ModifyWebSecurityTemplate
1. API Description
Domain name for API request: teo.intl.tencentcloudapi.com.
This API is used to modify the security policy configuration template.
A maximum of 20 requests can be initiated per second for this API.
We recommend you to use API Explorer
Try it
API Explorer provides a range of capabilities, including online call, signature authentication, SDK code generation, and API quick search. It enables you to view the request, response, and auto-generated examples.
2. Input Parameters
The following request parameter list only provides API request parameters and some common parameters. For the complete common parameter list, see Common Request Parameters.
| Parameter Name | Required | Type | Description |
|---|---|---|---|
| Action | Yes | String | Common Params. The value used for this API: ModifyWebSecurityTemplate. |
| Version | Yes | String | Common Params. The value used for this API: 2022-09-01. |
| Region | No | String | Common Params. This parameter is not required. |
| ZoneId | Yes | String | Zone ID. The zone to which the target policy template belongs for access control. Use the DescribeWebSecurityTemplates interface to query the zone of the policy template. |
| TemplateId | Yes | String | Policy template ID. |
| TemplateName | No | String | Modified policy template name. Consists of Chinese characters, letters, numbers, and underscores, cannot start with an underscore, and must not exceed 32 characters. If the field is empty, no modification will be made. |
| SecurityPolicy | No | SecurityPolicy | Security policy template configuration content. If the value is empty, no modification will be made; submodule structures not passed in will not be modified. Currently supports exception rules, custom rules, rate limiting rules, and managed rule configurations in the Web Security module, using expression syntax for security policy configuration. Bot management rule configuration is not yet supported (under development). Special note: When passing a submodule structure as input, ensure all rule content to be retained is included. Rule content not passed in will be treated as deleted. |
3. Output Parameters
| Parameter Name | Type | Description |
|---|---|---|
| RequestId | String | The unique request ID, generated by the server, will be returned for every request (if the request fails to reach the server for other reasons, the request will not obtain a RequestId). RequestId is required for locating a problem. |
4. Example
Example1 Modifying a Policy Template Name
This example shows you how to modify the name of the template temp-cuwgt1ca under the site zone-2wkpkd52pku2 to "Web Protection Standard Template V2".
Input Example
POST / HTTP/1.1
Host: teo.intl.tencentcloudapi.com
Content-Type: application/json
X-TC-Action: ModifyWebSecurityTemplate
<Common request parameters>
{
"ZoneId": "zone-2wkpkd52pku2",
"TemplateId": "temp-cuwgt1ca",
"TemplateName": "Web protection standard template V2"
}
Output Example
{
"Response": {
"RequestId": "09ce3d28-1119-49cd-d5a9-27cb34dac669"
}
}
Example2 Modifying Policy Template Configuration Content
This example shows you how to modify the configuration content of the temp-cuwgt1ca Template under the zone-2wkpkd52pku2 site.
Input Example
POST / HTTP/1.1
Host: teo.intl.tencentcloudapi.com
Content-Type: application/json
X-TC-Action: ModifyWebSecurityTemplate
<Common request parameters>
{
"ZoneId": "zone-2wkpkd52pku2",
"TemplateId": "temp-cuwgt1ca",
"TemplateName": "Security template_rename"
"SecurityPolicy": {
"CustomRules": {
"Rules": [
{
"Action": {
