Documentation
¶
Index ¶
- func Delete(client *golangsdk.ServiceClient, id string, opts DeleteOpts) (err error)
- func UpdateProtectStatus(client *golangsdk.ServiceClient, id string, opts ProtectUpdateOpts) (err error)
- type BlockPage
- type BlockPageResponse
- type CircuitBreakerObject
- type CreateOpts
- type CustomPage
- type CustomPageResponse
- type DeleteOpts
- type ExtendResponse
- type FlagObject
- type Host
- type HostResponse
- type ListOpts
- type PremiumWafServer
- type ProtectUpdateOpts
- type ServerResponse
- type TimeoutConfigObject
- type TrafficMarkObject
- type UpdateOpts
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func Delete ¶
func Delete(client *golangsdk.ServiceClient, id string, opts DeleteOpts) (err error)
func UpdateProtectStatus ¶
func UpdateProtectStatus(client *golangsdk.ServiceClient, id string, opts ProtectUpdateOpts) (err error)
Types ¶
type BlockPage ¶
type BlockPage struct {
// Template name
Template string `json:"template" required:"true"`
// Custom alarm page
CustomPage *CustomPage `json:"custom_page"`
// Redirection URL
RedirectUrl string `json:"redirect_url"`
}
type BlockPageResponse ¶
type BlockPageResponse struct {
// Template name
Template string `json:"template"`
// Custom alarm page
CustomPage *CustomPageResponse `json:"custom_page"`
// Redirection URL
RedirectUrl string `json:"redirect_url"`
}
type CircuitBreakerObject ¶
type CircuitBreakerObject struct {
// Whether to enable connection protection.
// true: Enable connection protection.
// false: Disable the connection protection.
Switch bool `json:"switch"`
// 502/504 error threshold. 502/504 errors allowed for every 30 seconds.
DeadNum int `json:"dead_num"`
// A breakdown protection is triggered when
// the 502/504 error threshold and percentage threshold have been reached.
DeadRatio int `json:"dead_ratio"`
// Protection period upon the first breakdown.
// During this period, WAF stops forwarding client requests.
BlockTime int `json:"block_time"`
// The maximum multiplier you can use for consecutive breakdowns.
SuperpositionNum int `json:"superposition_num"`
// Threshold of the number of pending URL requests.
// Connection protection is triggered when the threshold has been reached.
SuspendNum int `json:"suspend_num"`
// Downtime duration after the connection protection is triggered.
// During this period, WAF stops forwarding website requests.
SusBlockTime int `json:"sus_block_time"`
}
type CreateOpts ¶
type CreateOpts struct {
// HTTPS certificate ID.
// It can be obtained by calling the ListCertificates API.
// This parameter is not required when the client protocol is HTTP,
// but it is mandatory when the client protocol is HTTPS.
CertificateId string `json:"certificateid"`
// Certificate name.
// Certifacteid and certificatename are required at the same.
// If certificateid does not match certificatename, an error is reported.
// This parameter is not required when the client protocol is HTTP,
// but it is mandatory when the client protocol is HTTPS.
CertificateName string `json:"certificatename"`
// Protected domain name or IP address (port allowed)
Hostname string `json:"hostname" required:"true"`
// Whether a proxy is used for the domain name.
// If your website has no layer-7 proxy server
// such as CDN and cloud acceleration service deployed
// in front of WAF and uses only layer-4 load balancers
// (or NAT), set Proxy Configured to No. Otherwise,
// Proxy Configured must be set to Yes.
// This ensures that WAF obtains real IP addresses of website
// visitors and takes protective actions configured in
// protection policies.
Proxy *bool `json:"proxy" required:"true"`
// ID of the policy initially used to the domain name.
// It can be obtained by calling the API described in 2.1.1
// Querying Protection Policies.
PolicyId string `json:"policyid"`
// Server configuration in dedicated mode
Server []PremiumWafServer `json:"server" required:"true"`
// Website name
WebTag string `json:"web_tag"`
// Description
Description string `json:"description"`
}
type CustomPage ¶
type CustomPageResponse ¶
type DeleteOpts ¶
type DeleteOpts struct {
KeepPolicy *bool `q:"keepPolicy"`
}
type ExtendResponse ¶
type FlagObject ¶
type FlagObject struct {
// Whether PCI 3DS certification check is enabled for the domain name. Currently, this function is not supported. The default value is false. You can ignore this parameter.
