边缘安全加速平台 EO 查询安全防护配置详情

1. 接口描述

接口请求域名： teo.tencentcloudapi.com 。

查询安全防护配置详情。

默认接口请求频率限制：20次/秒。

推荐使用 API Explorer

点击调试

API Explorer 提供了在线调用、签名验证、SDK 代码生成和快速检索接口等能力。您可查看每次调用的请求内容和返回结果以及自动生成 SDK 调用示例。

2. 输入参数

以下请求参数列表仅列出了接口请求参数和部分公共参数，完整公共参数列表见公共请求参数。

参数名称	必选	类型	描述
Action	是	String	公共参数，本接口取值：DescribeSecurityPolicy。
Version	是	String	公共参数，本接口取值：2022-09-01。
Region	否	String	公共参数，此参数为可选参数。
ZoneId	是	String	站点 ID。
Entity	否	String	安全策略类型，可使用以下参数值进行查询： ZoneDefaultPolicy：用于指定查询站点级策略； Template：用于指定查询策略模板，需要同时指定 TemplateId 参数； Host：用于指定查询域名级策略（注意：当使用域名来指定域名服务策略时，仅支持已经应用了域名级策略的域名服务或者策略模板）。
TemplateId	否	String	指定策略模板 ID。当 Entity 参数值为 Template 时，使用本参数指定策略模板的 ID 查询模板配置。
Host	否	String	指定域名。当 Entity 参数值为 Host 时，使用本参数指定的域名级策略查询域名配置，例如：使用 www.example.com ，配置该域名的域名级策略。

3. 输出参数

参数名称	类型	描述
SecurityPolicy	SecurityPolicy	安全策略配置。注意：此字段可能返回 null，表示取不到有效值。
RequestId	String	唯一请求 ID，由服务端生成，每次请求都会返回（若请求因其他原因未能抵达服务端，则该次请求不会获得 RequestId）。定位问题时需要提供该次请求的 RequestId。

4. 示例

示例1 查询安全防护配置

查询安全防护配置

输入示例

POST / HTTP/1.1
Host: teo.tencentcloudapi.com
Content-Type: application/json
X-TC-Action: DescribeSecurityPolicy
<公共请求参数>

{
    "Entity": "Host",
    "Host": "www.example.com",
    "ZoneId": "zone-xxqr76cy"
}

