Queries the details of all access control policies.

Debugging

OpenAPI Explorer automatically calculates the signature value. For your convenience, we recommend that you call this operation in OpenAPI Explorer. OpenAPI Explorer dynamically generates the sample code of the operation for different SDKs.

Request parameters

Parameter Type Required Example Description
Action String Yes DescribeControlPolicy

The operation that you want to perform.

Set the value to DescribeControlPolicy.

CurrentPage String Yes 1

The page number of the current page.

Default value: 1.

Direction String Yes in

The direction of the traffic to which the access control policy applies. Valid values:

  • in: inbound traffic
  • out: outbound traffic
PageSize String Yes 10

The number of entries to return on each page.

Maximum value: 50.

SourceIp String No 1.2.3.4

The source IP address of the request.

Lang String No zh

The natural language of the request and response. Valid values:

  • zh: Chinese
  • en: English
Source String No 1.2.3.5

The source address in the access control policy. Fuzzy match is supported. The value of this parameter depends on the value of the SourceType parameter.

  • If SourceType is set to net, the value of this parameter is an IP address or a CIDR block. Example: 10.0.1.0/24.
  • If SourceType is set to group, the value of this parameter is the name of an address book. Example: db_group. If the db_group address book does not contain addresses, all source addresses are queried.
  • If SourceType is set to location, the value of this parameter is a location. Example: beijing.
  • If SourceType is left empty, all types of source addresses are queried.
Destination String No 1.2.3.0

The destination address in the access control policy. Fuzzy match is supported. The value of this parameter depends on the value of the DestinationType parameter.

  • If DestinationType is set to net, the value of this parameter is an IP address or a CIDR block. Example: 10.0.3.0/24.
  • If DestinationType is set to domain, the value of this parameter is a domain name. Example: aliyun.
  • If DestinationType is set to group, the value of this parameter is the name of an address book. Example: db_group.
  • If DestinationType is set to location, the value of this parameter is a location. Example: beijing.
  • If DestinationType is left empty, all types of destination addresses are queried.
Description String No test

The description of the access control policy. Fuzzy match is supported.

Note If this parameter is left empty, the descriptions of all access control policies are queried.
Proto String No TCP

The type of protocol in the access control policy. Valid values:

  • TCP
  • UDP
  • ICMP
  • ANY: all types of protocols
  • If this parameter is left empty, all types of protocols are queried.
AclAction String No accept

The action that Cloud Firewall performs on the traffic. Valid values:

  • accept: allows the traffic.
  • drop: denies the traffic.
  • log: monitors the traffic.
  • If this parameter is left empty, access control policies that specify the preceding actions are queried.
Release String No true

Specifies whether the access control policy is enabled. By default, an access control policy is enabled after it is created. Valid values:

  • true: The access control policy is enabled.
  • false: The access control policy is disabled.
AclUuid String No 00281255-d220-4db1-8f4f-c4df221ad84c

The ID of the access control policy.

Response parameters

Parameter Type Example Description
PageNo String 1

The page number of the current page.

PageSize String 10

The number of entries returned per page.

Policys Array

The details of the access control policy.

AclAction String accept

The action that Cloud Firewall performs on the traffic. Valid values:

  • accept: allows the traffic.
  • drop: denies the traffic.
  • log: monitors the traffic.
AclUuid String 00281255-d220-4db1-8f4f-c4df221ad84c

The ID of the access control policy.

ApplicationId String 10***

The application ID in the access control policy.

ApplicationName String HTTP

The type of the application that the access control policy supports. Valid values:

  • FTP
  • HTTP
  • HTTPS
  • Memcache
  • MongoDB
  • MQTT
  • MySQL
  • RDP
  • Redis
  • SMTP
  • SMTPS
  • SSH
  • SSL
  • VNC
  • ANY: all types of applications
Description String test

The description of the access control policy.

DestPort String 80

The destination port in the access control policy.

DestPortGroup String my_port_group

The name of the destination port address book in the access control policy.

DestPortGroupPorts List [80,443]

The ports in the destination port address book.

