CreateWebSecurityTemplate
1. API Description
Domain name for API request: teo.intl.tencentcloudapi.com.
This API is used to create a security policy configuration template.
A maximum of 20 requests can be initiated per second for this API.
We recommend you to use API Explorer
Try it
API Explorer provides a range of capabilities, including online call, signature authentication, SDK code generation, and API quick search. It enables you to view the request, response, and auto-generated examples.
2. Input Parameters
The following request parameter list only provides API request parameters and some common parameters. For the complete common parameter list, see Common Request Parameters.
| Parameter Name | Required | Type | Description |
|---|---|---|---|
| Action | Yes | String | Common Params. The value used for this API: CreateWebSecurityTemplate. |
| Version | Yes | String | Common Params. The value used for this API: 2022-09-01. |
| Region | No | String | Common Params. This parameter is not required. |
| ZoneId | Yes | String | Zone ID. Explicitly identifies the zone to which the policy template belongs for access control purposes. |
| TemplateName | Yes | String | Policy template name. Composed of Chinese characters, letters, digits, and underscores. Cannot begin with an underscore and must be less than or equal to 32 characters. |
| SecurityPolicy | No | SecurityPolicy | Web security policy template configuration. Generates default config if empty. Supported: Exception rules, custom rules, rate limiting rules, managed rules. Not supported: Bot management rules (under development). |
3. Output Parameters
| Parameter Name | Type | Description |
|---|---|---|
| TemplateId | String | Policy template ID. |
| RequestId | String | The unique request ID, generated by the server, will be returned for every request (if the request fails to reach the server for other reasons, the request will not obtain a RequestId). RequestId is required for locating a problem. |
4. Example
Example1 Creating a Security Policy Configuration Template
This example shows you how to create a "Web security policy template" in the zone-2wkpkd52pwsk site.
Input Example
POST / HTTP/1.1
Host: teo.intl.tencentcloudapi.com
Content-Type: application/json
X-TC-Action: CreateWebSecurityTemplate
<Common request parameters>
{
"ZoneId": "zone-2wkpkd52pwsk",
"TemplateName": "Web security policy template",
"SecurityPolicy": {
"CustomRules": {
"Rules": [
{
"Name": "acl1",
"Condition": "${http.request.host} in ['111']",
"Action": {
"Name": "Deny"
},
"Enabled": "on",
"RuleType": "PreciseMatchRule",
"Priority": 35
},
{
"Name": "iptable1",
"Condition": "${http.request.headers['referer']} in ['123']",
"Action": {
"Name": "Deny"
},
"Enabled": "on",
"RuleType": "BasicAccessRule"
}
]
},
"ExceptionRules": {
"Rules": [
{
"Name": "SampleSkipManagedRule",
"Condition": "${http.request.uri.path} in ['/api/v3/test','/api/v3/submit']",
"SkipScope": "ManagedRules",
"SkipOption": "SkipOnAllRequestFields",
"ManagedRulesForException": [
"4401215074",
"4368124487"
],
"Enabled": "on"
},
{
"Name": "SampleSkipManagedRule2",
"Condition": "${http.request.uri.path} in ['/api/v3/test','/api/v3/submit']",
"SkipScope": "ManagedRules",
"SkipOption": "SkipOnAllRequestFields",
"ManagedRuleGroupsForException": [
"wafgroup-sql-injection-attacks"
],
"Enabled": "on"
},
{
"Name": "SampleSkipManagedRuleForField",
"Condition": "${http.request.uri.path} in ['/api/v3/test','/api/v3/submit'] ",
"SkipScope": "ManagedRules",
"ManagedRulesForException": [
"4401215074",
"4368124487"
],
"SkipOption": "SkipOnSpecifiedRequestFields",
"RequestFieldsForException": [
{
"Scope": "cookie",
"Condition": "",
"TargetField": "key"
}
],
"Enabled": "on"
}
]
},
"HttpDDoSProtection": {
"AdaptiveFrequencyControl": {
"Action": {
"ChallengeActionParameters": {
"ChallengeOption": "JSChallenge"
},
"Name": "Challenge"
},
"Enabled": "on",
"Sensitivity": "Loose"
},
"BandwidthAbuseDefense": {
"Action": {
"Name": "Monitor"
},
"Enabled": "off"
},
