameter]",
"AssociationPropertyMetadata": {
"Parameter": {
"Description": {
"en": "Logical List."
},
"Required": false,
"Default": null,
"Type": "Json",
"AssociationPropertyMetadata": {
"Parameters": {
"MatchType": {
"Type": "String",
"Description": {
"en": "Match Domain."
},
"Default": null,
"Required": false
},
"Logic": {
"Type": "String",
"Description": {
"en": "Logical relationship."
},
"Default": null,
"Required": false
},
"Criteria": {
"Description": {
"en": "Logical List."
},
"Required": false,
"Default": null,
"Type": "Json",
"AssociationProperty": "List[Parameters]",
"AssociationPropertyMetadata": {
"Parameters": {
"MatchType": {
"Type": "String",
"Description": {
"en": "Match Domain."
},
"Default": null,
"Required": false
}
}
}
}
}
}
}
}
}
}
}
}
}
}
}
}
},
"Name": {
"Type": "String",
"Description": {
"en": "Rule Set Name."
},
"Default": null,
"Required": false
}
}
}
},
"Config": {
"Description": {
"en": "The configuration of the rule."
},
"Required": false,
"Default": null,
"Type": "Json",
"AssociationPropertyMetadata": {
"Parameters": {
"Status": {
"Type": "String",
"Description": {
"en": "Rule Status."
},
"Default": null,
"Required": false
},
"ManagedGroupId": {
"Type": "Number",
"Description": {
"en": "Managed rule Group id."
},
"Default": null,
"Required": false
},
"Type": {
"Type": "String",
"Description": {
"en": "Rule Type."
},
"Default": null,
"Required": false
},
"Sigchl": {
"Description": {
"en": "Token check."
},
"Required": false,
"Default": null,
"Type": "Json",
"AssociationProperty": "List[Parameter]",
"AssociationPropertyMetadata": {
"Parameter": {
"Type": "String",
"Description": {
"en": "Token check."
},
"Default": null,
"Required": false
}
}
},
"Name": {
"Type": "String",
"Description": {
"en": "Rule Name."
},
"Default": null,
"Required": false
},
"SecurityLevel": {
"Description": {
"en": "Security Level."
},
"Required": false,
"Default": null,
"Type": "Json",
"AssociationPropertyMetadata": {
"Parameters": {
"Value": {
"Type": "String",
"Description": {
"en": "Value of security level."
},
"Default": null,
"Required": false
}
}
}
},
"ManagedRulesets": {
"Description": {
"en": "Managed Rule Set List."
},
"Required": false,
"Default": null,
"Type": "Json",
"AssociationProperty": "List[Parameter]",
"AssociationPropertyMetadata": {
"Parameter": {
"Description": {
"en": "Managed Rule Set List."
},
"Required": false,
"Default": null,
"Type": "Json",
"AssociationPropertyMetadata": {
"Parameters": {
"NumberTotal": {
"Type": "Number",
"Description": {
"en": "Total number of rules."
},
"Default": null,
"Required": false
},
"ProtectionLevel": {
"Type": "Number",
"Description": {
"en": "Protection level."
},
"Default": null,
"Required": false
},
"ManagedRules": {
"Description": {
"en": "Managed Rule List."
},
"Required": false,
"Default": null,
"Type": "Json",
"AssociationProperty": "List[Parameters]",
"AssociationPropertyMetadata": {
"Parameters": {
"Status": {
"Type": "String",
"Description": {
"en": "Managed Rule Status."
},
"Default": null,
"Required": false
},
"Action": {
"Type": "String",
"Description": {
"en": "Managed Rule Action."
},
"Default": null,
"Required": false
},
"Id": {
"Type": "Number",
"Description": {
"en": "Managed rule ID."
},
"Default": null,
"Required": false
}
}
}
},
"NumberEnabled": {
"Type": "Number",
"Description": {
"en": "Number of rules opened."
},
"Default": null,
"Required": false
},
"AttackType": {
"Type": "Number",
"Description": {
"en": "Attack Type."
},
"Default": null,
"Required": false
},
"Action": {
"Type": "String",
"Description": {
"en": "Execute Action."
},
"Default": null,
"Required": false
}
}
}
}
}
},
"Notes": {
"Type": "String",
"Description": {
"en": "Remarks."
},
"Default": null,
"Required": false
},
"Value": {
"Type": "String",
"Description": {
"en": "IP access control value."
