1. 接口描述
接口请求域名: teo.tencentcloudapi.com 。
修改安全策略配置模板
默认接口请求频率限制:20次/秒。
推荐使用 API Explorer
点击调试
API Explorer 提供了在线调用、签名验证、SDK 代码生成和快速检索接口等能力。您可查看每次调用的请求内容和返回结果以及自动生成 SDK 调用示例。
2. 输入参数
以下请求参数列表仅列出了接口请求参数和部分公共参数,完整公共参数列表见 公共请求参数。
| 参数名称 | 必选 | 类型 | 描述 |
|---|---|---|---|
| Action | 是 | String | 公共参数,本接口取值:ModifyWebSecurityTemplate。 |
| Version | 是 | String | 公共参数,本接口取值:2022-09-01。 |
| Region | 否 | String | 公共参数,此参数为可选参数。 |
| ZoneId | 是 | String | 站点 ID。需要传入目标策略模板在访问权限上归属的站点,可使用 DescribeWebSecurityTemplates 接口查询策略模板归属的站点。 |
| TemplateId | 是 | String | 策略模板 ID。 |
| TemplateName | 否 | String | 修改后的策略模板名称。由中文、英文、数字和下划线组成,不能以下划线开头,且长度不能超过32个字符。字段为空时则不修改。 |
| SecurityPolicy | 否 | SecurityPolicy | 安全策略模板配置内容。值为空时不修改;没有传入的子模块结构不会被修改。目前支持 Web 防护模块中的例外规则、自定义规则、速率限制规则和托管规则配置,通过表达式语法对安全策略进行配置。 Bot 管理规则配置暂不支持,正在开发中。 特别说明:当入参某个子模块结构时,请确保携带所有需要保留的规则内容,未传入规则内容视为删除。 |
3. 输出参数
| 参数名称 | 类型 | 描述 |
|---|---|---|
| RequestId | String | 唯一请求 ID,由服务端生成,每次请求都会返回(若请求因其他原因未能抵达服务端,则该次请求不会获得 RequestId)。定位问题时需要提供该次请求的 RequestId。 |
4. 示例
示例1 修改策略模板名称
修改 zone-2wkpkd52pku2 站点下 temp-cuwgt1ca 模板的名称为“Web防护标准模板V2”。
输入示例
POST / HTTP/1.1
Host: teo.tencentcloudapi.com
Content-Type: application/json
X-TC-Action: ModifyWebSecurityTemplate
<公共请求参数>
{
"ZoneId": "zone-2wkpkd52pku2",
"TemplateId": "temp-cuwgt1ca",
"TemplateName": "Web防护标准模板V2"
}输出示例
{
"Response": {
"RequestId": "09ce3d28-1119-49cd-d5a9-27cb34dac669"
}
}示例2 修改策略模板配置内容
修改 zone-2wkpkd52pku2 站点下 temp-cuwgt1ca 模板的配置内容。
输入示例
POST / HTTP/1.1
Host: teo.tencentcloudapi.com
Content-Type: application/json
X-TC-Action: ModifyWebSecurityTemplate
<公共请求参数>
{
"ZoneId": "zone-2wkpkd52pku2",
"TemplateId": "temp-cuwgt1ca",
"TemplateName": "安全模板_rename",
"SecurityPolicy": {
"CustomRules": {
"Rules": [
{
"Action": {
"Name": "Deny"
},
"Condition": "${http.request.host} in ['111']",
"Enabled": "on",
"Id": "1492837231",
"Name": "acl1",
"Priority": 35,
"RuleType": "PreciseMatchRule"
},
{
"Action": {
"Name": "Deny"
},
"Condition": "${http.request.headers['referer']} in ['123']",
"Enabled": "on",
"Id": "1492837231",
"Name": "iptable1",
"Priority": 1,
"RuleType": "BasicAccessRule"
}
]
},
"ExceptionRules": {
"Rules": [
{
"Condition": "${http.request.uri.path} in ['/api/v3/test','/api/v3/submit'] ",
"Enabled": "on",
"Id": "1492837231",
"ManagedRuleGroupsForException": [
],
"ManagedRulesForException": [
"4401215074",
"4368124487"
],
"Name": "SampleSkipManagedRuleForField",
"RequestFieldsForException": [
{
"Scope": "cookie",
"TargetField": "key",
"Condition": ""
}
],
"SkipOption": "SkipOnSpecifiedRequestFields",
"SkipScope": "ManagedRules",
"WebSecurityModulesForException": [
]
}
]
},
"HttpDDoSProtection": {
"AdaptiveFrequencyControl": {
"Action": {
"ChallengeActionParameters": {
