1. 接口描述
接口请求域名: teo.tencentcloudapi.com 。
修改Web&Bot安全配置。
默认接口请求频率限制:20次/秒。
推荐使用 API Explorer
点击调试
API Explorer 提供了在线调用、签名验证、SDK 代码生成和快速检索接口等能力。您可查看每次调用的请求内容和返回结果以及自动生成 SDK 调用示例。
2. 输入参数
以下请求参数列表仅列出了接口请求参数和部分公共参数,完整公共参数列表见 公共请求参数。
| 参数名称 | 必选 | 类型 | 描述 |
|---|---|---|---|
| Action | 是 | String | 公共参数,本接口取值:ModifySecurityPolicy。 |
| Version | 是 | String | 公共参数,本接口取值:2022-09-01。 |
| Region | 否 | String | 公共参数,此参数为可选参数。 |
| ZoneId | 是 | String | 站点 ID。 |
| SecurityConfig | 是 | SecurityConfig | 安全策略配置。 |
| SecurityPolicy | 否 | SecurityPolicy | 安全策略配置。对 Web 例外规则、防护自定义策略、速率规则和托管规则配置建议使用,支持表达式语法对安全策略进行配置。 |
| Entity | 否 | String | 安全策略类型,可使用以下参数值: |
| Host | 否 | String | 指定域名。当 Entity 参数值为 Host 时,使用本参数指定的域名级策略,例如:使用 www.example.com ,配置该域名的域名级策略。 |
| TemplateId | 否 | String | 指定策略模板 ID。当 Entity 参数值为 Template 时,使用本参数指定策略模板的 ID。 |
3. 输出参数
| 参数名称 | 类型 | 描述 |
|---|---|---|
| RequestId | String | 唯一请求 ID,由服务端生成,每次请求都会返回(若请求因其他原因未能抵达服务端,则该次请求不会获得 RequestId)。定位问题时需要提供该次请求的 RequestId。 |
4. 示例
示例1 修改域名策略
修改eotest.com站点下a.eotest.com域名策略
输入示例
POST / HTTP/1.1
Host: teo.tencentcloudapi.com
Content-Type: application/json
X-TC-Action: ModifySecurityPolicy
<公共请求参数>
{
"ZoneId": "zone-fa89j239a",
"Entity": "Host",
"Host": "a.eotest.com",
"SecurityConfig": {},
"SecurityPolicy": {
"ExceptionRules": {
"Rules": [
{
"Id": "1492837231",
"Name": "ExampleSkipModule",
"Condition": "${http.request.uri.path} in ['/api/v3/test','/api/v3/submit'] and ${http.request.method} in ['POST']",
"SkipScope": "WebSecurityModules",
"WebSecurityModulesForException": [
"websec-mod-custom-rules",
"websec-mod-rate-limiting"
],
"Enabled": "On"
},
{
"Id": "1492837231",
"Name": "SampleSkipManagedRule",
"Condition": "${http.request.uri.path} in ['/api/v3/test','/api/v3/submit'] and ${http.request.method} in ['POST']",
"SkipScope": "ManagedRules",
"SkipOption": "SkipOnAllRequestFields",
"ManagedRulesForException": [
"4401215074",
"4368124487"
],
"Enabled": "On"
},
{
"Id": "1492837231",
"Name": "SampleSkipManagedRule",
"Condition": "${http.request.uri.path} in ['/api/v3/test','/api/v3/submit'] and ${http.request.method} in ['POST']",
"SkipScope": "ManagedRules",
"SkipOption": "SkipOnAllRequestFields",
"ManagedRuleGroupsForException": [
"wafgroup-sql-injection-attacks"
],
"Enabled": "On"
},
{
"Id": "1492837231",
"Name": "SampleSkipManagedRuleForField",
"Condition": "${http.request.uri.path} in ['/api/v3/test','/api/v3/submit'] and ${http.request.method} in ['POST']",
"SkipScope": "ManagedRules",
"ManagedRulesForException": [
"4401215074",
"4368124487"
],
"SkipOption": "SkipOnSpecifiedRequestFields",
"RequestFieldsForException": [
{
"Scope": "cookie",
"Condition": "",
