BLB-WAF Related Interface
BLB-WAF is Used to Query the List of Waf Instances Purchased by the User in One Region
Interface description
It is used to query the list of waf instances purchased by the user in one region. The pageNo needs to be specified, and pageSize is used for paging query of the list of waf instances.
Request structure
GET /v{version}/wafBlbRegionOverview?pageNo=1&pageSize=10&clientToken={clientToken} HTTP/1.1
Host: bss.{region}.baidubce.com
Authorization: authorization string
Request header
There are no other special headers except the public headers.
Request parameter
Parameter name | Type | Required or not | Parameter position | Description |
---|---|---|---|---|
version | String | Yes | URL parameter | API version number (the current value is 2) |
pageNo | Int | Yes | Query parameter | Page number of waf list |
PageSize | Int | Yes | Query parameter | Number displayed in the waf list page |
clientToken | String | Yes | Query parameter | Idempotence, for details, please see Idempotence |
Return status code
"200" for return successful and Error Code for return failed.
Return header
There are no other special headers except the public headers.
Return parameter
Parameter name | Type | Description |
---|---|---|
wafList | List<WafResourceInstanceModel> | List of BlbWaf instances |
totalCount | Int | Number of waf instances of the user in one region |
Request example
GET /v2/wafBlbRegionOverview?pageNo=1&pageSize=10&clientToken=be31b98c-5e41-4838-9830-9be700de5a20 HTTP/1.1
Host: bss.{region}.baidubce.com
Authorization: authorization string
Return example
HTTP/1.1 200 OK
x-bce-request-id: 946002ee-cb4f-4aad-b686-5be55df27f09
Date: Wed, 10 Apr 2018 08:26:52 GMT
Content-Length:
Connection: keep-alive
Content-Type: application/json;charset=UTF-8
Server: nginx
{
"wafList": [
{
"region": "gz| bj| su| Hk", //resource region:gz: Guangzhou| bj: Beijing| su: Suzhou| hk: Hong Kong
"listener": {
"protocol": "http| https", //listener protocol:http| https
"port": 80, //listener port, int type: 1-65535
},
"wafName": "NAME", //WAF instance name
"wafId": "WAFID", //WAF ID
"status": "STATUS", //WAF instance status: available/paused/pausing/updating/deleting/deleted
"blbName": "BLBNAME", //Bound BLB instance name
"blbId": "BLBID", //Bound BLB ID
"domain": "test.com", //Bound primary domain
"subDomain": { [This field is not displayed in the page and may not be updated]
"used": COUNT, //Configured sub-domain, INT type
"total": TOTAL, //All configurable sub-domains, INT type
},
"webSwitch":0| 1, //web protection switch, INT type: 0: Close, 1: Enable
"customSwitch":0| 1, //Custom protection switch, INT type: 0: Close, 1: Enable
},
{...},
],
"totalCount": 10 // total number of entries
}
BLB-WAF is Used to Query the Page of List of All WAF Instances Purchased by the User in All Regions
Description
- The pageNo needs to be specified, and pageSize is used for paging query of the list of waf instances.
Request structure
GET /v{version}/wafBlbAllOverview?pageNo=1&pageSize=10&clientToken={clientToken} HTTP/1.1
Host: bss.{region}.baidubce.com
Authorization: authorization string
Request header
There are no other special headers except the public headers.
Request parameter
Parameter name | Type | Required or not | Parameter position | Description |
---|---|---|---|---|
version | String | Yes | URL parameter | API version number (the current value is 2) |
pageNo | Int | Yes | Query parameter | Page number of waf list |
PageSize | Int | Yes | Query parameter | Number displayed in the waf list page |
clientToken | String | Yes | Query parameter | Idempotence, for details, please see Idempotence |
Return status code
"200" for return successful and Error Code for return failed.
Return header
There are no other special headers except the public headers.
