tencent cloud

文档反馈

ModifySecurityPolicy

最后更新时间:2024-10-11 15:52:05

    1. API Description

    Domain name for API request: teo.tencentcloudapi.com.

    This API is used to modify the web and bot security configurations.

    A maximum of 20 requests can be initiated per second for this API.

    We recommend you to use API Explorer
    Try it
    API Explorer provides a range of capabilities, including online call, signature authentication, SDK code generation, and API quick search. It enables you to view the request, response, and auto-generated examples.

    2. Input Parameters

    The following request parameter list only provides API request parameters and some common parameters. For the complete common parameter list, see Common Request Parameters.

    Parameter Name Required Type Description
    Action Yes String Common Params. The value used for this API: ModifySecurityPolicy.
    Version Yes String Common Params. The value used for this API: 2022-09-01.
    Region No String Common Params. This parameter is not required.
    ZoneId Yes String The site ID.
    SecurityConfig Yes SecurityConfig Security configuration.
    Entity No String Subdomain/application name.

    Note: When both this parameter and the TemplateId parameter are specified, this parameter will not take effect. Do not specify this parameter and the TemplateId parameter at the same time.
    TemplateId No String Specifies the policy template ID, or the site's global policy.
    - To configure a policy template, specify the policy template ID.
    - To configure the site's global policy, use the @ZoneLevel@Domain parameter value.

    Note: When this parameter is used, the Entity parameter will not take effect. Do not use this parameter and the Entity parameter at the same time.

    3. Output Parameters

    Parameter Name Type Description
    RequestId String The unique request ID, generated by the server, will be returned for every request (if the request fails to reach the server for other reasons, the request will not obtain a RequestId). RequestId is required for locating a problem.

    4. Example

    Example1 Modifying the security configuration

    This example shows you how to modify the L7 security configuration for the domain name "a.eotest.com".

    Input Example

    POST / HTTP/1.1
    Host: teo.tencentcloudapi.com
    Content-Type: application/json
    X-TC-Action: ModifySecurityPolicy
    <Common request parameters>
    
    {
        "Entity": "a.eotest.com",
        "SecurityConfig": {
            "WafConfig": {
                "Switch": "on",
                "WafRule": {
                    "Switch": "on",
                    "ObserveRuleIDs": [],
                    "BlockRuleIDs": [
                        162502146
                    ]
                },
                "Mode": "block",
                "Level": "loose"
            }
        },
        "ZoneId": "zone-fa89j239a"
    }
    

    Output Example

    {
        "Response": {
            "RequestId": "08b32010-ab25-42a4-b923-2e6c481dae23"
        }
    }
    

    Example2 Modifying an exception rule to allow specified fields

    This example shows you how to skip WAF protection for all keys in the specified HTTP header.

    Input Example

    POST / HTTP/1.1
    Host: teo.tencentcloudapi.com
    Content-Type: application/json
    X-TC-Action: ModifySecurityPolicy
    <Common request parameters>
    
    {
        "Entity": "*.eotest.com",
        "SecurityConfig": {
            "ExceptConfig": {
                "Switch": "on",
                "ExceptUserRules": [
                    {
                        "Action": "skip",
                        "ExceptUserRuleConditions": [
                            {
                                "MatchContent": "/skipwaf",
                                "MatchFrom": "cgi",
                                "MatchParam": "",
                                "Operator": "equal"
                            }
                        ],
                        "ExceptUserRuleScope": {
                            "Type": "partial",
                            "PartialModules": [
                                {
                                    "Module": "waf",
                                    "Include": [
                                        106247778
                                    ]
                                }
                            ],
                            "SkipConditions": [
                                {
                                    "MatchContent": [],
                                    "MatchContentType": "",
                                    "MatchFrom": [],
                                    "MatchFromType": "",
                                    "Selector": "keys",
                                    "Type": "header_fields"
                                }
                            ]
                        },
                        "RuleID": 0,
                        "RuleName": "first_webshell",
                        "RulePriority": 0,
                        "RuleStatus": "on",
                        "UpdateTime": "2022-09-22T03:00:10Z"
                    }
                ]
            }
        },
        "ZoneId": "zone-fa89j239a"
    }
    

    Output Example

    {
        "Response": {
            "RequestId": "08b32010-ab25-42a4-b923-2e6c481dae44"
        }
    }
    

    Example3 Modifying an exception rule to allow the key in the specified header

    This example shows you how to skip WAF protection for the specified HTTP header’s value.

    Input Example

    POST / HTTP/1.1
    Host: teo.tencentcloudapi.com
    Content-Type: application/json
    X-TC-Action: ModifySecurityPolicy
    <Common request parameters>
    
    {
        "Entity": "*.eotest.com",
        "SecurityConfig": {
            "ExceptConfig": {
                "Switch": "on",
                "ExceptUserRules": [
                    {
                        "Action": "skip",
                        "ExceptUserRuleConditions": [
                            {
                                "MatchContent": "/skipwaf",
                                "MatchFrom": "cgi",
                                "MatchParam": "",
                                "Operator": "equal"
                            }
                        ],
                        "ExceptUserRuleScope": {
                            "Type": "partial",
                            "PartialModules": [
                                {
                                    "Module": "waf",
                                    "Include": [
                                        106247778
                                    ]
                                }
                            ],
                            "SkipConditions": [
                                {
                                    "MatchContent": [],
                                    "MatchContentType": "",
                                    "MatchFrom": [
                                        "YourSkipHeader"
                                    ],
                                    "MatchFromType": "equal",
                                    "Selector": "values",
                                    "Type": "header_fields"
                                }
                            ]
                        },
                        "RuleID": 0,
                        "RuleName": "first_webshell",
                        "RulePriority": 0,
                        "RuleStatus": "on",
                        "UpdateTime": "2022-09-22T03:00:10Z"
                    }
                ]
            }
        },
        "ZoneId": "zone-fa89j239a"
    }
    

    Output Example

    {
        "Response": {
            "RequestId": "08b32010-ab25-42a4-b923-2e6c481dae66"
        }
    }
    

    5. Developer Resources

    SDK

    TencentCloud API 3.0 integrates SDKs that support various programming languages to make it easier for you to call APIs.

    Command Line Interface

    6. Error Code

    The following only lists the error codes related to the API business logic. For other error codes, see Common Error Codes.

    Error Code Description
    InternalError.ConfigLocked The configuration is locked. Please unlock and try again.
    InternalError.ProxyServer An unknown error occurred in the backend server.
    InternalError.RouteError The backend routing address is incorrect.
    InvalidParameter.Security Invalid parameter.
    LimitExceeded.Security Limit exceeded
    OperationDenied Operation denied.
    ResourceInUse The resource is occupied.
    UnauthorizedOperation.CamUnauthorized CAM is not authorized.
    UnauthorizedOperation.NoPermission The sub-account is not authorized for the operation. Please get permissions first.
    UnauthorizedOperation.Unknown An unknown error occurred in the backend server.
    UnsupportedOperation Unsupported operation.