Get Access Control Rules
Retrieve a list of access control rules for website accleration domain.
Request
Request-Line
GET /waap/v1.0/services/{serviceId}/accessControls HTTP/1.1
Request Parameters
Path Parameters
| Parameter | Type | Required | Description |
|---|---|---|---|
| serviceId | Integer | Mandatory | Service ID. |
Response
Response Body
| Parameter | Type | Required | Description |
|---|---|---|---|
| Array | Mandatory | Array of Access Controls. |
Object: Access Control
| Parameter | Type | Required | Description |
|---|---|---|---|
| ruleId | Integer | Mandatory | Policy ID number for access control. |
| name | String | Mandatory | Rule name for access control. |
| type | String | Mandatory | Access control type, could be "allow", "deny" or "token". |
| matches | Array | Mandatory | Matching configuration that determines which requests the rule applies to. See Matches for details. |
| priority | Integer | Mandatory | Priority weight for the rule. Rules with a higher weight take precedence. The weight must be non-zero. |
| ipRestriction | String | Optional | Comma-separated list of ips/networks.Only requests from these subnets are allowed, other requests will be rejected with 403 Forbidden response. |
| geoRestriction | String | Optional | Comma-separated list of geographic locations to be matched. Each location should be specified as a 2-letter ISO3166 code. E.g "SG,GB". |
| anonymousIp | Boolean | Optional | Set true to apply for anonymous IP, set false to apply for non anonymous IP. Default is false. |
| tokenSecret | String | Optional | Field tokenSecret is only for type "token".Comma-separated list of tokens.Each token should have 64 characters,Each character must be numeric or lowercase letter. |
| enabled | Boolean | Optional | Flag indicating whether the rule is active. Default is true. |
Object: Matches
| Parameter | Type | Description |
|---|---|---|
| Array | See Match for details. |
Object: Match
| Parameter | Type | Description |
|---|---|---|
| field | String | Which part of the request to match. Supported values: • req.path - Request path (excluding query string).• req.query - Request query parameters.• req.method - HTTP method (GET, POST, etc.).• client.ip - Client IP address.• req.host - Request host.• req.header.user-agent - User-Agent header.• req.header.cookie - Cookie header.• req.header.origin - Origin header.• req.header.via - Via header. |
| operator | String | Defines how to match the field. Supported values: • startswith - Succeeds if the what matches one of the prefixes listed in patterns.• not_startswith - Matches if field value does not starts with any of the specified prefixes.• istartswith - Case-independent version of startswith.• not_istartwith - Matches if the field value does not starts with any of the specified prefixes, ignoring letter case differences.• regex - Succeeds if what matches one of the regexes listed in patterns.• equals - Succeeds if the what matches one of the strings listed in patterns.• not_equals - Succeeds if the field value does not exactly match any of the specified strings.• iequals - Case-independent version of equals.• not_iequals - Succeeds if the field value does not exactly match any of the specified strings,ignoring letter case differences.• endswith - Succeeds if the what ends with one of the strings listed in patterns. Useful e.g. to match file extensions like ".mp4".• not_endswith - Succeeds if the what does not ends with one of the strings listed in patterns.• iendswith - Case-independent version of endswith.• not_iendswith - Succeeds if the what does not ends with one of the strings listed in patterns,ignoring letter case differences.• subnet - Succeeds if the what belongs to one of subnets, specified in patterns, like "1.222.94.98/32".• not_subnet - Succeeds if the what does not belongs to one of subnets.Note: subnet operator is applicable only to the client.ip match option. |
| values | String[] | List of values matching the URL path string. |
Status Codes, Error Codes and Error Messages
| Status Code | Error Code | Error Message |
|---|---|---|
| 400 | ServiceId.Invalid | ServiceId is empty or invalid. |
| 400 | AccessControl.OperationFailed | The access control operation failed. |
| 404 | ServiceId.NotFound | ServiceId is not found. |
Examples
Get Access Control Rules
Request
GET /waap/v1.0/services/12345/accessControls HTTP/1.1
Successful Response Body
[
{
"ruleId": 262157,
"name": "array",
"type": "allow",
"matches": [
{
"field": "req.path",
"operator": "startswith",
"values": [
"/"
]
},
{
"field": "req.query",
"operator": "equals",
"values": [
"/1"
]
}
],
"priority": 1,
"enabled": true
},
{
"ruleId": 262230,
"name": "lunaWhiteList4",
"type": "allow",
"matches": [
{
"field": "req.path",
"operator": "startswith",
"values": [
"/"
]
}
],
"priority": 2,
"enabled": true
}
]