Create a Security Rule

post

/secrule/

Required Role: To complete this task, you must have the Compute_Operations role. If this role isn't assigned to you or you're not sure, then ask your system administrator to ensure that the role is assigned to you in Oracle Cloud My Services. See Modifying User Roles in Managing and Monitoring Oracle Cloud.

Request

Supported Media Types
Header Parameters
Body ()
The request body contains details of the security rule that you want to create.
Root Schema : SecRule-post-request
Type: object
The request body contains details of the security rule that you want to create.
Show Source
  • Set this parameter to PERMIT.

  • The three-part name of the security application: (/Compute-identity_domain/user/object_name) for user-defined security applications and /oracle/public/object_name for predefined security applications.

  • A description of the security rule.

  • Indicates whether the security rule is enabled (set to false) or disabled (true). The default setting is false.

  • The three-part name (/Compute-identity_domain/user/object_name) of the destination security list or security IP list.

    You must use the prefix seclist: or seciplist: to identify the list type.

    Note: You can specify a security IP list as the destination in a secrule, provided src_list is a security list that has DENY as its outbound policy.

    You cannot specify any of the security IP lists in the /oracle/public container as a destination in a secrule.

  • The three-part name of the object (/Compute-identity_domain/user/object).

    Object names can contain only alphanumeric characters, hyphens, underscores, and periods. Object names are case-sensitive.

  • The three-part name (/Compute-identity_domain/user/object_name) of the source security list or security IP list.

    You must use the prefix seclist: or seciplist: to identify the list type.

Response

Supported Media Types

201 Response

Created. See Status Codes for information about other possible HTTP status codes.
Headers
Body ()
Root Schema : SecRule-response
Type: object
Show Source
  • Set this parameter to PERMIT.

  • The three-part name of the security application: (/Compute-identity_domain/user/object_name) for user-defined security applications and /oracle/public/object_name for predefined security applications.

  • A description of the security rule.

  • Indicates whether the security rule is enabled (set to false) or disabled (true). The default setting is false.

  • The three-part name (/Compute-identity_domain/user/object_name) of the destination security list or security IP list.

    You must use the prefix seclist: or seciplist: to identify the list type.

    Note: You can specify a security IP list as the destination in a secrule, provided src_list is a security list that has DENY as its outbound policy.

    You cannot specify any of the security IP lists in the /oracle/public container as a destination in a secrule.

  • The three-part name of the object (/Compute-identity_domain/user/object).
  • The three-part name (/Compute-identity_domain/user/object_name) of the source security list or security IP list.

    You must use the prefix seclist: or seciplist: to identify the list type.

  • Uniform Resource Identifier

Examples

cURL Command

The following example shows how to add a security rule by submitting a POST request on the REST resource using cURL. For more information about cURL, see Use cURL.

Enter the command on a single line. Line breaks are used in this example for readability.

curl -i -X POST
     -H "Cookie: $COMPUTE_COOKIE"
     -H "Content-Type: application/oracle-compute-v3+json"
     -H "Accept: application/oracle-compute-v3+json"
     -d "@requestbody.json"
        https://api-z999.compute.us0.oraclecloud.com/secrule/
  • COMPUTE_COOKIE is the name of the variable in which you stored the authentication cookie earlier. For information about retrieving the authentication cookie and storing it in a variable, see Authentication.

  • api-z999.compute.us0.oraclecloud.com is an example REST endpoint URL. Change this value to the REST endpoint URL of your Compute Classic site. For information about finding out REST endpoint URL for your site, see Send Requests.

Example of Request Body

The following shows an example of the request body content in the requestbody.json file.

{
  "dst_list": "seclist:/Compute-acme/jack.jones@example.com/allowed_video_servers",
  "name": "/Compute-acme/jack.jones@example.com/es_to_videoservers_stream",
  "src_list": "seciplist:/Compute-acme/jack.jones@example.com/es_iplist",
  "application": "/Compute-acme/jack.jones@example.com/video_streaming_udp",
  "action": "PERMIT"
}

Example of Response Body

The following example shows the response body in JSON format.

{
  "dst_list": "seclist:/Compute-acme/jack.jones@example.com/allowed_video_servers",
  "name": "/Compute-acme/jack.jones@example.com/es_to_videoservers_stream",
  "src_list": "seciplist:/Compute-acme/jack.jones@example.com/es_iplist",
  "uri": "https://api-z999.compute.us0.oraclecloud.com/secrule/Compute-acme/jack.jones@example.com/es_to_videoservers_stream",
  "disabled": false,
  "application": "/Compute-acme/jack.jones@example.com/video_streaming_udp",
  "action": "PERMIT"
}