百度智能云

All Product Document

          Web Application Firewall WAF

          BLB-WAF Related Interface

          BLB-WAF is Used to Query the List of Waf Instances Purchased by the User in One Region

          Interface description

          It is used to query the list of waf instances purchased by the user in one region. The pageNo needs to be specified, and pageSize is used for paging query of the list of waf instances.

          Request structure

          GET /v{version}/wafBlbRegionOverview?pageNo=1&pageSize=10&clientToken={clientToken} HTTP/1.1
          Host: bss.{region}.baidubce.com
          Authorization: authorization string

          Request header

          There are no other special headers except the public headers.

          Request parameter

          Parameter name Type Required or not Parameter position Description
          version String Yes URL parameter API version number (the current value is 2)
          pageNo Int Yes Query parameter Page number of waf list
          PageSize Int Yes Query parameter Number displayed in the waf list page
          clientToken String Yes Query parameter Idempotence, for details, please see Idempotence

          Return status code

          "200" for return successful and Error Code for return failed.

          Return header

          There are no other special headers except the public headers.

          Return parameter

          Parameter name Type Description
          wafList List<WafResourceInstanceModel> List of BlbWaf instances
          totalCount Int Number of waf instances of the user in one region

          Request example

          GET /v2/wafBlbRegionOverview?pageNo=1&pageSize=10&clientToken=be31b98c-5e41-4838-9830-9be700de5a20 HTTP/1.1
          Host: bss.{region}.baidubce.com
          Authorization: authorization string

          Return example

          HTTP/1.1 200 OK
          x-bce-request-id: 946002ee-cb4f-4aad-b686-5be55df27f09
          Date: Wed, 10 Apr 2018 08:26:52 GMT
          Content-Length: 
          Connection: keep-alive
          Content-Type: application/json;charset=UTF-8
          Server: nginx
          {
              "wafList": [
                  {
                      "region": "gz| bj| su| Hk",     //resource region:gz: Guangzhou| bj: Beijing| su: Suzhou| hk: Hong Kong 
                      "listener": {
                          "protocol": "http| https",   //listener protocol:http| https 
                          "port": 80,                  //listener port, int type: 1-65535 
                      },
                      "wafName": "NAME",          //WAF instance name 
                      "wafId": "WAFID",           //WAF ID
                      "status": "STATUS",         //WAF instance status: available/paused/pausing/updating/deleting/deleted 
                      "blbName": "BLBNAME",       //Bound BLB instance name 
                      "blbId": "BLBID",           //Bound BLB ID 
                      "domain": "test.com",       //Bound primary domain 
                      "subDomain": {             [This field is not displayed in the page and may not be updated] 
                          "used": COUNT,          //Configured sub-domain, INT type   
                          "total": TOTAL,         //All configurable sub-domains, INT type 
                      },
                      "webSwitch":0| 1,           //web protection switch, INT type: 0: Close, 1: Enable 
                      "customSwitch":0| 1,        //Custom protection switch, INT type: 0: Close, 1: Enable 
                  },
                  {...},
              ],
              "totalCount": 10 // total number of entries 
          }

          BLB-WAF is Used to Query the Page of List of All WAF Instances Purchased by the User in All Regions

          Description

          • The pageNo needs to be specified, and pageSize is used for paging query of the list of waf instances.

          Request structure

          GET /v{version}/wafBlbAllOverview?pageNo=1&pageSize=10&clientToken={clientToken} HTTP/1.1
          Host: bss.{region}.baidubce.com
          Authorization: authorization string

          Request header

          There are no other special headers except the public headers.

          Request parameter

          Parameter name Type Required or not Parameter position Description
          version String Yes URL parameter API version number (the current value is 2)
          pageNo Int Yes Query parameter Page number of waf list
          PageSize Int Yes Query parameter Number displayed in the waf list page
          clientToken String Yes Query parameter Idempotence, for details, please see Idempotence

          Return status code

          "200" for return successful and Error Code for return failed.

