CreateWebSecurityTemplate
1. API Description
Domain name for API request: teo.intl.tencentcloudapi.com.
This API is used to create a security policy configuration template.
A maximum of 20 requests can be initiated per second for this API.
                We recommend you to use API Explorer
            
            Try it
        
                API Explorer provides a range of capabilities, including online call, signature authentication, SDK code generation, and API quick search.  It enables you to view the request, response, and auto-generated examples.
            
        2. Input Parameters
The following request parameter list only provides API request parameters and some common parameters. For the complete common parameter list, see Common Request Parameters.
| Parameter Name | Required | Type | Description | 
|---|---|---|---|
| Action | Yes | String | Common Params. The value used for this API: CreateWebSecurityTemplate. | 
| Version | Yes | String | Common Params. The value used for this API: 2022-09-01. | 
| Region | No | String | Common Params. This parameter is not required. | 
| ZoneId | Yes | String | Zone ID. Explicitly identifies the zone to which the policy template belongs for access control purposes. | 
| TemplateName | Yes | String | Policy template name. Composed of Chinese characters, letters, digits, and underscores. Cannot begin with an underscore and must be less than or equal to 32 characters. | 
| SecurityPolicy | No | SecurityPolicy | Web security policy template configuration. Generates default config if empty. Supported: Exception rules, custom rules, rate limiting rules, managed rules. Not supported: Bot management rules (under development). | 
3. Output Parameters
| Parameter Name | Type | Description | 
|---|---|---|
| TemplateId | String | Policy template ID. | 
| RequestId | String | The unique request ID, generated by the server, will be returned for every request (if the request fails to reach the server for other reasons, the request will not obtain a RequestId). RequestId is required for locating a problem. | 
4. Example
Example1 Creating a Security Policy Configuration Template
This example shows you how to create a "Web security policy template" in the zone-2wkpkd52pwsk site.
Input Example
POST / HTTP/1.1
Host: teo.intl.tencentcloudapi.com
Content-Type: application/json
X-TC-Action: CreateWebSecurityTemplate
<Common request parameters>
{
    "ZoneId": "zone-2wkpkd52pwsk",
"TemplateName": "Web security policy template",
    "SecurityPolicy": {
        "CustomRules": {
            "Rules": [
                {
                    "Name": "acl1",
                    "Condition": "${http.request.host} in ['111']",
                    "Action": {
                        "Name": "Deny"
                    },
                    "Enabled": "on",
                    "RuleType": "PreciseMatchRule",
                    "Priority": 35
                },
                {
                    "Name": "iptable1",
                    "Condition": "${http.request.headers['referer']} in ['123']",
                    "Action": {
                        "Name": "Deny"
                    },
                    "Enabled": "on",
                    "RuleType": "BasicAccessRule"
                }
            ]
        },
        "ExceptionRules": {
            "Rules": [
                {
                    "Name": "SampleSkipManagedRule",
                    "Condition": "${http.request.uri.path} in ['/api/v3/test','/api/v3/submit']",
                    "SkipScope": "ManagedRules",
                    "SkipOption": "SkipOnAllRequestFields",
                    "ManagedRulesForException": [
                        "4401215074",
                        "4368124487"
                    ],
                    "Enabled": "on"
                },
                {
                    "Name": "SampleSkipManagedRule2",
                    "Condition": "${http.request.uri.path} in ['/api/v3/test','/api/v3/submit']",
                    "SkipScope": "ManagedRules",
                    "SkipOption": "SkipOnAllRequestFields",
                    "ManagedRuleGroupsForException": [
                        "wafgroup-sql-injection-attacks"
                    ],
                    "Enabled": "on"
                },
                {
                    "Name": "SampleSkipManagedRuleForField",
                    "Condition": "${http.request.uri.path} in ['/api/v3/test','/api/v3/submit'] ",
                    "SkipScope": "ManagedRules",
                    "ManagedRulesForException": [
                        "4401215074",
                        "4368124487"
                    ],
                    "SkipOption": "SkipOnSpecifiedRequestFields",
                    "RequestFieldsForException": [
                        {
                            "Scope": "cookie",
                            "Condition": "",
                            "TargetField": "key"
                        }
                    ],
                    "Enabled": "on"
                }
            ]
        },
        "HttpDDoSProtection": {
            "AdaptiveFrequencyControl": {
                "Action": {
                    "ChallengeActionParameters": {
                        "ChallengeOption": "JSChallenge"
                    },
                    "Name": "Challenge"
                },
                "Enabled": "on",
                "Sensitivity": "Loose"
            },
            "BandwidthAbuseDefense": {
                "Action": {
                    "Name": "Monitor"
                },
                "Enabled": "off"
            },
            "ClientFiltering": {
                "Action": {
                    "ChallengeActionParameters": {
                        "ChallengeOption": "JSChallenge"
                    },
                    "Name": "Challenge"
                },
                "Enabled": "on"
            },
            "SlowAttackDefense": {
                "Action": {
                    "Name": "Deny"
                },
                "Enabled": "off",
                "MinimalRequestBodyTransferRate": {
                    "CountingPeriod": "60s",
                    "Enabled": "off",
                    "MinimalAvgTransferRateThreshold": "80bps"
                },
                "RequestBodyTransferTimeout": {
                    "Enabled": "off",
                    "IdleTimeout": "5s"
                }
            }
        },
        "ManagedRules": {
            "AutoUpdate": {
                "AutoUpdateToLatestVersion": "on"
            },
            "DetectionOnly": "on",
            "Enabled": "on",
            "ManagedRuleGroups": [
                {
                    "Action": {
                        "Name": "Monitor"