Return parameter
Parameter name | Type | Description |
---|---|---|
wafList | List<WafResourceInstanceModel> | List of Blb-Waf instances of the user in all regions |
totalCount | Int | Number of Blb-Waf instances of the user in all regions |
Request example
GET /v2/wafBlbAllOverview?pageNo=1&pageSize=10&clientToken=be31b98c-5e41-4838-9830-9be700de5a20 HTTP/1.1
Host: bss.{region}.baidubce.com
Authorization: authorization string
Response example
HTTP/1.1 200 OK
x-bce-request-id: 946002ee-cb4f-4aad-b686-5be55df27f09
Date: Wed, 10 Apr 2018 08:26:52 GMT
Content-Length:
Connection: keep-alive
Content-Type: application/json;charset=UTF-8
Server: nginx
{
"wafList": [
{
"region": "gz| bj| su| Hk", //resource region:gz: Guangzhou| bj: Beijing| su: Suzhou| hk: Hong Kong
"listener": {
"protocol": "http| https", //listener protocol:http| https
"port": 80, //listener port, int type: 1-65535
},
"wafName": "NAME", //WAF instance name
"wafId": "WAFID", //WAF ID
"status": "STATUS", //WAF instance status: available/paused/pausing/updating/deleting/deleted
"blbName": "BLBNAME", //Bound BLB instance name
"blbId": "BLBID", //Bound BLB ID
"domain": "test.com", //Bound primary domain
"webSwitch":0| 1, //web protection switch, INT type: 0: Close, 1: Enable
"customSwitch":0| 1, //Custom protection switch, INT type: 0: Close, 1: Enable
},
{...},
],
"totalCount": 10 // total number of entries
}
Query All BLB Instances of the User
Description
Query all available blb instances of the user, as well as the protocols and ports bound to blb instances.
- The waf designator needs to be specified
Request structure
GET /v{version}/wafBlb/{waf_id}?clientToken={clientToken} HTTP/1.1
Host: bss.{region}.baidubce.com
Authorization: authorization string
Request header
There are no other special headers except the public headers.
Request parameter
Parameter name | Type | Required or not | Parameter position | Description |
---|---|---|---|---|
version | String | Yes | URL parameter | API version number (the current value is 2) |
waf_id | String | Yes | URL parameter | waf identifier |
clientToken | String | Yes | Query parameter | Idempotence, for details, please see Idempotence |
Return status code
"200" for return successful and Error Code for return failed.
Return header
There are no other special headers except the public headers.
Return parameter
Parameter name | Type | Description |
---|---|---|
blbList | List<BlbInstance> | List of configuration details of blb instances owned by the user |
Request example
GET /v2/wafBlb/waf-3a4b5c?clientToken=be31b98c-5e41-4838-9830-9be700de5a20 HTTP/1.1
HOST bss.{region}.baidubce.com
Authorization bce-auth-v1/5e5a8adf11ae475ba95f1bd38228b44f/2016-04-10T08:26:52Z/1800/host;x-bce-date/ec3c0069f9abb1e247773a62707224124b2b31b4c171133677f9042969791f02
Response example
HTTP/1.1 200 OK
x-bce-request-id: 946002ee-cb4f-4aad-b686-5be55df27f09
Date: Wed, 10 Apr 2018 08:26:52 GMT
Content-Length:
Connection: keep-alive
Content-Type: application/json;charset=UTF-8
Server: nginx
{
"blbList": [
{
"blbId": "ID", //BLB ID
"blongId": "xxxxxxxxxxxx", //BLB Long ID
"blbName": "NAME", //BLB NAME
"listenerList": [
{
"protocol": "http| https", //listener protocol:http| https
"port": 80, //listener port, int type: 1-65535
"rsList" [
"xxxxxx-xxxxxx-xxxxxx-xxxx", //BCC bound to BLB
]
},
{
...
},
],
"bccList": ["instance-1","instance-2"], //BCC bound to BLB
},
{...},
]
}
BLB Bound to WAF Instance
Description
- The following items need to be specified: waf identifier, blb identifier and protocols and monitoring ports bound to blb.
Request structure
PUT /v{version}/wafBind/{waf_id}?clientToken={clientToken} HTTP/1.1
Host: bss.{region}.baidubce.com
Authorization: authorization string
{
"blbId": "ID", //BLB identifier
"listener": {
"protocol": "http| https", //listener protocol:http| https
"port": 80, //listener port, int type: 1-65535
}
}
Request header
There are no other special headers except the public headers.
Request parameter
Parameter name | Type | Required or not | Parameter position | Description |
---|---|---|---|---|
version | String | Yes | URL parameter | API version number (the current value is 2) |
waf_id | String | Yes | URL parameter | waf identifier |
blbId | String | Yes | Request Body parameters | Blb identifier to be bound |
listener | Object | Yes | Request Body parameters | Protocol and port monitored by blb |
clientToken | String | Yes | Query parameter | Idempotence, for details, please see Idempotence |
Return status code
"200" for return successful and Error Code for return failed.