// true: PCI 3DS check is enabled.
// false: PCI 3DS check is disabled.
Pci3ds string `json:"pci_3ds"`
// Whether PCI DDS certification check is enabled for the domain name.
// true: PCI DDS check is enabled.
// false: PCI DDS check is disabled.
PciDss string `json:"pci_dss"`
}
type Host ¶
type Host struct {
// Domain name ID
ID string `json:"id"`
// ID of the policy initially used to the domain name.
// It can be obtained by calling the API described in 2.1.1 Querying Protection Policies.
PolicyId string `json:"policyid"`
// Domain name added to cloud WAF.
Hostname string `json:"hostname"`
// User domain ID.
DomainId string `json:"domainid"`
// Project ID.
ProjectId string `json:"project_id"`
// HTTP protocol.
Protocol string `json:"protocol"`
// Minimum TLS version supported.
// TLS v1.0 is used by default.
// The value can be:TLS v1.0TLS v1.1TLS v1.2TLS v1.3
Tls string `json:"tls"`
// Cipher suite. The value can be:
// cipher_1: ECDHE-ECDSA-AES256-GCM-SHA384:HIGH:!MEDIUM:!LOW:!aNULL:!eNULL:!DES:!MD5:!PSK:!RC4:!kRSA:!SRP:!3DES:!DSS:!EXP:!CAMELLIA:@STRENGTH
// cipher_2: EECDH+AESGCM:EDH+AESGCM
// cipher_3: ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:RC4:HIGH:!MD5:!aNULL:!eNULL:!NULL:!DH:!EDH
// cipher_4. ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:AES256-SHA256:RC4:HIGH:!MD5:!aNULL:!eNULL:!NULL:!EDH n - cipher_default: ECDHE-RSA-AES256-SHA384:AES256-SHA256:RC4:HIGH:!MD5:!aNULL:!eNULL:!NULL:!DH:!EDH:!AESGCM
Cipher string `json:"cipher"`
// Origin server details
Server []ServerResponse `json:"server"`
// HTTPS certificate ID.
// It can be obtained by calling the ListCertificates API.
// n - This parameter is not required when the client protocol is HTTP.
// n - This parameter is mandatory when the client protocol is HTTPS.
CertificateId string `json:"certificateid"`
// Certificate name.
// n - This parameter is not required when the client protocol is HTTP.
// n - This parameter is mandatory when the client protocol is HTTPS.
CertificateName string `json:"certificatename"`
// Whether the proxy is enabled
Proxy bool `json:"proxy"`
// Lock status. This parameter is redundant and can be ignored. Default value: 0
Locked int `json:"locked"`
// WAF status of the protected domain name. The value can be:
// -1: Bypassed. Requests are directly sent to the backend servers without passing through WAF.
// 0: Suspended. WAF only forwards requests for the domain name but does not detect attacks.
// 1: Enabled. WAF detects attacks based on the configured policy.
ProtectStatus int `json:"protect_status"`
// Whether a domain name is connected to WAF.
// 0: The domain name is not connected to the engine instance.
// 1: The domain name is connected to the engine instance.
AccessStatus int `json:"access_status"`
// Time a domain name is added to WAF
CreatedAt int `json:"timestamp"`
// Special domain name identifier, which is used to store additional domain name configurations
Flag *FlagObject `json:"flag"`
// Alarm configuration page
BlockPage *BlockPageResponse `json:"block_page"`
// Extended attribute
Extend *ExtendResponse `json:"extend"`
// WAF mode. The value is premium, indicating
// the dedicated WAF engine
WafType string `json:"waf_type"`
// Website name
WebTag string `json:"web_tag"`
// Traffic identifier
TrafficMark *TrafficMarkObject `json:"traffic_mark"`
// Circuit breaker configuration
CircuitBreaker *CircuitBreakerObject `json:"circuit_breaker"`
// Timeout settings
TimeoutConfig *TimeoutConfigObject `json:"timeout_config"`
// Description
Description string `json:"description"`
}
type HostResponse ¶
type HostResponse struct {
// Protected domain name ID
ID string `json:"id"`
// Policy ID
PolicyId string `json:"policyid"`
// Protected domain name
Hostname string `json:"hostname"`
// Tenant ID
DomainId string `json:"domainid"`
// Project ID
ProjectId string `json:"projectid"`
// HTTP protocol
Protocol string `json:"protocol"`
// WAF status of the protected domain name.