                    },
                    "GroupId": "wafgroup-webshell-attacks",
                    "RuleActions": [
                    ],
                    "SensitivityLevel": "strict"
                },
                {
                    "Action": {
                        "Name": "Monitor"
                    },
                    "GroupId": "wafgroup-xss-attacks",
                    "RuleActions": [
                    ],
                    "SensitivityLevel": "strict"
                },
                {
                    "Action": {
                        "Name": "Monitor"
                    },
                    "GroupId": "wafgroup-xxe-attacks",
                    "RuleActions": [
                    ],
                    "SensitivityLevel": "strict"
                },
                {
                    "Action": {
                        "Name": "Monitor"
                    },
                    "GroupId": "wafgroup-vulnerability-scanners",
                    "RuleActions": [
                    ],
                    "SensitivityLevel": "strict"
                },
                {
                    "Action": {
                        "Name": "Monitor"
                    },
                    "GroupId": "wafgroup-non-compliant-protocol-usages",
                    "RuleActions": [
                    ],
                    "SensitivityLevel": "strict"
                },
                {
                    "Action": {
                        "Name": "Monitor"
                    },
                    "GroupId": "wafgroup-cms-vulnerabilities",
                    "RuleActions": [
                    ],
                    "SensitivityLevel": "strict"
                },
                {
                    "Action": {
                        "Name": "Monitor"
                    },
                    "GroupId": "wafgroup-file-upload-attacks",
                    "RuleActions": [
                    ],
                    "SensitivityLevel": "strict"
                },
                {
                    "Action": {
                        "Name": "Monitor"
                    },
                    "GroupId": "wafgroup-other-vulnerabilities",
                    "RuleActions": [
                    ],
                    "SensitivityLevel": "strict"
                },
                {
                    "Action": {
                        "Name": "Monitor"
                    },
                    "GroupId": "wafgroup-command-and-code-injections",
                    "RuleActions": [
                    ],
                    "SensitivityLevel": "strict"
                },
                {
                    "Action": {
                        "Name": "Monitor"
                    },
                    "GroupId": "wafgroup-sql-injections",
                    "RuleActions": [
                    ],
                    "SensitivityLevel": "strict"
                },
                {
                    "Action": {
                        "Name": "Monitor"
                    },
                    "GroupId": "wafgroup-shiro-vulnerabilities",
                    "RuleActions": [
                    ],
                    "SensitivityLevel": "strict"
                },
                {
                    "Action": {
                        "Name": "Monitor"
                    },
                    "GroupId": "wafgroup-unauthorized-file-accesses",
                    "RuleActions": [
                    ],
                    "SensitivityLevel": "strict"
                },
                {
                    "Action": {
                        "Name": "Monitor"
                    },
                    "GroupId": "wafgroup-ldap-injections",
                    "RuleActions": [
                    ],
                    "SensitivityLevel": "strict"
                },
                {
                    "Action": {
                        "Name": "Monitor"
                    },
                    "GroupId": "wafgroup-oa-vulnerabilities",
                    "RuleActions": [
                    ],
                    "SensitivityLevel": "strict"
                },
                {
                    "Action": {
                        "Name": "Monitor"
                    },
                    "GroupId": "wafgroup-ssrf-attacks",
                    "RuleActions": [
                    ],
                    "SensitivityLevel": "strict"
                },
                {
                    "Action": {
                        "Name": "Monitor"
                    },
                    "GroupId": "wafgroup-ssti-attacks",
                    "RuleActions": [
                    ],
                    "SensitivityLevel": "strict"
                },
                {
                    "Action": {
                        "Name": "Monitor"
                    },
                    "GroupId": "wafgroup-unauthorized-accesses",
                    "RuleActions": [
                    ],
                    "SensitivityLevel": "strict"
                }
            ],
            "SemanticAnalysis": "off"
        },
        "RateLimitingRules": {
            "Rules": [
                {
                    "Enabled": "on",
                    "Name": "SampleHttpDdosRule",
                    "Condition": "${http.request.uri.path} in ['/api/v3/test','/api/v3/submit']",
                    "CountBy": [
                        "http.request.ip",
                        "http.request.cookies['UserSession']"
                    ],
                    "MaxRequestThreshold": 1000,
                    "CountingPeriod": "2m",
                    "ActionDuration": "20h",
                    "Action": {
                        "Name": "Deny"
                    },
                    "Priority": 100
                }
            ]
        }
    }
}Output Example
{
    "Response": {
        "RequestId": "09ce3d28-1119-49cd-a99f-27cb34dac669",
        "TemplateId": "temp-ygt2paxl"
    }
}5. Developer Resources
SDK
TencentCloud API 3.0 integrates SDKs that support various programming languages to make it easier for you to call APIs.
- Tencent Cloud SDK 3.0 for Python
- Tencent Cloud SDK 3.0 for Java
- Tencent Cloud SDK 3.0 for PHP
- Tencent Cloud SDK 3.0 for Go
- Tencent Cloud SDK 3.0 for Node.js
- Tencent Cloud SDK 3.0 for .NET
- Tencent Cloud SDK 3.0 for C++
Command Line Interface
6. Error Code
The following only lists the error codes related to the API business logic. For other error codes, see Common Error Codes.
| Error Code | Description | 
|---|---|
| InvalidParameter.Security | Invalid parameter. | 
| LimitExceeded.Security | Limit exceeded | 
| UnauthorizedOperation.CamUnauthorized | CAM is not authorized. |