Return header
There are no other special headers except the public headers.
Return parameter
No special return parameters
Request example
PUT /v2/wafBind/waf-3a4b5c?clientToken=be31b98c-5e41-4838-9830-9be700de5a20 HTTP/1.1
HOST bss.{region}.baidubce.com
Authorization bce-auth-v1/5e5a8adf11ae475ba95f1bd38228b44f/2016-04-10T08:26:52Z/1800/host;x-bce-date/ec3c0069f9abb1e247773a62707224124b2b31b4c171133677f9042969791f02
{
"blbId": "lb-ecfca910"
"listener": {
"protocol": "http",
"port": 80,
}
}
Response example
HTTP/1.1 200 OK
x-bce-request-id: 946002ee-cb4f-4aad-b686-5be55df27f09
Date: Wed, 10 Apr 2018 08:26:52 GMT
Content-Length:
Connection: keep-alive
Content-Type: application/json;charset=UTF-8
BLB Unbound from WAF Instance
Interface description
- The following items need to be specified: waf identifier, blb identifier and protocols and monitoring ports bound to blb.
Request structure
PUT /v{version}/wafUnbind/{waf_id}?clientToken={clientToken} HTTP/1.1
Host: bss.{region}.baidubce.com
Authorization: authorization string
{
"blbId": "ID", //BLB ID
"listener": {
"protocol": "http| https", //listener protocol:http| https
"port": 80, //listener port, int type: 1-65535
}
}
Request header
There are no other special headers except the public headers.
Request parameter
Parameter name | Type | Required or not | Parameter position | Description |
---|---|---|---|---|
version | String | Yes | URL parameter | API version number (the current value is 2) |
waf_id | String | Yes | URL parameter | waf identifier |
blbId | String | Yes | Request Body parameters | Blb identifier to be bound |
listener | Object | Yes | Request Body parameters | Protocol and port monitored by blb |
clientToken | String | Yes | Query parameter | Idempotence, for details, please see Idempotence |
Return status code
"200" for return successful and Error Code for return failed.
Return header
There are no other special headers except the public headers.
Return parameter
No special return parameters
Request example
PUT /v2/wafUnbind/waf-3a4b5c?clientToken=be31b98c-5e41-4838-9830-9be700de5a20 HTTP/1.1
HOST bss.{region}.baidubce.com
Authorization bce-auth-v1/5e5a8adf11ae475ba95f1bd38228b44f/2016-04-10T08:26:52Z/1800/host;x-bce-date/ec3c0069f9abb1e247773a62707224124b2b31b4c171133677f9042969791f02
{
"blbId": "lb-ecfca910"
"listener": {
"protocol": "http",
"port": 80,
}
}
Response example
HTTP/1.1 200 OK
x-bce-request-id: 946002ee-cb4f-4aad-b686-5be55df27f09
Date: Wed, 10 Apr 2018 08:26:52 GMT
Content-Length:
Connection: keep-alive
Content-Type: application/json;charset=UTF-8
Query the Number of Configurable Sub-domains and the Number of Custom Rules
Interface description
- Return the number of configurable sub-domains of the user and the number of custom rules.
- The waf designator needs to be specified
Request structure
GET /v{version}/wafRules/{waf_id}?clientToken={clientToken}
Host: bss.{region}.baidubce.com
Authorization: authorization string
Request header
There are no other special headers except the public headers.
Request parameter
Parameter name | Type | Required or not | Parameter position | Description |
---|---|---|---|---|
version | String | Yes | URL parameter | API version number (the current value is 2) |
waf_id | String | Yes | URL parameter | waf identifier |
clientToken | String | Yes | Query parameter | Idempotence, for details, please see Idempotence |
Return status code
"200" for return successful and Error Code for return failed.
Return header
There are no other special headers except the public headers.