// -1: Bypassed. Requests are directly sent to the backend servers without passing through WAF.
// 0: Suspended. WAF only forwards requests for the domain name but does not detect attacks.
// -1: Enabled. WAF detects attacks based on the configured policy.
ProtectStatus int `json:"protect_status"`
// Whether a domain name is connected to WAF.
// 0: disconnected
// 1: connected
AccessStatus int `json:"access_status"`
// Whether a proxy is used.
// true: The proxy is enabled.
// false: The proxy is disabled.
Proxy bool `json:"proxy"`
// Origin server list
Server []ServerResponse `json:"server"`
// Special domain name identifier, which is used to store additional domain name configuration.
Flag *FlagObject `json:"flag"`
// Alarm configuration page
BlockPage *BlockPageResponse `json:"block_page"`
// Not described
Extend *ExtendResponse `json:"extend"`
// Creation time.
CreatedAt int `json:"timestamp"`
// Website name
WebTag string `json:"web_tag"`
// Description
Description string `json:"description"`
// This parameter is reserved, which will be used to freeze a domain name.
// Default: 0
Locked int `json:"locked"`
}
func Create ¶
func Create(client *golangsdk.ServiceClient, opts CreateOpts) (*HostResponse, error)
Create will create a new Protected Domain Name on the values in CreateOpts.
type ListOpts ¶
type ListOpts struct {
// Number of records on each page.
// The maximum value is 100. Default value: 10
PageSize string `q:"pageSize,omitempty"`
// Current page number
Page string `q:"page,omitempty"`
// Domain name
Hostname string `q:"hostname,omitempty"`
// Policy Name
PolicyName string `q:"policyname,omitempty"`
// WAF status of the protected domain name. The value can be:
// -1: Bypassed. Requests are directly sent to the backend servers without passing through WAF.
// 0: Suspended. WAF only forwards requests for the domain name but does not detect attacks.
// 1: Enabled. WAF detects attacks based on the configured policy.
ProtectStatus int `q:"protect_status,omitempty"`
}
type PremiumWafServer ¶
type PremiumWafServer struct {
// Client protocol
// Enumeration values:
// HTTP
// HTTPS
FrontProtocol string `json:"front_protocol" required:"true"`
// Server protocol
// Enumeration values:
// HTTP
// HTTPS
BackProtocol string `json:"back_protocol" required:"true"`
// IP address or domain name of the origin server that the client accesses.
Address string `json:"address" required:"true"`
// Server port
Port int `json:"port" required:"true"`
// The origin server address is an IPv4 or IPv6 address. Default value: ipv4
// Enumeration values:
// ipv4
// ipv6
Type string `json:"type" required:"true"`
// VPC ID. Perform the following steps to obtain the VPC ID:
// 1.Find the name of the VPC where the dedicated engine is located. The VPC name is in the VPC\Subnet column. Log in to the WAF console and choose Instance Management > Dedicated Engine > VPC\Subnet.
// Log in to the VPC console and click the VPC name. On the page displayed, copy the VPC ID in the VPC Information area.
VpcId string `json:"vpc_id" required:"true"`
// Weight can be ignored by now
Weight int `json:"weight"`
}
type ProtectUpdateOpts ¶
type ProtectUpdateOpts struct {
// WAF status of the protected domain name.
// 0: The WAF protection is suspended.
// WAF only forwards requests destined for the domain name and does not detect attacks.
// 1: The WAF protection is enabled. WAF detects attacks based on the policy you configure.
ProtectStatus int `json:"protect_status"`
}
type ServerResponse ¶
type ServerResponse struct {
// Client protocol
// Enumeration values:
// HTTP
// HTTPS
FrontProtocol string `json:"front_protocol"`
// Server protocol
// Enumeration values:
// HTTP
// HTTPS
BackProtocol string `json:"back_protocol"`
// IP address or domain name of the origin server that the client accesses.
Address string `json:"address"`
// Server port
Port int `json:"port"`
// The origin server address is an IPv4 or IPv6 address. Default value: ipv4
// Enumeration values:
// ipv4
// ipv6
Type string `json:"type"`
// VPC ID. Perform the following steps to obtain the VPC ID:
// 1.Find the name of the VPC where the dedicated engine is located. The VPC name is in the VPC\Subnet column. Log in to the WAF console and choose Instance Management > Dedicated Engine > VPC\Subnet.