          Return header

          There are no other special headers except the public headers.

          Return parameter

          Parameter name Type Description
          wafList List<WafResourceInstanceModel> List of Blb-Waf instances of the user in all regions
          totalCount Int Number of Blb-Waf instances of the user in all regions

          Request example

          GET /v2/wafBlbAllOverview?pageNo=1&pageSize=10&clientToken=be31b98c-5e41-4838-9830-9be700de5a20 HTTP/1.1
          Host: bss.{region}.baidubce.com
          Authorization: authorization string

          Response example

          HTTP/1.1 200 OK
          x-bce-request-id: 946002ee-cb4f-4aad-b686-5be55df27f09
          Date: Wed, 10 Apr 2018 08:26:52 GMT
          Content-Length: 
          Connection: keep-alive
          Content-Type: application/json;charset=UTF-8
          Server: nginx
          {
              "wafList": [
                  {
                      "region": "gz| bj| su| Hk",     //resource region:gz: Guangzhou| bj: Beijing| su: Suzhou| hk: Hong Kong 
                      "listener": {
                          "protocol": "http| https",     //listener protocol:http| https 
                          "port": 80,                   //listener port, int type: 1-65535 
                      },
                      "wafName": "NAME",          //WAF instance name 
                      "wafId": "WAFID",           //WAF ID
                      "status": "STATUS",         //WAF instance status: available/paused/pausing/updating/deleting/deleted 
                      "blbName": "BLBNAME",       //Bound BLB instance name 
                      "blbId": "BLBID",           //Bound BLB ID 
                      "domain": "test.com",       //Bound primary domain 
                      "webSwitch":0| 1,           //web protection switch, INT type: 0: Close, 1: Enable 
                      "customSwitch":0| 1,        //Custom protection switch, INT type: 0: Close, 1: Enable 
                  },
                  {...},
              ],
              "totalCount": 10 // total number of entries 
          }

          Query All BLB Instances of the User

          Description

          Query all available blb instances of the user, as well as the protocols and ports bound to blb instances.

          • The waf designator needs to be specified

          Request structure

          GET /v{version}/wafBlb/{waf_id}?clientToken={clientToken} HTTP/1.1
          Host: bss.{region}.baidubce.com
          Authorization: authorization string

          Request header

          There are no other special headers except the public headers.

          Request parameter

          Parameter name Type Required or not Parameter position Description
          version String Yes URL parameter API version number (the current value is 2)
          waf_id String Yes URL parameter waf identifier
          clientToken String Yes Query parameter Idempotence, for details, please see Idempotence

          Return status code

          "200" for return successful and Error Code for return failed.

          Return header

          There are no other special headers except the public headers.

          Return parameter

          Parameter name Type Description
          blbList List<BlbInstance> List of configuration details of blb instances owned by the user

          Request example

          GET /v2/wafBlb/waf-3a4b5c?clientToken=be31b98c-5e41-4838-9830-9be700de5a20 HTTP/1.1
          HOST bss.{region}.baidubce.com
          Authorization bce-auth-v1/5e5a8adf11ae475ba95f1bd38228b44f/2016-04-10T08:26:52Z/1800/host;x-bce-date/ec3c0069f9abb1e247773a62707224124b2b31b4c171133677f9042969791f02

          Response example

          HTTP/1.1 200 OK
          x-bce-request-id: 946002ee-cb4f-4aad-b686-5be55df27f09
          Date: Wed, 10 Apr 2018 08:26:52 GMT
          Content-Length: 
          Connection: keep-alive
          Content-Type: application/json;charset=UTF-8
          Server: nginx
          {
             "blbList": [
                 {
                     "blbId": "ID",                          //BLB ID
                     "blongId": "xxxxxxxxxxxx",              //BLB Long ID
                     "blbName": "NAME",                      //BLB NAME
                     "listenerList": [
                         {
                             "protocol": "http| https",   //listener protocol:http| https 
                             "port": 80,               //listener port, int type: 1-65535 
                             "rsList" [
                                  "xxxxxx-xxxxxx-xxxxxx-xxxx",        //BCC bound to BLB 
                                      ]
          