Return parameter
Parameter name | Type | Description |
---|---|---|
domainSum | Int | Number of sub-domains |
ruleSum | Int | Number of rules |
Request example
GET /v2/wafRules/waf-3a4b5c?clientToken=be31b98c-5e41-4838-9830-9be700de5a20 HTTP/1.1
HOST bss.{region}.baidubce.com
Authorization bce-auth-v1/5e5a8adf11ae475ba95f1bd38228b44f/2016-04-10T08:26:52Z/1800/host;x-bce-date/ec3c0069f9abb1e247773a62707224124b2b31b4c171133677f9042969791f02
Response example
HTTP/1.1 200 OK
x-bce-request-id: 946002ee-cb4f-4aad-b686-5be55df27f09
Date: Wed, 10 Apr 2018 08:26:52 GMT
Content-Length:
Connection: keep-alive
Content-Type: application/json;charset=UTF-8
{
"domainSum": 20, //number of sub-domains, int type: 10| 20| 30| 40| 50
"ruleSum": 40, //number of rules, int type: 20| 40| 60| 80| 100
}
Configuration of Rules Issued by BLB-WAF
Interface description
- The waf designator needs to be specified
- Configurations requiring to pass waf and blb
Request structure
PUT /v{version}/wafConfig/{waf_id}?clientToken={clientToken}
Host: bss.{region}.baidubce.com
Authorization: authorization string
{
"domain": "test.com", //Primary domain: without http and https heads, only supporting upper and lower case letters, numbers, and -._.
"subDomain": [
"DOMAIN1", "DOMAIN2", "DOMAIN3",
], //Subdomain, the number of subdomains should be obtained according to config sum query.
"webSwitch": 0| 1, //web protection switch, INT type: 0: Close, 1: Enable
"webModel": {
"policy": "high| middle| low", //Policy level: high, middle, low
"type": "log| deny", //Executed policy: log: observation pattern, deny: interception pattern
},
"customSwitch": 0| 1, //Custom protection switch, INT type: 0: Close, 1: Enable
"customModel": [
{
"name": "NAME", //Policy name: only supports 1-65 numbers, upper and lower case letters, -/_., and must start with letters.
"type": "log| deny| pass", //Executed action: log: observation pattern, deny: interception pattern, pass: trusted traffic
"conditions": [ //A maximum of three items allowed
{
"key": "KEY", //Matches, only supporting the several models: uri| ip| referer| user_agent| get_param
"match": ": MATCH", //Matched pattern: prefix| include| suffix| equal| not_equal| not_include
"value": "xxx", //Match contents: not supporting Chinese, supporting numbers, upper and lower case letters, -._.
},
]
},
],
}
Request header
There are no other special headers except the public headers.
Request parameter
- For the BLB-WAF configuration, refer to wafConfig for details.
Parameter name | Type | Required or not | Parameter position | Description |
---|---|---|---|---|
version | String | Yes | URL parameter | API version number (the current value is 2) |
waf_id | String | Yes | URL parameter | waf identifier |
domain | String | Yes | Request Body parameters | Primary domain: without http and https heads, only supporting upper and lower case letters, and numbers. |
subDomain | List |
Yes | Request Body parameters | List of sub-domains |
webSwitch | Int | Yes | Request Body parameters | web protection switch, INT type: 0: Close, 1: Enable |
webModel | Object | Yes | Request Body parameters | Configuration of interception policy of waf |
customSwitch | Int | Yes | Request Body parameters | Custom protection switch, INT type: 0: Close, 1: Enable |
customModel | List<BlbCustomRule> | Yes | Request Body parameters | Custom rules when the custom rule protection is enabled. |
clientToken | String | Yes | Query parameter | Idempotence, for details, please see Idempotence |
Return status code
"200" for return successful and Error Code for return failed.
Return header
There are no other special headers except the public headers.
Return parameter
No special return parameters
Request example
PUT /v2/wafConfig/waf-3a4b5c?clientToken=be31b98c-5e41-4838-9830-9be700de5a20 HTTP/1.1
HOST bss.{region}.baidubce.com
Authorization bce-auth-v1/5e5a8adf11ae475ba95f1bd38228b44f/2016-04-10T08:26:52Z/1800/host;x-bce-date/ec3c0069f9abb1e247773a62707224124b2b31b4c171133677f9042969791f02
{
"domain": "test.com", //Primary domain: without http and https heads, only supporting upper and lower case letters, numbers, and -._.
"subDomain": [
"aa.test.com", "bb.test.com", "cc.test.com",
], //Subdomain, the number of subdomains should be obtained according to config sum query.
"webSwitch": 1, //web protection switch, INT type: 0: Close, 1: Enable
"webModel": {
"policy": "high", //Policy level: high, middle, low
"type": "deny", //Executed policy: log: observation pattern, deny: interception pattern
},
"customSwitch": 1, //Custom protection switch, INT type: 0: Close, 1: Enable
"customModel": [
{
"name": "test111", //Policy name: only supports 1-65 numbers, upper and lower case letters, -/_., and must start with letters.
