Queries information about all the access control policies that meet specific query conditions.

Debugging

OpenAPI Explorer automatically calculates the signature value. For your convenience, we recommend that you call this operation in OpenAPI Explorer. OpenAPI Explorer dynamically generates the sample code of the operation for different SDKs.

Request parameters

Parameter Type Required Example Description
Action String Yes DescribeControlPolicy

The operation that you want to perform.

Set the value to DescribeControlPolicy.

CurrentPage String Yes 1

The number of the page to return.

Default value: 1

Direction String Yes in

The direction of the traffic to which the access control policy applies. Valid values:

  • in: inbound traffic
  • out: outbound traffic
PageSize String Yes 10

The number of entries to return on each page.

Maximum value: 50.

SourceIp String No 1.2.3.4

The source IP address of the request.

Lang String No zh

The language of the request and response. Valid values:

  • zh: Chinese
  • en: English
Source String No 1.2.3.5

The source address defined in the access control policy. Fuzzy match is supported. The valid values of this parameter depend on the value of the SourceType parameter.

  • If SourceType is set to net, the value of this parameter is an IP address or CIDR block. Example: 10.0.1.0/24.
  • If SourceType is set to group, the value of this parameter is an address book. Example: db_group. If the address book does not contain any IP addresses, all source addresses are queried.
  • If SourceType is set to location, the value of this parameter is a region. Example: beijing.
  • If SourceType is not specified, all types of source addresses are queried.
Destination String No 1.2.3.0

The destination address defined in the access control policy. Fuzzy match is supported. The valid values of this parameter depend on the value of the DestinationType parameter.

  • If DestinationType is set to net, the value of this parameter is an IP address or CIDR block. Example: 10.0.3.0/24.
  • If DestinationType is set to domain, the value of this parameter is a domain name. Example: aliyun.
  • If DestinationType is set to group, the value of this parameter is an address book. Example: db_group.
  • If DestinationType is set to location, the value of this parameter is a region. Example: beijing.
  • If DestinationType is not specified, all types of destination addresses are queried.
Description String No test

The description of the access control policy. Fuzzy match is supported.

Note If this parameter is not specified, the descriptions of all access control policies are queried.
Proto String No TCP

The protocol type of traffic to which the access control policy applies. Valid values:

  • TCP
  • UDP
  • ICMP
  • ANY: all types of protocols
  • Not specified: all types of protocols
AclAction String No accept

The action that Cloud Firewall performs on the traffic. Valid values:

  • accept: allows the traffic.
  • drop: denies the traffic.
  • log: monitors the traffic.
  • Not specified: all actions.
Release String No true

Specifies whether the access control policy is enabled. By default, an access control policy is enabled after it is created. Valid values:

  • true: The access control policy is enabled.
  • false: The access control policy is not enabled.
AclUuid String No 00281255-d220-4db1-8f4f-c4df221ad84c

The unique ID of the access control policy.

Response parameters

Parameter Type Example Description
PageNo String 1

The number of the page to return.

PageSize String 10

The number of entries returned per page.

Policys Array

The information about the access control policy.

AclAction String accept

The action that Cloud Firewall performs on the traffic. Valid values:

  • accept: allows the traffic.
  • drop: denies the traffic.
  • log: monitors the traffic.
AclUuid String 00281255-d220-4db1-8f4f-c4df221ad84c

The unique ID of the access control policy.

ApplicationId String 10***

The application ID defined in the access control policy.

ApplicationName String HTTP

The application type defined in the access control policy. Valid values:

  • FTP
  • HTTP
  • HTTPS
  • Memcache
  • MongoDB
  • MQTT
  • MySQL
  • RDP
  • Redis
  • SMTP
  • SMTPS
  • SSH
  • SSL
  • VNC
  • ANY: all types of applications
Description String test

The description of the access control policy.

DestPort String 80

The destination port defined in the access control policy.

DestPortGroup String my_port_group

The name of the destination port address book defined in the access control policy.

DestPortGroupPorts List [80,443]

The ports in the destination port address book.

DestPortType String port

The destination port type defined in the access control policy. Valid values:

  • port: port
  • group: port address book
Destination String 1.2.3.4/24

The destination address defined in the access control policy. The valid values of this parameter depend on the value of the DestinationType parameter. Valid values:

  • If DestinationType is set to net, the value of this parameter is an IP address or CIDR block. Example: 10.0.3.0/24.
  • If DestinationType is set to domain, the value of this parameter is a domain name. For example, aliyuncs.com.
  • If DestinationType is set to group, the value of this parameter is an address book. Example: db_group.
  • If DestinationType is set to location, the value of this parameter is a region. For information about region codes, see AddControlPolicy. Example: ["BJ11", "ZB"].
DestinationGroupCidrs List ["1.2.3.0/24", "1.2.3.1/32"]

The CIDR blocks in the destination address book defined in the access control policy.