                         },
                         {
                            ...
                         },
                     ],
                     "bccList": ["instance-1","instance-2"], //BCC bound to BLB 
                 },
                 {...},
             ]
          } 

          BLB Bound to WAF Instance

          Description

          • The following items need to be specified: waf identifier, blb identifier and protocols and monitoring ports bound to blb.

          Request structure

          PUT /v{version}/wafBind/{waf_id}?clientToken={clientToken}  HTTP/1.1
          Host: bss.{region}.baidubce.com
          Authorization: authorization string
          {
              "blbId": "ID",                      //BLB identifier 
              "listener": {
                  "protocol": "http| https",      //listener protocol:http| https 
                  "port": 80,                     //listener port, int type: 1-65535 
              }
          } 

          Request header

          There are no other special headers except the public headers.

          Request parameter

          Parameter name Type Required or not Parameter position Description
          version String Yes URL parameter API version number (the current value is 2)
          waf_id String Yes URL parameter waf identifier
          blbId String Yes Request Body parameters Blb identifier to be bound
          listener Object Yes Request Body parameters Protocol and port monitored by blb
          clientToken String Yes Query parameter Idempotence, for details, please see Idempotence

          Return status code

          "200" for return successful and Error Code for return failed.

          Return header

          There are no other special headers except the public headers.

          Return parameter

          No special return parameters

          Request example

          PUT /v2/wafBind/waf-3a4b5c?clientToken=be31b98c-5e41-4838-9830-9be700de5a20 HTTP/1.1
          HOST bss.{region}.baidubce.com
          Authorization bce-auth-v1/5e5a8adf11ae475ba95f1bd38228b44f/2016-04-10T08:26:52Z/1800/host;x-bce-date/ec3c0069f9abb1e247773a62707224124b2b31b4c171133677f9042969791f02
          {
              "blbId": "lb-ecfca910"
              "listener": {
                  "protocol": "http",             
                  "port": 80,                 
              }
          }

          Response example

          HTTP/1.1 200 OK
          x-bce-request-id: 946002ee-cb4f-4aad-b686-5be55df27f09
          Date: Wed, 10 Apr 2018 08:26:52 GMT
          Content-Length: 
          Connection: keep-alive
          Content-Type: application/json;charset=UTF-8

          BLB Unbound from WAF Instance

          Interface description

          • The following items need to be specified: waf identifier, blb identifier and protocols and monitoring ports bound to blb.

          Request structure

          PUT /v{version}/wafUnbind/{waf_id}?clientToken={clientToken} HTTP/1.1
          Host: bss.{region}.baidubce.com
          Authorization: authorization string
          {
              "blbId": "ID",                     //BLB ID
              "listener": {
                  "protocol": "http| https",     //listener protocol:http| https 
                  "port": 80,                    //listener port, int type: 1-65535 
              }
          } 

          Request header

          There are no other special headers except the public headers.

          Request parameter

          Parameter name Type Required or not Parameter position Description
          version String Yes URL parameter API version number (the current value is 2)
          waf_id String Yes URL parameter waf identifier
          blbId String Yes Request Body parameters Blb identifier to be bound
          listener Object Yes Request Body parameters Protocol and port monitored by blb
          clientToken String Yes Query parameter Idempotence, for details, please see Idempotence

          Return status code

          "200" for return successful and Error Code for return failed.

          Return header

          There are no other special headers except the public headers.

