WAF Data Report Related Interface
WAF Query Instance Details
Interface description
Query the details of waf instance, including status of waf instance, finish time of waf, number of configured rules, statistics of attacks intercepted by web protection and custom rules in the last days.
- Note that the waf identifier needs to be specified for normal calling.
Request structure
GET /v{version}/wafStatistics/{waf_id}?clientToken={clientToken} HTTP/1.1
Host: bss.{region}.baidubce.com
Authorization: authorization stringRequest header
There are no other special headers except the public headers.
Request parameter
| Parameter name | Type | Required or not | Parameter position | Description |
|---|---|---|---|---|
| version | String | Yes | URL parameter | API version number (the current value is 2) |
| waf_id | String | Yes | URL parameter | waf identifier |
| clientToken | String | Yes | Query parameter | Idempotence, for details, please see Idempotence |
Return status code
"200" for return successful and Error Code for return failed.
Return header
There are no other special headers except the public headers.
Return parameter
| Parameter name | Type | Description |
|---|---|---|
| payType | String | Payment type |
| wafName | String | waf name |
| status | String | Waf instance status: available/paused/pausing/updating/deleting/deleted. |
| endTime | String | Maturity time |
| rule | Object | Configured access rules and remaining configurable rules |
| webAttack | Object | Statistics of web attacks in last days |
| customAttack | Object | Statistics of custom rule attacks in the last days |
Request example
GET /v2/wafStatistics/waf-3a4b5c?clientToken=be31b98c-5e41-4838-9830-9be700de5a20 HTTP/1.1
HOST bss.{region}.baidubce.com
Authorization bce-auth-v1/5e5a8adf11ae475ba95f1bd38228b44f/2016-04-10T08:26:52Z/1800/host;x-bce-date/ec3c0069f9abb1e247773a62707224124b2b31b4c171133677f9042969791f02Return example
HTTP/1.1 200 OK
x-bce-request-id: 946002ee-cb4f-4aad-b686-5be55df27f09
Date: Wed, 10 Apr 2018 08:26:52 GMT
Content-Length:
Connection: keep-alive
Content-Type: application/json;charset=UTF-8
Server: nginx
{
"payType": "prepay| postpay", //Payment type
"wafName": "WAFNAME", //WAF NAME
"status": "STATUS", //WAF instance status: available/paused/pausing/updating/deleting/deleted.
"endTime": "2017-03-14 16:40:43", //Finish time: Local time
"rule": {
"used": COUNT, //Configured access rules, INT type
"use": INIT, //Remaining configurable access rules, INT type
},
"webAttack": {
"today": COUNT, //Count of web attacks today, INT type
"lastWeek": INIT, //Count of web attacks in last week, INT type
},
"customAttack": {
"today": COUNT, //Count of custom rules today, INT type
"lastWeek": INIT, //Count of other custom attacks in last week, INT type
},
} WAF is Used to Query the Attack Details
Interface description
Query the list of attack details within a period. The attack type needs to be specified, and must be one of whole event, web attack, custom rule blocking event. The start time and finish time needs to be specified, and indicated by time stamps.
Request structure
GET /v{version}/wafEvent/{waf_id}?type={type}&beginTime={time}&endTime={time}&pageNo={pageno}&pageSize={pagesize}&clientToken={clientToken} HTTP/1.1
Host: bss.{region}.baidubce.com
Authorization: authorization stringRequest header
There are no other special headers except the public headers.
Request parameter
| Parameter name | Type | Required or not | Parameter position | Description |
|---|---|---|---|---|
| version | String | Yes | URL parameter | API version number (the current value is 2) |
| waf_id | String | Yes | URL parameter | waf identifier |
| type | String | Yes | QUERY parameter | The values of all, webAttack and customAttack respectively represent whole event, web attack, and custom rule blocking event. |
| beginTime | TIMESTAMP | Yes | QUERY parameter | Time stamp: Select the beginning time of an event. |
| endTime | TIMESTAMP | Yes | QUERY parameter | Time stamp: Select the finish time of an event. |
| pageNo | Int | Yes | QUERY parameter | Display the page number of the attack list. |
| pageSize | Int | Yes | QUERY parameter | Number in each page |
| clientToken | String | Yes | Query parameter | Idempotence, for details, please see Idempotence |
Return status code
"200" for return successful and Error Code for return failed.
