API

History
Introduction
API Category
Making API Requests
- Request Structure
- Common Params
- Signature v3
- Signature
- Responses
Site APIs
- CreateZone
- DescribeIdentifications
- ModifyZone
- DeleteZone
- ModifyZoneStatus
- CheckCnameStatus
- IdentifyZone
- DescribeZones
- VerifyOwnership
- ExportZoneConfig
- ImportZoneConfig
- DescribeZoneConfigImportResult
Acceleration Domain Management APIs
- CreateAccelerationDomain
- DescribeAccelerationDomains
- ModifyAccelerationDomain
- ModifyAccelerationDomainStatuses
- DeleteAccelerationDomains
- CreateSharedCNAME
- BindSharedCNAME
- DeleteSharedCNAME
Site Acceleration Configuration APIs
- CreateRule
- DeleteRules
- DescribeHostsSetting
- DescribeRules
- DescribeRulesSetting
- DescribeZoneSetting
- ModifyRule
- ModifyZoneSetting
Edge Function APIs
- CreateFunction
- DescribeFunctions
- ModifyFunction
- CreateFunctionRule
- DeleteFunction
- DescribeFunctionRules
- ModifyFunctionRule
- ModifyFunctionRulePriority
- DeleteFunctionRules
- DescribeFunctionRuntimeEnvironment
- HandleFunctionRuntimeEnvironment
Alias Domain APIs
- CreateAliasDomain
- DescribeAliasDomains
- ModifyAliasDomain
- ModifyAliasDomainStatus
- DeleteAliasDomain
Security Configuration APIs
- CreateSecurityIPGroup
- DescribeSecurityIPGroup
- ModifySecurityIPGroup
- DeleteSecurityIPGroup
- DescribeOriginProtection
- DescribeSecurityTemplateBindings
- ModifySecurityPolicy
- BindSecurityTemplateToEntity
- DescribeSecurityIPGroupInfo
Layer 4 Application Proxy APIs
- CreateL4Proxy
- ModifyL4Proxy
- ModifyL4ProxyStatus
- DescribeL4Proxy
- DeleteL4Proxy
- CreateL4ProxyRules
- ModifyL4ProxyRules
- ModifyL4ProxyRulesStatus
- DescribeL4ProxyRules
- DeleteL4ProxyRules
- CreateApplicationProxy
- ModifyApplicationProxy
- ModifyApplicationProxyStatus
- DescribeApplicationProxies
- DeleteApplicationProxy
- CreateApplicationProxyRule
- ModifyApplicationProxyRule
- ModifyApplicationProxyRuleStatus
- DeleteApplicationProxyRule
Content Management APIs
- CreatePurgeTask
- DescribePurgeTasks
- CreatePrefetchTask
- DescribePrefetchTasks
- DescribeContentQuota
Data Analysis APIs
- DescribeDDoSAttackData
- DescribeDDoSAttackEvent
- DescribeDDoSAttackTopData
- DescribeOverviewL7Data
- DescribeTimingL4Data
- DescribeTimingL7AnalysisData
- DescribeTopL7AnalysisData
- DescribeTimingL7CacheData
- DescribeTopL7CacheData
Log Service APIs
- DownloadL7Logs
- DownloadL4Logs
- CreateCLSIndex
- CreateRealtimeLogDeliveryTask
- ModifyRealtimeLogDeliveryTask
- DeleteRealtimeLogDeliveryTask
- DescribeRealtimeLogDeliveryTasks
Billing APIs
- CreatePlan
- UpgradePlan
- RenewPlan
- ModifyPlan
- IncreasePlanQuota
- DestroyPlan
- CreatePlanForZone
- BindZoneToPlan
- DescribeBillingData
- DescribeAvailablePlans
Certificate APIs
- DescribeDefaultCertificates
- ModifyHostsCertificate
Load Balancing APIs
- CreateOriginGroup
- ModifyOriginGroup
- DeleteOriginGroup
- DescribeOriginGroup
- CreateLoadBalancer
- ModifyLoadBalancer
- DeleteLoadBalancer
- DescribeLoadBalancerList
- DescribeOriginGroupHealthStatus
Custom Response Page APIs
- CreateCustomizeErrorPage
- DescribeCustomErrorPages
- ModifyCustomErrorPage
- DeleteCustomErrorPage
DNS Record APIs
- CreateDnsRecord
- DeleteDnsRecords
- DescribeDnsRecords
- ModifyDnsRecordsStatus
- ModifyDnsRecords
Diagnostic Tool APIs
- DescribeIPRegion
Version Management APIs
- CreateConfigGroupVersion
- DeployConfigGroupVersion
- DescribeConfigGroupVersionDetail
- DescribeConfigGroupVersions
- DescribeDeployHistory
- DescribeEnvironments
Data Types
Error Codes

ModifySecurityPolicy

1. API Description

Domain name for API request: teo.intl.tencentcloudapi.com.