"ClientFiltering": {
"Action": {
"ChallengeActionParameters": {
"ChallengeOption": "JSChallenge"
},
"Name": "Challenge"
},
"Enabled": "on"
},
"SlowAttackDefense": {
"Action": {
"Name": "Deny"
},
"Enabled": "off",
"MinimalRequestBodyTransferRate": {
"CountingPeriod": "60s",
"Enabled": "off",
"MinimalAvgTransferRateThreshold": "80bps"
},
"RequestBodyTransferTimeout": {
"Enabled": "off",
"IdleTimeout": "5s"
}
}
},
"ManagedRules": {
"AutoUpdate": {
"AutoUpdateToLatestVersion": "on"
},
"DetectionOnly": "on",
"Enabled": "on",
"ManagedRuleGroups": [
{
"Action": {
"Name": "Monitor"
},
"GroupId": "wafgroup-webshell-attacks",
"RuleActions": [
],
"SensitivityLevel": "strict"
},
{
"Action": {
"Name": "Monitor"
},
"GroupId": "wafgroup-xss-attacks",
"RuleActions": [
],
"SensitivityLevel": "strict"
},
{
"Action": {
"Name": "Monitor"
},
"GroupId": "wafgroup-xxe-attacks",
"RuleActions": [
],
"SensitivityLevel": "strict"
},
{
"Action": {
"Name": "Monitor"
},
"GroupId": "wafgroup-vulnerability-scanners",
"RuleActions": [
],
"SensitivityLevel": "strict"
},
{
"Action": {
"Name": "Monitor"
},
"GroupId": "wafgroup-non-compliant-protocol-usages",
"RuleActions": [
],
"SensitivityLevel": "strict"
},
{
"Action": {
"Name": "Monitor"
},
"GroupId": "wafgroup-cms-vulnerabilities",
"RuleActions": [
],
"SensitivityLevel": "strict"
},
{
"Action": {
"Name": "Monitor"
},
"GroupId": "wafgroup-file-upload-attacks",
"RuleActions": [
],
"SensitivityLevel": "strict"
},
{
"Action": {
"Name": "Monitor"
},
"GroupId": "wafgroup-other-vulnerabilities",
"RuleActions": [
],
"SensitivityLevel": "strict"
},
{
"Action": {
"Name": "Monitor"
},
"GroupId": "wafgroup-command-and-code-injections",
"RuleActions": [
],
"SensitivityLevel": "strict"
},
{
"Action": {
"Name": "Monitor"
},
"GroupId": "wafgroup-sql-injections",
"RuleActions": [
],
"SensitivityLevel": "strict"
},
{
"Action": {
"Name": "Monitor"
},
"GroupId": "wafgroup-shiro-vulnerabilities",
"RuleActions": [
],
"SensitivityLevel": "strict"
},
{
"Action": {
"Name": "Monitor"
},
"GroupId": "wafgroup-unauthorized-file-accesses",
"RuleActions": [
],
"SensitivityLevel": "strict"
},
{
"Action": {
"Name": "Monitor"
},
"GroupId": "wafgroup-ldap-injections",
"RuleActions": [
],
"SensitivityLevel": "strict"
},
{
"Action": {
"Name": "Monitor"
},
"GroupId": "wafgroup-oa-vulnerabilities",
"RuleActions": [
],
"SensitivityLevel": "strict"
},
{
"Action": {
"Name": "Monitor"
},
"GroupId": "wafgroup-ssrf-attacks",
"RuleActions": [
],
"SensitivityLevel": "strict"
},
{
"Action": {
"Name": "Monitor"
},
"GroupId": "wafgroup-ssti-attacks",
"RuleActions": [
],
"SensitivityLevel": "strict"
},
{
"Action": {
"Name": "Monitor"
},
"GroupId": "wafgroup-unauthorized-accesses",
"RuleActions": [
],
"SensitivityLevel": "strict"
}
],
"SemanticAnalysis": "off"
},
"RateLimitingRules": {
"Rules": [
{
"Enabled": "on",
"Name": "SampleHttpDdosRule",
"Condition": "${http.request.uri.path} in ['/api/v3/test','/api/v3/submit']",
"CountBy": [
"http.request.ip",
"http.request.cookies['UserSession']"
],
"MaxRequestThreshold": 1000,
"CountingPeriod": "2m",
"ActionDuration": "20h",
"Action": {
"Name": "Deny"
},
"Priority": 100
}
]
}
}
}
Output Example
{
"Response": {
"RequestId": "09ce3d28-1119-49cd-a99f-27cb34dac669",
"TemplateId": "temp-ygt2paxl"
}
}
5. Developer Resources
SDK
TencentCloud API 3.0 integrates SDKs that support various programming languages to make it easier for you to call APIs.
- Tencent Cloud SDK 3.0 for Python
- Tencent Cloud SDK 3.0 for Java
- Tencent Cloud SDK 3.0 for PHP
- Tencent Cloud SDK 3.0 for Go
- Tencent Cloud SDK 3.0 for Node.js
- Tencent Cloud SDK 3.0 for .NET
- Tencent Cloud SDK 3.0 for C++
Command Line Interface
6. Error Code
The following only lists the error codes related to the API business logic. For other error codes, see Common Error Codes.
| Error Code | Description |
|---|---|
| InvalidParameter.Security | Invalid parameter. |
| LimitExceeded.Security | Limit exceeded |
| UnauthorizedOperation.CamUnauthorized | CAM is not authorized. |