github.com/opentelekomcloud/gophertelekomcloud@v0.9.3/openstack/waf-premium/v1/rules/CreateCc.go (about) 1 package rules 2 3 import ( 4 "github.com/opentelekomcloud/gophertelekomcloud" 5 "github.com/opentelekomcloud/gophertelekomcloud/internal/build" 6 "github.com/opentelekomcloud/gophertelekomcloud/internal/extract" 7 ) 8 9 type CreateCcOpts struct { 10 // Protection mode of the CC attack protection rule, which corresponds to the Mode 11 // field in the Add CC Attack Protection Rule dialog box on the WAF console. 12 // 0: standard. Only the protected paths of domain names can be specified. 13 // 1: The path, IP address, cookie, header, and params fields can all be set. 14 Mode *int `json:"mode" required:"true"` 15 // Path to be protected in the CC attack protection rule. 16 // This parameter is mandatory when the CC attack protection rule is in standard mode (i.e. the value of mode is 0). 17 Url string `json:"url" required:"true"` 18 // Rate limit conditions of the CC protection rule. 19 // This parameter is mandatory when the CC protection rule is in advanced mode (i.e. the value of mode is 1). 20 Conditions []CcConditionsObject `json:"conditions"` 21 // Protection action to take if the number of requests reaches the upper limit. 22 Action *CcActionObject `json:"action" required:"true"` 23 // Rate limit mode. 24 // ip: IP-based rate limiting. Website visitors are identified by IP address. 25 // cookie: User-based rate limiting. Website visitors are identified by the cookie key value. 26 // header: User-based rate limiting. Website visitors are identified by the header field. 27 // other: Website visitors are identified by the Referer field (user-defined request source). 28 TagType string `json:"tag_type" required:"true"` 29 // User identifier. This parameter is mandatory when the rate limit mode is set to user (cookie or header). 30 // cookie: Set the cookie field name. 31 // You need to configure an attribute variable name in the cookie that can uniquely identify 32 // a web visitor based on your website requirements. This field does not support regular expressions. 33 // Only complete matches are supported. For example, if a website uses the name field 34 // in the cookie to uniquely identify a website visitor, select name. 35 // header: Set the user-defined HTTP header you want to protect. 36 // You need to configure the HTTP header that can identify web visitors based on your website requirements. 37 TagIndex string `json:"tag_index"` 38 // User tag. This parameter is mandatory when the rate limit mode is set to other. 39 // other: A website visitor is identified by the Referer field (user-defined request source). 40 TagCondition *CcTagConditionObject `json:"tag_condition"` 41 // Rate limit frequency based on the number of requests. The value ranges from 1 to 2,147,483,647. 42 LimitNum int64 `json:"limit_num" required:"true"` 43 // Rate limit period, in seconds. The value ranges from 1 to 3,600. 44 LimitPeriod int64 `json:"limit_period" required:"true"` 45 // Allowable frequency based on the number of requests. The value ranges from 0 to 2,147,483,647. 46 // This parameter is required only when the protection action type is dynamic_block. 47 UnlockNum int64 `json:"unlock_num"` 48 // Block duration, in seconds. The value ranges from 0 to 65,535. 49 // Specifies the period within which access is blocked. An error page is displayed in this period. 50 LockTime *int `json:"lock_time,omitempty"` 51 // Rule description. 52 Description string `json:"description"` 53 } 54 55 type CcConditionsObject struct { 56 // Field type. The value can be url, ip, params, cookie, or header. 57 Category string `json:"category" required:"true"` 58 // Logic for matching the condition. 59 // If the category is url, the optional operations are: 60 // `contain`, `not_contain`, `equal`, `not_equal`, `prefix`, `not_prefix`, `suffix`, `not_suffix`, 61 // `contain_any`, `not_contain_all`, `equal_any`, `not_equal_all`, `equal_any`, 62 // `not_equal_all`, `prefix_any`, `not_prefix_all`, `suffix_any`, `not_suffix_all`, 63 // `len_greater`, `len_less`, `len_equal` and `len_not_equal` 64 // If the category is ip, the optional operations are: 65 // `equal`, `not_equal`, `equal_any` and `not_equal_all` 66 // If the category is params, cookie and header, the optional operations are: 67 // `contain`, `not_contain`, `equal`, `not_equal`, `prefix`, `not_prefix`, `suffix`, `not_suffix`, 68 // `contain_any`, `not_contain_all`, `equal_any`, `not_equal_all`, `equal_any`, `not_equal_all`, 69 // `prefix_any`, `not_prefix_all`, `suffix_any`, `not_suffix_all`, `len_greater`, `len_less`, 70 // `len_equal`, `len_not_equal`, `num_greater`, `num_less`, `num_equal`, `num_not_equal`, 71 // `exist` and `not_exist` 72 LogicOperation string `json:"logic_operation" required:"true"` 73 // Content of the conditions. 