github.com/opentelekomcloud/gophertelekomcloud@v0.9.3/openstack/waf-premium/v1/policies/Create.go (about) 1 package policies 2 3 import ( 4 "github.com/opentelekomcloud/gophertelekomcloud" 5 "github.com/opentelekomcloud/gophertelekomcloud/internal/build" 6 "github.com/opentelekomcloud/gophertelekomcloud/internal/extract" 7 "github.com/opentelekomcloud/gophertelekomcloud/openstack/waf-premium/v1/certificates" 8 ) 9 10 type CreateOpts struct { 11 // Policy name. 12 // The policy name can contain only digits, letters, and underscores (_) and cannot exceed 64 characters. 13 Name string `json:"name" required:"true"` 14 } 15 16 // Create will create a new Waf Policy on the values in CreateOpts. 17 func Create(client *golangsdk.ServiceClient, opts CreateOpts) (*Policy, error) { 18 b, err := build.RequestBody(opts, "") 19 if err != nil { 20 return nil, err 21 } 22 23 // POST /v1/{project_id}/waf/policy 24 raw, err := client.Post(client.ServiceURL("waf", "policy"), b, 25 nil, &golangsdk.RequestOpts{ 26 OkCodes: []int{200}, 27 MoreHeaders: map[string]string{"Content-Type": "application/json;charset=utf8"}, 28 }) 29 if err != nil { 30 return nil, err 31 } 32 33 var res Policy 34 err = extract.Into(raw.Body, &res) 35 return &res, err 36 } 37 38 type Policy struct { 39 // Policy ID. This is the unique identifier generated by WAF. 40 ID string `json:"id"` 41 // Policy name. 42 Name string `json:"name"` 43 // Policy action 44 Action *PolicyAction `json:"action"` 45 // Feature-based anti-crawler protection mode. 46 RobotAction *PolicyAction `json:"robot_action"` 47 // Policy option 48 Options *PolicyOption `json:"options"` 49 // Protection level. A low protection level may result in a lower false-positive rate, 50 // but also a lower attack detection rate. A high protection level may result in 51 // a higher attack detection rate, but also a higher false-positive rate. 52 // A medium protection level can balance both. Protection levels: 53 // 1: Low 54 // 2: Medium 55 // 3: High 56 Level int `json:"level"` 57 // Detection mode in the precise protection rule 58 // true: full detection. 59 // WAF blocks all requests that hit the configured precise protection rule 60 // when it finishes all threat detections. 61 // false: instant detection. 62 // WAF immediately ends threat detection and blocks the 63 // request that hits the configured precise protection rule. 64 FullDetection *bool `json:"full_detection"` 65 // Array of protected domain names for which the policy is used. 66 // Each policy can be used to one or more domain names. 67 // You can specify a policy for a domain name when you add the domain name 68 // to WAF by calling the API Adding a Protected Domain Name. 69 BindHost []certificates.Hosts `json:"bind_host"` 70 // Array of IDs of protected domain names. 71 // The ID of a protected domain name is unique and generated by WAF when you add the domain name to WAF. 72 // To obtain the IDs, call the API Querying Domain Names Protected by Dedicated WAF Engines. 73 // To add a domain name to WAF, call the API Adding a Protected Domain Name. 74 Hosts []string `json:"hosts"` 75 // Switch for enabling or disabling Deep Inspection and Header Inspection in Basic Web Protection. 76 Extend *PolicyExtend `json:"extend"` 77 // Whether to share a policy. This parameter is reserved and can be ignored currently. 78 ShareInfo *ShareInfo `json:"share_info"` 79 // Whether to enable intelligent CC protection. This parameter is reserved and can be ignored currently. 80 ModulexOptions *ModulexOptions `json:"modulex_options"` 81 // Time the policy is created. The value is a 13-digit timestamp, in ms. 82 CreatedAt int64 `json:"timestamp"` 83 } 84 85 type PolicyAction struct { 86 // Protection level. The value can be: 87 // block: WAF blocks attacks. 88 // log: WAF only logs detected attacks. 89 Category string `json:"category"` 90 } 91 92 type PolicyOption struct { 93 // Basic web protection includes many specific checks under Advanced Settings, 94 // and there is a specific parameter allocated for each check, 95 // for example, common for General Check. To enable any of these checks, 96 // keep this parameter enabled first. 97 WebAttack *bool `json:"webattack,omitempty"` 98 // Whether general check is enabled. 99 Common *bool `json:"common,omitempty"` 100 // JavaScript anti-crawler function. 101 AntiCrawler *bool `json:"anticrawler,omitempty"` 102 // Whether the search engine is enabled. 103 CrawlerEngine *bool `json:"crawler_engine,omitempty"` 104 // Whether the scanner check in anti-crawler detection is enabled. 