This API is used to modify the web and bot security configurations.

A maximum of 20 requests can be initiated per second for this API.

We recommend you to use API Explorer

Try it

API Explorer provides a range of capabilities, including online call, signature authentication, SDK code generation, and API quick search. It enables you to view the request, response, and auto-generated examples.

2. Input Parameters

The following request parameter list only provides API request parameters and some common parameters. For the complete common parameter list, see Common Request Parameters.

Parameter Name	Required	Type	Description
Action	Yes	String	Common Params. The value used for this API: ModifySecurityPolicy.
Version	Yes	String	Common Params. The value used for this API: 2022-09-01.
Region	No	String	Common Params. This parameter is not required.
ZoneId	Yes	String	Zone ID.
SecurityConfig	Yes	SecurityConfig	Security policy configuration. when ExceptionRules in the SecurityPolicy parameter is set, ExceptConfig in the SecurityConfig parameter will be ignored; when CustomRules in the SecurityPolicy parameter is set, AclConfig and IpTableConfig in the SecurityConfig parameter will be ignored; when HttpDDoSProtection and RateLimitingRules in the SecurityPolicy parameter are set, RateLimitConfig in the SecurityConfig parameter will be ignored; when ManagedRule in the SecurityPolicy parameter is set, WafConfig in the SecurityConfig parameter will be ignored; for exception rules, custom rules, rate limits, and managed rule policy, it is recommended to use the SecurityPolicy parameter for configuration. .
SecurityPolicy	No	SecurityPolicy	Security policy configuration. recommend using for Web exception rules, protection custom policies, rate rules, and managed rules. supports configuring security policies with expression grammar.
Entity	No	String	`SecurityPolicy` type, the following parameter values can be used for query: `ZoneDefaultPolicy`: used to specify a query for site-level policies; `Template`: used to specify a query for policy templates. the `TemplateId` parameter needs to be specified simultaneously; `Host`: used to specify a query for domain-level policies (note: when using `Host` to specify a domain name service policy, only domain name services or policy templates that have been applied domain-level policies are supported).
Host	No	String	Specify the domain name. When the `Entity` parameter value is set to `Host`, use the domain-level policy specified by this parameter to query the domain configuration. For example, use `www.example.com` to configure the domain-level policy for that domain name.
TemplateId	No	String	Specify the policy template ID. Use this parameter to specify the ID of the policy Template to query the Template configuration when the `Entity` parameter value is set to `Template`.

3. Output Parameters

Parameter Name	Type	Description
RequestId	String	The unique request ID, generated by the server, will be returned for every request (if the request fails to reach the server for other reasons, the request will not obtain a RequestId). RequestId is required for locating a problem.

4. Example

Example1 Modifying a Domain Name Policy

Modify the domain policy of a.eotest.com under the eotest.com site

Input Example

POST / HTTP/1.1
Host: teo.intl.tencentcloudapi.com
Content-Type: application/json
X-TC-Action: ModifySecurityPolicy
<Common request parameters>

