Modifies an access control list (ACL) rule.

Debugging

OpenAPI Explorer automatically calculates the signature value. For your convenience, we recommend that you call this operation in OpenAPI Explorer. OpenAPI Explorer dynamically generates the sample code of the operation for different SDKs.

Request parameters

Parameter Type Required Example Description
Action String No ModifyACLRule

The operation that you want to perform. Set the value to ModifyACLRule.

RegionId String Yes cn-shanghai

The ID of the region where the ACL is deployed.

AclId String Yes acl-xhwhyuo43l0n*******

The ID of the ACL.

AcrId String Yes acr-u98qztgtgvhb********

The ID of the ACL rule.

You can call the DescribeACLAttribute operation to query the ID of the ACL rule that is added to the ACL.

Description String No test

The description of the ACL rule.

The description must be 1 to 512 characters in length.

Direction String No in

The direction of traffic in which the ACL rule is applied. Valid values:

  • in: The ACL rule controls inbound network traffic of the on-premises network that is associated with the SAG instance.
  • out: The ACL rule controls outbound network traffic of the on-premises network that is associated with the SAG instance.
SourceCidr String No 0.0.0.0/0

The range of source IP addresses.

Set this parameter in CIDR notation. Example: 192.168.1.0/24.

DestCidr String No 0.0.0.0/0

The range of destination IP addresses.

Specify the value of this parameter in CIDR notation. Example: 192.168.10.0/24.

IpProtocol String No tcp

The protocol to use for the ACL rule.

The protocols that are provided in this topic are for reference only. The protocols available in the SAG console may vary. The value of the parameter is not case-sensitive.

SourcePortRange String No 80/80

The range of source ports. Valid values: 1 to 65535 and -1.

Examples:

  • 1/200: port range 1 to 200.
  • 80/80: port 80.
  • -1/-1: all ports.
DestPortRange String No 80/80

The range of destination ports. Valid values: 1 to 65535 and -1.

Examples:

  • 1/200: port range 1 to 200.
  • 80/80: port 80.
  • -1/-1: all ports.
Policy String No accept

The action policy of the ACL rule. Valid values:

  • accept: allows the network traffic.
  • drop: blocks the network traffic.
Priority Integer No 2

The priority of the ACL rule.

A smaller value specifies a higher priority. If multiple rules have the same priority, the rule that is applied earlier takes effect.

Valid values: 1 to 100. Default value: 1.

Type String No LAN

The type of the ACL rule: Default value: LAN. Valid values:

  • LAN: The ACL rule controls traffic of private IP addresses.
  • WAN: The ACL rule controls traffic of public IP addresses.
Name String No doctest

The name of the ACL rule.

The name must be 2 to 128 characters in length, and can contain letters, digits, underscores (_), and hyphens (-). The name must start with a letter.

DpiSignatureIds.N String No 1

ID of applications that match the ACL rule.

You can call the ListDpiSignatures operation to query application IDs and information about the applications.

DpiGroupIds.N String No 20

ID of application groups that match the ACL rule.

You can call the ListDpiGroups operation to query application group IDs and information about the application groups.

Response parameters

Parameter Type Example Description
Policy String accept

The action policy of the ACL rule.

  • accept: allows the network traffic.
  • drop: blocks the network traffic.
Description String test

The description of the ACL rule.

RequestId String 7F3DD2C1-0F6B-4575-9106-B2D50DF7A711

The ID of the request.

SourcePortRange String -1/-1

The range of source ports.

SourceCidr String 0.0.0.0/0

The range of source IP addresses.

Set this parameter in CIDR notation. Example: 192.168.1.0/24.

Priority Integer 1

The priority of the ACL rule.

A smaller value indicates a higher priority. If multiple rules have the same priority, the rule that is applied earlier takes effect.

AclId String acl-jdc7tir4fkplwr****

The ID of the ACL.

AcrId String acr-r8hezn2pi39s5a****

The ID of the ACL rule.

DestPortRange String -1/-1

The range of destination ports.

Direction String in

The direction of traffic in which the ACL rule is applied. Valid values:

  • in: The ACL rule controls inbound network traffic of the on-premises network that is associated with the SAG instance.
  • out: The ACL rule controls outbound network traffic of the on-premises network that is associated with the SAG instance.
DpiGroupIds Array of String 20

The IDs of application groups that match the ACL rule.

Name String doctest

The name of the ACL rule.

GmtCreate Long 1553777700000

The timestamp when the ACL rule was created.

