百度智能云

All Product Document

          Web Application Firewall WAF

          WAF Data Report Related Interface

          WAF Query Instance Details

          Interface description

          Query the details of waf instance, including status of waf instance, finish time of waf, number of configured rules, statistics of attacks intercepted by web protection and custom rules in the last days.

          • Note that the waf identifier needs to be specified for normal calling.

          Request structure

          GET /v{version}/wafStatistics/{waf_id}?clientToken={clientToken} HTTP/1.1
          Host: bss.{region}.baidubce.com
          Authorization: authorization string

          Request header

          There are no other special headers except the public headers.

          Request parameter

          Parameter name Type Required or not Parameter position Description
          version String Yes URL parameter API version number (the current value is 2)
          waf_id String Yes URL parameter waf identifier
          clientToken String Yes Query parameter Idempotence, for details, please see Idempotence

          Return status code

          "200" for return successful and Error Code for return failed.

          Return header

          There are no other special headers except the public headers.

          Return parameter

          Parameter name Type Description
          payType String Payment type
          wafName String waf name
          status String Waf instance status: available/paused/pausing/updating/deleting/deleted.
          endTime String Maturity time
          rule Object Configured access rules and remaining configurable rules
          webAttack Object Statistics of web attacks in last days
          customAttack Object Statistics of custom rule attacks in the last days

          Request example

          GET /v2/wafStatistics/waf-3a4b5c?clientToken=be31b98c-5e41-4838-9830-9be700de5a20 HTTP/1.1
          HOST bss.{region}.baidubce.com
          Authorization bce-auth-v1/5e5a8adf11ae475ba95f1bd38228b44f/2016-04-10T08:26:52Z/1800/host;x-bce-date/ec3c0069f9abb1e247773a62707224124b2b31b4c171133677f9042969791f02

          Return example

          HTTP/1.1 200 OK
          x-bce-request-id: 946002ee-cb4f-4aad-b686-5be55df27f09
          Date: Wed, 10 Apr 2018 08:26:52 GMT
          Content-Length: 
          Connection: keep-alive
          Content-Type: application/json;charset=UTF-8
          Server: nginx
          {
              "payType": "prepay| postpay",           //Payment type 
              "wafName": "WAFNAME",                 //WAF NAME
              "status": "STATUS",                          //WAF instance status: available/paused/pausing/updating/deleting/deleted. 
              "endTime": "2017-03-14 16:40:43",      //Finish time: Local time 
              "rule": {
                  "used": COUNT,                     //Configured access rules, INT type      
                  "use": INIT,                       //Remaining configurable access rules, INT type 
              },
              "webAttack": { 
                  "today": COUNT,                    //Count of web attacks today, INT type      
                  "lastWeek": INIT,                  //Count of web attacks in last week, INT type 
              },
              "customAttack":   { 
                  "today": COUNT,                    //Count of custom rules today, INT type      
                  "lastWeek": INIT,                  //Count of other custom attacks in last week, INT type 
              },
          }     

          WAF is Used to Query the Attack Details

          Interface description

          Query the list of attack details within a period. The attack type needs to be specified, and must be one of whole event, web attack, custom rule blocking event. The start time and finish time needs to be specified, and indicated by time stamps.

          Request structure

          GET /v{version}/wafEvent/{waf_id}?type={type}&beginTime={time}&endTime={time}&pageNo={pageno}&pageSize={pagesize}&clientToken={clientToken} HTTP/1.1
          Host: bss.{region}.baidubce.com
          Authorization: authorization string

          Request header

          There are no other special headers except the public headers.

          Request parameter

          Parameter name Type Required or not Parameter position Description
          version String Yes URL parameter API version number (the current value is 2)
          waf_id String Yes URL parameter waf identifier
          type String Yes QUERY parameter The values of all, webAttack and customAttack respectively represent whole event, web attack, and custom rule blocking event.
          beginTime TIMESTAMP Yes QUERY parameter Time stamp: Select the beginning time of an event.
          endTime TIMESTAMP Yes QUERY parameter Time stamp: Select the finish time of an event.
          pageNo Int Yes QUERY parameter Display the page number of the attack list.
          pageSize Int Yes QUERY parameter Number in each page
          clientToken String Yes Query parameter Idempotence, for details, please see Idempotence

          Return status code

          "200" for return successful and Error Code for return failed.

