边缘安全加速平台 EO 创建安全策略配置模板

1. 接口描述

接口请求域名： teo.tencentcloudapi.com 。

创建安全策略配置模板

默认接口请求频率限制：20次/秒。

推荐使用 API Explorer

点击调试

API Explorer 提供了在线调用、签名验证、SDK 代码生成和快速检索接口等能力。您可查看每次调用的请求内容和返回结果以及自动生成 SDK 调用示例。

2. 输入参数

以下请求参数列表仅列出了接口请求参数和部分公共参数，完整公共参数列表见公共请求参数。

参数名称	必选	类型	描述
Action	是	String	公共参数，本接口取值：CreateWebSecurityTemplate。
Version	是	String	公共参数，本接口取值：2022-09-01。
Region	否	String	公共参数，此参数为可选参数。
ZoneId	是	String	站点 ID。该参数明确策略模板在访问权限上归属的站点。
TemplateName	是	String	策略模板名称。由中文、英文、数字和下划线组成，不能以下划线开头，且长度不能超过 32 个字符。
SecurityPolicy	否	SecurityPolicy	安全策略模板配置内容，字段为空时生成默认配置。目前支持 Web 防护模块中的例外规则、自定义规则、速率限制规则和托管规则配置，通过表达式语法对安全策略进行配置。 Bot 管理规则配置暂不支持，正在开发中。

3. 输出参数

参数名称	类型	描述
TemplateId	String	策略模板 ID。
RequestId	String	唯一请求 ID，由服务端生成，每次请求都会返回（若请求因其他原因未能抵达服务端，则该次请求不会获得 RequestId）。定位问题时需要提供该次请求的 RequestId。

4. 示例

示例1 创建安全策略配置模板

在 zone-2wkpkd52pwsk 站点中创建“Web安全策略模板”。

输入示例

POST / HTTP/1.1
Host: teo.tencentcloudapi.com
Content-Type: application/json
X-TC-Action: CreateWebSecurityTemplate
<公共请求参数>

{
    "ZoneId": "zone-2wkpkd52pwsk",
    "TemplateName": "Web安全策略模板",
    "SecurityPolicy": {
        "CustomRules": {
            "Rules": [
                {
                    "Name": "acl1",
                    "Condition": "${http.request.host} in ['111']",
                    "Action": {
                        "Name": "Deny"
                    },
                    "Enabled": "on",
                    "RuleType": "PreciseMatchRule",
                    "Priority": 35
                },
                {
                    "Name": "iptable1",
                    "Condition": "${http.request.headers['referer']} in ['123']",
                    "Action": {
                        "Name": "Deny"
                    },
                    "Enabled": "on",
                    "RuleType": "BasicAccessRule"
                }
            ]
        },
        "ExceptionRules": {
            "Rules": [
                {
                    "Name": "SampleSkipManagedRule",
                    "Condition": "${http.request.uri.path} in ['/api/v3/test','/api/v3/submit']",
                    "SkipScope": "ManagedRules",
                    "SkipOption": "SkipOnAllRequestFields",
                    "ManagedRulesForException": [
                        "4401215074",
                        "4368124487"
                    ],
                    "Enabled": "on"
                },
                {
                    "Name": "SampleSkipManagedRule2",
                    "Condition": "${http.request.uri.path} in ['/api/v3/test','/api/v3/submit']",
                    "SkipScope": "ManagedRules",
                    "SkipOption": "SkipOnAllRequestFields",
                    "ManagedRuleGroupsForException": [
                        "wafgroup-sql-injection-attacks"
                    ],
                    "Enabled": "on"
                },
                {
                    "Name": "SampleSkipManagedRuleForField",
                    "Condition": "${http.request.uri.path} in ['/api/v3/test','/api/v3/submit'] ",
                    "SkipScope": "ManagedRules",
                    "ManagedRulesForException": [
                        "4401215074",
                        "4368124487"
                    ],
                    "SkipOption": "SkipOnSpecifiedRequestFields",
                    "RequestFieldsForException": [
                        {
                            "Scope": "cookie",
                            "Condition": "",
                            "TargetField": "key"
                        }
                    ],
                    "Enabled": "on"
                }
            ]
        },
        "HttpDDoSProtection": {
            "AdaptiveFrequencyControl": {
                "Action": {
                    "ChallengeActionParameters": {
                        "ChallengeOption": "JSChallenge"
                    },
                    "Name": "Challenge"
                },
                "Enabled": "on",
                "Sensitivity": "Loose"
            },
            "BandwidthAbuseDefense": {
                "Action": {
                    "Name": "Monitor"
                },
                "Enabled": "off"
            },
            "ClientFiltering": {
                "Action": {
                    "ChallengeActionParameters": {
                        "ChallengeOption": "JSChallenge"
                    },
                    "Name": "Challenge"
                },
                "Enabled": "on"
            },
            "SlowAttackDefense": {
                "Action": {
                    "Name": "Deny"
                },
                "Enabled": "off",
                "MinimalRequestBodyTransferRate": {
                    "CountingPeriod": "60s",
                    "Enabled": "off",
                    "MinimalAvgTransferRateThreshold": "80bps"
                },
                "RequestBodyTransferTimeout": {
                    "Enabled": "off",
                    "IdleTimeout": "5s"
                }
            }
        },
        "ManagedRules": {
            "AutoUpdate": {
                "AutoUpdateToLatestVersion": "on"
            },
            "DetectionOnly": "on",
            "Enabled": "on",
            "ManagedRuleGroups": [
                {
                    "Action": {
                        "Name": "Monitor"
                    },
                    "GroupId": "wafgroup-webshell-attacks",
                    "RuleActions": [