DestinationGroupType String ip

The type of the destination address book defined in the access control policy. Valid values:

  • ip: an address book that includes one or more IP addresses
  • tag: an address book that includes one or more IP addresses with Elastic Compute Service (ECS) tags
  • domain: an address book that includes one or more domain names
  • threat: an address book that includes one or more malicious IP addresses or domain names
  • backsrc: an address book that includes one or more back-to-origin addresses of Anti-DDoS Pro or Premium instances or WAF instances.
DestinationType String net

The destination address type defined in the access control policy. Valid values:

  • net: CIDR block
  • group: address book
  • domain: domain name
  • location: region
Direction String in

The direction of traffic to which the access control policy applies. Valid values:

  • in: inbound traffic
  • out: outbound traffic
DnsResult String 1.1.1.1,2.2.2.2

The DNS resolution result.

DnsResultTime Long 1579261141

The timestamp of the DNS resolution result.

HitTimes Integer 100

The number of policy hits.

Order Integer 1

The priority of the access control policy.

The priority value starts from 1. A smaller value indicates a higher priority.

Note The value of -1 indicates the lowest priority.
Proto String TCP

The security protocol type defined in the access control policy. Valid values:

  • ANY
  • TCP
  • UDP
  • ICMP
Release String true

Indicates whether the access control policy is enabled. By default, an access control policy is enabled after it is created. Valid values:

  • true: The access control policy is enabled.
  • false: The access control policy is not enabled.
Source String 1.2.3.0/24

The source address defined in the access control policy. Valid values:

  • If SourceType is set to net, the value of this parameter is a CIDR block. Example: 10.0.1.0/24.
  • If SourceType is set to group, the value of this parameter is an address book. Example: db_group.
  • If SourceType is set to location, the value of this parameter is a region. For information about the location codes, see AddControlPolicy. Example: ["BJ11", "ZB"].
SourceGroupCidrs List ["10.0.0.0/24", "10.0.0.1/32"]

The CIDR blocks in the source address book defined in the access control policy.

SourceGroupType String ip

The type of the source address book defined in the access control policy. Valid values:

  • ip: an address book that includes one or more IP addresses
  • tag: an address book that includes one or more IP addresses with ECS tags
  • domain: an address book that includes one or more domain names
  • threat: an address book that includes one or more malicious IP addresses or domain names
  • backsrc: an address book that includes one or more back-to-origin addresses of Anti-DDoS Pro or Premium instances or WAF instances
SourceType String net

The type of the source address book defined in the access control policy. Valid values:

  • net: source CIDR block
  • group: source address book
  • location: source region
RequestId String CBF1E9B7-D6A0-4E9E-AD3E-2B47E6C2837D

The ID of the request.

TotalCount String 100

The total number of the returned access control policies.

Examples

Sample requests

http(s)://[Endpoint]/? Action=DescribeControlPolicy
&CurrentPage=1
&Direction=in
&PageSize=10
&<Common request parameters>

Sample success responses

XML format

<DescribeControlPolicyResponse>
  <TotalCount>58</TotalCount>
  <PageNo>1</PageNo>
  <PageSize>10</PageSize>
  <RequestId>A08BC58F-A83D-43EB-BC31-2F0D723929CC</RequestId>
  <Policys>
        <ApplicationName>RDP</ApplicationName>
        <Description>11</Description>
        <HitTimes>0</HitTimes>
        <DestinationType>net</DestinationType>
        <SourceType>net</SourceType>
        <Proto>TCP</Proto>
        <Order>5</Order>
        <ApplicationId>27</ApplicationId>
        <Direction>in</Direction>
        <DestPortType>port</DestPortType>
        <Source>1.1.1.1/32</Source>
        <DestPort>1/1</DestPort>
        <AclAction>accept</AclAction>
        <AclUuid>53d82f0e-9bf1-4761-ab3b-a070b4811234</AclUuid>
        <Destination>1.1.1.1/32</Destination>
        <DnsResult>1.1.1.1,2.2.2.2</DnsResult>
        <DnsResultTime>1579261141</DnsResultTime>
  </Policys>
</DescribeControlPolicyResponse>

JSON format

{
    "TotalCount":58,
    "PageNo":1,
    "PageSize":10,
    "RequestId":"A08BC58F-A83D-43EB-BC31-2F0D723929CC",
    "Policys":[
        {
            "DestinationGroupCidrs":[

            ],
            "SourceGroupCidrs":[

            ],
            "ApplicationName":"RDP",
            "Description":"11",
            "HitTimes":0,
            "DestinationType":"net",
            "SourceType":"net",
            "Proto":"TCP",
            "Order":5,
            "ApplicationId":"27",
            "Direction":"in",
            "DestPortType":"port",
            "Source":"1.1.1.1/32",
            "DestPort":"1/1",
            "AclAction":"accept",
            "DestPortGroupPorts":[

            ],
            "AclUuid":"53d82f0e-9bf1-4761-ab3b-a070b4811234",
            "Destination":"1.1.1.1/32",
            "DnsResult": "1.1.1.1,2.2.2.2",
            "DnsResultTime": 1579261141
        }
    ]
}

Error code

For a list of error codes, visit the API Error Center.