},
"Default": null,
"Required": false
},
"Actions": {
"Description": {
"en": "Extended Action."
},
"Required": false,
"Default": null,
"Type": "Json",
"AssociationPropertyMetadata": {
"Parameters": {
"Response": {
"Description": {
"en": "Customize Response Page."
},
"Required": false,
"Default": null,
"Type": "Json",
"AssociationPropertyMetadata": {
"Parameters": {
"Code": {
"Type": "Number",
"Description": {
"en": "Custom Response Codes."
},
"Default": null,
"Required": false
},
"Id": {
"Type": "Number",
"Description": {
"en": "Custom response page ID."
},
"Default": null,
"Required": false
}
}
}
},
"Bypass": {
"Description": {
"en": "Skip Module."
},
"Required": false,
"Default": null,
"Type": "Json",
"AssociationPropertyMetadata": {
"Parameters": {
"Skip": {
"Type": "String",
"Description": {
"en": "Skip module type."
},
"Default": null,
"Required": false
},
"Tags": {
"Description": {
"en": "Skip Module List."
},
"Required": false,
"Default": null,
"Type": "Json",
"AssociationProperty": "List[Parameter]",
"AssociationPropertyMetadata": {
"Parameter": {
"Type": "String",
"Description": {
"en": "Skip Module List."
},
"Default": null,
"Required": false
},
"ListMetadata": {
"Order": [
"Key",
"Value"
]
}
}
},
"RegularTypes": {
"Description": {
"en": "Managed rule type list."
},
"Required": false,
"Default": null,
"Type": "Json",
"AssociationProperty": "List[Parameter]",
"AssociationPropertyMetadata": {
"Parameter": {
"Type": "String",
"Description": {
"en": "Managed rule type list."
},
"Default": null,
"Required": false
}
}
},
"RegularRules": {
"Description": {
"en": "Managed rule id list."
},
"Required": false,
"Default": null,
"Type": "Json",
"AssociationProperty": "List[Parameter]",
"AssociationPropertyMetadata": {
"Parameter": {
"Type": "Number",
"Description": {
"en": "Managed rule id list."
},
"Default": null,
"Required": false
}
}
},
"CustomRules": {
"Description": {
"en": "Custom rule id list."
},
"Required": false,
"Default": null,
"Type": "Json",
"AssociationProperty": "List[Parameter]",
"AssociationPropertyMetadata": {
"Parameter": {
"Type": "Number",
"Description": {
"en": "Custom rule id list."
},
"Default": null,
"Required": false
}
}
}
}
}
}
}
}
},
"RateLimit": {
"Description": {
"en": "Frequency Control."
},
"Required": false,
"Default": null,
"Type": "Json",
"AssociationPropertyMetadata": {
"Parameters": {
"Threshold": {
"Description": {
"en": "Threshold."
},
"Required": false,
"Default": null,
"Type": "Json",
"AssociationPropertyMetadata": {
"Parameters": {
"DistinctManagedRules": {
"Type": "Number",
"Description": {
"en": "Different Managed Rules Threshold."
},
"Default": null,
"Required": false
},
"Request": {
"Type": "Number",
"Description": {
"en": "Request Threshold."
},
"Default": null,
"Required": false
},
"Traffic": {
"Type": "String",
"Description": {
"en": "Flow Threshold."
},
"Default": null,
"Required": false
},
"ResponseStatus": {
"Description": {
"en": "Response Code Threshold."
},
"Required": false,
"Default": null,
"Type": "Json",
"AssociationPropertyMetadata": {
"Parameters": {
"Count": {
"Type": "Number",
"Description": {
"en": "Response code times threshold."
},
"Default": null,
"Required": false
},
"Code": {
"Type": "Number",
"Description": {
"en": "HTTP response code."
},
"Default": null,
"Required": false
},
"Ratio": {
"Type": "Number",
"Description": {
"en": "Percentage of response code."
},
"Default": null,
"Required": false
}
}
}
},
"ManagedRulesBlocked": {
"Type": "Number",
"Description": {
"en": "Managed Rule Hit Threshold."
},
"Default": null,
"Required": false
}
}
}
},
"Characteristics": {
"Description": {
"en": "Statistical object."
},
"Required": false,
"Default": null,
"Type": "Json",
"AssociationPropertyMetadata": {
"Parameters": {
"Logic": {
"Type": "String",
"Description": {
"en": "Logical relationship."