"TargetField": "key"
},
{
"Scope": "cookie",
"Condition": "${key} in ['session-id']",
"TargetField": "value"
},
{
"Scope": "cookie",
"Condition": "${key} in ['account-id'] and ${value} like ['prefix-*']",
"TargetField": "value"
},
{
"Scope": "header",
"Condition": "",
"TargetField": "key"
},
{
"Scope": "header",
"Condition": "${key} in ['x-trace-id']",
"TargetField": "value"
},
{
"Scope": "header",
"Condition": "${key} like ['x-auth-*'] and ${value} like ['Bearer *']",
"TargetField": "value"
},
{
"Scope": "uri.query",
"Condition": "",
"TargetField": "key"
},
{
"Scope": "uri.query",
"Condition": "${key} in ['action']",
"TargetField": "value"
},
{
"Scope": "uri.query",
"Condition": "${key} in ['action'] and ${value} in ['upload', 'delete']",
"TargetField": "value"
},
{
"Scope": "uri",
"Condition": "",
"TargetField": "query"
},
{
"Scope": "uri",
"Condition": "",
"TargetField": "path"
},
{
"Scope": "uri",
"Condition": "",
"TargetField": "fullpath"
},
{
"Scope": "body.json",
"Condition": "",
"TargetField": "key"
},
{
"Scope": "body.json",
"Condition": "${key} in ['user.id']",
"TargetField": "value"
},
{
"Scope": "body.json",
"Condition": "${key} in ['user.id'] and ${value} in ['1234', '5678']",
"TargetField": "value"
},
{
"Scope": "body",
"Condition": "",
"TargetField": "fullbody"
},
{
"Scope": "body",
"Condition": "",
"TargetField": "multipart"
}
],
"Enabled": "On"
}
]
},
"CustomRules": {
"Rules": [
{
"Id": "1492837231",
"Name": "SampleBasicACLRule",
"Condition": "${http.request.ip} in ['1.1.1.1', '10.10.10.0/24', ${security.ip_group['123'@'zone-2xsnpvkhdjes']} ]",
"Action": {
"Name": "Deny"
},
"Priority": 10,
"Enabled": "on"
}
]
},
"HttpDDoSProtection": {
"AdaptiveFrequencyControl": {
"Enabled": "on",
"Sensitivity": "Loose",
"Action": {
"Name": "Monitor"
}
},
"ClientFiltering": {
"Enabled": "on",
"Action": {
"Name": "Monitor"
}
},
"BandwidthAbuseDefense": {
"Enabled": "on",
"Action": {
"Name": "Monitor"
}
},
"SlowAttackDefense": {
"Enabled": "on",
"Action": {
"Name": "Monitor"
},
"MinimalRequestBodyTransferRate": {
"Enabled": "on",
"MinimalAvgTransferRateThreshold": "50bps",
"CountingPeriod": "60s"
},
"RequestBodyTransferTimeout": {
"Enabled": "on",
"IdleTimeout": "5s"
}
}
},
"RateLimitingRules": {
"Rules": [
{
"Enabled": "on",
"Name": "SampleHttpDdosRule",
"Condition": "${http.request.uri.path} in ['/api/v3/test','/api/v3/submit']",
"CountBy": [
"http.request.ip",
"http.request.cookies['UserSession']"
],
"MaxRequestThreshold": 1000,
"CountingPeriod": "2m",
"ActionDuration": "20h",
"Action": {
"Name": "ManagedChallenge"
},
"Id": "2181399690",
"Priority": 100
}
]
},
"ManagedRules": {
"Enabled": "on",
"AutoUpdate": {