          Return header

          There are no other special headers except the public headers.

          Return parameter

          Parameter name Type Description
          data List<AttackEvent> List of attacks intercepted by WAF
          total Int Number of attacks

          Request example

          GET /v2/wafEvent/waf-3a4b5c?type=webAttack&beginTime=1546963200&endTime=1547625600&pageSize=10&pageNo=1&clientToken=be31b98c-5e41-4838-9830-9be700de5a20 HTTP/1.1
          HOST bss.{region}.baidubce.com
          Authorization bce-auth-v1/5e5a8adf11ae475ba95f1bd38228b44f/2016-04-10T08:26:52Z/1800/host;x-bce-date/ec3c0069f9abb1e247773a62707224124b2b31b4c171133677f9042969791f02

          Return example

          HTTP/1.1 200 OK  
          x-bce-request-id: 946002ee-cb4f-4aad-b686-5be55df27f09  
          Date: Wed, 10 Apr 2018 08:26:52 GMT  
          Content-Length:   
          Connection: keep-alive  
          Content-Type: application/json;charset=UTF-8  
          Server: nginx  
          {   
              "data": [  
                  {  
                      "time": "2017-03-14 19:49:53",             //Event, local time  
                      "bcc": ["instance_id1", "instance_id2"],   //Affected assets  
                      "ip": "ip",                                //Attacker IP       
                      "addr": "USA",                             //Attack value address  
                      "userAgent": "baidu spider",               //Attacker camouflage  
                      "url": "URL",                              //Attacker URL        
                      "ruleId": "zdy_id",                        //Here is the custom rule name after the user sets a custom rule.  
                      "ruleName": "sql-0001",                    //Defense mode  
                      "ruleInfo": "SQL injection",                      //Security event  
                      "type": "deny| log",                        //Matched pattern  
                      "body": "body",                            //Match contents  
                  },  
                  {...},  
              ]  
             "total": 1000,                                          //Total  
          }   

          WAF Is Used to Query the Trend of Attacks within a Period

          Interface description

          It is used to query the trend map of attack frequency within 24 hours. The attack type needs to be specified, and must be one of whole event, web attack, custom rule blocking event. The finish time of a period needs to be specified, and indicated by a time stamp.

          Request structure

          GET /v{version}/wafCount/{waf_id}?time={time}&type={type}&clientToken={clientToken} HTTP/1.1
          Host: bss.{region}.baidubce.com
          Authorization: authorization string

          Request header

          There are no other special headers except the public headers.

          Request parameter

          Parameter name Type Required or not Parameter position Description
          version String Yes URL parameter API version number (the current value is 2)
          time TIMESTMAP Yes QUERY parameter Time stamp: Select the finish time of an event.
          type String Yes QUERY parameter The values of all, webAttack and customAttack respectively represent whole event, web attack, and custom rule blocking event.
          clientToken String Yes Query parameter Idempotence, for details, please see Idempotence

          Return status code

          "200" for return successful and Error Code for return failed.

          Return header

          There are no other special headers except the public headers.

          Return parameter

          Parameter name Type Description
          total List<PeriodAttackCount> Array of attacks per hour within a period

          Request example

          GET /v2/wafCount/waf-3a4b5c?time=1546963200&type=webAttack&pageSize=10&pageNo=1&clientToken=be31b98c-5e41-4838-9830-9be700de5a20 HTTP/1.1
          HOST bss.{region}.baidubce.com
          Authorization bce-auth-v1/5e5a8adf11ae475ba95f1bd38228b44f/2016-04-10T08:26:52Z/1800/host;x-bce-date/ec3c0069f9abb1e247773a62707224124b2b31b4c171133677f9042969791f02

          Return example

          HTTP/1.1 200 OK
          x-bce-request-id: 946002ee-cb4f-4aad-b686-5be55df27f09
          Date: Wed, 10 Apr 2018 08:26:52 GMT
          Content-Length: 
          Connection: keep-alive
          Content-Type: application/json;charset=UTF-8
          Server: nginx
          {
             "total":[
                 {
                     "time":00,
                     "total":10
                 },
                 {
                     "time":"12",
                     "total":"20"
                 },
             ]
          }
          Previous
          Error Return
          Next
          BLB-WAF Related Interface