Return header
There are no other special headers except the public headers.
Return parameter
| Parameter name | Type | Description |
|---|---|---|
| data | List<AttackEvent> | List of attacks intercepted by WAF |
| total | Int | Number of attacks |
Request example
GET /v2/wafEvent/waf-3a4b5c?type=webAttack&beginTime=1546963200&endTime=1547625600&pageSize=10&pageNo=1&clientToken=be31b98c-5e41-4838-9830-9be700de5a20 HTTP/1.1
HOST bss.{region}.baidubce.com
Authorization bce-auth-v1/5e5a8adf11ae475ba95f1bd38228b44f/2016-04-10T08:26:52Z/1800/host;x-bce-date/ec3c0069f9abb1e247773a62707224124b2b31b4c171133677f9042969791f02Return example
HTTP/1.1 200 OK
x-bce-request-id: 946002ee-cb4f-4aad-b686-5be55df27f09
Date: Wed, 10 Apr 2018 08:26:52 GMT
Content-Length:
Connection: keep-alive
Content-Type: application/json;charset=UTF-8
Server: nginx
{
"data": [
{
"time": "2017-03-14 19:49:53", //Event, local time
"bcc": ["instance_id1", "instance_id2"], //Affected assets
"ip": "ip", //Attacker IP
"addr": "USA", //Attack value address
"userAgent": "baidu spider", //Attacker camouflage
"url": "URL", //Attacker URL
"ruleId": "zdy_id", //Here is the custom rule name after the user sets a custom rule.
"ruleName": "sql-0001", //Defense mode
"ruleInfo": "SQL injection", //Security event
"type": "deny| log", //Matched pattern
"body": "body", //Match contents
},
{...},
]
"total": 1000, //Total
} WAF Is Used to Query the Trend of Attacks within a Period
Interface description
It is used to query the trend map of attack frequency within 24 hours. The attack type needs to be specified, and must be one of whole event, web attack, custom rule blocking event. The finish time of a period needs to be specified, and indicated by a time stamp.
Request structure
GET /v{version}/wafCount/{waf_id}?time={time}&type={type}&clientToken={clientToken} HTTP/1.1
Host: bss.{region}.baidubce.com
Authorization: authorization stringRequest header
There are no other special headers except the public headers.
Request parameter
| Parameter name | Type | Required or not | Parameter position | Description |
|---|---|---|---|---|
| version | String | Yes | URL parameter | API version number (the current value is 2) |
| time | TIMESTMAP | Yes | QUERY parameter | Time stamp: Select the finish time of an event. |
| type | String | Yes | QUERY parameter | The values of all, webAttack and customAttack respectively represent whole event, web attack, and custom rule blocking event. |
| clientToken | String | Yes | Query parameter | Idempotence, for details, please see Idempotence |
Return status code
"200" for return successful and Error Code for return failed.
Return header
There are no other special headers except the public headers.
Return parameter
| Parameter name | Type | Description |
|---|---|---|
| total | List<PeriodAttackCount> | Array of attacks per hour within a period |
Request example
GET /v2/wafCount/waf-3a4b5c?time=1546963200&type=webAttack&pageSize=10&pageNo=1&clientToken=be31b98c-5e41-4838-9830-9be700de5a20 HTTP/1.1
HOST bss.{region}.baidubce.com
Authorization bce-auth-v1/5e5a8adf11ae475ba95f1bd38228b44f/2016-04-10T08:26:52Z/1800/host;x-bce-date/ec3c0069f9abb1e247773a62707224124b2b31b4c171133677f9042969791f02Return example
HTTP/1.1 200 OK
x-bce-request-id: 946002ee-cb4f-4aad-b686-5be55df27f09
Date: Wed, 10 Apr 2018 08:26:52 GMT
Content-Length:
Connection: keep-alive
Content-Type: application/json;charset=UTF-8
Server: nginx
{
"total":[
{
"time":00,
"total":10
},
{
"time":"12",
"total":"20"
},
]
}