CreateWebSecurityTemplate

1. API Description

Domain name for API request: teo.intl.tencentcloudapi.com.

This API is used to create a security policy configuration template.

A maximum of 20 requests can be initiated per second for this API.

We recommend you to use API Explorer
Try it
API Explorer provides a range of capabilities, including online call, signature authentication, SDK code generation, and API quick search. It enables you to view the request, response, and auto-generated examples.

2. Input Parameters

The following request parameter list only provides API request parameters and some common parameters. For the complete common parameter list, see Common Request Parameters.

Parameter NameRequiredTypeDescription
ActionYesStringCommon Params. The value used for this API: CreateWebSecurityTemplate.
VersionYesStringCommon Params. The value used for this API: 2022-09-01.
RegionNoStringCommon Params. This parameter is not required.
ZoneIdYesStringZone ID. Explicitly identifies the zone to which the policy template belongs for access control purposes.
TemplateNameYesStringPolicy template name. Composed of Chinese characters, letters, digits, and underscores. Cannot begin with an underscore and must be less than or equal to 32 characters.
SecurityPolicyNoSecurityPolicyWeb security policy template configuration. Generates default config if empty. Supported: Exception rules, custom rules, rate limiting rules, managed rules. Not supported: Bot management rules (under development).

3. Output Parameters

Parameter NameTypeDescription
TemplateIdStringPolicy template ID.
RequestIdStringThe unique request ID, generated by the server, will be returned for every request (if the request fails to reach the server for other reasons, the request will not obtain a RequestId). RequestId is required for locating a problem.

4. Example

Example1 Creating a Security Policy Configuration Template

This example shows you how to create a "Web security policy template" in the zone-2wkpkd52pwsk site.

Input Example

POST / HTTP/1.1
Host: teo.intl.tencentcloudapi.com
Content-Type: application/json
X-TC-Action: CreateWebSecurityTemplate
<Common request parameters>

{
    "ZoneId": "zone-2wkpkd52pwsk",
"TemplateName": "Web security policy template",
    "SecurityPolicy": {
        "CustomRules": {
            "Rules": [
                {
                    "Name": "acl1",
                    "Condition": "${http.request.host} in ['111']",
                    "Action": {
                        "Name": "Deny"
                    },
                    "Enabled": "on",
                    "RuleType": "PreciseMatchRule",
                    "Priority": 35
                },
                {
                    "Name": "iptable1",
                    "Condition": "${http.request.headers['referer']} in ['123']",
                    "Action": {
                        "Name": "Deny"
                    },
                    "Enabled": "on",
                    "RuleType": "BasicAccessRule"
                }
            ]
        },
        "ExceptionRules": {
            "Rules": [
                {
                    "Name": "SampleSkipManagedRule",
                    "Condition": "${http.request.uri.path} in ['/api/v3/test','/api/v3/submit']",
                    "SkipScope": "ManagedRules",
                    "SkipOption": "SkipOnAllRequestFields",
                    "ManagedRulesForException": [
                        "4401215074",
                        "4368124487"
                    ],
                    "Enabled": "on"
                },
                {
                    "Name": "SampleSkipManagedRule2",
                    "Condition": "${http.request.uri.path} in ['/api/v3/test','/api/v3/submit']",
                    "SkipScope": "ManagedRules",
                    "SkipOption": "SkipOnAllRequestFields",
                    "ManagedRuleGroupsForException": [
                        "wafgroup-sql-injection-attacks"
                    ],
                    "Enabled": "on"
                },
                {
                    "Name": "SampleSkipManagedRuleForField",
                    "Condition": "${http.request.uri.path} in ['/api/v3/test','/api/v3/submit'] ",
                    "SkipScope": "ManagedRules",
                    "ManagedRulesForException": [
                        "4401215074",
                        "4368124487"
                    ],
                    "SkipOption": "SkipOnSpecifiedRequestFields",
                    "RequestFieldsForException": [
                        {
                            "Scope": "cookie",
                            "Condition": "",
                            "TargetField": "key"
                        }
                    ],
                    "Enabled": "on"
                }
            ]
        },
        "HttpDDoSProtection": {
            "AdaptiveFrequencyControl": {
                "Action": {
                    "ChallengeActionParameters": {
                        "ChallengeOption": "JSChallenge"
                    },
                    "Name": "Challenge"
                },
                "Enabled": "on",
                "Sensitivity": "Loose"
            },
            "BandwidthAbuseDefense": {
                "Action": {
                    "Name": "Monitor"
                },
                "Enabled": "off"
            },
            "ClientFiltering": {
                "Action": {
                    "ChallengeActionParameters": {
                        "ChallengeOption": "JSChallenge"
                    },
                    "Name": "Challenge"
                },
                "Enabled": "on"
            },
            "SlowAttackDefense": {
                "Action": {
                    "Name": "Deny"
                },
                "Enabled": "off",
                "MinimalRequestBodyTransferRate": {
                    "CountingPeriod": "60s",
                    "Enabled": "off",
                    "MinimalAvgTransferRateThreshold": "80bps"
                },
                "RequestBodyTransferTimeout": {
                    "Enabled": "off",
                    "IdleTimeout": "5s"
                }
            }
        },
        "ManagedRules": {
            "AutoUpdate": {
                "AutoUpdateToLatestVersion": "on"
            },
            "DetectionOnly": "on",
            "Enabled": "on",
            "ManagedRuleGroups": [
                {
                    "Action": {
                        "Name": "Monitor"
                    },
                    "GroupId": "wafgroup-webshell-attacks",
                    "RuleActions": [