"AutoUpdateToLatestVersion": "off",
"RulesetVersion": "2023-12-21T12:00:32Z"
},
"SemanticAnalysis": "on",
"DetectionOnly": "on",
"ManagedRuleGroups": [
{
"GroupId": "wafmanagedrulegroup-vulnerability-scanners",
"SensitivityLevel": "wafmanagedrule-sensitivity-level-extreme",
"Action": {
"Name": "Monitor"
}
}
]
}
}
}输出示例
{
"Response": {
"RequestId": "08b32010-ab25-42a4-b923-777c481da684"
}
}示例2 修改模板策略
修改eotest.com站点下temp-00iel413模板策略
输入示例
POST / HTTP/1.1
Host: teo.tencentcloudapi.com
Content-Type: application/json
X-TC-Action: ModifySecurityPolicy
<公共请求参数>
{
"ZoneId": "zone-fa89j239a",
"Entity": "Template",
"TemplateId": "temp-00iel413",
"SecurityConfig": {},
"SecurityPolicy": {
"CustomRules": {
"Rules": [
{
"Id": "1492837231",
"Name": "SampleBasicACLRule",
"Condition": "${http.request.ip} in ['1.1.1.1', '10.10.10.0/24', ${security.ip_group['123'@'zone-2xsnpvkhdjes']} ]",
"Action": {
"Name": "Deny"
},
"Priority": 10,
"Enabled": "on"
}
]
}
}
}输出示例
{
"Response": {
"RequestId": "08b32010-ab25-42a4-b923-777c481da684"
}
}示例3 修改站点级策略
修改eotest.com站点级策略
输入示例
POST / HTTP/1.1
Host: teo.tencentcloudapi.com
Content-Type: application/json
X-TC-Action: ModifySecurityPolicy
<公共请求参数>
{
"ZoneId": "zone-fa89j239a",
"Entity": "ZoneDefaultPolicy",
"SecurityConfig": {},
"SecurityPolicy": {
"ManagedRules": {
"Enabled": "on",
"AutoUpdate": {
"AutoUpdateToLatestVersion": "off",
"RulesetVersion": "2023-12-21T12:00:32Z"
},
"SemanticAnalysis": "on",
"DetectionOnly": "on",
"ManagedRuleGroups": [
{
"GroupId": "wafmanagedrulegroup-vulnerability-scanners",
"SensitivityLevel": "wafmanagedrule-sensitivity-level-extreme",
"Action": {
"Name": "Monitor"
}
}
]
}
}
}输出示例
{
"Response": {
"RequestId": "08b32010-ab25-42a4-b923-777c481da684"
}
}示例4 修改安全配置
修改a.eotest.com域名七层安全配置
输入示例
POST / HTTP/1.1
Host: teo.tencentcloudapi.com
Content-Type: application/json
X-TC-Action: ModifySecurityPolicy
<公共请求参数>
{
"ZoneId": "zone-fa89j239a",
"Entity": "a.eotest.com",
"SecurityConfig": {
"WafConfig": {
"Switch": "on",
"WafRule": {
"Switch": "on",
"ObserveRuleIDs": [],
"BlockRuleIDs": [
162502146
]
},
"Mode": "block",
"Level": "loose"
}
}
}输出示例
{
"Response": {
"RequestId": "08b32010-ab25-42a4-b923-2e6c481dae23"
}
}示例5 修改安全配置中的例外规则并加白字段的场景
在WAF防护中,如果业务存在某个场景(如路径为/skipwaf的HTTP请求)需要对部分字段(如HTTP Header的全部Key)进行加白以此来跳过WAF安全防护,则可以使用如下配置。
输入示例
POST / HTTP/1.1
Host: teo.tencentcloudapi.com
Content-Type: application/json
X-TC-Action: ModifySecurityPolicy
<公共请求参数>
{
"ZoneId": "zone-fa89j239a",
"Entity": "*.eotest.com",
"SecurityConfig": {
"ExceptConfig": {
"Switch": "on",
"ExceptUserRules": [
{
"Action": "skip",
"ExceptUserRuleConditions": [
{
"MatchContent": "/skipwaf",