The timestamp is of the Long data type. If multiple ACL rules have the same priority, the rule with the earliest timestamp takes effect.

DestCidr String 0.0.0.0/0

The range of destination IP addresses.

Specify the value of this parameter in CIDR notation. Example: 192.168.10.0/24.

DpiSignatureIds Array of String 1

The IDs of applications that match the ACL rule.

IpProtocol String ALL

The protocol to use for the ACL rule.

Examples

Sample requests

http(s)://[Endpoint]/?Action=ModifyACLRule
&RegionId=cn-hangzhou
&AclId=acl-xhwhyuo43l0n*******
&AcrId=acr-u98qztgtgvhb********
&Description=test
&Direction=in
&SourceCidr=0.0.0.0/0
&DestCidr=0.0.0.0/0
&IpProtocol=tcp
&SourcePortRange=80/80
&DestPortRange=80/80
&Policy=accept
&Priority=2
&Type=LAN
&Name=doctest
&DpiSignatureIds=["1"]
&DpiGroupIds=["20"]
&Common request parameters

Sample success responses

XML format

HTTP/1.1 200 OK
Content-Type:application/xml

<ModifyACLRuleResponse>
    <Policy>accept</Policy>
    <RequestId>7F3DD2C1-0F6B-4575-9106-B2D50DF7A711</RequestId>
    <SourcePortRange>-1/-1</SourcePortRange>
    <SourceCidr>0.0.0.0/0</SourceCidr>
    <Priority>1</Priority>
    <AclId>acl-jdc7tir4fkplwr****</AclId>
    <AcrId>acr-r8hezn2pi39s5a****</AcrId>
    <DestPortRange>-1/-1</DestPortRange>
    <Direction>in</Direction>
    <GmtCreate>1608887742000</GmtCreate>
    <DestCidr>0.0.0.0/0</DestCidr>
    <IpProtocol>ALL</IpProtocol>
</ModifyACLRuleResponse>

JSON format

HTTP/1.1 200 OK
Content-Type:application/json

{
  "Policy" : "accept",
  "RequestId" : "7F3DD2C1-0F6B-4575-9106-B2D50DF7A711",
  "SourcePortRange" : "-1/-1",
  "SourceCidr" : "0.0.0.0/0",
  "Priority" : 1,
  "AclId" : "acl-jdc7tir4fkplwr****",
  "AcrId" : "acr-r8hezn2pi39s5a****",
  "DestPortRange" : "-1/-1",
  "Direction" : "in",
  "GmtCreate" : 1608887742000,
  "DestCidr" : "0.0.0.0/0",
  "IpProtocol" : "ALL"
}

Error codes

HTTP status code Error code Error message Description
400 ACL.NoSupportWanType An SAG 1000 device does not support a WAN ACL. The error message returned because an SAG-1000 device does not support a WAN ACL rule.
400 ACL.InvalidType The specified ACL type is invalid. The error message returned because the specified ACL rule type is invalid.
403 Forbidden User not authorized to operate on the specified resource. The error message returned because you do not have the permissions to manage the specified resource.
403 MissingParameter The input parameter is missing, please check your input. The error message returned because no values are specified for one or more required parameters. Check whether you have specified values for all required parameters.
403 InvalidDescription Description not valid. The error message returned because the length of the description exceeds the upper limit.
403 InvalidParameter The specified parameter is invalid. The error message returned because a parameter is set to an invalid value.
403 FeatureNotSupport The current edition of the smart access gateway does not support this feature. The error message returned because the current version of the SAG device does not support this feature.
403 FeatureNotSupportForActiveSmartAG The current edition of the active smart access gateway does not support this feature. The error message returned because the current version of the active SAG device does not support this feature.
403 FeatureNotSupportForStandBySmartAG The current edition of the standby smart access gateway does not support this feature. The error message returned because the current version of the standby SAG device does not support this feature.
403 NotSupportedProtocol The specified protocol of the ACL rule is not supported. The error message returned because the protocol type that you specified for the ACL rule is not supported.
403 InvalidId.ACL The specified ACL ID is invalid. The error message returned because the specified ACL ID is invalid.
403 InvalidId.ACR The specified ACL rule ID is invalid. The error message returned because the specified ACL rule ID is invalid.
403 InvalidPortRange The specified port range is invalid. The error message returned because the specified port range is invalid.
403 InternalError An internal server error occurred. The error message returned because an internal server error occurred.

For a list of error codes, visit the API Error Center.