{
    "ZoneId": "zone-fa89j239a",
    "Entity": "Host",
    "Host": "a.eotest.com",
    "SecurityConfig": {},
    "SecurityPolicy": {
        "ExceptionRules": {
            "Rules": [
                {
                    "Id": "1492837231",
                    "Name": "ExampleSkipModule",
                    "Condition": "${http.request.uri.path} in ['/api/v3/test','/api/v3/submit'] and ${http.request.method} in ['POST']",
                    "SkipScope": "WebSecurityModules",
                    "WebSecurityModulesForException": [
                        "websec-mod-custom-rules",
                        "websec-mod-rate-limiting"
                    ],
                    "Enabled": "On"
                },
                {
                    "Id": "1492837231",
                    "Name": "SampleSkipManagedRule",
                    "Condition": "${http.request.uri.path} in ['/api/v3/test','/api/v3/submit'] and ${http.request.method} in ['POST']",
                    "SkipScope": "ManagedRules",
                    "SkipOption": "SkipOnAllRequestFields",
                    "ManagedRulesForException": [
                        "4401215074",
                        "4368124487"
                    ],
                    "Enabled": "On"
                },
                {
                    "Id": "1492837231",
                    "Name": "SampleSkipManagedRule",
                    "Condition": "${http.request.uri.path} in ['/api/v3/test','/api/v3/submit'] and ${http.request.method} in ['POST']",
                    "SkipScope": "ManagedRules",
                    "SkipOption": "SkipOnAllRequestFields",
                    "ManagedRuleGroupsForException": [
                        "wafgroup-sql-injection-attacks"
                    ],
                    "Enabled": "On"
                },
                {
                    "Id": "1492837231",
                    "Name": "SampleSkipManagedRuleForField",
                    "Condition": "${http.request.uri.path} in ['/api/v3/test','/api/v3/submit'] and ${http.request.method} in ['POST']",
                    "SkipScope": "ManagedRules",
                    "ManagedRulesForException": [
                        "4401215074",
                        "4368124487"
                    ],
                    "SkipOption": "SkipOnSpecifiedRequestFields",
                    "RequestFieldsForException": [
                        {
                            "Scope": "cookie",
                            "Condition": "",
                            "TargetField": "key"
                        },
                        {
                            "Scope": "cookie",
                            "Condition": "${key} in ['session-id']",
                            "TargetField": "value"
                        },
                        {
                            "Scope": "cookie",
                            "Condition": "${key} in ['account-id'] and ${value} like ['prefix-*']",
                            "TargetField": "value"
                        },
                        {
                            "Scope": "header",
                            "Condition": "",
                            "TargetField": "key"
                        },
                        {
                            "Scope": "header",
                            "Condition": "${key} in ['x-trace-id']",
                            "TargetField": "value"
                        },
                        {
                            "Scope": "header",
                            "Condition": "${key} like ['x-auth-*'] and ${value} like ['Bearer *']",
                            "TargetField": "value"
                        },
                        {
                            "Scope": "uri.query",
                            "Condition": "",
                            "TargetField": "key"
                        },
                        {
                            "Scope": "uri.query",
                            "Condition": "${key} in ['action']",
                            "TargetField": "value"
                        },
                        {
                            "Scope": "uri.query",
                            "Condition": "${key} in ['action'] and ${value} in ['upload', 'delete']",
                            "TargetField": "value"
                        },
                        {
                            "Scope": "uri",
                            "Condition": "",
                            "TargetField": "query"
                        },
                        {
                            "Scope": "uri",
                            "Condition": "",
                            "TargetField": "path"
                        },
                        {
                            "Scope": "uri",
                            "Condition": "",
                            "TargetField": "fullpath"
                        },
                        {
                            "Scope": "body.json",
                            "Condition": "",
                            "TargetField": "key"
                        },
                        {
                            "Scope": "body.json",
                            "Condition": "${key} in ['user.id']",
                            "TargetField": "value"
                        },
                        {
                            "Scope": "body.json",
                            "Condition": "${key} in ['user.id'] and ${value} in ['1234', '5678']",
                            "TargetField": "value"
                        },
                        {
                            "Scope": "body",
                            "Condition": "",
                            "TargetField": "fullbody"
                        },
                        {
                            "Scope": "body",
                            "Condition": "",
                            "TargetField": "multipart"
                        }
                    ],
                    "Enabled": "On"
                }
            ]
        },
        "CustomRules": {
            "Rules": [
                {
                    "Id": "1492837231",
                    "Name": "SampleBasicACLRule",
                    "Condition": "${http.request.ip} in ['1.1.1.1', '10.10.10.0/24', ${security.ip_group['123'@'zone-2xsnpvkhdjes']} ]",
                    "Action": {
                        "Name": "Deny"
                    },
                    "Priority": 10,
                    "Enabled": "on"
                }
            ]
        },
        "HttpDDoSProtection": {
            "AdaptiveFrequencyControl": {
                "Enabled": "on",
                "Sensitivity": "Loose",
                "Action": {
                    "Name": "Monitor"
                }
            },
            "ClientFiltering": {
                "Enabled": "on",
                "Action": {
                    "Name": "Monitor"
                }
            },
            "BandwidthAbuseDefense": {
                "Enabled": "on",
                "Action": {
                    "Name": "Monitor"
                }
            },
            "SlowAttackDefense": {
                "Enabled": "on",
                "Action": {
                    "Name": "Monitor"
                },
                "MinimalRequestBodyTransferRate": {
                    "Enabled": "on",
                    "MinimalAvgTransferRateThreshold": "50bps",
                    "CountingPeriod": "60s"
                },
                "RequestBodyTransferTimeout": {
                    "Enabled": "on",
                    "IdleTimeout": "5s"
                }
            }
        },
        "RateLimitingRules": {
            "Rules": [
                {
                    "Enabled": "on",
                    "Name": "SampleHttpDdosRule",
                    "Condition": "${http.request.uri.path} in ['/api/v3/test','/api/v3/submit']",
                    "CountBy": [
                        "http.request.ip",
                        "http.request.cookies['UserSession']"
                    ],
                    "MaxRequestThreshold": 1000,
                    "CountingPeriod": "2m",
                    "ActionDuration": "20h",
                    "Action": {
                        "Name": "ManagedChallenge"
                    },
                    "Id": "2181399690",
                    "Priority": 100
                }
            ]
        },
        "ManagedRules": {
            "Enabled": "on",
            "AutoUpdate": {
                "AutoUpdateToLatestVersion": "off",
                "RulesetVersion": "2023-12-21T12:00:32Z"
            },
            "SemanticAnalysis": "on",
            "DetectionOnly": "on",
            "ManagedRuleGroups": [
                {
                    "GroupId": "wafmanagedrulegroup-vulnerability-scanners",
                    "SensitivityLevel": "wafmanagedrule-sensitivity-level-extreme",
                    "Action": {
                        "Name": "Monitor"
                    }
                }
            ]
        }
    }
}