"ChallengeOption": "JSChallenge"
},
"Name": "Challenge"
},
"Enabled": "on",
"Sensitivity": "Loose"
},
"BandwidthAbuseDefense": {
"Action": {
"Name": "Monitor"
},
"Enabled": "off"
},
"ClientFiltering": {
"Action": {
"ChallengeActionParameters": {
"ChallengeOption": "JSChallenge"
},
"Name": "Challenge"
},
"Enabled": "on"
},
"SlowAttackDefense": {
"Action": {
"Name": "Deny"
},
"Enabled": "off",
"MinimalRequestBodyTransferRate": {
"CountingPeriod": "60s",
"Enabled": "off",
"MinimalAvgTransferRateThreshold": "80bps"
},
"RequestBodyTransferTimeout": {
"Enabled": "off",
"IdleTimeout": "5s"
}
}
},
"ManagedRules": {
"AutoUpdate": {
"AutoUpdateToLatestVersion": "on"
},
"DetectionOnly": "on",
"Enabled": "on",
"ManagedRuleGroups": [
{
"Action": {
"Name": "Monitor"
},
"GroupId": "wafgroup-webshell-attacks",
"MetaData": {
"GroupDetail": "Webshell检测防护",
"GroupName": "Webshell检测防护",
"RuleDetails": [
{
"Description": "此条规则拦截恶意混淆的PHP Webshell",
"RiskLevel": "high",
"RuleId": "1492837231",
"RuleVersion": "2022-05-16T03:02:25Z",
"Tags": [
]
},
{
"Description": "防护php代码注入和webshell上传攻击",
"RiskLevel": "high",
"RuleId": "1492837231",
"RuleVersion": "2019-04-03T08:25:00Z",
"Tags": [
]
},
{
"Description": "此条规则拦截ASP Webshell和JSP Webshell中的恶意函数调用特征",
"RiskLevel": "medium",
"RuleId": "1492837231",
"RuleVersion": "2022-05-16T03:04:30Z",
"Tags": [
]
},
{
"Description": "此条规则拦截Webshell中存在的登录密码特征",
"RiskLevel": "extreme",
"RuleId": "1492837231",
"RuleVersion": "2022-01-10T09:39:02Z",
"Tags": [
]
},
{
"Description": "针对冰蝎 default_json 传输协议的检测规则\n",
"RiskLevel": "extreme",
"RuleId": "1492837231",
"RuleVersion": "2022-07-28T06:24:01Z",
"Tags": [
]
},
{
"Description": "针对asp.net webshell的防护规则,基于asp.net webshell的标签特征",
"RiskLevel": "high",
"RuleId": "1492837231",
"RuleVersion": "2022-01-19T09:12:31Z",
"Tags": [
]
},
{
"Description": "针对出现在 header 中的 webshell 写入特征",
"RiskLevel": "extreme",
"RuleId": "1492837231",
"RuleVersion": "2021-03-31T09:37:39Z",
"Tags": [
]
},
{
"Description": "此条规则拦截Webshell中可疑的函数调用行为",
"RiskLevel": "high",
"RuleId": "1492837231",
"RuleVersion": "2022-01-12T07:29:50Z",
"Tags": [
]
},
{
"Description": "此条规则拦截PHP Webshell中的高危函数调用特征",
"RiskLevel": "medium",
"RuleId": "1492837231",
"RuleVersion": "2022-05-16T03:06:10Z",
"Tags": [
]
},
{
"Description": "此条规则拦截PHP Webshell中变量定义的行为",
"RiskLevel": "extreme",
"RuleId": "1492837231",
"RuleVersion": "2022-06-13T03:55:11Z",
"Tags": [
]
},
{
"Description": "此条规则基于一些常见的webshell工具连接特征拦截webshell文件",
"RiskLevel": "medium",
"RuleId": "1492837231",
"RuleVersion": "2021-08-13T06:35:48Z",
"Tags": [
]
},
{
"Description": "防护java代码注入和jsp webshell上传攻击",
"RiskLevel": "medium",
"RuleId": "1492837231",
"RuleVersion": "2017-11-01T08:53:30Z",
