Domain name for API request: teo.tencentcloudapi.com.
This API is used to query web attack logs.
A maximum of 100 requests can be initiated per second for this API.
The following request parameter list only provides API request parameters and some common parameters. For the complete common parameter list, see Common Request Parameters.
Parameter Name | Required | Type | Description |
---|---|---|---|
Action | Yes | String | Common Params. The value used for this API: DescribeWebManagedRulesLog. |
Version | Yes | String | Common Params. The value used for this API: 2022-09-01. |
Region | No | String | Common Params. This parameter is not required. |
StartTime | Yes | Timestamp ISO8601 | The start time. |
EndTime | Yes | Timestamp ISO8601 | The end time. |
ZoneIds.N | No | Array of String | List of sites to be queried. All sites will be selected if this field is not specified. |
Domains.N | No | Array of String | List of subdomain names to be queried. All subdomain names will be selected if this field is not specified. |
Limit | No | Integer | Limit on paginated queries. Default value: 20. Maximum value: 1000. |
Offset | No | Integer | The page offset. Default value: 0. |
QueryCondition.N | No | Array of QueryCondition | Filters for the query. Values:attackType : Attack typeriskLevel : Risk levelaction : ActionruleId : Rule IDsipCountryCode : Country code of the attacker IPattackIp : Attacker IPrealClientIp : Real client IPoriDomain : Attacked subdomain nameeventId : Event IDua : User agentrequestMethod : Request methoduri : Uniform resource identifier |
Area | No | String | Data storage region. Values:overseas : Global (outside the Chinese mainland);mainland : Chinese mainland. |
Parameter Name | Type | Description |
---|---|---|
Data | Array of WebLogs | The list of web log data. Note: This field may return null, indicating that no valid values can be obtained. |
TotalCount | Integer | Total number of query results. |
RequestId | String | The unique request ID, which is returned for each request. RequestId is required for locating a problem. |
The following example shows you how to query web attack logs.
POST / HTTP/1.1
Host: teo.tencentcloudapi.com
Content-Type: application/json
X-TC-Action: DescribeWebManagedRulesLog
<Common request parameters>
{
"Limit": 1,
"Offset": 1,
"ZoneIds": [
"zone-21xfqlh4qjee"
],
"StartTime": "2020-09-22T00:00:00+00:00",
"Domains": [
"www.baidu.com"
],
"EndTime": "2020-09-22T00:00:00+00:00",
"QueryCondition": [
{
"Operator": "equals",
"Value": [
"monitor"
],
"Key": "action"
}
],
"Area": "overseas"
}
{
"Response": {
"TotalCount": 1,
"Data": [
{
"EventId": "18045868509676540160",
"HttpLog": "{\"PROTOCOL\":\"HTTP/1.1\"}",
"Domain": "www.baidu.com",
"SipCountryCode": "CN",
"AttackIp": "120.241.137.74",
"RequestUri": "/waf",
"RealClientIp": "43.154.226.106",
"RealClientIpCountryCode": "HK",
"RuleDetailList": [
{
"Description": "This rule prevents command injections in the GET parameter",
"RuleId": 106247153,
"RiskLevel": "high risk",
"RuleTypeName": "Command/Code injection attack prevention",
"Action": "monitor",
"RuleLevel": "strict",
"AlarmEnabled": false,
"RuleEnabled": false,
"RuleDeleted": false,
"RuleType": "waf"
}
],
"AttackTime": 1660033867
}
],
"RequestId": "dd54b175-5594-4acc-a230-75d8ae19b5bf"
}
}
Assuming that the client (1.1.1.1) connects to the EdgeOne node via the proxy (2.2.2.2), then the ClientIp
is 2.2.2.2 and the RealClientIp
is 1.1.1.1.
POST / HTTP/1.1
Host: teo.tencentcloudapi.com
Content-Type: application/json
X-TC-Action: DescribeWebManagedRulesLog
<Common request parameters>
{
"Limit": 1,
"Offset": 1,
"ZoneIds": [
"zone-21xfqlh4qjee"
],
"StartTime": "2020-09-22T00:00:00+00:00",
"Domains": [
"www.baidu.com"
],
"EndTime": "2020-09-22T00:00:00+00:00",
"QueryCondition": [
{
"Operator": "equals",
"Value": [
"43.154.226.106"
],
"Key": "realClientIp"
}
],
"Area": "overseas"
}
{
"Response": {
"TotalCount": 1,
"Data": [
{
"EventId": "18045868509676540160",
"HttpLog": "{\"PROTOCOL\":\"HTTP/1.1\"}",
"Domain": "www.baidu.com",
"SipCountryCode": "CN",
"AttackIp": "120.241.137.74",
"RequestUri": "/waf",
"RealClientIp": "43.154.226.106",
"RealClientIpCountryCode": "HK",
"RuleDetailList": [
{
"Description": "This rule prevents command injections in the GET parameter",
"RuleId": 106247153,
"RiskLevel": "high risk",
"RuleTypeName": "Command/Code injection attack prevention",
"Action": "monitor",
"RuleLevel": "strict",
"AlarmEnabled": false,
"RuleEnabled": false,
"RuleDeleted": false,
"RuleType": "waf"
}
],
"AttackTime": 1660033867
}
],
"RequestId": "dd54b175-5594-4acc-a230-75d8ae19b5bf"
}
}
TencentCloud API 3.0 integrates SDKs that support various programming languages to make it easier for you to call APIs.
The following only lists the error codes related to the API business logic. For other error codes, see Common Error Codes.
Error Code | Description |
---|---|
ResourceNotFound | The resource doesn’t exist. |
UnauthorizedOperation.CamUnauthorized | CAM is not authorized. |
Was this page helpful?