Release Notes
Product Announcement
Security Advisory
Domain name for API request: waf.intl.tencentcloudapi.com.
This API is used to query the rule types of the rule engine.
A maximum of 20 requests can be initiated per second for this API.
The following request parameter list only provides API request parameters and some common parameters. For the complete common parameter list, see Common Request Parameters.
| Parameter Name | Required | Type | Description |
|---|---|---|---|
| Action | Yes | String | Common Params. The value used for this API: DescribeOwaspRuleTypes. |
| Version | Yes | String | Common Params. The value used for this API: 2018-01-25. |
| Region | Yes | String | Common Params. For more information, please see the list of regions supported by the product. This API only supports: ap-guangzhou, ap-seoul, ap-singapore. |
| Domain | Yes | String | Domain names to be queried |
| Offset | No | Integer | Page number, defaults to 0. |
| Limit | No | Integer | Capacity per page. defaults to 10. |
| Filters.N | No | Array of FiltersItemNew | Filter conditions. supports rule ID, CVE ID, and description. |
| Parameter Name | Type | Description |
|---|---|---|
| Total | Integer | Number of rule types. |
| List | Array of OwaspRuleType | Rule type list and information. |
| RequestId | String | The unique request ID, generated by the server, will be returned for every request (if the request fails to reach the server for other reasons, the request will not obtain a RequestId). RequestId is required for locating a problem. |
POST / HTTP/1.1
Host: waf.intl.tencentcloudapi.com
Content-Type: application/json
X-TC-Action: DescribeOwaspRuleTypes
<Common request parameters>
{
"Domain": "owasp.saas3.testwaf.com"
}{
"Response": {
"List": [
{
"Action": 0,
"ActiveRule": 1056,
"Classification": "XSS attack"
"Description": "Cross-site scripting (XSS) attacks are a type of injection where malicious scripts are injected into trusted websites. XSS attacks occur when an attacker uses a Web application to send malicious code (usually in the form of browser-side scripts) to different end users. Defects that allow these attacks to succeed are widely adopted and happen wherever a Web application uses user-submitted input in its generated output without verification or encoding. An attacker can use XSS to send malicious scripts to unsuspecting users. The end user's browser cannot determine if the script is untrusted and will execute it. Since the browser considers the script to come from a credible source, the malicious script can access any cookies, session tokens, or other sensitive information retained by the browser and used with the site. These scripts can even rewrite the contents of the HTML page."
"Level": 100,
"Status": 1,
"TotalRule": 1320,
"TypeId": 10000000,
"TypeName": "XSS attack"
}
],
"RequestId": "239d0e9a-c7b1-48af-acda-7237c060362a",
"Total": 1
}
}TencentCloud API 3.0 integrates SDKs that support various programming languages to make it easier for you to call APIs.
The following only lists the error codes related to the API business logic. For other error codes, see Common Error Codes.
| Error Code | Description |
|---|---|
| InternalError.Unknown | InternalError.Unknown |
| InvalidParameterValue.InvalidRequest | InvalidRequest |
| ResourceNotFound.NotFound | ResourceNotFound.NotFound |
Was this page helpful?
You can also Contact sales or Submit a Ticket for help.
Help us improve! Rate your documentation experience in 5 mins.
Feedback