API
  • History
  • Introduction
  • API Category
  • Making API Requests
    • Request Structure
    • Common Params
    • Signature v3
    • Signature
    • Responses
  • Site APIs
    • CreateZone
    • DescribeIdentifications
    • ModifyZone
    • DeleteZone
    • ModifyZoneStatus
    • CheckCnameStatus
    • IdentifyZone
    • DescribeZones
    • VerifyOwnership
  • Acceleration Domain Management APIs
    • CreateAccelerationDomain
    • DescribeAccelerationDomains
    • ModifyAccelerationDomain
    • ModifyAccelerationDomainStatuses
    • DeleteAccelerationDomains
    • CreateSharedCNAME
    • BindSharedCNAME
    • DeleteSharedCNAME
  • Site Acceleration Configuration APIs
    • CreateRule
    • DeleteRules
    • DescribeHostsSetting
    • DescribeRules
    • DescribeRulesSetting
    • DescribeZoneSetting
    • ModifyRule
    • ModifyZoneSetting
  • Alias Domain APIs
    • CreateAliasDomain
    • DescribeAliasDomains
    • ModifyAliasDomain
    • ModifyAliasDomainStatus
    • DeleteAliasDomain
  • Security Configuration APIs
    • CreateSecurityIPGroup
    • DescribeSecurityIPGroup
    • ModifySecurityIPGroup
    • DeleteSecurityIPGroup
    • DescribeOriginProtection
    • DescribeSecurityTemplateBindings
    • ModifySecurityPolicy
    • BindSecurityTemplateToEntity
    • DescribeSecurityIPGroupInfo
  • Layer 4 Application Proxy APIs
    • CreateL4Proxy
    • ModifyL4Proxy
    • ModifyL4ProxyStatus
    • DescribeL4Proxy
    • DeleteL4Proxy
    • CreateL4ProxyRules
    • ModifyL4ProxyRules
    • ModifyL4ProxyRulesStatus
    • DescribeL4ProxyRules
    • DeleteL4ProxyRules
    • CreateApplicationProxy
    • ModifyApplicationProxy
    • ModifyApplicationProxyStatus
    • DescribeApplicationProxies
    • DeleteApplicationProxy
    • CreateApplicationProxyRule
    • ModifyApplicationProxyRule
    • ModifyApplicationProxyRuleStatus
    • DeleteApplicationProxyRule
  • Content Management APIs
    • CreatePurgeTask
    • DescribePurgeTasks
    • CreatePrefetchTask
    • DescribePrefetchTasks
    • DescribeContentQuota
  • Data Analysis APIs
    • DescribeDDoSAttackData
    • DescribeDDoSAttackEvent
    • DescribeDDoSAttackTopData
    • DescribeOverviewL7Data
    • DescribeTimingL4Data
    • DescribeTimingL7AnalysisData
    • DescribeTopL7AnalysisData
    • DescribeTimingL7CacheData
    • DescribeTopL7CacheData
  • Log Service APIs
    • DownloadL7Logs
    • DownloadL4Logs
    • CreateCLSIndex
    • CreateRealtimeLogDeliveryTask
    • ModifyRealtimeLogDeliveryTask
    • DeleteRealtimeLogDeliveryTask
    • DescribeRealtimeLogDeliveryTasks
  • Billing APIs
    • CreatePlan
    • UpgradePlan
    • RenewPlan
    • ModifyPlan
    • IncreasePlanQuota
    • DestroyPlan
    • CreatePlanForZone
    • BindZoneToPlan
    • DescribeBillingData
    • DescribeAvailablePlans
  • Certificate APIs
    • DescribeDefaultCertificates
    • ModifyHostsCertificate
  • Load Balancing APIs
    • CreateOriginGroup
    • ModifyOriginGroup
    • DeleteOriginGroup
    • DescribeOriginGroup
  • Custom Response Page APIs
    • CreateCustomizeErrorPage
    • DescribeCustomErrorPages
    • ModifyCustomErrorPage
    • DeleteCustomErrorPage
  • Diagnostic Tool APIs
    • DescribeIPRegion
  • Version Management APIs
    • CreateConfigGroupVersion
    • DeployConfigGroupVersion
    • DescribeConfigGroupVersionDetail
    • DescribeConfigGroupVersions
    • DescribeDeployHistory
    • DescribeEnvironments
  • Data Types
  • Error Codes

ModifySecurityPolicy

1. API Description

Domain name for API request: teo.intl.tencentcloudapi.com.

This API is used to modify the web and bot security configurations.

A maximum of 20 requests can be initiated per second for this API.

We recommend you to use API Explorer
Try it
API Explorer provides a range of capabilities, including online call, signature authentication, SDK code generation, and API quick search. It enables you to view the request, response, and auto-generated examples.

2. Input Parameters

The following request parameter list only provides API request parameters and some common parameters. For the complete common parameter list, see Common Request Parameters.

Parameter NameRequiredTypeDescription
ActionYesStringCommon Params. The value used for this API: ModifySecurityPolicy.
VersionYesStringCommon Params. The value used for this API: 2022-09-01.
RegionNoStringCommon Params. This parameter is not required.
ZoneIdYesStringThe site ID.
SecurityConfigYesSecurityConfigSecurity configuration.
EntityNoStringSubdomain/application name.

Note: When both this parameter and the TemplateId parameter are specified, this parameter will not take effect. Do not specify this parameter and the TemplateId parameter at the same time.
TemplateIdNoStringSpecifies the policy template ID, or the site's global policy.
- To configure a policy template, specify the policy template ID.
- To configure the site's global policy, use the @ZoneLevel@Domain parameter value.