          Return parameter

          No special return parameters

          Request example

          PUT /v2/wafUnbind/waf-3a4b5c?clientToken=be31b98c-5e41-4838-9830-9be700de5a20 HTTP/1.1
          HOST bss.{region}.baidubce.com
          Authorization bce-auth-v1/5e5a8adf11ae475ba95f1bd38228b44f/2016-04-10T08:26:52Z/1800/host;x-bce-date/ec3c0069f9abb1e247773a62707224124b2b31b4c171133677f9042969791f02
          {
              "blbId": "lb-ecfca910"
              "listener": {
                  "protocol": "http",             
                  "port": 80,                 
              }
          }

          Response example

          HTTP/1.1 200 OK
          x-bce-request-id: 946002ee-cb4f-4aad-b686-5be55df27f09
          Date: Wed, 10 Apr 2018 08:26:52 GMT
          Content-Length: 
          Connection: keep-alive
          Content-Type: application/json;charset=UTF-8

          Query the Number of Configurable Sub-domains and the Number of Custom Rules

          Interface description

          • Return the number of configurable sub-domains of the user and the number of custom rules.
          • The waf designator needs to be specified

          Request structure

          GET /v{version}/wafRules/{waf_id}?clientToken={clientToken}
          Host: bss.{region}.baidubce.com
          Authorization: authorization string

          Request header

          There are no other special headers except the public headers.

          Request parameter

          Parameter name Type Required or not Parameter position Description
          version String Yes URL parameter API version number (the current value is 2)
          waf_id String Yes URL parameter waf identifier
          clientToken String Yes Query parameter Idempotence, for details, please see Idempotence

          Return status code

          "200" for return successful and Error Code for return failed.

          Return header

          There are no other special headers except the public headers.

          Return parameter

          Parameter name Type Description
          domainSum Int Number of sub-domains
          ruleSum Int Number of rules

          Request example

          GET /v2/wafRules/waf-3a4b5c?clientToken=be31b98c-5e41-4838-9830-9be700de5a20 HTTP/1.1
          HOST bss.{region}.baidubce.com
          Authorization bce-auth-v1/5e5a8adf11ae475ba95f1bd38228b44f/2016-04-10T08:26:52Z/1800/host;x-bce-date/ec3c0069f9abb1e247773a62707224124b2b31b4c171133677f9042969791f02

          Response example

          HTTP/1.1 200 OK
          x-bce-request-id: 946002ee-cb4f-4aad-b686-5be55df27f09
          Date: Wed, 10 Apr 2018 08:26:52 GMT
          Content-Length: 
          Connection: keep-alive
          Content-Type: application/json;charset=UTF-8
          {
              "domainSum": 20, //number of sub-domains, int type: 10| 20| 30| 40| 50 
              "ruleSum": 40,         //number of rules, int type: 20| 40| 60| 80| 100 
          }

          Configuration of Rules Issued by BLB-WAF

          Interface description

          • The waf designator needs to be specified
          • Configurations requiring to pass waf and blb

          Request structure

          PUT /v{version}/wafConfig/{waf_id}?clientToken={clientToken}
          Host: bss.{region}.baidubce.com
          Authorization: authorization string
          {
              "domain": "test.com",                  //Primary domain: without http and https heads, only supporting upper and lower case letters, numbers, and -._. 
              "subDomain": [ 
                  "DOMAIN1", "DOMAIN2", "DOMAIN3",
              ],                                    //Subdomain, the number of subdomains should be obtained according to config sum query. 
              "webSwitch": 0| 1,                   //web protection switch, INT type: 0: Close, 1: Enable 
              "webModel": { 
                  "policy": "high| middle| low",   //Policy level: high, middle, low 
                  "type": "log| deny",             //Executed policy: log: observation pattern, deny: interception pattern 
              },
              "customSwitch": 0| 1,              //Custom protection switch, INT type: 0: Close, 1: Enable 
              "customModel": [ 
                  {
                      "name": "NAME",              //Policy name: only supports 1-65 numbers, upper and lower case letters, -/_., and must start with letters. 
                      "type": "log| deny| pass",     //Executed action: log: observation pattern, deny: interception pattern, pass: trusted traffic 
                      "conditions": [                //A maximum of three items allowed 
                          {
                              "key": "KEY",                  //Matches, only supporting the several models: uri| ip| referer| user_agent| get_param 
                              "match": ": MATCH",            //Matched pattern: prefix| include| suffix| equal| not_equal| not_include 
                              "value": "xxx",                //Match contents: not supporting Chinese, supporting numbers, upper and lower case letters, -._. 
                          },
                      ]                         
                  },
              ],
          } 

