You can call this operation to add an access control list (ACL) rule.
Debugging
Request parameters
Parameter | Type | Required | Example | Description |
---|---|---|---|---|
Action | String | No | AddACLRule |
The operation that you want to perform. Set the value to AddACLRule. |
AclId | String | Yes | acl-xhwhyuo43l0n***** |
The ID of the ACL. |
DestCidr | String | Yes | 0.0.0.0/0 |
The range of destination IP addresses specified in the ACL rule. CIDR blocks and IPv4 addresses are supported. Default value: 0.0.0.0/0. |
DestPortRange | String | Yes | 1/200 |
The range of the destination port. Format: 80/80. |
Direction | String | Yes | in |
Specifies whether the ACL rule controls inbound or outbound access requests. Valid values: in or out. |
IpProtocol | String | Yes | tcp |
The Transmission Control Protocol (TCP). The value is not case-sensitive. |
Policy | String | Yes | accept |
Access permissions. Valid values:
|
RegionId | String | Yes | cn-hangzhou |
The ID of the region to which the ACL belongs. |
SourceCidr | String | Yes | 0.0.0.0/0 |
The source IP address range specified in the ACL rule. CIDR blocks and IPv4 addresses are supported. Default value: 0.0.0.0/0. |
SourcePortRange | String | Yes | 1/200 |
The range of the source port. Format: 80/80. |
Description | String | No | test |
The description of the ACL rule. The description must be 1 to 512 characters in length. |
Priority | Integer | No | 12 |
The priority of the ACL rule. Valid values: 1 to 100. Default value: 1. |
Type | String | No | LAN |
The type of the ACL rule:
|
Name | String | No | doctest |
The name of the ACL rule. The name must be 2 to 100 characters in length, and can contain digits, periods (.), underscores (_), and hyphens (-). It must start with a letter or Chinese character. |
Response parameters
Parameter | Type | Example | Description |
---|---|---|---|
RequestId | String | 880F84CB-9B54-4413-A8A3-8832C82D1BC4 |
The ID of the request. |
AcrId | String | acr-c1hkd054qywi****** |
The ID of the ACL rule. |
AclId | String | acl-xhwhyuo43l0******* |
The ID of the ACL. |
Description | String | 3 |
The description of the ACL rule. The description must be 1 to 512 characters in length. |
Direction | String | out |
Specifies whether the ACL rule controls inbound or outbound access requests. Valid values: in or out. |
SourceCidr | String | 192.168.3.0/24 |
The range of source IP addresses specified in the ACL rule. CIDR blocks and IPv4 addresses are supported. Default value: 0.0.0.0/0. |
DestCidr | String | 10.0.0.1/32 |
The range of destination IP addresses specified in the ACL rule. CIDR blocks and IPv4 addresses are supported. Default value: 0.0.0.0/0. |
IpProtocol | String | TCP |
The Transmission Control Protocol (TCP). The value is not case-sensitive. |
SourcePortRange | String | 1/65535 |
The range of the source port. Format: 80/80. |
DestPortRange | String | 1/65535 |
The range of the destination port. Format: 80/80. |
Policy | String | drop |
Access permissions. Valid values:
|
Priority | Integer | 1 |
The priority of the ACL rule. Valid values: 1 to 100. Default value: 1. |
GmtCreate | Long | 1553766882689 |
The time when the ACL rule was created. It is a long type timestamp. When timestamps are assigned the same priority, the timestamp with the smallest value prevails. |
Type | String | LAN |
The type of the ACL rule:
|
Name | String | doctest |
The name of the ACL rule. The name must be 2 to 100 characters in length, and can contain digits, periods (.), underscores (_), and hyphens (-). It must start with a letter or Chinese character. |
Examples
Sample requests
http(s)://[Endpoint]/? Action=AddACLRule
&AclId=acl-xhwhyuo43l0n*****
&DestCidr=0.0.0.0/0
&DestPortRange=1/200
&Direction=in
&IpProtocol=tcp
&Policy=accept
&RegionId=cn-hangzhou
&SourceCidr=0.0.0.0/0
&SourcePortRange=1/200
&<Common request parameters>
Sample success responses
XML
format
<AddACLRule>
<AcrId>acr-c1hkd054qywiw2****</AcrId>
<Type>LAN</Type>
<GmtCreate>1553766882689</GmtCreate>
<Direction>out</Direction>
<Priority>1</Priority>
<Name>doctest</Name>
<IpProtocol>TCP</IpProtocol>
<SourceCidr>192.168.3.0/24</SourceCidr>
<SourcePortRange>1/65535</SourcePortRange>
<AclId>acl-xhwhyuo43l0n2b****</AclId>
<Policy>drop</Policy>
<RequestId>880F84CB-9B54-4413-A8A3-8832C82D1BC4</RequestId>
<DestPortRange>1/65535</DestPortRange>
<DestCidr>10.0.0.1/32</DestCidr>
</AddACLRule>
JSON
format
{
"AcrId": "acr-c1hkd054qywiw2****",
"Type": "LAN",
"GmtCreate": 1553766882689,
"Direction": "out",
"Priority": 1,
"Name": "doctest",
"IpProtocol": "TCP",
"SourceCidr": "192.168.3.0/24",
"SourcePortRange": "1/65535",
"AclId": "acl-xhwhyuo43l0n2b****",
"Policy": "drop",
"RequestId": "880F84CB-9B54-4413-A8A3-8832C82D1BC4",
"DestPortRange": "1/65535",
"DestCidr": "10.0.0.1/32"
}
Error codes
HttpCode | Error code | Error message | Description |
---|---|---|---|
403 | Forbidden | User not authorized to operate on the specified resource. | The error message returned because you do not have the permission to manage the resource. |
403 | MissingParameter | The input parameter is missing, please check your input. | The error message returned because a request parameter is not set. Check the request parameters. |
403 | InvalidDescription | Description not valid. | The error message returned because the length of the description exceeds the upper limit. |
403 | InvalidParameter | The specified parameter is invalid. | The error message returned because a specified parameter is invalid. |
403 | FeatureNotSupport | The current edition of the smart access gateway does not support this feature. | The error message returned because the current version of the Smart Access Gateway (SAG) device does not support this feature. |
403 | FeatureNotSupportForActiveSmartAG | The current edition of the active smart access gateway does not support this feature. | The error message returned because the current version of the active SAG device does not support this feature. |
403 | FeatureNotSupportForStandBySmartAG | The current edition of the standby smart access gateway does not support this feature. | The error message returned because the current version of the standby SAG device does not support this feature. |
403 | NotSupportedProtocol | The specified protocol of the ACL rule is not supported. | The error message returned because the specified protocol type of the ACL rule is not supported. |
403 | InvalidId.ACL | The specified ACL ID is invalid. | The error message returned because the specified ACL ID is invalid. |
403 | InvalidPortRange | The specified port range is invalid. | The error message returned because the specified port range is invalid. |
403 | AcrPerAclAmountLimit | The maximum number of rules in an ACL is exceeded. You can open a ticket to increase the quota. | The error message returned because the number of created ACL rules in an ACL exceeds the upper limit. Submit a ticket to increase the quota. |
403 | InternalError | An internal server error occurred. | The error message returned because an internal server error has occurred. |
400 | ACL.NoSupportWanType | An SAG 1000 device does not support a WAN ACL. | The error message returned because an SAG-1000 device does not support a WAN ACL rule. |
400 | ACL.InvalidType | The specified ACL type is invalid. | The error message returned because the specified ACL rule type is invalid. |
For a list of error codes, visit the API Error Center.