DescribeSecurityPolicy
1. API Description
Domain name for API request: teo.intl.tencentcloudapi.com.
This API is used to query the web and security protection configurations.
A maximum of 20 requests can be initiated per second for this API.
We recommend you to use API Explorer
Try it
API Explorer provides a range of capabilities, including online call, signature authentication, SDK code generation, and API quick search. It enables you to view the request, response, and auto-generated examples.
2. Input Parameters
The following request parameter list only provides API request parameters and some common parameters. For the complete common parameter list, see Common Request Parameters.
| Parameter Name | Required | Type | Description |
|---|---|---|---|
| Action | Yes | String | Common Params. The value used for this API: DescribeSecurityPolicy. |
| Version | Yes | String | Common Params. The value used for this API: 2022-09-01. |
| Region | No | String | Common Params. This parameter is not required. |
| ZoneId | Yes | String | Zone ID. |
| Entity | No | String | SecurityPolicy type, the following parameter values can be used for query: ZoneDefaultPolicy: used to specify a query for site-level policies;Template: used to specify a query for policy templates. the TemplateId parameter needs to be specified simultaneously;Host: used to specify a query for domain-level policies (note: when using Host to specify a domain name service policy, only domain name services or policy templates that have been applied domain-level policies are supported). |
| TemplateId | No | String | Specify the policy Template ID. Use this parameter to specify the ID of the policy Template to query the Template configuration when the Entity parameter value is set to Template. |
| Host | No | String | Specify the domain name. When the Entity parameter value is set to Host, use the domain-level policy specified by this parameter to query the domain configuration. For example, use www.example.com to configure the domain-level policy for that domain name. |
3. Output Parameters
| Parameter Name | Type | Description |
|---|---|---|
| SecurityPolicy | SecurityPolicy | Security policy configuration. Note: This field may return null, which indicates a failure to obtain a valid value. |
| RequestId | String | The unique request ID, generated by the server, will be returned for every request (if the request fails to reach the server for other reasons, the request will not obtain a RequestId). RequestId is required for locating a problem. |
4. Example
Example1 Querying Security Protection Settings
This example shows you how to query security protection settings.
Input Example
POST / HTTP/1.1
Host: teo.intl.tencentcloudapi.com
Content-Type: application/json
X-TC-Action: DescribeSecurityPolicy
<Common request parameters>
{
"Entity": "Host",
"Host": "www.example.com",
"ZoneId": "zone-xxqr76cy"
}Output Example
{
"Response": {
"RequestId": "cb5d2c0e-295e-412a-891a-9f8ab6057b4a",
"SecurityPolicy": {
"ExceptionRules": {
"Rules": [
{
"Id": "1492837231",
"Name": "ExampleSkipModule",
"Condition": "${http.request.uri.path} in ['/api/v3/test','/api/v3/submit'] and ${http.request.method} in ['POST']",
"SkipScope": "WebSecurityModules",
"WebSecurityModulesForException": [
"websec-mod-custom-rules",
"websec-mod-rate-limiting"
],
"Enabled": "On"
},
{
"Id": "1492837231",
"Name": "SampleSkipManagedRule",
"Condition": "${http.request.uri.path} in ['/api/v3/test','/api/v3/submit'] and ${http.request.method} in ['POST']",
"SkipScope": "ManagedRules",
"SkipOption": "SkipOnAllRequestFields",
"ManagedRulesForException": [
"4401215074",
"4368124487"
],
"Enabled": "On"
},
{
"Id": "1492837231",
"Name": "SampleSkipManagedRule",
"Condition": "${http.request.uri.path} in ['/api/v3/test','/api/v3/submit'] and ${http.request.method} in ['POST']",
"SkipScope": "ManagedRules",
"SkipOption": "SkipOnAllRequestFields",
"ManagedRuleGroupsForException": [
"wafgroup-sql-injection-attacks"
],
"Enabled": "On"
},
{
"Id": "1492837231",
"Name": "SampleSkipManagedRuleForField",
"Condition": "${http.request.uri.path} in ['/api/v3/test','/api/v3/submit'] and ${http.request.method} in ['POST']",
"SkipScope": "ManagedRules",
"ManagedRulesForException": [
"4401215074",
"4368124487"
],
"SkipOption": "SkipOnSpecifiedRequestFields",
"RequestFieldsForException": [
{
"Scope": "cookie",
"Condition": "",
"TargetField": "key"
