Updates the policy specified by policy ID. Note that all parameters are updated with this action, whether you specify values or not. If you leave a parameter out, its value will be overwritten with no data.
PUT https://api-<BlueCat.edge.url>/v5/api/policies/<policyId>
Authorization: Bearer token
Content-Type: application/JSON
{
"name": "name",
"description": "description",
"appliedTo": [{
"type": "siteName | siteGroupID | AllSites",
"name": "value"
}],
"domain": [ {
"type": "list",
"listId": "dns-list-id"
}],
"action": {
"type":"trust | block | monitor | allow"
},
"exceptionDomainLists":[{
"type": "list",
"listId": "dns-list-id"
}],
"active": "true | false",
"sourceIps": {
"type": "INCLUDE | EXCLUDE",
"ranges": [
"192.168.0.1",
"1.2.3.4"
]
],
"timeRanges":[{
"start": "01:00",
"end": "20:00",
"days": ["Monday", "Tuesday", "Wednesday"],
}],
"queryTypes": ["15", "A"]
"redirectTarget": "valid FQDN domain",
"threats": {[
"type": "DGA"
}, {
"type": "DNS_Tunneling"
}],
"matchAnswer": "true | false",
"matchAuthority": "true | false"
"matchResponseIpListIds": [
"IPList1"
],
"exceptionResponseIpListIds": [
"IPList2"
]
}
When updating an existing policy, the JSON body must contain the following
fields:
name
description
action
active
appliedTo
matchAnswer
matchAuthority
domain
exceptionDomainLists
Note: If you are not updating any values within the required JSON body fields,
enter the value as the current value.
Notes
- Redirect policies: You can only use redirect to another DN with a block policy.
- Threats: Valid threat types are DGA and DNS_Tunneling. Threat types are only allowed for Monitor and Block policies.
- Source IPs: The include/exclude parameter is optional. Excluding source IPs is only applicable to Block and Monitor policies, and isn't applicable to Allow policies. When this parameter isn't specified, the default value is Include.
- Match Answer: Only applicable to Monitor and Block policies. You must configure at least one criteria to block or monitor domain lists.
- Match Authority: Only applicable to Monitor and Block policies. You must configure at least one criteria to block or monitor domain lists.
- Match Response IP List IDs (optional): A list of IP lists that matches to a policy based on the IP response of a DNS query.
- Exception Response IP List IDs (optional): A list of
IP lists that unmatches to a policy based on the IP response of a DNS
query.Note: If
exceptionResponseIpListIds
is specified, you must also specifymatchResponseIpListIds
.
Successful response
200 - OK
Possible
error codes
- 400 Invalid Input - Invalid body content
- 401 Unauthorized - Missing or invalid token
- 403 Forbidden - You are not authorized to perform this action