"MatchFrom": "cgi",
"Operator": "equal"
}
],
"ExceptUserRuleScope": {
"Type": "partial",
"PartialModules": [
{
"Module": "waf",
"Include": [
106247778
]
}
],
"SkipConditions": [
{
"MatchContent": [],
"MatchFrom": [],
"Selector": "keys",
"Type": "header_fields"
}
]
},
"RuleID": 0,
"RuleName": "first_webshell",
"RulePriority": 0,
"RuleStatus": "on",
"UpdateTime": "2022-09-22T03:00:10Z"
}
]
}
}
}输出示例
{
"Response": {
"RequestId": "08b32010-ab25-42a4-b923-2e6c481dae44"
}
}示例6 修改安全配置中的例外规则并加白Header指定key字段的场景
在WAF防护中,如果业务存在某个场景(如路径为/skipwaf的HTTP请求)需要对部分字段(如HTTP Header中的YourSkipHeader对应的Value)进行加白以此来跳过WAF安全防护,则可以使用如下配置。
输入示例
POST / HTTP/1.1
Host: teo.tencentcloudapi.com
Content-Type: application/json
X-TC-Action: ModifySecurityPolicy
<公共请求参数>
{
"ZoneId": "zone-fa89j239a",
"Entity": "*.eotest.com",
"SecurityConfig": {
"ExceptConfig": {
"Switch": "on",
"ExceptUserRules": [
{
"Action": "skip",
"ExceptUserRuleConditions": [
{
"MatchContent": "/skipwaf",
"MatchFrom": "cgi",
"Operator": "equal"
}
],
"ExceptUserRuleScope": {
"Type": "partial",
"PartialModules": [
{
"Module": "waf",
"Include": [
106247778
]
}
],
"SkipConditions": [
{
"MatchContent": [],
"MatchFrom": [
"YourSkipHeader"
],
"MatchFromType": "equal",
"Selector": "values",
"Type": "header_fields"
}
]
},
"RuleID": 0,
"RuleName": "first_webshell",
"RulePriority": 0,
"RuleStatus": "on",
"UpdateTime": "2022-09-22T03:00:10Z"
}
]
}
}
}输出示例
{
"Response": {
"RequestId": "08b32010-ab25-42a4-b923-2e6c481dae66"
}
}5. 开发者资源
腾讯云 API 平台
腾讯云 API 平台 是综合 API 文档、错误码、API Explorer 及 SDK 等资源的统一查询平台,方便您从同一入口查询及使用腾讯云提供的所有 API 服务。
API Inspector
用户可通过 API Inspector 查看控制台每一步操作关联的 API 调用情况,并自动生成各语言版本的 API 代码,也可前往 API Explorer 进行在线调试。
SDK
云 API 3.0 提供了配套的开发工具集(SDK),支持多种编程语言,能更方便的调用 API。
- Tencent Cloud SDK 3.0 for Python: GitHub, Gitee
- Tencent Cloud SDK 3.0 for Java: GitHub, Gitee
- Tencent Cloud SDK 3.0 for PHP: GitHub, Gitee
- Tencent Cloud SDK 3.0 for Go: GitHub, Gitee
- Tencent Cloud SDK 3.0 for Node.js: GitHub, Gitee
- Tencent Cloud SDK 3.0 for .NET: GitHub, Gitee
- Tencent Cloud SDK 3.0 for C++: GitHub, Gitee
- Tencent Cloud SDK 3.0 for Ruby: GitHub, Gitee
命令行工具
6. 错误码
以下仅列出了接口业务逻辑相关的错误码,其他错误码详见 公共错误码。
| 错误码 | 描述 |
|---|---|
| InternalError.ConfigLocked | 配置已被锁定,请解除配置锁定之后在重试。 |
| InternalError.ProxyServer | 后端服务器发生未知错误。 |
| InternalError.RouteError | 后端服务路由地址错误。 |
| InvalidParameter.Security | 参数错误 |
| LimitExceeded.Security | 超出功能限制。 |
| OperationDenied | 操作被拒绝。 |
| ResourceInUse | 资源被占用。 |
| UnauthorizedOperation.CamUnauthorized | Cam 未授权。 |
| UnauthorizedOperation.NoPermission | 子账户没有操作权限,请添加权限后继续操作。 |
| UnauthorizedOperation.Unknown | 后端服务器发生未知错误。 |
| UnsupportedOperation | 操作不支持。 |