},
{
"Scope": "cookie",
"Condition": "${key} in ['session-id']",
"TargetField": "value"
},
{
"Scope": "cookie",
"Condition": "${key} in ['account-id'] and ${value} like ['prefix-*']",
"TargetField": "value"
},
{
"Scope": "header",
"Condition": "",
"TargetField": "key"
},
{
"Scope": "header",
"Condition": "${key} in ['x-trace-id']",
"TargetField": "value"
},
{
"Scope": "header",
"Condition": "${key} like ['x-auth-*'] and ${value} like ['Bearer *']",
"TargetField": "value"
},
{
"Scope": "uri.query",
"Condition": "",
"TargetField": "key"
},
{
"Scope": "uri.query",
"Condition": "${key} in ['action']",
"TargetField": "value"
},
{
"Scope": "uri.query",
"Condition": "${key} in ['action'] and ${value} in ['upload', 'delete']",
"TargetField": "value"
},
{
"Scope": "uri",
"Condition": "",
"TargetField": "query"
},
{
"Scope": "uri",
"Condition": "",
"TargetField": "path"
},
{
"Scope": "uri",
"Condition": "",
"TargetField": "fullpath"
},
{
"Scope": "body.json",
"Condition": "",
"TargetField": "key"
},
{
"Scope": "body.json",
"Condition": "${key} in ['user.id']",
"TargetField": "value"
},
{
"Scope": "body.json",
"Condition": "${key} in ['user.id'] and ${value} in ['1234', '5678']",
"TargetField": "value"
},
{
"Scope": "body",
"Condition": "",
"TargetField": "fullbody"
},
{
"Scope": "body",
"Condition": "",
"TargetField": "multipart"
}
],
"Enabled": "On"
}
]
},
"CustomRules": {
"Rules": [
{
"Id": "1492837231",
"Name": "ASimpleIPRule",
"Condition": "${http.request.ip} in ['1.1.1.1', '10.10.10.0/24'] or ${http.request.ip.asn} in ['132203']",
"Action": {
"Name": "Deny"
},
"Enabled": "on",
"RuleType": "PreciseMatchRule",
"Priority": 50
}
]
},
"HttpDDoSProtection": {
"AdaptiveFrequencyControl": {
"Enabled": "on",
"Sensitivity": "Loose",
"Action": {
"Name": "Monitor"
}
},
"ClientFiltering": {
"Enabled": "on",
"Action": {
"Name": "Monitor"
}
},
"BandwidthAbuseDefense": {
"Enabled": "on",
"Action": {
"Name": "Monitor"
}
},
"SlowAttackDefense": {
"Enabled": "on",
"Action": {
"Name": "Monitor"
},
"MinimalRequestBodyTransferRate": {
"MinimalAvgTransferRateThreshold": "50bps",
"CountingPeriod": "60s"
},
"RequestBodyTransferTimeout": {
"IdleTimeout": "5s"
}
}
},
"RateLimitingRules": {
"Rules": [
{
"Enabled": "on",
"Name": "SampleHttpDdosRule",
"Condition": "${http.request.uri.path} in ['/api/v3/test','/api/v3/submit']",
"CountBy": [
"http.request.ip",
"http.request.cookies['UserSession']"
],
"MaxRequestThreshold": 1000,
"CountingPeriod": "2m",
"ActionDuration": "20h",
"Action": {
"Name": "ManagedChallenge"
},
"Id": "2181399690",
"Priority": 100
}
]
},
"ManagedRules": {
"Enabled": "on",
"AutoUpdate": {
"AutoUpdateToLatestVersion": "off",
"RulesetVersion": "2023-12-21T12:00:32Z"
},
"SemanticAnalysis": "on",
"DetectionOnly": "on",
"ManagedRuleGroups": [
{
"GroupId": "wafmanagedrulegroup-vulnerability-scanners",
"SensitivityLevel": "loose",
"Action": {
"Name": "Monitor"
},
"MetaData": {
"GroupDetail": "Vulnerability scanner attack protection"
"GroupName": "Vulnerability Scanner Attack Protection"
"RuleDetails": [
{
"RuleId": "4401215444",
"RiskLevel": "extreme",
"Description": "Protection rule against historic sql injection vulnerability in dedecms"
"Tags": [],
"RuleVersion": "2023-12-21T12:00:32Z"
},
{
"RuleId": "4401214877",
"RiskLevel": "medium",
"Description": "Block common vulnerability scanner xss verification payloads"
"Tags": [],
"RuleVersion": "2023-12-21T12:00:32Z"
}
]
}
}
]
}
}
}
}5. Developer Resources
SDK
TencentCloud API 3.0 integrates SDKs that support various programming languages to make it easier for you to call APIs.
- Tencent Cloud SDK 3.0 for Python
- Tencent Cloud SDK 3.0 for Java
- Tencent Cloud SDK 3.0 for PHP
- Tencent Cloud SDK 3.0 for Go
- Tencent Cloud SDK 3.0 for Node.js
- Tencent Cloud SDK 3.0 for .NET
- Tencent Cloud SDK 3.0 for C++
Command Line Interface
6. Error Code
The following only lists the error codes related to the API business logic. For other error codes, see Common Error Codes.
| Error Code | Description |
|---|---|
| InternalError.ProxyServer | An unknown error occurred in the backend server. |
| InvalidParameter.Security | Invalid parameter. |
| UnauthorizedOperation.CamUnauthorized | CAM is not authorized. |
| UnauthorizedOperation.NoPermission | The sub-account is not authorized for the operation. Please get permissions first. |
| UnauthorizedOperation.Unknown | An unknown error occurred in the backend server. |