"Tags": [
]
},
{
"Description": "针对冰蝎 default_image 传输协议的检测规则",
"RiskLevel": "extreme",
"RuleId": "1492837231",
"RuleVersion": "2022-07-28T06:24:25Z",
"Tags": [
]
},
{
"Description": "此条规则拦截在Webshell中可能会出现的敏感字符串特征",
"RiskLevel": "high",
"RuleId": "1492837231",
"RuleVersion": "2022-01-10T09:43:16Z",
"Tags": [
]
},
{
"Description": "防护webshell攻击,检测$_GET/$_POST等敏感变量使用",
"RiskLevel": "high",
"RuleId": "1492837231",
"RuleVersion": "2018-11-28T06:51:52Z",
"Tags": [
]
},
{
"Description": "此条规则检测恶意混淆的Webshell",
"RiskLevel": "medium",
"RuleId": "1492837231",
"RuleVersion": "2022-01-12T07:33:55Z",
"Tags": [
]
},
{
"Description": "此条规则拦截具有可疑编码字符串特征的Webshell",
"RiskLevel": "extreme",
"RuleId": "1492837231",
"RuleVersion": "2022-01-12T07:21:46Z",
"Tags": [
]
}
]
},
"RuleActions": [
],
"SensitivityLevel": "strict"
},
{
"Action": {
"Name": "Monitor"
},
"GroupId": "wafgroup-xss-attacks",
"MetaData": {
"GroupDetail": "xss跨站脚本攻击防护",
"GroupName": "xss跨站脚本攻击防护",
"RuleDetails": [
{
"Description": "严格xss规则,针对一些html标签注入的场景",
"RiskLevel": "low",
"RuleId": "1492837231",
"RuleVersion": "2021-03-23T05:32:56Z",
"Tags": [
"owasp"
]
},
{
"Description": "此条规则拦截通过data伪协议注入HTML的行为",
"RiskLevel": "extreme",
"RuleId": "1492837231",
"RuleVersion": "2022-06-20T06:26:44Z",
"Tags": [
"owasp"
]
},
{
"Description": "防护xss攻击中的flash xss攻击,检测能调用敏感函数的swf文件的访问请求",
"RiskLevel": "extreme",
"RuleId": "1492837231",
"RuleVersion": "2018-04-18T06:37:44Z",
"Tags": [
"owasp"
]
},
{
"Description": "针对HTTP请求中的cookie字段,防护xss攻击中一些敏感标签及其敏感属性,如<script src=xxx>/<iframe src=javascript:xxx>等攻击特征",
"RiskLevel": "medium",
"RuleId": "1492837231",
"RuleVersion": "2021-06-24T12:35:37Z",
"Tags": [
"owasp"
]
},
{
"Description": "基于javascript伪装协议特征,拦截GET请求参数中,使用javascript伪协议进行xss利用的行为",
"RiskLevel": "medium",
"RuleId": "1492837231",
"RuleVersion": "2022-07-22T03:07:14Z",
"Tags": [
"owasp"
]
},
{
"Description": "此条规则拦截XSS攻击中敏感的伪协议调用特征",
"RiskLevel": "high",
"RuleId": "1492837231",
"RuleVersion": "2021-11-22T12:31:05Z",
"Tags": [
"owasp"
]
},
{
"Description": "针对 Ecommerse-1.0 xss漏洞的防护规则",
"RiskLevel": "extreme",
"RuleId": "1492837231",
"RuleVersion": "2022-11-30T08:47:05Z",
"Tags": [
]
},
{
"Description": "拦截在同一HTML标签内调用多个伪协议的攻击特征",
"RiskLevel": "high",
"RuleId": "1492837231",
"RuleVersion": "2021-08-09T02:41:51Z",
"Tags": [
"owasp"
]
},
{
"Description": "针对xss中,针对javascript伪协议的防护",
"RiskLevel": "extreme",
"RuleId": "1492837231",
"RuleVersion": "2021-04-01T03:47:49Z",
"Tags": [
"owasp"
]
},
{
"Description": "针对一些xss特殊攻击探测防护",
"RiskLevel": "low",
"RuleId": "1492837231",
"RuleVersion": "2024-11-19T06:37:27Z",
"Tags": [
]
},
{
"Description": "防护xss攻击中的一些敏感事件及敏感JS函数,形如onload=xxx和document.cookie等",
"RiskLevel": "high",
"RuleId": "1492837231",