                    ],
                    "SensitivityLevel": "strict"
                },
                {
                    "Action": {
                        "Name": "Monitor"
                    },
                    "GroupId": "wafgroup-xss-attacks",
                    "RuleActions": [

                    ],
                    "SensitivityLevel": "strict"
                },
                {
                    "Action": {
                        "Name": "Monitor"
                    },
                    "GroupId": "wafgroup-xxe-attacks",
                    "RuleActions": [

                    ],
                    "SensitivityLevel": "strict"
                },
                {
                    "Action": {
                        "Name": "Monitor"
                    },
                    "GroupId": "wafgroup-vulnerability-scanners",
                    "RuleActions": [

                    ],
                    "SensitivityLevel": "strict"
                },
                {
                    "Action": {
                        "Name": "Monitor"
                    },
                    "GroupId": "wafgroup-non-compliant-protocol-usages",
                    "RuleActions": [

                    ],
                    "SensitivityLevel": "strict"
                },
                {
                    "Action": {
                        "Name": "Monitor"
                    },
                    "GroupId": "wafgroup-cms-vulnerabilities",
                    "RuleActions": [

                    ],
                    "SensitivityLevel": "strict"
                },
                {
                    "Action": {
                        "Name": "Monitor"
                    },
                    "GroupId": "wafgroup-file-upload-attacks",
                    "RuleActions": [

                    ],
                    "SensitivityLevel": "strict"
                },
                {
                    "Action": {
                        "Name": "Monitor"
                    },
                    "GroupId": "wafgroup-other-vulnerabilities",
                    "RuleActions": [

                    ],
                    "SensitivityLevel": "strict"
                },
                {
                    "Action": {
                        "Name": "Monitor"
                    },
                    "GroupId": "wafgroup-command-and-code-injections",
                    "RuleActions": [

                    ],
                    "SensitivityLevel": "strict"
                },
                {
                    "Action": {
                        "Name": "Monitor"
                    },
                    "GroupId": "wafgroup-sql-injections",
                    "RuleActions": [

                    ],
                    "SensitivityLevel": "strict"
                },
                {
                    "Action": {
                        "Name": "Monitor"
                    },
                    "GroupId": "wafgroup-shiro-vulnerabilities",
                    "RuleActions": [

