Create Access Control Rule
Create access control rule for website acceleration.
Request
Request-Line
POST /waap/v1.0/services/{serviceId}/accessControls HTTP/1.1
Request Parameters
Path Parameters
| Parameter | Type | Required | Description |
|---|---|---|---|
| serviceId | Integer | Mandatory | Service ID. |
Body Parameters
| Parameter | Type | Required | Description |
|---|---|---|---|
| name | String | Mandatory | Rule name for access control. |
| type | String | Mandatory | Access control type, could be "allow", "deny" or "token". |
| matches | Array | Mandatory | Matching configuration that determines which requests the rule applies to. See Matches for details. |
| priority | Integer | Optional | Priority weight for the rule. Rules with a higher weight take precedence. The weight must be non-zero. |
| ipRestriction | String | Optional | Comma-separated list of ips/networks.Only requests from these subnets are allowed, other requests will be rejected with 403 Forbidden response. |
| geoRestriction | String | Optional | Comma-separated list of geographic locations to be matched. Each location should be specified as a 2-letter ISO3166 code. E.g "SG,GB". |
| anonymousIp | Boolean | Optional | Set true to apply for anonymous IP, set false to apply for non anonymous IP. Default is false. |
| tokenSecret | String | Optional | Field tokenSecret is only for type "token".Comma-separated list of tokens.Each token should have 64 characters,Each character must be numeric or lowercase letter. |
| enabled | Boolean | Optional | Flag indicating whether the rule is active. Default is true. |
Object: Matches
| Parameter | Type | Required | Description |
|---|---|---|---|
| Array | Mandatory | Array of Match. |
Object: Match
| Parameter | Type | Required | Description |
|---|---|---|---|
| field | String | Mandatory | Which part of the request to match. Supported values: • req.path - Request path (excluding query string).• req.query - Request query parameters.• req.method - HTTP method (GET, POST, etc.).• client.ip - Client IP address.• req.host - Request host.• req.header.user-agent - User-Agent header.• req.header.cookie - Cookie header.• req.header.origin - Origin header.• req.header.via - Via header. |
| operator | String | Mandatory | Defines how to match the field. Supported values: • startswith - Succeeds if the what matches one of the prefixes listed in patterns.• not_startswith - Matches if field value does not starts with any of the specified prefixes.• istartswith - Case-independent version of startswith.• not_istartwith - Matches if the field value does not starts with any of the specified prefixes, ignoring letter case differences.• regex - Succeeds if what matches one of the regexes listed in patterns.• equals - Succeeds if the what matches one of the strings listed in patterns.• not_equals - Succeeds if the field value does not exactly match any of the specified strings.• iequals - Case-independent version of equals.• not_iequals - Succeeds if the field value does not exactly match any of the specified strings,ignoring letter case differences.• endswith - Succeeds if the what ends with one of the strings listed in patterns. Useful e.g. to match file extensions like ".mp4".• not_endswith - Succeeds if the what does not ends with one of the strings listed in patterns.• iendswith - Case-independent version of endswith.• not_iendswith - Succeeds if the what does not ends with one of the strings listed in patterns,ignoring letter case differences.• subnet - Succeeds if the what belongs to one of subnets, specified in patterns, like "1.222.94.98/32".• not_subnet - Succeeds if the what does not belongs to one of subnets.Note: subnet operator is applicable only to the client.ip match option. |
| values | String[] | Mandatory | List of values matching the URL path string. |
Response
Response Body
| Property name | Type | Required | Description |
|---|---|---|---|
| ruleId | Integer | Mandatory | Rule ID number for access control. |
| priority | Integer | Mandatory | Priority weight of access control rule. |
Status Codes, Error Codes and Error Messages
| Status Code | Error Code | Error Message |
|---|---|---|
| 400 | Request.BadRequest | Bad request. |
| 400 | ServiceId.Invalid | ServiceId is empty or invalid. |
| 400 | Name.Invalid | Name is empty or invalid. |
| 400 | Type.Invalid | Type is empty or invalid. |
| 400 | Priority.Invalid | Priority is empty or invalid. |
| 400 | Match.field.Invalid | Match.field is empty or invalid. |
| 400 | Match.values.Invalid | Match.values is empty or invalid. |
| 400 | Match.operator.Invalid | Match.operator is empty or invalid. |
| 400 | Matches.Invalid | Matches is empty or invalid. |
| 400 | IpRestriction.Invalid | IpRestriction is empty or invalid. |
| 400 | GeoRestriction.Invalid | GeoRestriction is empty or invalid. |
| 400 | AccessControl.OperationFailed | The Access control operation failed. |
| 404 | ServiceId.NotFound | ServiceId is not found. |
| 409 | Priority.Exist | Priority already exists. |
Examples
Create Access Control Rule
Request
POST /waap/v1.0/services/12345/accessControls HTTP/1.1
{
"name":"accetss",
"matches":[
{
"field":"req.path",
"operator":"startswith",
"values":["/css/","/images/abc/"]
},
{
"field":"req.host",
"operator":"iequals",
"values":["expamle.com"]
},
{
"field":"req.method",
"operator":"equals",
"values":["get"]
}
],
"priority":37,
"type":"allow",
"geoRestriction":"US,CN",
"ipRestriction":"172.16.12.1",
"anonymousIp":true,
"tokenSecret":"bdfy7r6jflo3iydy9zxigkl5m0hte6d423d45dfg6gavo07xvmtc4tzsdc9yxyjy",
"enabled":true
}
Successful Response Body
{
"ruleId": 261700,
"priority": 37
}