/v5/api/policies (POST) - BlueCat Edge - Service Point v3.x.x

BlueCat Edge API Guide

Locale
English
Product name
BlueCat Edge
Version
Service Point v3.x.x

Creates a new policy

POST https://api-<BlueCat.edge.url>/v5/api/policies
Authorization: Bearer token
Content-Type: application/JSON
 { 
  "name": "name",
  "description": "description",
  "appliedTo": [{ 
         "type": "siteName | siteGroupID | AllSites",
         "name": "value"
    }],
   "domain": [ { 
          "type": "list",
          "listId": "dns-list-id"
    }],
    "action": { 
           "type":"trust | block | monitor | allow"
    },  
    "exceptionDomainLists":[{ 
            "type": "list",
            "listId": "dns-list-id"
    }],
    "active": "true | false",
    "sourceIps": {
            "type": "INCLUDE | EXCLUDE",
            "ranges": [
                "192.168.0.1",
                "1.2.3.4"
            ]
    },
    "timeRanges":[{
            "start": "01:00",
            "end": "20:00",
            "days": ["Monday", "Tuesday", "Wednesday"]
    }],
    "queryTypes": ["15", "A"],
    "redirectTarget": "valid FQDN domain",
    "threats": [{
             "type": "DGA"
     }, {
             "type": "DNS_Tunneling"
     }],
    "matchAnswer": "true |  false",
    "matchAuthority": "true | false"
    "matchResponseIpListIds": [
        "IPList1"
    ],
    "exceptionResponseIpListIds": [
        "IPList2"
    ]
  }
About time-based policies
  • The start and end times must be different values.
  • To specify a 24-hour time range, end time value should be one minute less than the start time value, as in the following examples:
    • "timeRanges": [{ 
          "start": "00:00",
          "end": "23:59",
          "days": ["Monday"]
      }],
    • "timeRanges": [{ 
          "start": "00:23",
          "end": "00:22",
          "days": ["Monday", "Wednesday", "Friday"]
      }],
  • You can enter more than one time and date range.
  • Start time, end time, and days are all mandatory to create a time-based policy.
  • An allow policy can't have a time range.
  • A policy can't be active if it only has a time range as its criteria.
Notes
  • Redirect policies: You can only use redirect to another DN with a block policy.
  • Threats: Valid threat types are DGA and DNS_Tunneling. Threat types are only allowed for Monitor and Block policies.
  • Source IPs: The include/exclude parameter is optional. Excluding source IPs is only applicable to Block and Monitory policies, and isn't applicable to Allow policies. When this parameter isn't specified, the default value is Include.
  • Match Answer: Only applicable to Monitor and Block policies. You must configure at least one criteria to block or monitor domain lists (matchAnswer or matchAuthority).
  • Match Authority: Only applicable to Monitor and Block policies. You must configure at least one criteria to block or monitor domain lists (matchAnswer or matchAuthority).
  • Match Response IP List IDs (optional): A list of IP lists that matches to a policy based on the IP response of a DNS query.
  • Exception Response IP List IDs (optional): A list of IP lists that unmatches from a policy based on the IP response of a DNS query.
    Note: If exceptionResponseIpListIds is specified, you must also specify matchResponseIpListIds.

Successful response

200 — OK
{
    "policyId:" "policyID"
}
Possible error codes
  • 401 Unauthorized - Missing or invalid token
  • 403 Forbidden - You are not authorized to perform this action