输出示例

{
    "Response": {
        "RequestId": "cb5d2c0e-295e-412a-891a-9f8ab6057b4a",
        "SecurityPolicy": {
            "ExceptionRules": {
                "Rules": [
                    {
                        "Id": "1492837231",
                        "Name": "ExampleSkipModule",
                        "Condition": "${http.request.uri.path} in ['/api/v3/test','/api/v3/submit'] and ${http.request.method} in ['POST']",
                        "SkipScope": "WebSecurityModules",
                        "WebSecurityModulesForException": [
                            "websec-mod-custom-rules",
                            "websec-mod-rate-limiting"
                        ],
                        "Enabled": "On"
                    },
                    {
                        "Id": "1492837231",
                        "Name": "SampleSkipManagedRule",
                        "Condition": "${http.request.uri.path} in ['/api/v3/test','/api/v3/submit'] and ${http.request.method} in ['POST']",
                        "SkipScope": "ManagedRules",
                        "SkipOption": "SkipOnAllRequestFields",
                        "ManagedRulesForException": [
                            "4401215074",
                            "4368124487"
                        ],
                        "Enabled": "On"
                    },
                    {
                        "Id": "1492837231",
                        "Name": "SampleSkipManagedRule",
                        "Condition": "${http.request.uri.path} in ['/api/v3/test','/api/v3/submit'] and ${http.request.method} in ['POST']",
                        "SkipScope": "ManagedRules",
                        "SkipOption": "SkipOnAllRequestFields",
                        "ManagedRuleGroupsForException": [
                            "wafgroup-sql-injection-attacks"
                        ],
                        "Enabled": "On"
                    },
                    {
                        "Id": "1492837231",
                        "Name": "SampleSkipManagedRuleForField",
                        "Condition": "${http.request.uri.path} in ['/api/v3/test','/api/v3/submit'] and ${http.request.method} in ['POST']",
                        "SkipScope": "ManagedRules",
                        "ManagedRulesForException": [
                            "4401215074",
                            "4368124487"
                        ],
                        "SkipOption": "SkipOnSpecifiedRequestFields",
                        "RequestFieldsForException": [
                            {
                                "Scope": "cookie",
                                "Condition": "",
                                "TargetField": "key"
                            },
                            {
                                "Scope": "cookie",
                                "Condition": "${key} in ['session-id']",
                                "TargetField": "value"
                            },
                            {
                                "Scope": "cookie",
                                "Condition": "${key} in ['account-id'] and ${value} like ['prefix-*']",
                                "TargetField": "value"
                            },
                            {
                                "Scope": "header",
                                "Condition": "",
                                "TargetField": "key"
                            },
                            {
                                "Scope": "header",
                                "Condition": "${key} in ['x-trace-id']",
                                "TargetField": "value"
                            },
                            {
                                "Scope": "header",
                                "Condition": "${key} like ['x-auth-*'] and ${value} like ['Bearer *']",
                                "TargetField": "value"
                            },
                            {
                                "Scope": "uri.query",
                                "Condition": "",
                                "TargetField": "key"
                            },
                            {
                                "Scope": "uri.query",
                                "Condition": "${key} in ['action']",
                                "TargetField": "value"
                            },
                            {
                                "Scope": "uri.query",
                                "Condition": "${key} in ['action'] and ${value} in ['upload', 'delete']",
                                "TargetField": "value"
                            },
                            {
                                "Scope": "uri",
                                "Condition": "",
                                "TargetField": "query"
                            },
                            {
                                "Scope": "uri",
                                "Condition": "",
                                "TargetField": "path"
                            },
                            {
                                "Scope": "uri",
                                "Condition": "",
                                "TargetField": "fullpath"
                            },
                            {
                                "Scope": "body.json",
                                "Condition": "",
                                "TargetField": "key"
                            },
                            {
                                "Scope": "body.json",
                                "Condition": "${key} in ['user.id']",
                                "TargetField": "value"
                            },
                            {
                                "Scope": "body.json",
                                "Condition": "${key} in ['user.id'] and ${value} in ['1234', '5678']",
                                "TargetField": "value"
                            },
                            {
                                "Scope": "body",
                                "Condition": "",
                                "TargetField": "fullbody"
                            },
                            {
                                "Scope": "body",
                                "Condition": "",
                                "TargetField": "multipart"
                            }
                        ],
                        "Enabled": "On"
                    }
                ]
            },
            "CustomRules": {
                "Rules": [
                    {
                        "Id": "1492837231",
                        "Name": "ASimpleIPRule",
                        "Condition": "${http.request.ip} in ['1.1.1.1', '10.10.10.0/24'] or ${http.request.ip.asn} in ['132203']",
                        "Action": {
                            "Name": "Deny"
                        },
                        "Enabled": "on",
                        "RuleType": "PreciseMatchRule",
                        "Priority": 50
                    }
                ]
            },
            "HttpDDoSProtection": {
                "AdaptiveFrequencyControl": {
                    "Enabled": "on",
                    "Sensitivity": "Loose",
                    "Action": {
                        "Name": "Monitor"
                    }
                },
                "ClientFiltering": {
                    "Enabled": "on",
                    "Action": {
                        "Name": "Monitor"
                    }
                },
                "BandwidthAbuseDefense": {
                    "Enabled": "on",
                    "Action": {
                        "Name": "Monitor"
                    }
                },
                "SlowAttackDefense": {
                    "Enabled": "on",
                    "Action": {
                        "Name": "Monitor"
                    },
                    "MinimalRequestBodyTransferRate": {
                        "MinimalAvgTransferRateThreshold": "50bps",
                        "CountingPeriod": "60s"
                    },
                    "RequestBodyTransferTimeout": {
                        "IdleTimeout": "5s"
                    }
                }
            },
            "RateLimitingRules": {
                "Rules": [
                    {
                        "Enabled": "on",
                        "Name": "SampleHttpDdosRule",
                        "Condition": "${http.request.uri.path} in ['/api/v3/test','/api/v3/submit']",
                        "CountBy": [
                            "http.request.ip",
                            "http.request.cookies['UserSession']"
                        ],
                        "MaxRequestThreshold": 1000,
                        "CountingPeriod": "2m",
                        "ActionDuration": "20h",
                        "Action": {
                            "Name": "ManagedChallenge"
                        },
                        "Id": "2181399690",
                        "Priority": 100
                    }
                ]
            },
            "ManagedRules": {
                "Enabled": "on",
                "AutoUpdate": {
                    "AutoUpdateToLatestVersion": "off",
                    "RulesetVersion": "2023-12-21T12:00:32Z"
                },
                "SemanticAnalysis": "on",
                "DetectionOnly": "on",
                "ManagedRuleGroups": [
                    {
                        "GroupId": "wafmanagedrulegroup-vulnerability-scanners",
                        "SensitivityLevel": "loose",
                        "Action": {
                            "Name": "Monitor"
                        },
                        "MetaData": {
                            "GroupDetail": "扫描器攻击漏洞防护",
                            "GroupName": "扫描器攻击漏洞防护",
                            "RuleDetails": [
                                {
                                    "RuleId": "4401215444",
                                    "RiskLevel": "extreme",
                                    "Description": "针对dedecms历史sql注入漏洞的防护规则",
                                    "Tags": [],
                                    "RuleVersion": "2023-12-21T12:00:32Z"
                                },
                                {
                                    "RuleId": "4401214877",
                                    "RiskLevel": "medium",
                                    "Description": "拦截常见扫描器的xss验证payload",
                                    "Tags": [],
                                    "RuleVersion": "2023-12-21T12:00:32Z"
                                }
                            ]
                        }
                    }
                ]
            }
        }
    }
}