Note: When this parameter is used, the Entity parameter will not take effect. Do not use this parameter and the Entity parameter at the same time.

3. Output Parameters

Parameter NameTypeDescription
RequestIdStringThe unique request ID, generated by the server, will be returned for every request (if the request fails to reach the server for other reasons, the request will not obtain a RequestId). RequestId is required for locating a problem.

4. Example

Example1 Modifying the security configuration

This example shows you how to modify the L7 security configuration for the domain name "a.eotest.com".

Input Example

POST / HTTP/1.1
Host: teo.intl.tencentcloudapi.com
Content-Type: application/json
X-TC-Action: ModifySecurityPolicy
<Common request parameters>

{
    "Entity": "a.eotest.com",
    "SecurityConfig": {
        "WafConfig": {
            "Switch": "on",
            "WafRule": {
                "Switch": "on",
                "ObserveRuleIDs": [],
                "BlockRuleIDs": [
                    162502146
                ]
            },
            "Mode": "block",
            "Level": "loose"
        }
    },
    "ZoneId": "zone-fa89j239a"
}

Output Example

{
    "Response": {
        "RequestId": "08b32010-ab25-42a4-b923-2e6c481dae23"
    }
}

Example2 Modifying an exception rule to allow specified fields

This example shows you how to skip WAF protection for all keys in the specified HTTP header.

Input Example

POST / HTTP/1.1
Host: teo.intl.tencentcloudapi.com
Content-Type: application/json
X-TC-Action: ModifySecurityPolicy
<Common request parameters>

{
    "Entity": "*.eotest.com",
    "SecurityConfig": {
        "ExceptConfig": {
            "Switch": "on",
            "ExceptUserRules": [
                {
                    "Action": "skip",
                    "ExceptUserRuleConditions": [
                        {
                            "MatchContent": "/skipwaf",
                            "MatchFrom": "cgi",
                            "MatchParam": "",
                            "Operator": "equal"
                        }
                    ],
                    "ExceptUserRuleScope": {
                        "Type": "partial",
                        "PartialModules": [
                            {
                                "Module": "waf",
                                "Include": [
                                    106247778
                                ]
                            }
                        ],
                        "SkipConditions": [
                            {
                                "MatchContent": [],
                                "MatchContentType": "",
                                "MatchFrom": [],
                                "MatchFromType": "",
                                "Selector": "keys",
                                "Type": "header_fields"
                            }
                        ]
                    },
                    "RuleID": 0,
                    "RuleName": "first_webshell",
                    "RulePriority": 0,
                    "RuleStatus": "on",
                    "UpdateTime": "2022-09-22T03:00:10Z"
                }
            ]
        }
    },
    "ZoneId": "zone-fa89j239a"
}

Output Example

{
    "Response": {
        "RequestId": "08b32010-ab25-42a4-b923-2e6c481dae44"
    }
}

Example3 Modifying an exception rule to allow the key in the specified header

This example shows you how to skip WAF protection for the specified HTTP header’s value.

Input Example

POST / HTTP/1.1
Host: teo.intl.tencentcloudapi.com
Content-Type: application/json
X-TC-Action: ModifySecurityPolicy
<Common request parameters>

{
    "Entity": "*.eotest.com",
    "SecurityConfig": {
        "ExceptConfig": {
            "Switch": "on",
            "ExceptUserRules": [
                {
                    "Action": "skip",
                    "ExceptUserRuleConditions": [
                        {
                            "MatchContent": "/skipwaf",
                            "MatchFrom": "cgi",
                            "MatchParam": "",
                            "Operator": "equal"
                        }
                    ],
                    "ExceptUserRuleScope": {
                        "Type": "partial",
                        "PartialModules": [
                            {
                                "Module": "waf",
                                "Include": [
                                    106247778
                                ]
                            }
                        ],
                        "SkipConditions": [
                            {
                                "MatchContent": [],
                                "MatchContentType": "",
                                "MatchFrom": [
                                    "YourSkipHeader"
                                ],
                                "MatchFromType": "equal",
                                "Selector": "values",
                                "Type": "header_fields"
                            }
                        ]
                    },
                    "RuleID": 0,
                    "RuleName": "first_webshell",
                    "RulePriority": 0,
                    "RuleStatus": "on",
                    "UpdateTime": "2022-09-22T03:00:10Z"
                }
            ]
        }
    },
    "ZoneId": "zone-fa89j239a"
}

Output Example

{
    "Response": {
        "RequestId": "08b32010-ab25-42a4-b923-2e6c481dae66"
    }
}

5. Developer Resources

SDK

TencentCloud API 3.0 integrates SDKs that support various programming languages to make it easier for you to call APIs.

Command Line Interface

6. Error Code

The following only lists the error codes related to the API business logic. For other error codes, see Common Error Codes.

Error CodeDescription
InternalError.ConfigLockedThe configuration is locked. Please unlock and try again.
InternalError.ProxyServerAn unknown error occurred in the backend server.
InternalError.RouteErrorThe backend routing address is incorrect.
InvalidParameter.SecurityInvalid parameter.
LimitExceeded.SecurityLimit exceeded
OperationDeniedOperation denied.
ResourceInUseThe resource is occupied.
UnauthorizedOperation.CamUnauthorizedCAM is not authorized.
UnauthorizedOperation.NoPermissionThe sub-account is not authorized for the operation. Please get permissions first.
UnauthorizedOperation.UnknownAn unknown error occurred in the backend server.
UnsupportedOperationUnsupported operation.