"type": "pass", //Executed action: log: observation pattern, deny: interception pattern, pass: trusted traffic
"conditions": [ //A maximum of three items allowed
{
"key": "ip", //Matches, only supporting the several models: uri| ip| referer| user_agent| get_param
"match": "equal", //Matched pattern: prefix| include| suffix| equal| not_equal| not_include
"value": "192.168.1.1", //Match contents: not supporting Chinese, supporting numbers, upper and lower case letters, -._.
},
]
},
],
}
Response example
HTTP/1.1 200 OK
x-bce-request-id: 946002ee-cb4f-4aad-b686-5be55df27f09
Date: Wed, 10 Apr 2018 08:26:52 GMT
Content-Length:
Connection: keep-alive
Content-Type: application/json;charset=UTF-8
BLB-WAF is Used to Query the Rule Configuration
Interface description
- The waf designator needs to be specified
Request structure
GET /v{version}/wafConfig/{waf_id}?clientToken={clientToken}
Host: bss.{region}.baidubce.com
Authorization: authorization string
Request header
There are no other special headers except the public headers.
Request parameter
Parameter name | Type | Required or not | Parameter position | Description |
---|---|---|---|---|
version | String | Yes | URL parameter | API version number (the current value is 2) |
waf_id | String | Yes | URL parameter | waf identifier |
clientToken | String | Yes | Query parameter | Idempotence, for details, please see Idempotence |
Return status code
"200" for return successful and Error Code for return failed.
Return header
There are no other special headers except the public headers.
Return parameter
- For the BLB-WAF configuration, refer to WafConfig for details.
Parameter name | Type | Description |
---|---|---|
domain | String | Primary domain: without http and https heads, only supporting upper and lower case letters, and numbers. |
subDomain | List |
List of sub-domains |
webSwitch | Int | web protection switch, INT type: 0: Close, 1: Enable |
webModel | Object | Configuration of interception policy of waf |
customSwitch | Int | Custom protection switch, INT type: 0: Close, 1: Enable |
customModel | List<BlbCustomRule> | Custom rules when the custom rule protection is enabled. |
Request example
GET /v2/wafConfig/waf-3a4b5c? clientToken=be31b98c-5e41-4838-9830-9be700de5a20 HTTP/1.1
HOST bss.{region}.baidubce.com
Authorization bce-auth-v1/5e5a8adf11ae475ba95f1bd38228b44f/2016-04-10T08:26:52Z/1800/host;x-bce-date/ec3c0069f9abb1e247773a62707224124b2b31b4c171133677f9042969791f02
Response example
HTTP/1.1 200 OK
x-bce-request-id: 946002ee-cb4f-4aad-b686-5be55df27f09
Date: Wed, 10 Apr 2018 08:26:52 GMT
Content-Length:
Connection: keep-alive
Content-Type: application/json;charset=UTF-8
{
"domain": "test.com", //Primary domain: without http and https heads, only supporting upper and lower case letters, numbers, and -._, with the upper limit of length of 256.
"subDomain": [
"aa.test.com", "bb.test.com", "cc.test.com",
], //Subdomain, the number of subdomains should be obtained according to config sum query.
"blbId": "BLBID", //Bound BLB instance name
"status": "available", //WAF instance status: available/paused/pausing/updating/deleting/deleted
"listener": {
"protocol": "http", //listener protocol:http| https
"port": 80, //listener port, int type: 1-65535
},
"webSwitch": 1, //web protection switch, INT type: 0: Close, 1: Enable
"webModel": {
"policy": "high", //Policy level: high, middle, low
"type": "log", //Executed policy: log: observation pattern, deny: interception pattern
},
"customSwitch": 1,//Custom protection switch, INT type: 0: Close, 1: Enable
"customModel": [
{
"name": "test111", //Policy name: only supports 1-65 numbers, upper and lower case letters, -/_., and must start with letters.
"type": "pass", //Executed action: log: observation pattern, deny: interception pattern, pass: trusted traffic
"conditions": [ //A maximum of three items allowed
{
"key": "ip", //Matches, only supporting the several models: uri| ip| referer| user_agent| get_param
"match": "equal", //Matched pattern: prefix| include| suffix| equal| not_equal| not_include
"value": "192.168.1.1", //Match contents: not supporting Chinese, supporting numbers, upper and lower case letters, -._.
},
]
},
],
}