},
"Default": null,
"Required": false
},
"Criteria": {
"Description": {
"en": "Logical List."
},
"Required": false,
"Default": null,
"Type": "Json",
"AssociationProperty": "List[Parameter]",
"AssociationPropertyMetadata": {
"Parameter": {
"Description": {
"en": "Logical List."
},
"Required": false,
"Default": null,
"Type": "Json",
"AssociationPropertyMetadata": {
"Parameters": {
"MatchType": {
"Type": "String",
"Description": {
"en": "Match Domain."
},
"Default": null,
"Required": false
},
"Logic": {
"Type": "String",
"Description": {
"en": "Logical relationship."
},
"Default": null,
"Required": false
},
"Criteria": {
"Description": {
"en": "Logical List."
},
"Required": false,
"Default": null,
"Type": "Json",
"AssociationProperty": "List[Parameter]",
"AssociationPropertyMetadata": {
"Parameter": {
"Description": {
"en": "Logical List."
},
"Required": false,
"Default": null,
"Type": "Json",
"AssociationPropertyMetadata": {
"Parameters": {
"MatchType": {
"Type": "String",
"Description": {
"en": "Match Domain."
},
"Default": null,
"Required": false
},
"Logic": {
"Type": "String",
"Description": {
"en": "Logical relationship."
},
"Default": null,
"Required": false
},
"Criteria": {
"Description": {
"en": "Logical List."
},
"Required": false,
"Default": null,
"Type": "Json",
"AssociationProperty": "List[Parameters]",
"AssociationPropertyMetadata": {
"Parameters": {
"MatchType": {
"Type": "String",
"Description": {
"en": "Match Domain."
},
"Default": null,
"Required": false
}
}
}
}
}
}
}
}
}
}
}
}
}
}
}
}
},
"Interval": {
"Type": "Number",
"Description": {
"en": "Statistical Duration."
},
"Default": null,
"Required": false
},
"Ttl": {
"Type": "Number",
"Description": {
"en": "Timeout."
},
"Default": null,
"Required": false
},
"OnHit": {
"Type": "Boolean",
"Description": {
"en": "Apply on requests that hit the cache."
},
"Default": null,
"Required": false
}
}
}
},
"Expression": {
"Type": "String",
"Description": {
"en": "Expression."
},
"Default": null,
"Required": false
},
"Timer": {
"Description": {
"en": "Timer."
},
"Required": false,
"Default": null,
"Type": "Json",
"AssociationPropertyMetadata": {
"Parameters": {
"Scopes": {
"Type": "String",
"Description": {
"en": "Timing type: \n- `permanent`\n- `periods`\n- `weekly`."
},
"AllowedValues": [
"permanent",
"periods",
"weekly"
],
"Default": null,
"Required": false
},
"WeeklyPeriods": {
"Description": {
"en": "Weekly effective time period."
},
"Required": false,
"Default": null,
"Type": "Json",
"AssociationProperty": "List[Parameter]",
"AssociationPropertyMetadata": {
"Parameter": {
"Description": {
"en": "Weekly effective time period."
},
"Required": false,
"Default": null,
"Type": "Json",
"AssociationPropertyMetadata": {
"Parameters": {
"Days": {
"Type": "String",
"Description": {
"en": "Cycle, multiple use comma separated, 1-7 respectively represent Monday-Sunday. <br> Example: Monday, Wednesday value is \"1,3\"."
},
"Default": null,
"Required": false
},
"DailyPeriods": {
"Description": {
"en": "Effective time in the cycle."
},
"Required": false,
"Default": null,
"Type": "Json",
"AssociationProperty": "List[Parameters]",
"AssociationPropertyMetadata": {
"Parameters": {
"Start": {
"Type": "String",
"Description": {
"en": "Start time in HH:mm:ss format."
},
"Default": null,
"Required": false
},
"End": {
"Type": "String",
"Description": {
"en": "End time in HH:mm:ss format."
},
"Default": null,
"Required": false
}
}
}
}
}
}
}
}
},
"Periods": {
"Description": {
"en": "Effective time period."
},
"Required": false,
"Default": null,
"Type": "Json",
"AssociationProperty": "List[Parameters]",
"AssociationPropertyMetadata": {
"Parameters": {
"Start": {
"Type": "String",
"Description": {
"en": "Start time, value is UTC time in RFC3339 format."