5. 开发者资源

腾讯云 API 平台

腾讯云 API 平台是综合 API 文档、错误码、API Explorer 及 SDK 等资源的统一查询平台，方便您从同一入口查询及使用腾讯云提供的所有 API 服务。

API Inspector

用户可通过 API Inspector 查看控制台每一步操作关联的 API 调用情况，并自动生成各语言版本的 API 代码，也可前往 API Explorer 进行在线调试。

SDK

云 API 3.0 提供了配套的开发工具集（SDK），支持多种编程语言，能更方便的调用 API。

Tencent Cloud SDK 3.0 for Python: GitHub, Gitee
Tencent Cloud SDK 3.0 for Java: GitHub, Gitee
Tencent Cloud SDK 3.0 for PHP: GitHub, Gitee
Tencent Cloud SDK 3.0 for Go: GitHub, Gitee
Tencent Cloud SDK 3.0 for Node.js: GitHub, Gitee
Tencent Cloud SDK 3.0 for .NET: GitHub, Gitee
Tencent Cloud SDK 3.0 for C++: GitHub, Gitee
Tencent Cloud SDK 3.0 for Ruby: GitHub, Gitee

命令行工具

Tencent Cloud CLI 3.0

6. 错误码

以下仅列出了接口业务逻辑相关的错误码，其他错误码详见公共错误码。

错误码	描述
InternalError.ProxyServer	后端服务器发生未知错误。
InvalidParameter.Security	参数错误
UnauthorizedOperation.CamUnauthorized	Cam 未授权。
UnauthorizedOperation.NoPermission	子账户没有操作权限，请添加权限后继续操作。
UnauthorizedOperation.Unknown	后端服务器发生未知错误。

查询安全防护配置详情

本页目录：