Output Example

{
    "Response": {
        "RequestId": "08b32010-ab25-42a4-b923-777c481da684"
    }
}

Example2 Modifying Template Policy

Modify the policy of the temp-00iel413 template under the eotest.com site

Input Example

POST / HTTP/1.1
Host: teo.intl.tencentcloudapi.com
Content-Type: application/json
X-TC-Action: ModifySecurityPolicy
<Common request parameters>

{
    "ZoneId": "zone-fa89j239a",
    "Entity": "Template",
    "TemplateId": "temp-00iel413",
    "SecurityConfig": {},
    "SecurityPolicy": {
        "CustomRules": {
            "Rules": [
                {
                    "Id": "1492837231",
                    "Name": "SampleBasicACLRule",
                    "Condition": "${http.request.ip} in ['1.1.1.1', '10.10.10.0/24', ${security.ip_group['123'@'zone-2xsnpvkhdjes']} ]",
                    "Action": {
                        "Name": "Deny"
                    },
                    "Priority": 10,
                    "Enabled": "on"
                }
            ]
        }
    }
}

Output Example

{
    "Response": {
        "RequestId": "08b32010-ab25-42a4-b923-777c481da684"
    }
}

Example3 Modifying a Site-Level Policy

This example shows you how to modify the site-level policy for eotest.com.

Input Example

POST / HTTP/1.1
Host: teo.intl.tencentcloudapi.com
Content-Type: application/json
X-TC-Action: ModifySecurityPolicy
<Common request parameters>

{
    "ZoneId": "zone-fa89j239a",
    "Entity": "ZoneDefaultPolicy",
    "SecurityConfig": {},
    "SecurityPolicy": {
        "ManagedRules": {
            "Enabled": "on",
            "AutoUpdate": {
                "AutoUpdateToLatestVersion": "off",
                "RulesetVersion": "2023-12-21T12:00:32Z"
            },
            "SemanticAnalysis": "on",
            "DetectionOnly": "on",
            "ManagedRuleGroups": [
                {
                    "GroupId": "wafmanagedrulegroup-vulnerability-scanners",
                    "SensitivityLevel": "wafmanagedrule-sensitivity-level-extreme",
                    "Action": {
                        "Name": "Monitor"
                    }
                }
            ]
        }
    }
}

Output Example

{
    "Response": {
        "RequestId": "08b32010-ab25-42a4-b923-777c481da684"
    }
}

Example4 Modifying Security Configuration

This example shows you how to modify the layer-7 security configuration for the domain a.eotest.com.

Input Example

POST / HTTP/1.1
Host: teo.intl.tencentcloudapi.com
Content-Type: application/json
X-TC-Action: ModifySecurityPolicy
<Common request parameters>

{
    "ZoneId": "zone-fa89j239a",
    "Entity": "a.eotest.com",
    "SecurityConfig": {
        "WafConfig": {
            "Switch": "on",
            "WafRule": {
                "Switch": "on",
                "ObserveRuleIDs": [],
                "BlockRuleIDs": [
                    162502146
                ]
            },
            "Mode": "block",
            "Level": "loose"
        }
    }
}

Output Example

{
    "Response": {
        "RequestId": "08b32010-ab25-42a4-b923-2e6c481dae23"
    }
}

Example5 Modifying an Exception Rule to Allow Specified Fields

This example shows you how to use the following configuration to skip WAF security protection by whitelisting certain fields (such as all keys in the HTTP Header) for a specific scenario (for example, HTTP requests with the path /skipwaf) in WAF protection.