},
"Default": null,
"Required": false
},
"End": {
"Type": "String",
"Description": {
"en": "The end time, which is a UTC time in RFC3339 format."
},
"Default": null,
"Required": false
}
}
}
},
"Zone": {
"Type": "Number",
"Description": {
"en": "The time zone. If it is not specified, the default value is UTC +00:00. <br> Example: 8 means East Zone 8,-8 means West Zone 8 <br> Range:-12 -+14."
},
"Default": null,
"Required": false
}
}
}
},
"AppPackage": {
"Description": {
"en": "Secondary packaging inspection."
},
"Required": false,
"Default": null,
"Type": "Json",
"AssociationPropertyMetadata": {
"Parameters": {
"PackageSigns": {
"Description": {
"en": "Secondary packaging inspection."
},
"Required": false,
"Default": null,
"Type": "Json",
"AssociationProperty": "List[Parameters]",
"AssociationPropertyMetadata": {
"Parameters": {
"Name": {
"Type": "String",
"Description": {
"en": "Specify a legal package name."
},
"Default": null,
"Required": false
},
"Sign": {
"Type": "String",
"Description": {
"en": "Package Signing."
},
"Default": null,
"Required": false
}
}
}
}
}
}
},
"Action": {
"Type": "String",
"Description": {
"en": "Execute Action."
},
"Default": null,
"Required": false
},
"AppSdk": {
"Description": {
"en": "App sdk."
},
"Required": false,
"Default": null,
"Type": "Json",
"AssociationPropertyMetadata": {
"Parameters": {
"CustomSign": {
"Description": {
"en": "Custom Tab Fields."
},
"Required": false,
"Default": null,
"Type": "Json",
"AssociationPropertyMetadata": {
"Parameters": {
"Key": {
"Type": "String",
"Description": {
"en": "Field Name."
},
"Default": null,
"Required": false
},
"Value": {
"Type": "String",
"Description": {
"en": "Field Value."
},
"Default": null,
"Required": false
}
}
}
},
"CustomSignStatus": {
"Type": "String",
"Description": {
"en": "Custom Tab Field Switch."
},
"Default": null,
"Required": false
},
"FeatureAbnormal": {
"Description": {
"en": "Characteristic anomaly."
},
"Required": false,
"Default": null,
"Type": "Json",
"AssociationProperty": "List[Parameter]",
"AssociationPropertyMetadata": {
"Parameter": {
"Type": "String",
"Description": {
"en": "Characteristic anomaly."
},
"Default": null,
"Required": false
}
}
}
}
}
},
"ManagedList": {
"Type": "String",
"Description": {
"en": "List of names."
},
"Default": null,
"Required": false
},
"Id": {
"Type": "Number",
"Description": {
"en": "Rule id."
},
"Default": null,
"Required": false
}
}
}
}
},
"Resources": {
"ExtensionResource": {
"Type": "ALIYUN::ESA::WafRule",
"Properties": {
"SiteVersion": {
"Ref": "SiteVersion"
},
"RulesetId": {
"Ref": "RulesetId"
},
"SiteId": {
"Ref": "SiteId"
},
"Phase": {
"Ref": "Phase"
},
"Shared": {
"Ref": "Shared"
},
"Config": {
"Ref": "Config"
}
}
}
},
"Outputs": {
"Phase": {
"Value": {
"Fn::GetAtt": [
"ExtensionResource",
"Phase"
]
},
"Description": "The version of the website."
},
"RulesetId": {
"Value": {
"Fn::GetAtt": [
"ExtensionResource",
"RulesetId"
]
},
"Description": "The ID of the WAF ruleset, which can be obtained by calling the [ListWafRulesets](https://www.alibabacloud.com/help/en/doc-detail/2850233.html) operation."
},
"UpdateTime": {
"Value": {
"Fn::GetAtt": [
"ExtensionResource",
"UpdateTime"
]
},
"Description": "The time when the rule was last modified."
},
"Config": {
"Value": {
"Fn::GetAtt": [
"ExtensionResource",
"Config"
]
},
"Description": "The configuration of the rule."
},
"WafRuleId": {
"Value": {
"Fn::GetAtt": [
"ExtensionResource",
"WafRuleId"
]
},
"Description": "WafRule Id."
}
}
}
该文章对您有帮助吗?