tencent cloud

PrevNext

Feedback

search by keyword

Recent Pages

Documentation
Tencent Cloud EdgeOne
    Documentation

    DescribeWebManagedRulesLog

    Last updated: 2023-05-25 17:35:56
    This document is currently invalid. Please refer to the documentation page of the product.

    1. API Description

    Domain name for API request: teo.tencentcloudapi.com.

    This API is used to query web attack logs.

    A maximum of 100 requests can be initiated per second for this API.

    We recommend you to use API Explorer
    Try it
    API Explorer provides a range of capabilities, including online call, signature authentication, SDK code generation, and API quick search. It enables you to view the request, response, and auto-generated examples.

    2. Input Parameters

    The following request parameter list only provides API request parameters and some common parameters. For the complete common parameter list, see Common Request Parameters.

    Parameter Name Required Type Description
    Action Yes String Common Params. The value used for this API: DescribeWebManagedRulesLog.
    Version Yes String Common Params. The value used for this API: 2022-09-01.
    Region No String Common Params. This parameter is not required.
    StartTime Yes Timestamp ISO8601 The start time.
    EndTime Yes Timestamp ISO8601 The end time.
    ZoneIds.N No Array of String List of sites to be queried. All sites will be selected if this field is not specified.
    Domains.N No Array of String List of subdomain names to be queried. All subdomain names will be selected if this field is not specified.
    Limit No Integer Limit on paginated queries. Default value: 20. Maximum value: 1000.
    Offset No Integer The page offset. Default value: 0.
    QueryCondition.N No Array of QueryCondition Filters for the query. Values:
  • attackType: Attack type
  • riskLevel: Risk level
  • action: Action
  • ruleId: Rule ID
  • sipCountryCode: Country code of the attacker IP
  • attackIp: Attacker IP
  • realClientIp: Real client IP
  • oriDomain: Attacked subdomain name
  • eventId: Event ID
  • ua: User agent
  • requestMethod: Request method
  • uri: Uniform resource identifier
    		•
    Area No String Data storage region. Values:
  • overseas: Global (outside the Chinese mainland);
  • mainland: Chinese mainland.
    • If this field is not specified, the data storage region will be determined based on the user’s location.

    3. Output Parameters

    Parameter Name Type Description
    Data Array of WebLogs The list of web log data.
    Note: This field may return null, indicating that no valid values can be obtained.
    TotalCount Integer Total number of query results.
    RequestId String The unique request ID, which is returned for each request. RequestId is required for locating a problem.

    4. Example

    Example1 Querying web attack logs

    The following example shows you how to query web attack logs.

    Input Example

    POST / HTTP/1.1
Host: teo.tencentcloudapi.com
Content-Type: application/json
X-TC-Action: DescribeWebManagedRulesLog
<Common request parameters>

{
    "Limit": 1,
    "Offset": 1,
    "ZoneIds": [
        "zone-21xfqlh4qjee"
    ],
    "StartTime": "2020-09-22T00:00:00+00:00",
    "Domains": [
        "www.baidu.com"
    ],
    "EndTime": "2020-09-22T00:00:00+00:00",
    "QueryCondition": [
        {
            "Operator": "equals",
            "Value": [
                "monitor"
            ],
            "Key": "action"
        }
    ],
    "Area": "overseas"
}

    Output Example

    {
    "Response": {
        "TotalCount": 1,
        "Data": [
            {
                "EventId": "18045868509676540160",
                "HttpLog": "{\"PROTOCOL\":\"HTTP/1.1\"}",
                "Domain": "www.baidu.com",
                "SipCountryCode": "CN",
                "AttackIp": "120.241.137.74",
                "RequestUri": "/waf",
                "RealClientIp": "43.154.226.106",
                "RealClientIpCountryCode": "HK",
                "RuleDetailList": [
                    {
                        "Description": "This rule prevents command injections in the GET parameter",
                        "RuleId": 106247153,
                        "RiskLevel": "high risk",
                        "RuleTypeName": "Command/Code injection attack prevention",
                        "Action": "monitor",
                        "RuleLevel": "strict",
                        "AlarmEnabled": false,
                        "RuleEnabled": false,
                        "RuleDeleted": false,
                        "RuleType": "waf"
                    }
                ],
                "AttackTime": 1660033867
            }
        ],
        "RequestId": "dd54b175-5594-4acc-a230-75d8ae19b5bf"
    }
}

    Example2 Querying real client IPs in the web attack logs

    Assuming that the client (1.1.1.1) connects to the EdgeOne node via the proxy (2.2.2.2), then the ClientIp is 2.2.2.2 and the RealClientIp is 1.1.1.1.

    Input Example

    POST / HTTP/1.1
Host: teo.tencentcloudapi.com
Content-Type: application/json
X-TC-Action: DescribeWebManagedRulesLog
<Common request parameters>

{
    "Limit": 1,
    "Offset": 1,
    "ZoneIds": [
        "zone-21xfqlh4qjee"
    ],
    "StartTime": "2020-09-22T00:00:00+00:00",
    "Domains": [
        "www.baidu.com"
    ],
    "EndTime": "2020-09-22T00:00:00+00:00",
    "QueryCondition": [
        {
            "Operator": "equals",
            "Value": [
                "43.154.226.106"
            ],
            "Key": "realClientIp"
        }
    ],
    "Area": "overseas"
}

    Output Example

    {
    "Response": {
        "TotalCount": 1,
        "Data": [
            {
                "EventId": "18045868509676540160",
                "HttpLog": "{\"PROTOCOL\":\"HTTP/1.1\"}",
                "Domain": "www.baidu.com",
                "SipCountryCode": "CN",
                "AttackIp": "120.241.137.74",
                "RequestUri": "/waf",
                "RealClientIp": "43.154.226.106",
                "RealClientIpCountryCode": "HK",
                "RuleDetailList": [
                    {
                        "Description": "This rule prevents command injections in the GET parameter",
                        "RuleId": 106247153,
                        "RiskLevel": "high risk",
                        "RuleTypeName": "Command/Code injection attack prevention",
                        "Action": "monitor",
                        "RuleLevel": "strict",
                        "AlarmEnabled": false,
                        "RuleEnabled": false,
                        "RuleDeleted": false,
                        "RuleType": "waf"
                    }
                ],
                "AttackTime": 1660033867
            }
        ],
        "RequestId": "dd54b175-5594-4acc-a230-75d8ae19b5bf"
    }
}

    5. Developer Resources

    SDK

    TencentCloud API 3.0 integrates SDKs that support various programming languages to make it easier for you to call APIs.

    Command Line Interface

    6. Error Code

    The following only lists the error codes related to the API business logic. For other error codes, see Common Error Codes.

    Error Code Description
    ResourceNotFound The resource doesn’t exist.
    UnauthorizedOperation.CamUnauthorized CAM is not authorized.
    Contact Us

    Contact our sales team or business advisors to help your business.

    Contact Us
    Technical Support

    Open a ticket if you're looking for further assistance. Our Ticket is 7x24 avaliable.

    Submit a Ticket
    7x24 Phone Support
    Copyright © 2013-2024 Tencent Cloud. All Rights Reserved.
    Privacy PolicyLegalCookie Policy