// Log in to the VPC console and click the VPC name. On the page displayed, copy the VPC ID in the VPC Information area.
VpcId string `json:"vpc_id"`
// Weight can be ignored by now
Weight int `json:"weight"`
}
type TimeoutConfigObject ¶
type TimeoutConfigObject struct {
// Timeout for WAF to connect to the origin server.
ConnectionTimeout int `json:"connect_timeout"`
// Timeout for WAF to send requests to the origin server.
SendTimeout int `json:"send_timeout"`
// Timeout for WAF to receive responses from the origin server.
ReadTimeout int `json:"read_timeout"`
}
type TrafficMarkObject ¶
type TrafficMarkObject struct {
// IP tag. HTTP request header field of the original client IP address.
Sip []string `json:"sip"`
// Session tag. This tag is used by known attack source rules
// to block malicious attacks based on cookie attributes.
// This parameter must be configured in known attack source rules
// to block requests based on cookie attributes.
Cookie string `json:"cookie"`
// User tag. This tag is used by known attack source rules
// to block malicious attacks based on params attributes.
// This parameter must be configured to block requests based on the params attributes.
Params string `json:"params"`
}
type UpdateOpts ¶
type UpdateOpts struct {
// Whether a proxy is used for the domain name.
// If your website has no layer-7 proxy server such as CDN and cloud
// acceleration service deployed in front of WAF and uses only layer-4 load balancers (or NAT),
// set Proxy Configured to No. Otherwise, Proxy Configured must be set to Yes.
// This ensures that WAF obtains real IP addresses of website visitors and
// takes protective actions configured in protection policies.
Proxy *bool `json:"proxy"`
// HTTPS certificate ID. It can be obtained by calling the ListCertificates API.
CertificateId string `json:"certificateid"`
// HTTPS certificate name. It can be obtained by calling the ListCertificates API.
// Certifacteid and certificatename are required at the same.
// If certificateid does not match certificatename, an error is reported.
CertificateName string `json:"certificatename"`
// Minimum TLS version supported.
// TLS v1.0 is used by default.
// The value can be:TLS v1.0TLS v1.1TLS v1.2TLS v1.3
Tls string `json:"tls"`
// Cipher suite. The value can be:
// cipher_1: ECDHE-ECDSA-AES256-GCM-SHA384:HIGH:!MEDIUM:!LOW:!aNULL:!eNULL:!DES:!MD5:!PSK:!RC4:!kRSA:!SRP:!3DES:!DSS:!EXP:!CAMELLIA:@STRENGTH
// cipher_2: EECDH+AESGCM:EDH+AESGCM
// cipher_3: ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:RC4:HIGH:!MD5:!aNULL:!eNULL:!NULL:!DH:!EDH
// cipher_4. ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:AES256-SHA256:RC4:HIGH:!MD5:!aNULL:!eNULL:!NULL:!EDH n - cipher_default: ECDHE-RSA-AES256-SHA384:AES256-SHA256:RC4:HIGH:!MD5:!aNULL:!eNULL:!NULL:!DH:!EDH:!AESGCM
Cipher string `json:"cipher"`
// WAF status of the protected domain name.
// -1: Bypassed. Requests are directly sent to the backend servers without passing through WAF.
// 0: Suspended. WAF only forwards requests for the domain name but does not detect attacks.
// -1: Enabled. WAF detects attacks based on the configured policy.
ProtectStatus int `json:"protect_status"`
// Alarm configuration page.
BlockPage *BlockPage `json:"block_page"`
// Feature switch for configuring compliance certification
// checks for domain names protected with the dedicated WAF instance.
Flag *FlagObject `json:"flag"`
// Traffic identifier
TrafficMark *TrafficMarkObject `json:"traffic_mark"`
// Circuit breaker configuration
CircuitBreaker *CircuitBreakerObject `json:"circuit_breaker"`
// Timeout settings
TimeoutConfig *TimeoutConfigObject `json:"timeout_config"`
// Website name
WebTag string `json:"web_tag"`
// Description
Description string `json:"description"`
}
Source Files
Click to show internal directories.
Click to hide internal directories.