                    ],
                    "SensitivityLevel": "strict"
                },
                {
                    "Action": {
                        "Name": "Monitor"
                    },
                    "GroupId": "wafgroup-xss-attacks",
                    "RuleActions": [

                    ],
                    "SensitivityLevel": "strict"
                },
                {
                    "Action": {
                        "Name": "Monitor"
                    },
                    "GroupId": "wafgroup-xxe-attacks",
                    "RuleActions": [

                    ],
                    "SensitivityLevel": "strict"
                },
                {
                    "Action": {
                        "Name": "Monitor"
                    },
                    "GroupId": "wafgroup-vulnerability-scanners",
                    "RuleActions": [

                    ],
                    "SensitivityLevel": "strict"
                },
                {
                    "Action": {
                        "Name": "Monitor"
                    },
                    "GroupId": "wafgroup-non-compliant-protocol-usages",
                    "RuleActions": [

                    ],
                    "SensitivityLevel": "strict"
                },
                {
                    "Action": {
                        "Name": "Monitor"
                    },
                    "GroupId": "wafgroup-cms-vulnerabilities",
                    "RuleActions": [

                    ],
                    "SensitivityLevel": "strict"
                },
                {
                    "Action": {
                        "Name": "Monitor"
                    },
                    "GroupId": "wafgroup-file-upload-attacks",
                    "RuleActions": [

                    ],
                    "SensitivityLevel": "strict"
                },
                {
                    "Action": {
                        "Name": "Monitor"
                    },
                    "GroupId": "wafgroup-other-vulnerabilities",
                    "RuleActions": [

                    ],
                    "SensitivityLevel": "strict"
                },
                {
                    "Action": {
                        "Name": "Monitor"
                    },
                    "GroupId": "wafgroup-command-and-code-injections",
                    "RuleActions": [

                    ],
                    "SensitivityLevel": "strict"
                },
                {
                    "Action": {
                        "Name": "Monitor"
                    },
                    "GroupId": "wafgroup-sql-injections",
                    "RuleActions": [

                    ],
                    "SensitivityLevel": "strict"
                },
                {
                    "Action": {
                        "Name": "Monitor"
                    },
                    "GroupId": "wafgroup-shiro-vulnerabilities",
                    "RuleActions": [

                    ],
                    "SensitivityLevel": "strict"
                },
                {
                    "Action": {
                        "Name": "Monitor"
                    },
                    "GroupId": "wafgroup-unauthorized-file-accesses",
                    "RuleActions": [

                    ],
                    "SensitivityLevel": "strict"
                },
                {
                    "Action": {
                        "Name": "Monitor"
                    },
                    "GroupId": "wafgroup-ldap-injections",
                    "RuleActions": [

                    ],
                    "SensitivityLevel": "strict"
                },
                {
                    "Action": {
                        "Name": "Monitor"
                    },
                    "GroupId": "wafgroup-oa-vulnerabilities",
                    "RuleActions": [

                    ],
                    "SensitivityLevel": "strict"
                },
                {
                    "Action": {
                        "Name": "Monitor"
                    },
                    "GroupId": "wafgroup-ssrf-attacks",
                    "RuleActions": [

                    ],
                    "SensitivityLevel": "strict"
                },
                {
                    "Action": {
                        "Name": "Monitor"
                    },
                    "GroupId": "wafgroup-ssti-attacks",
                    "RuleActions": [

                    ],
                    "SensitivityLevel": "strict"
                },
                {
                    "Action": {
                        "Name": "Monitor"
                    },
                    "GroupId": "wafgroup-unauthorized-accesses",
                    "RuleActions": [

                    ],
                    "SensitivityLevel": "strict"
                }
            ],
            "SemanticAnalysis": "off"
        },
        "RateLimitingRules": {
            "Rules": [
                {
                    "Enabled": "on",
                    "Name": "SampleHttpDdosRule",
                    "Condition": "${http.request.uri.path} in ['/api/v3/test','/api/v3/submit']",
                    "CountBy": [
                        "http.request.ip",
                        "http.request.cookies['UserSession']"
                    ],
                    "MaxRequestThreshold": 1000,
                    "CountingPeriod": "2m",
                    "ActionDuration": "20h",
                    "Action": {
                        "Name": "Deny"
                    },
                    "Priority": 100
                }
            ]
        }
    }
}

Output Example

{
    "Response": {
        "RequestId": "09ce3d28-1119-49cd-a99f-27cb34dac669",
        "TemplateId": "temp-ygt2paxl"
    }
}

5. Developer Resources

SDK

TencentCloud API 3.0 integrates SDKs that support various programming languages to make it easier for you to call APIs.

Command Line Interface

6. Error Code

The following only lists the error codes related to the API business logic. For other error codes, see Common Error Codes.

Error CodeDescription
InvalidParameter.SecurityInvalid parameter.
LimitExceeded.SecurityLimit exceeded
UnauthorizedOperation.CamUnauthorizedCAM is not authorized.
edgeone Logo
Copyright © 2013-2025 Tencent Cloud. All Rights Reserved.