"Name": "Deny"
},
"Condition": "${http.request.host} in ['111']",
"Enabled": "on",
"Id": "1492837231",
"Name": "acl1",
"Priority": 35,
"RuleType": "PreciseMatchRule"
},
{
"Action": {
"Name": "Deny"
},
"Condition": "${http.request.headers['referer']} in ['123']",
"Enabled": "on",
"Id": "1492837231",
"Name": "iptable1",
"Priority": 1,
"RuleType": "BasicAccessRule"
}
]
},
"ExceptionRules": {
"Rules": [
{
"Condition": "${http.request.uri.path} in ['/api/v3/test','/api/v3/submit'] ",
"Enabled": "on",
"Id": "1492837231",
"ManagedRuleGroupsForException": [
],
"ManagedRulesForException": [
"4401215074",
"4368124487"
],
"Name": "SampleSkipManagedRuleForField",
"RequestFieldsForException": [
{
"Scope": "cookie",
"TargetField": "key",
"Condition": ""
}
],
"SkipOption": "SkipOnSpecifiedRequestFields",
"SkipScope": "ManagedRules",
"WebSecurityModulesForException": [
]
}
]
},
"HttpDDoSProtection": {
"AdaptiveFrequencyControl": {
"Action": {
"ChallengeActionParameters": {
"ChallengeOption": "JSChallenge"
},
"Name": "Challenge"
},
"Enabled": "on",
"Sensitivity": "Loose"
},
"BandwidthAbuseDefense": {
"Action": {
"Name": "Monitor"
},
"Enabled": "off"
},
"ClientFiltering": {
"Action": {
"ChallengeActionParameters": {
"ChallengeOption": "JSChallenge"
},
"Name": "Challenge"
},
"Enabled": "on"
},
"SlowAttackDefense": {
"Action": {
"Name": "Deny"
},
"Enabled": "off",
"MinimalRequestBodyTransferRate": {
"CountingPeriod": "60s",
"Enabled": "off",
"MinimalAvgTransferRateThreshold": "80bps"
},
"RequestBodyTransferTimeout": {
"Enabled": "off",
"IdleTimeout": "5s"
}
}
},
"ManagedRules": {
"AutoUpdate": {
"AutoUpdateToLatestVersion": "on"
},
"DetectionOnly": "on",
"Enabled": "on",
"ManagedRuleGroups": [
{
"Action": {
"Name": "Monitor"
},
"GroupId": "wafgroup-webshell-attacks",
"MetaData": {
"GroupDetail": "Webshell detection and protection"
"GroupName": "Webshell detection protection"
"RuleDetails": [
{
"Description": "This rule intercepts malicious obfuscated PHP Webshell"
"RiskLevel": "high",
"RuleId": "1492837231",
"RuleVersion": "2022-05-16T03:02:25Z",
"Tags": [
]
},
{
"Description": "Protection against php code injection and webshell upload attacks"
"RiskLevel": "high",
"RuleId": "1492837231",
"RuleVersion": "2019-04-03T08:25:00Z",
"Tags": [
]
},
{
"Description": "This rule intercepts malicious function call features in ASP Webshell and JSP Webshell"
"RiskLevel": "medium",
"RuleId": "1492837231",
"RuleVersion": "2022-05-16T03:04:30Z",
"Tags": [
]
},
{
"Description": "This rule intercepts the login password feature in Webshell"
"RiskLevel": "extreme",
"RuleId": "1492837231",
"RuleVersion": "2022-01-10T09:39:02Z",
"Tags": [
]
},
{
"Description": "Detection rule targeting the default_json transport protocol of Ice Scorpion"
"RiskLevel": "extreme",
"RuleId": "1492837231",
"RuleVersion": "2022-07-28T06:24:01Z",
"Tags": [
]
},
{
"Description": "Protection rule against asp.net webshell, based on asp.net webshell tag features"
"RiskLevel": "high",
"RuleId": "1492837231",
"RuleVersion": "2022-01-19T09:12:31Z",
"Tags": [
]
},
{
"Description": "Targets webshell write features appearing in headers"
"RiskLevel": "extreme",
"RuleId": "1492837231",
"RuleVersion": "2021-03-31T09:37:39Z",
"Tags": [
]
},
{
"Description": "This rule intercepts suspicious function calls in webshells"
"RiskLevel": "high",
"RuleId": "1492837231",
"RuleVersion": "2022-01-12T07:29:50Z",
"Tags": [
]
},
{
"Description": "This rule intercepts high-risk function call features in PHP Webshell"
"RiskLevel": "medium",
"RuleId": "1492837231",
"RuleVersion": "2022-05-16T03:06:10Z",