"RuleVersion": "2019-01-03T07:36:29Z",
"Tags": [
"owasp"
]
},
{
"Description": "此条规则拦截攻击者通过对浏览器伪协议进行实体编码等方式进行的绕过攻击行为",
"RiskLevel": "low",
"RuleId": "1492837231",
"RuleVersion": "2021-10-25T12:34:40Z",
"Tags": [
"owasp"
]
},
{
"Description": "中等防护模式下,防护常见的反射型/存储型XSS攻击",
"RiskLevel": "high",
"RuleId": "1492837231",
"RuleVersion": "2021-08-17T08:25:13Z",
"Tags": [
"owasp"
]
},
{
"Description": "针对输出点在js环境中xss漏洞利用的场景,如使用 ;new Function(atob(` 执行恶意js代码的操作",
"RiskLevel": "extreme",
"RuleId": "1492837231",
"RuleVersion": "2020-12-28T06:29:01Z",
"Tags": [
"owasp"
]
},
{
"Description": "防护在上传请求中存在的反射型/存储型XSS攻击",
"RiskLevel": "low",
"RuleId": "1492837231",
"RuleVersion": "2021-08-17T08:23:02Z",
"Tags": [
"owasp"
]
},
{
"Description": "针对xss漏洞利用中,使用on事件执行js的操作,本规则用于覆盖新增的,可用于执行javascript的on事件",
"RiskLevel": "extreme",
"RuleId": "1492837231",
"RuleVersion": "2021-01-18T08:14:05Z",
"Tags": [
"owasp"
]
},
{
"Description": "拦截尝试使用 <isindex 标签进行XSS利用的防护规则",
"RiskLevel": "medium",
"RuleId": "1492837231",
"RuleVersion": "2022-11-30T08:43:55Z",
"Tags": [
]
},
{
"Description": "防护flash xss攻击",
"RiskLevel": "high",
"RuleId": "1492837231",
"RuleVersion": "2017-11-01T03:03:57Z",
"Tags": [
"owasp"
]
},
{
"Description": "防护xss攻击,检测攻击者调用alert/prompt等进行弹窗验证或添加恶意DOM节点的敏感操作",
"RiskLevel": "extreme",
"RuleId": "1492837231",
"RuleVersion": "2018-01-02T02:05:19Z",
"Tags": [
"owasp"
]
},
{
"Description": "防护攻击者针对XSS漏洞的探测利用行为",
"RiskLevel": "extreme",
"RuleId": "1492837231",
"RuleVersion": "2021-04-02T08:25:47Z",
"Tags": [
"owasp"
]
},
{
"Description": "针对HTTP请求中的cookie字段,防护XSS攻击中使用实体编码进行绕过的敏感操作",
"RiskLevel": "medium",
"RuleId": "1492837231",
"RuleVersion": "2021-06-24T09:24:55Z",
"Tags": [
"owasp"
]
},
{
"Description": "严格xss规则,针对一些特殊编码的防护规则",
"RiskLevel": "low",
"RuleId": "1492837231",
"RuleVersion": "2021-03-23T12:45:22Z",
"Tags": [
"owasp"
]
},
{
"Description": "防护xss攻击,检测攻击者试图通过调用getScript/CreateElement函数来注入外部JS脚本的敏感操作",
"RiskLevel": "medium",
"RuleId": "1492837231",
"RuleVersion": "2018-01-02T02:09:14Z",
"Tags": [
"owasp"
]
},
{
"Description": "防护xss攻击中一些敏感标签及其敏感属性,如<script src=xxx>/<iframe src=javascript:xxx>等攻击特征",
"RiskLevel": "high",
"RuleId": "1492837231",
"RuleVersion": "2019-12-31T07:48:29Z",
"Tags": [
"owasp"
]
},
{
"Description": "针对HTTP请求中的cookie字段,检测 xss攻击中 data uri/base64 等攻击特征",
"RiskLevel": "medium",
"RuleId": "1492837231",
"RuleVersion": "2021-06-24T10:09:09Z",
"Tags": [
"owasp"
]
},
{
"Description": "针对一些客户端原型链污染探测请求的防护规则",
"RiskLevel": "extreme",
"RuleId": "1492837231",
"RuleVersion": "2021-09-03T09:26:42Z",
"Tags": [
"owasp"
]
},
{
"Description": "超严格模式下,针对特定xss探测payload的拦截规则",
"RiskLevel": "low",
"RuleId": "1492837231",
"RuleVersion": "2021-11-10T08:57:34Z",
"Tags": [