                    ],
                    "SensitivityLevel": "strict"
                },
                {
                    "Action": {
                        "Name": "Monitor"
                    },
                    "GroupId": "wafgroup-unauthorized-file-accesses",
                    "RuleActions": [

                    ],
                    "SensitivityLevel": "strict"
                },
                {
                    "Action": {
                        "Name": "Monitor"
                    },
                    "GroupId": "wafgroup-ldap-injections",
                    "RuleActions": [

                    ],
                    "SensitivityLevel": "strict"
                },
                {
                    "Action": {
                        "Name": "Monitor"
                    },
                    "GroupId": "wafgroup-oa-vulnerabilities",
                    "RuleActions": [

                    ],
                    "SensitivityLevel": "strict"
                },
                {
                    "Action": {
                        "Name": "Monitor"
                    },
                    "GroupId": "wafgroup-ssrf-attacks",
                    "RuleActions": [

                    ],
                    "SensitivityLevel": "strict"
                },
                {
                    "Action": {
                        "Name": "Monitor"
                    },
                    "GroupId": "wafgroup-ssti-attacks",
                    "RuleActions": [

                    ],
                    "SensitivityLevel": "strict"
                },
                {
                    "Action": {
                        "Name": "Monitor"
                    },
                    "GroupId": "wafgroup-unauthorized-accesses",
                    "RuleActions": [

                    ],
                    "SensitivityLevel": "strict"
                }
            ],
            "SemanticAnalysis": "off"
        },
        "RateLimitingRules": {
            "Rules": [
                {
                    "Enabled": "on",
                    "Name": "SampleHttpDdosRule",
                    "Condition": "${http.request.uri.path} in ['/api/v3/test','/api/v3/submit']",
                    "CountBy": [
                        "http.request.ip",
                        "http.request.cookies['UserSession']"
                    ],
                    "MaxRequestThreshold": 1000,
                    "CountingPeriod": "2m",
                    "ActionDuration": "20h",
                    "Action": {
                        "Name": "Deny"
                    },
                    "Priority": 100
                }
            ]
        }
    }
}

输出示例

{
    "Response": {
        "RequestId": "09ce3d28-1119-49cd-a99f-27cb34dac669",
        "TemplateId": "temp-ygt2paxl"
    }
}

5. 开发者资源

腾讯云 API 平台

腾讯云 API 平台是综合 API 文档、错误码、API Explorer 及 SDK 等资源的统一查询平台，方便您从同一入口查询及使用腾讯云提供的所有 API 服务。

API Inspector

用户可通过 API Inspector 查看控制台每一步操作关联的 API 调用情况，并自动生成各语言版本的 API 代码，也可前往 API Explorer 进行在线调试。

SDK

云 API 3.0 提供了配套的开发工具集（SDK），支持多种编程语言，能更方便的调用 API。

Tencent Cloud SDK 3.0 for Python: CNB, GitHub, Gitee
Tencent Cloud SDK 3.0 for Java: CNB, GitHub, Gitee
Tencent Cloud SDK 3.0 for PHP: CNB, GitHub, Gitee
Tencent Cloud SDK 3.0 for Go: CNB, GitHub, Gitee
Tencent Cloud SDK 3.0 for Node.js: CNB, GitHub, Gitee
Tencent Cloud SDK 3.0 for .NET: CNB, GitHub, Gitee
Tencent Cloud SDK 3.0 for C++: CNB, GitHub, Gitee
Tencent Cloud SDK 3.0 for Ruby: CNB, GitHub, Gitee

命令行工具

Tencent Cloud CLI 3.0

6. 错误码

以下仅列出了接口业务逻辑相关的错误码，其他错误码详见公共错误码。

错误码	描述
InvalidParameter.Security	参数错误
LimitExceeded.Security	超出功能限制。
UnauthorizedOperation.CamUnauthorized	Cam 未授权。