"Tags": [
]
},
{
"Description": "This rule intercepts the behavior of variable definition in PHP Webshell"
"RiskLevel": "extreme",
"RuleId": "1492837231",
"RuleVersion": "2022-06-13T03:55:11Z",
"Tags": [
]
},
{
"Description": "This rule blocks webshell files based on connection features of some commonly used webshell tools"
"RiskLevel": "medium",
"RuleId": "1492837231",
"RuleVersion": "2021-08-13T06:35:48Z",
"Tags": [
]
},
{
"Description": "Protect against java code injection and jsp webshell upload attacks"
"RiskLevel": "medium",
"RuleId": "1492837231",
"RuleVersion": "2017-11-01T08:53:30Z",
"Tags": [
]
},
{
"Description": "Detection rule against the default_image transport protocol of Ice Scorpion"
"RiskLevel": "extreme",
"RuleId": "1492837231",
"RuleVersion": "2022-07-28T06:24:25Z",
"Tags": [
]
},
{
"Description": "This rule intercepts sensitive string features that may appear in webshells"
"RiskLevel": "high",
"RuleId": "1492837231",
"RuleVersion": "2022-01-10T09:43:16Z",
"Tags": [
]
},
{
"Description": "Protect against webshell attacks and detect sensitive variable usage in $_GET/$_POST"
"RiskLevel": "high",
"RuleId": "1492837231",
"RuleVersion": "2018-11-28T06:51:52Z",
"Tags": [
]
},
{
"Description": "This rule detects malicious obfuscated webshells"
"RiskLevel": "medium",
"RuleId": "1492837231",
"RuleVersion": "2022-01-12T07:33:55Z",
"Tags": [
]
},
{
"Description": "This rule intercepts Webshells with suspicious encoded character strings"
"RiskLevel": "extreme",
"RuleId": "1492837231",
"RuleVersion": "2022-01-12T07:21:46Z",
"Tags": [
]
}
]
},
"RuleActions": [
],
"SensitivityLevel": "strict"
},
{
"Action": {
"Name": "Monitor"
},
"GroupId": "wafgroup-xss-attacks",
"MetaData": {
"GroupDetail": "Cross-site scripting protection"
"GroupName": "xss Cross-Site Scripting Protection"
"RuleDetails": [
{
"Description": "Strict xss rules targeting scenarios with html tag injection"
"RiskLevel": "low",
"RuleId": "1492837231",
"RuleVersion": "2021-03-23T05:32:56Z",
"Tags": [
"owasp"
]
},
{
"Description": "This rule intercepts HTML injection via the data pseudo-protocol"
"RiskLevel": "extreme",
"RuleId": "1492837231",
"RuleVersion": "2022-06-20T06:26:44Z",
"Tags": [
"owasp"
]
},
{
"Description": "Protect against flash xss attacks in xss attacks, detect access requests for swf files that can call sensitive functions"
"RiskLevel": "extreme",
"RuleId": "1492837231",
"RuleVersion": "2018-04-18T06:37:44Z",
"Tags": [
"owasp"
]
},
{
"Description": "Protect against xss attacks by targeting sensitive tags and their attributes in HTTP request cookie fields, such as attack patterns like <script src=xxx>/<iframe src=javascript:xxx>"
"RiskLevel": "medium",
"RuleId": "1492837231",
"RuleVersion": "2021-06-24T12:35:37Z",
"Tags": [
"owasp"
]
},
{
"Description": "Disguises protocol characteristics based on javascript, intercepts GET request parameters, and leverages javascript pseudo-protocol for xss behavior"
"RiskLevel": "medium",
"RuleId": "1492837231",
"RuleVersion": "2022-07-22T03:07:14Z",
"Tags": [
"owasp"
]
},
{
"Description": "This rule intercepts sensitive pseudo-protocol call features in XSS attacking"
"RiskLevel": "high",
"RuleId": "1492837231",
"RuleVersion": "2021-11-22T12:31:05Z",
"Tags": [
"owasp"
]
},
{
"Description": "Protection rule against Ecommerse-1.0 xss vulnerability"
"RiskLevel": "extreme",
"RuleId": "1492837231",
"RuleVersion": "2022-11-30T08:47:05Z",
"Tags": [
]
},
{
"Description": "Intercept attack patterns that call multiple pseudo-protocols within the same HTML tag"
"RiskLevel": "high",
"RuleId": "1492837231",