          Request header

          There are no other special headers except the public headers.

          Request parameter

          • For the BLB-WAF configuration, refer to wafConfig for details.
          Parameter name Type Required or not Parameter position Description
          version String Yes URL parameter API version number (the current value is 2)
          waf_id String Yes URL parameter waf identifier
          domain String Yes Request Body parameters Primary domain: without http and https heads, only supporting upper and lower case letters, and numbers.
          subDomain List Yes Request Body parameters List of sub-domains
          webSwitch Int Yes Request Body parameters web protection switch, INT type: 0: Close, 1: Enable
          webModel Object Yes Request Body parameters Configuration of interception policy of waf
          customSwitch Int Yes Request Body parameters Custom protection switch, INT type: 0: Close, 1: Enable
          customModel List<BlbCustomRule> Yes Request Body parameters Custom rules when the custom rule protection is enabled.
          clientToken String Yes Query parameter Idempotence, for details, please see Idempotence

          Return status code

          "200" for return successful and Error Code for return failed.

          Return header

          There are no other special headers except the public headers.

          Return parameter

          No special return parameters

          Request example

          PUT /v2/wafConfig/waf-3a4b5c?clientToken=be31b98c-5e41-4838-9830-9be700de5a20 HTTP/1.1
          HOST bss.{region}.baidubce.com
          Authorization bce-auth-v1/5e5a8adf11ae475ba95f1bd38228b44f/2016-04-10T08:26:52Z/1800/host;x-bce-date/ec3c0069f9abb1e247773a62707224124b2b31b4c171133677f9042969791f02
          {
              "domain": "test.com",                  //Primary domain: without http and https heads, only supporting upper and lower case letters, numbers, and -._. 
              "subDomain": [ 
                  "aa.test.com", "bb.test.com", "cc.test.com",
              ],                                    //Subdomain, the number of subdomains should be obtained according to config sum query. 
              "webSwitch": 1,                     //web protection switch, INT type: 0: Close, 1: Enable 
              "webModel": { 
                  "policy": "high",      //Policy level: high, middle, low 
                  "type": "deny",               //Executed policy: log: observation pattern, deny: interception pattern 
              },
              "customSwitch": 1,                  //Custom protection switch, INT type: 0: Close, 1: Enable 
              "customModel": [ 
                  {
                      "name": "test111",               //Policy name: only supports 1-65 numbers, upper and lower case letters, -/_., and must start with letters. 
                      "type": "pass",      //Executed action: log: observation pattern, deny: interception pattern, pass: trusted traffic 
                      "conditions": [                //A maximum of three items allowed 
                          {
                              "key": "ip",                 //Matches, only supporting the several models: uri| ip| referer| user_agent| get_param 
                              "match": "equal",           //Matched pattern: prefix| include| suffix| equal| not_equal| not_include 
                              "value": "192.168.1.1",               //Match contents: not supporting Chinese, supporting numbers, upper and lower case letters, -._. 
                          },
                      ]                         
                  },
              ],
          } 

          Response example

          HTTP/1.1 200 OK
          x-bce-request-id: 946002ee-cb4f-4aad-b686-5be55df27f09
          Date: Wed, 10 Apr 2018 08:26:52 GMT
          Content-Length: 
          Connection: keep-alive
          Content-Type: application/json;charset=UTF-8

          BLB-WAF is Used to Query the Rule Configuration

          Interface description

          • The waf designator needs to be specified

          Request structure

          GET /v{version}/wafConfig/{waf_id}?clientToken={clientToken}
          Host: bss.{region}.baidubce.com
          Authorization: authorization string

          Request header

          There are no other special headers except the public headers.