"owasp"
]
},
{
"Description": "检测 xss中 data uri/base64 的攻击特征",
"RiskLevel": "extreme",
"RuleId": "1492837231",
"RuleVersion": "2017-09-01T03:18:36Z",
"Tags": [
"owasp"
]
},
{
"Description": "严格xss规则,针对js中的预定义全局变量",
"RiskLevel": "low",
"RuleId": "1492837231",
"RuleVersion": "2021-03-23T05:33:41Z",
"Tags": [
"owasp"
]
},
{
"Description": "严格xss规则,针对IE下使用css执行javascript的场景",
"RiskLevel": "medium",
"RuleId": "1492837231",
"RuleVersion": "2021-03-23T04:58:47Z",
"Tags": [
"owasp"
]
},
{
"Description": "防护恶意的XSS漏洞利用探测行为",
"RiskLevel": "low",
"RuleId": "1492837231",
"RuleVersion": "2021-03-23T13:17:23Z",
"Tags": [
"owasp"
]
},
{
"Description": "防护利用angularjs特性的XSS攻击",
"RiskLevel": "medium",
"RuleId": "1492837231",
"RuleVersion": "2022-04-06T06:21:17Z",
"Tags": [
"owasp"
]
},
{
"Description": "防护XSS攻击中实体编码绕过攻击",
"RiskLevel": "high",
"RuleId": "1492837231",
"RuleVersion": "2018-01-02T02:21:34Z",
"Tags": [
"owasp"
]
},
{
"Description": "宽松模式下,xss防护规则",
"RiskLevel": "extreme",
"RuleId": "1492837231",
"RuleVersion": "2020-12-07T02:45:26Z",
"Tags": [
"owasp"
]
},
{
"Description": "拦截在同一HTML标签内调用多个伪协议的攻击特征",
"RiskLevel": "high",
"RuleId": "1492837231",
"RuleVersion": "2021-08-09T02:40:05Z",
"Tags": [
"owasp"
]
},
{
"Description": "针对一些历史的XSS攻击向量的防护规则",
"RiskLevel": "low",
"RuleId": "1492837231",
"RuleVersion": "2022-05-16T09:28:20Z",
"Tags": [
"owasp"
]
}
]
},
"RuleActions": [
],
"SensitivityLevel": "strict"
}
],
"SemanticAnalysis": "off"
},
"RateLimitingRules": {
"Rules": [
{
"Action": {
"Name": "Deny"
},
"ActionDuration": "20h",
"Condition": "${http.request.uri.path} in ['/api/v3/test','/api/v3/submit']",
"CountBy": [
"http.request.ip",
"http.request.cookies['UserSession']"
],
"CountingPeriod": "2m",
"Enabled": "on",
"Id": "1492837231",
"MaxRequestThreshold": 1000,
"Name": "SampleHttpDdosRule",
"Priority": 100
}
]
}
}
}输出示例
{
"Response": {
"RequestId": "09ce3d28-1119-49cd-d5a9-27cb34dac669"
}
}5. 开发者资源
腾讯云 API 平台
腾讯云 API 平台 是综合 API 文档、错误码、API Explorer 及 SDK 等资源的统一查询平台,方便您从同一入口查询及使用腾讯云提供的所有 API 服务。
API Inspector
用户可通过 API Inspector 查看控制台每一步操作关联的 API 调用情况,并自动生成各语言版本的 API 代码,也可前往 API Explorer 进行在线调试。
SDK
云 API 3.0 提供了配套的开发工具集(SDK),支持多种编程语言,能更方便的调用 API。
- Tencent Cloud SDK 3.0 for Python: CNB, GitHub, Gitee
- Tencent Cloud SDK 3.0 for Java: CNB, GitHub, Gitee
- Tencent Cloud SDK 3.0 for PHP: CNB, GitHub, Gitee
- Tencent Cloud SDK 3.0 for Go: CNB, GitHub, Gitee
- Tencent Cloud SDK 3.0 for Node.js: CNB, GitHub, Gitee
- Tencent Cloud SDK 3.0 for .NET: CNB, GitHub, Gitee
- Tencent Cloud SDK 3.0 for C++: CNB, GitHub, Gitee
- Tencent Cloud SDK 3.0 for Ruby: CNB, GitHub, Gitee
命令行工具
6. 错误码
以下仅列出了接口业务逻辑相关的错误码,其他错误码详见 公共错误码。
| 错误码 | 描述 |
|---|---|
| InvalidParameter.Security | 参数错误 |