"RuleVersion": "2021-08-09T02:41:51Z",
"Tags": [
"owasp"
]
},
{
"Description": "Protection against the javascript pseudo-protocol in xss"
"RiskLevel": "extreme",
"RuleId": "1492837231",
"RuleVersion": "2021-04-01T03:47:49Z",
"Tags": [
"owasp"
]
},
{
"Description": "Protection against some xss-specific attack probes"
"RiskLevel": "low",
"RuleId": "1492837231",
"RuleVersion": "2024-11-19T06:37:27Z",
"Tags": [
]
},
{
"Description": "Protects against sensitive events and JS functions during xss attacks, such as onload=xxx and document.cookie"
"RiskLevel": "high",
"RuleId": "1492837231",
"RuleVersion": "2019-01-03T07:36:29Z",
"Tags": [
"owasp"
]
},
{
"Description": "This rule intercepts attackers bypassing attacks by encoding browser pseudo-protocols as entities and other methods"
"RiskLevel": "low",
"RuleId": "1492837231",
"RuleVersion": "2021-10-25T12:34:40Z",
"Tags": [
"owasp"
]
},
{
"Description": "In moderate protection mode, defend against common reflected/stored XSS attacks"
"RiskLevel": "high",
"RuleId": "1492837231",
"RuleVersion": "2021-08-17T08:25:13Z",
"Tags": [
"owasp"
]
},
{
"Description": "For scenarios targeting xss vulnerability exploitation in js environment output points, such as using ;new Function(atob(` to execute malicious js code"
"RiskLevel": "extreme",
"RuleId": "1492837231",
"RuleVersion": "2020-12-28T06:29:01Z",
"Tags": [
"owasp"
]
},
{
"Description": "Protects against reflection/stored XSS attacks in upload requests"
"RiskLevel": "low",
"RuleId": "1492837231",
"RuleVersion": "2021-08-17T08:23:02Z",
"Tags": [
"owasp"
]
},
{
"Description": "Targeting xss vulnerability type, this rule covers newly-added on events used for executing javascript operations."
"RiskLevel": "extreme",
"RuleId": "1492837231",
"RuleVersion": "2021-01-18T08:14:05Z",
"Tags": [
"owasp"
]
},
{
"Description": "Protection rule to block attempts using the <isindex> tag for XSS exploitation"
"RiskLevel": "medium",
"RuleId": "1492837231",
"RuleVersion": "2022-11-30T08:43:55Z",
"Tags": [
]
},
{
"Description": "protect against flash xss attacks"
"RiskLevel": "high",
"RuleId": "1492837231",
"RuleVersion": "2017-11-01T03:03:57Z",
"Tags": [
"owasp"
]
},
{
"Description": "Protect against xss attacks, detect attackers performing sensitive operations such as pop-up verification via alert/prompt calls or adding malicious DOM nodes."
"RiskLevel": "extreme",
"RuleId": "1492837231",
"RuleVersion": "2018-01-02T02:05:19Z",
"Tags": [
"owasp"
]
},
{
"Description": "Protects against attackers leveraging XSS vulnerabilities for probing"
"RiskLevel": "extreme",
"RuleId": "1492837231",
"RuleVersion": "2021-04-02T08:25:47Z",
"Tags": [
"owasp"
]
},
{
"Description": "Encode entities in the cookie field of an HTTP request to bypass XSS attacks targeting sensitive operations"
"RiskLevel": "medium",
"RuleId": "1492837231",
"RuleVersion": "2021-06-24T09:24:55Z",
"Tags": [
"owasp"
]
},
{
"Description": "Strict xss rule, protection rule against some special encoding"
"RiskLevel": "low",
"RuleId": "1492837231",
"RuleVersion": "2021-03-23T12:45:22Z",
"Tags": [
"owasp"
]
},
{
"Description": "Protect against xss attacks, detect attackers attempting to inject external JS scripts by calling getScript/CreateElement functions for sensitive operations"
"RiskLevel": "medium",
"RuleId": "1492837231",
"RuleVersion": "2018-01-02T02:09:14Z",
"Tags": [
"owasp"
]
},
{
"Description": "Protects against sensitive tags and their sensitive attributes in xss attacks, such as attack patterns like <script src=xxx>/<iframe src=javascript:xxx>"
"RiskLevel": "high",
"RuleId": "1492837231",