          Request parameter

          Parameter name Type Required or not Parameter position Description
          version String Yes URL parameter API version number (the current value is 2)
          waf_id String Yes URL parameter waf identifier
          clientToken String Yes Query parameter Idempotence, for details, please see Idempotence

          Return status code

          "200" for return successful and Error Code for return failed.

          Return header

          There are no other special headers except the public headers.

          Return parameter

          • For the BLB-WAF configuration, refer to WafConfig for details.
          Parameter name Type Description
          domain String Primary domain: without http and https heads, only supporting upper and lower case letters, and numbers.
          subDomain List List of sub-domains
          webSwitch Int web protection switch, INT type: 0: Close, 1: Enable
          webModel Object Configuration of interception policy of waf
          customSwitch Int Custom protection switch, INT type: 0: Close, 1: Enable
          customModel List<BlbCustomRule> Custom rules when the custom rule protection is enabled.

          Request example

          GET /v2/wafConfig/waf-3a4b5c? clientToken=be31b98c-5e41-4838-9830-9be700de5a20 HTTP/1.1 
          HOST bss.{region}.baidubce.com
          Authorization bce-auth-v1/5e5a8adf11ae475ba95f1bd38228b44f/2016-04-10T08:26:52Z/1800/host;x-bce-date/ec3c0069f9abb1e247773a62707224124b2b31b4c171133677f9042969791f02

          Response example

          HTTP/1.1 200 OK
          x-bce-request-id: 946002ee-cb4f-4aad-b686-5be55df27f09
          Date: Wed, 10 Apr 2018 08:26:52 GMT
          Content-Length: 
          Connection: keep-alive
          Content-Type: application/json;charset=UTF-8
          {
              "domain": "test.com",                  //Primary domain: without http and https heads, only supporting upper and lower case letters, numbers, and -._, with the upper limit of length of 256. 
              "subDomain": [ 
                  "aa.test.com", "bb.test.com", "cc.test.com",
              ],                                    //Subdomain, the number of subdomains should be obtained according to config sum query. 
              "blbId": "BLBID",                      //Bound   BLB  instance name 
              "status": "available",         //WAF instance status: available/paused/pausing/updating/deleting/deleted 
              "listener": {
                  "protocol": "http",       //listener protocol:http| https 
                  "port": 80,                      //listener port, int type: 1-65535 
              },
              "webSwitch": 1,                     //web protection switch, INT type: 0: Close, 1: Enable 
              "webModel": { 
                  "policy": "high",      //Policy level: high, middle, low 
                  "type": "log",                //Executed policy: log: observation pattern, deny: interception pattern 
              },
              "customSwitch": 1,//Custom protection switch, INT type: 0: Close, 1: Enable 
              "customModel": [ 
                  {
                      "name": "test111",               //Policy name: only supports 1-65 numbers, upper and lower case letters, -/_., and must start with letters. 
                      "type": "pass",      //Executed action: log: observation pattern, deny: interception pattern, pass: trusted traffic 
                      "conditions": [                //A maximum of three items allowed 
                          {
                              "key": "ip",                 //Matches, only supporting the several models: uri| ip| referer| user_agent| get_param 
                              "match": "equal",           //Matched pattern: prefix| include| suffix| equal| not_equal| not_include 
                              "value": "192.168.1.1",               //Match contents: not supporting Chinese, supporting numbers, upper and lower case letters, -._. 
                          },
                      ]                         
                  },
              ],
          }
          Previous
          WAF Data Report Related Interface
          Next
          CDN-WAF-API