105 CrawlerScanner *bool `json:"crawler_scanner,omitempty"` 106 // Whether the JavaScript anti-crawler is enabled. 107 CrawlerScript *bool `json:"crawler_script,omitempty"` 108 // Whether other crawler check is enabled. 109 CrawlerOther *bool `json:"crawler_other,omitempty"` 110 // Whether webshell check is enabled. 111 WebShell *bool `json:"webshell,omitempty"` 112 // Whether the CC attack protection rule is enabled. 113 Cc *bool `json:"cc,omitempty"` 114 // Whether precise protection is enabled. 115 Custom *bool `json:"custom,omitempty"` 116 // Whether blacklist and whitelist protection is enabled. 117 WhiteblackIp *bool `json:"whiteblackip,omitempty"` 118 // Whether geolocation access control is enabled. 119 GeoIp *bool `json:"geoip,omitempty"` 120 // Whether false alarm masking is enabled. 121 Ignore *bool `json:"ignore,omitempty"` 122 // Whether data masking is enabled. 123 Privacy *bool `json:"privacy,omitempty"` 124 // Whether the web tamper protection is enabled. 125 AntiTamper *bool `json:"antitamper,omitempty"` 126 // Whether the information leakage prevention is enabled. 127 AntiLeakage *bool `json:"antileakage,omitempty"` 128 // Whether the Known Attack Source protection is enabled. 129 FollowedAction *bool `json:"followed_action,omitempty"` 130 // Feature-based anti-crawler. This feature includes many specific anti-crawler checks, 131 // such as crawler_engine, crawler_scanner, crawler_script, and crawler_other. 132 // To enable any of these checks, keep anti-crawler protection enabled 133 BotEnable *bool `json:"bot_enable,omitempty"` 134 Crawler *bool `json:"crawler,omitempty"` 135 Precise *bool `json:"precise,omitempty"` 136 ModulexEnabled *bool `json:"modulex_enabled,omitempty"` 137 } 138 139 type PolicyExtend struct { 140 // Protection statuses for advanced settings in basic web protection. 141 // By default, this parameter is left blank, and the Deep Inspection and Header Inspection are disabled. 142 // If deep_decode is set to true, the Deep Inspection is enabled. 143 // If check_all_headers is set to true, the Header Inspection is enabled. 144 // If deep_decode and check_all_headers are set to false, 145 // the Deep Inspection and Header Inspection are disabled. 146 Extend string `json:"extend"` 147 } 148 149 type ShareInfo struct { 150 // Total number of the users who share the address group. 151 ShareCount int `json:"share_count"` 152 // Number of users who accept the sharing 153 AcceptCount int `json:"accept_count"` 154 // Status 155 Status int `json:"process_status"` 156 } 157 158 type ModulexOptions struct { 159 // Status of the global rate limiting function (counting requests to all WAF instances when limiting traffic). 160 GlobalRateEnabled *bool `json:"global_rate_enabled"` 161 // Protection mode of the global rate limiting function. 162 GlobalRateMode string `json:"global_rate_mode"` 163 // Status of the intelligent precise protection. 164 PreciseRulesEnabled *bool `json:"precise_rules_enabled"` 165 // Protection mode of the intelligent precise protection. 166 // log: WAF logs the event only. 167 // block: WAF blocks requests. 168 PreciseRulesMode string `json:"precise_rules_mode"` 169 // Management mode of the intelligent precise protection. 170 // auto: WAF manages automatically generated rules. 171 // manual: You can manage rules that are automatically generated by WAF. 172 PreciseRulesManagedMode string `json:"precise_rules_managed_mode"` 173 // Aging mode of the intelligent precise protection. 174 // manual: You can customize the maximum age of the rule. 175 // auto: Automatic 176 PreciseRulesAgingMode string `json:"precise_rules_aging_mode"` 177 // Maximum age of the intelligent precise protection. 178 PreciseRulesRetention int `json:"precise_rules_retention"` 179 // Status of the intelligent CC attack protection. 180 CcRulesEnabled *bool `json:"cc_rules_enabled"` 181 // Protection mode of the intelligent CC attack protection rule. 182 // log: WAF logs the event only. 183 // block: WAF blocks requests. 184 CcRulesMode string `json:"cc_rules_mode"` 185 // Management mode of the intelligent CC attack protection. 186 // auto: WAF manages automatically generated rules. 187 // manual: You can manage rules that are automatically generated by WAF. 188 CcRulesManagedMode string `json:"cc_rules_managed_mode"` 189 // Aging mode of the intelligent CC attack protection. 190 // manual: You can customize the maximum age of the rule. 191 // auto: Automatic 192 CcRulesAgingMode string `json:"cc_rules_aging_mode"` 193 // Maximum age of the intelligent CC attack protection. 194 CcRulesRetention int `json:"cc_rules_retention"` 195 }