"RuleVersion": "2019-12-31T07:48:29Z",
"Tags": [
"owasp"
]
},
{
"Description": "Detect attack patterns like data uri/base64 in xss attacking by targeting the cookie field in HTTP requests"
"RiskLevel": "medium",
"RuleId": "1492837231",
"RuleVersion": "2021-06-24T10:09:09Z",
"Tags": [
"owasp"
]
},
{
"Description": "Protection rule against some client-side prototype chain pollution probe requests"
"RiskLevel": "extreme",
"RuleId": "1492837231",
"RuleVersion": "2021-09-03T09:26:42Z",
"Tags": [
"owasp"
]
},
{
"Description": "Interception rule against specific xss probing payloads in strict mode"
"RiskLevel": "low",
"RuleId": "1492837231",
"RuleVersion": "2021-11-10T08:57:34Z",
"Tags": [
"owasp"
]
},
{
"Description": "Detect attack patterns in xss data uri/base64"
"RiskLevel": "extreme",
"RuleId": "1492837231",
"RuleVersion": "2017-09-01T03:18:36Z",
"Tags": [
"owasp"
]
},
{
"Description": "Strict xss rule targeting predefined global variables in js"
"RiskLevel": "low",
"RuleId": "1492837231",
"RuleVersion": "2021-03-23T05:33:41Z",
"Tags": [
"owasp"
]
},
{
"Description": "Strict xss rules targeting scenarios where css executes javascript in IE"
"RiskLevel": "medium",
"RuleId": "1492837231",
"RuleVersion": "2021-03-23T04:58:47Z",
"Tags": [
"owasp"
]
},
{
"Description": "Protect against malicious XSS vulnerability detection behavior"
"RiskLevel": "low",
"RuleId": "1492837231",
"RuleVersion": "2021-03-23T13:17:23Z",
"Tags": [
"owasp"
]
},
{
"Description": "Protects against XSS attacks leveraging angularjs features"
"RiskLevel": "medium",
"RuleId": "1492837231",
"RuleVersion": "2022-04-06T06:21:17Z",
"Tags": [
"owasp"
]
},
{
"Description": "Protection against XSS attacks bypassing entity encoding"
"RiskLevel": "high",
"RuleId": "1492837231",
"RuleVersion": "2018-01-02T02:21:34Z",
"Tags": [
"owasp"
]
},
{
"Description": "In loose mode, xss protection rule"
"RiskLevel": "extreme",
"RuleId": "1492837231",
"RuleVersion": "2020-12-07T02:45:26Z",
"Tags": [
"owasp"
]
},
{
"Description": "Block attack patterns that call multiple pseudo-protocols within the same HTML tag"
"RiskLevel": "high",
"RuleId": "1492837231",
"RuleVersion": "2021-08-09T02:40:05Z",
"Tags": [
"owasp"
]
},
{
"Description": "Protection rules against some historic XSS attack vectors"
"RiskLevel": "low",
"RuleId": "1492837231",
"RuleVersion": "2022-05-16T09:28:20Z",
"Tags": [
"owasp"
]
}
]
},
"RuleActions": [
],
"SensitivityLevel": "strict"
}
],
"SemanticAnalysis": "off"
},
"RateLimitingRules": {
"Rules": [
{
"Action": {
"Name": "Deny"
},
"ActionDuration": "20h",
"Condition": "${http.request.uri.path} in ['/api/v3/test','/api/v3/submit']",
"CountBy": [
"http.request.ip",
"http.request.cookies['UserSession']"
],
"CountingPeriod": "2m",
"Enabled": "on",
"Id": "1492837231",
"MaxRequestThreshold": 1000,
"Name": "SampleHttpDdosRule",
"Priority": 100
}
]
}
}
}
Output Example
{
"Response": {
"RequestId": "09ce3d28-1119-49cd-d5a9-27cb34dac669"
}
}
5. Developer Resources
SDK
TencentCloud API 3.0 integrates SDKs that support various programming languages to make it easier for you to call APIs.
- Tencent Cloud SDK 3.0 for Python
- Tencent Cloud SDK 3.0 for Java
- Tencent Cloud SDK 3.0 for PHP
- Tencent Cloud SDK 3.0 for Go
- Tencent Cloud SDK 3.0 for Node.js
- Tencent Cloud SDK 3.0 for .NET
- Tencent Cloud SDK 3.0 for C++
Command Line Interface
6. Error Code
The following only lists the error codes related to the API business logic. For other error codes, see Common Error Codes.
| Error Code | Description |
|---|---|
| InvalidParameter.Security | Invalid parameter. |