74 // This parameter is mandatory when the suffix of logic_operation is not any or all. 75 Contents []string `json:"contents"` 76 // Reference table ID. It can be obtained by calling the API Querying the Reference Table List. 77 // This parameter is mandatory when the suffix of logic_operation is any or all. 78 // The reference table type must be the same as the category type. 79 ValueListId string `json:"value_list_id"` 80 // Subfield. When category is set to params, cookie, or header, 81 // set this parameter based on site requirements. 82 // This parameter is mandatory. 83 Index string `json:"index"` 84 } 85 86 type CcActionObject struct { 87 // Action type: 88 // captcha: Verification code. 89 // WAF requires visitors to enter a correct verification code to continue their 90 // access to requested page on your website. 91 // block: WAF blocks the requests. When tag_type is set to other, the value can only be block. 92 // log: WAF logs the event only. 93 // dynamic_block: In the previous rate limit period, 94 // if the request frequency exceeds the value of Rate Limit Frequency, 95 // the request is blocked. In the next rate limit period, 96 // if the request frequency exceeds the value of Permit Frequency, 97 // the request is still blocked. 98 // Note: The dynamic_block protection action can be set only when the 99 // advanced protection mode is enabled for the CC protection rule. 100 Category string `json:"category" required:"true"` 101 // Block page information. When protection action category is set to block or dynamic_block, 102 // you need to set the returned block page. 103 // If you want to use the default block page, this parameter can be excluded. 104 // If you want to use a custom block page, set this parameter. 105 Detail *CcDetailObject `json:"detail"` 106 } 107 108 type CcDetailObject struct { 109 // Returned page. 110 Response *CcResponseObject `json:"response"` 111 } 112 113 type CcResponseObject struct { 114 // Content type. The value can only be application/json, text/html, or text/xml. 115 ContentType string `json:"content_type"` 116 // Protection page content. 117 Content string `json:"content"` 118 } 119 120 type CcTagConditionObject struct { 121 // User identifier. The value is fixed at referer. 122 Category string `json:"category"` 123 // Content of the user identifier field. 124 Contents []string `json:"contents"` 125 } 126 127 // CreateCc will create a cc rule on the values in CreateOpts. 128 func CreateCc(client *golangsdk.ServiceClient, policyId string, opts CreateCcOpts) (*CcRule, error) { 129 b, err := build.RequestBody(opts, "") 130 if err != nil { 131 return nil, err 132 } 133 134 // POST /v1/{project_id}/waf/policy/{policy_id}/cc 135 raw, err := client.Post(client.ServiceURL("waf", "policy", policyId, "cc"), b, 136 nil, &golangsdk.RequestOpts{ 137 OkCodes: []int{200}, 138 MoreHeaders: map[string]string{"Content-Type": "application/json;charset=utf8"}, 139 }) 140 if err != nil { 141 return nil, err 142 } 143 144 var res CcRule 145 err = extract.Into(raw.Body, &res) 146 return &res, err 147 } 148 149 type CcRule struct { 150 // Rule ID. 151 ID string `json:"id"` 152 // Policy ID. 153 PolicyId string `json:"policyid"` 154 // When the value of mode is 0, this parameter has a return value. 155 Url string `json:"url"` 156 // Whether a prefix is used for the path. 157 // If the protected URL ends with an asterisk (*), a path prefix is used. 158 Prefix bool `json:"prefix"` 159 // Mode. 160 // 0: Standard. 161 // 1: Advanced. 162 Mode int `json:"mode"` 163 // Rule status. The value can be 0 or 1. 164 // 0: The rule is disabled. 165 // 1: The rule is enabled. 166 Status int `json:"status"` 167 // Rate limit conditions of the CC protection rule. 168 Conditions []CcConditionsObject `json:"conditions"` 169 // Protection action to take if the number of requests reaches the upper limit. 170 Action CcActionObject `json:"action"` 171 // Rate limit mode. 172 TagType string `json:"tag_type"` 173 // User identifier. 174 // This parameter is mandatory when the rate limit mode is set to user (cookie or header). 175 TagIndex string `json:"tag_index"` 176 // User tag. 177 TagCondition CcTagConditionObject `json:"tag_condition"` 178 // Rate limit frequency based on the number of requests. The value ranges from 1 to 2,147,483,647. 179 LimitNum int64 `json:"limit_num"` 180 // Rate limit period, in seconds. The value ranges from 1 to 3,600. 181 LimitPeriod int `json:"limit_period"` 182 // Allowable frequency based on the number of requests. 183 UnlockNum int64 `json:"unlock_num"` 184 // Block duration, in seconds. 185 LockTime int64 `json:"lock_time"` 186 // Rule description. 187 Description string `json:"description"` 188 // This parameter is reserved and can be ignored currently. 189 TotalNum int `json:"total_num"` 190 // This parameter is reserved and can be ignored currently. 191 UnAggregation bool `json:"unaggregation"` 192 // Rule aging time. This parameter is reserved and can be ignored currently. 193 AgingTime int `json:"aging_time"` 194 // Rule creation object. This parameter is reserved and can be ignored currently. 195 Producer int `json:"producer"` 196 // Timestamp the rule is created. 197 CreatedAt int64 `json:"timestamp"` 198 }