Input Example

POST / HTTP/1.1
Host: teo.intl.tencentcloudapi.com
Content-Type: application/json
X-TC-Action: ModifySecurityPolicy
<Common request parameters>

{
    "ZoneId": "zone-fa89j239a",
    "Entity": "*.eotest.com",
    "SecurityConfig": {
        "ExceptConfig": {
            "Switch": "on",
            "ExceptUserRules": [
                {
                    "Action": "skip",
                    "ExceptUserRuleConditions": [
                        {
                            "MatchContent": "/skipwaf",
                            "MatchFrom": "cgi",
                            "Operator": "equal"
                        }
                    ],
                    "ExceptUserRuleScope": {
                        "Type": "partial",
                        "PartialModules": [
                            {
                                "Module": "waf",
                                "Include": [
                                    106247778
                                ]
                            }
                        ],
                        "SkipConditions": [
                            {
                                "MatchContent": [],
                                "MatchFrom": [],
                                "Selector": "keys",
                                "Type": "header_fields"
                            }
                        ]
                    },
                    "RuleID": 0,
                    "RuleName": "first_webshell",
                    "RulePriority": 0,
                    "RuleStatus": "on",
                    "UpdateTime": "2022-09-22T03:00:10Z"
                }
            ]
        }
    }
}

Output Example

{
    "Response": {
        "RequestId": "08b32010-ab25-42a4-b923-2e6c481dae44"
    }
}

Example6 Modifying Exception Rules in Security Configuration and Whitelisting Header key Field Scenarios

In WAF security protection, if a certain scenario exists in the business (such as an http request with the path /skipwaf) where partial fields (such as the Value corresponding to YourSkipHeader in the HTTP Header) need to be whitelisted to skip WAF security protection, you can use the following configuration.

Input Example

POST / HTTP/1.1
Host: teo.intl.tencentcloudapi.com
Content-Type: application/json
X-TC-Action: ModifySecurityPolicy
<Common request parameters>

{
    "ZoneId": "zone-fa89j239a",
    "Entity": "*.eotest.com",
    "SecurityConfig": {
        "ExceptConfig": {
            "Switch": "on",
            "ExceptUserRules": [
                {
                    "Action": "skip",
                    "ExceptUserRuleConditions": [
                        {
                            "MatchContent": "/skipwaf",
                            "MatchFrom": "cgi",
                            "Operator": "equal"
                        }
                    ],
                    "ExceptUserRuleScope": {
                        "Type": "partial",
                        "PartialModules": [
                            {
                                "Module": "waf",
                                "Include": [
                                    106247778
                                ]
                            }
                        ],
                        "SkipConditions": [
                            {
                                "MatchContent": [],
                                "MatchFrom": [
                                    "YourSkipHeader"
                                ],
                                "MatchFromType": "equal",
                                "Selector": "values",
                                "Type": "header_fields"
                            }
                        ]
                    },
                    "RuleID": 0,
                    "RuleName": "first_webshell",
                    "RulePriority": 0,
                    "RuleStatus": "on",
                    "UpdateTime": "2022-09-22T03:00:10Z"
                }
            ]
        }
    }
}

Output Example

{
    "Response": {
        "RequestId": "08b32010-ab25-42a4-b923-2e6c481dae66"
    }
}

5. Developer Resources

SDK

TencentCloud API 3.0 integrates SDKs that support various programming languages to make it easier for you to call APIs.

Command Line Interface

Tencent Cloud CLI 3.0

6. Error Code

The following only lists the error codes related to the API business logic. For other error codes, see Common Error Codes.

Error Code	Description
InternalError.ConfigLocked	The configuration is locked. Please unlock and try again.
InternalError.ProxyServer	An unknown error occurred in the backend server.
InternalError.RouteError	The backend routing address is incorrect.
InvalidParameter.Security	Invalid parameter.
LimitExceeded.Security	Limit exceeded
OperationDenied	Operation denied.
ResourceInUse	The resource is occupied.
UnauthorizedOperation.CamUnauthorized	CAM is not authorized.
UnauthorizedOperation.NoPermission	The sub-account is not authorized for the operation. Please get permissions first.
UnauthorizedOperation.Unknown	An unknown error occurred in the backend server.
UnsupportedOperation	Unsupported operation.

1. API Description
2. Input Parameters
3. Output Parameters
4. Example
Example1 Modifying a Domain Name Policy
Example2 Modifying Template Policy
Example3 Modifying a Site-Level Policy
Example4 Modifying Security Configuration
Example5 Modifying an Exception Rule to Allow Specified Fields
Example6 Modifying Exception Rules in Security Configuration and Whitelisting Header key Field Scenarios
5. Developer Resources
SDK
Command Line Interface
6. Error Code