DestPortType String port

The type of the destination port in the access control policy. Valid values:

  • port: port
  • group: port address book
Destination String 1.2.3.4/24

The destination address in the access control policy. The value of this parameter depends on the value of the DestinationType parameter. Valid values:

  • If DestinationType is set to net, the value of this parameter is an IP address or a CIDR block. Example: 10.0.3.0/24.
  • If DestinationType is set to domain, the value of this parameter is a domain name. Example: aliyuncs.com.
  • If DestinationType is set to group, the value of this parameter is the name of an address book. Example: db_group.
  • If DestinationType is set to location, the value of this parameter is a location. For information about location codes, see AddControlPolicy. Example: ["BJ11", "ZB"].
DestinationGroupCidrs List ["1.2.3.0/24", "1.2.3.1/32"]

The CIDR blocks in the destination address book.

DestinationGroupType String ip

The type of the destination address book in the access control policy. Valid values:

  • ip: an address book that includes one or more IP addresses
  • tag: an Elastic Compute Service (ECS) tag-based address book that includes the IP addresses of the ECS instances with one or more specific tags.
  • domain: an address book that includes one or more domain names
  • threat: an address book that includes one or more malicious IP addresses or domain names
  • backsrc: an address book that includes one or more back-to-origin addresses of Anti-DDoS Pro or Anti-DDoS Premium instances or Web Application Firewall (WAF) instances
DestinationType String net

The type of the destination address in the access control policy. Valid values:

  • net: destination CIDR block
  • group: destination address book
  • domain: destination domain name
  • location: destination location
Direction String in

The direction of the traffic to which the access control policy applies. Valid values:

  • in: inbound traffic
  • out: outbound traffic
DnsResult String 1.1.1.1,2.2.2.2

The DNS resolution result.

DnsResultTime Long 1579261141

The timestamp of the DNS resolution result.

HitTimes Integer 100

The number of hits for the access control policy.

Order Integer 1

The priority of the access control policy.

The priority value starts from 1. A small priority value indicates a high priority.

Note The value -1 indicates the lowest priority.
Proto String TCP

The type of the security protocol in the access control policy. Valid values:

  • ANY
  • TCP
  • UDP
  • ICMP
Release String true

Indicates whether the access control policy is enabled. By default, an access control policy is enabled after it is created. Valid values:

  • true: The access control policy is enabled.
  • false: The access control policy is disabled.
Source String 1.2.3.0/24

The source address in the access control policy. Valid values:

  • If SourceType is set to net, the value of this parameter is a CIDR block. Example: 10.0.1.0/24.
  • If SourceType is set to group, the value of this parameter is the name of an address book. Example: db_group.
  • If SourceType is set to location, the value of this parameter is a location. For more information about location codes, see AddControlPolicy. Example: ["BJ11", "ZB"].
SourceGroupCidrs List ["10.0.0.0/24", "10.0.0.1/32"]

The CIDR blocks in the source address book.

SourceGroupType String ip

The type of the source address book in the access control policy. Valid values:

  • ip: an address book that includes one or more IP addresses
  • tag: a ECS-tag based address book that includes one or more IP addresses with ECS tags
  • domain: an address book that includes one or more domain names
  • threat: an address book that includes one or more malicious IP addresses or domain names
  • backsrc: an address book that includes one or more back-to-origin addresses of Anti-DDoS Pro or Anti-DDoS Premium instances or WAF instances
SourceType String net

The type of the source address book defined in the access control policy. Valid values:

  • net: source CIDR block
  • group: source address book
  • location: source location
RequestId String CBF1E9B7-D6A0-4E9E-AD3E-2B47E6C2837D

The ID of the request.

TotalCount String 100

The total number of the returned access control policies.

Examples

Sample requests

http(s)://[Endpoint]/?Action=DescribeControlPolicy
&CurrentPage=1
&Direction=in
&PageSize=10
&<Common request parameters>

Sample success responses

XML format

<DescribeControlPolicyResponse>
  <TotalCount>58</TotalCount>
  <PageNo>1</PageNo>
  <PageSize>10</PageSize>
  <RequestId>A08BC58F-A83D-43EB-BC31-2F0D723929CC</RequestId>
  <Policys>
        <ApplicationName>RDP</ApplicationName>
        <Description>11</Description>
        <HitTimes>0</HitTimes>
        <DestinationType>net</DestinationType>
        <SourceType>net</SourceType>
        <Proto>TCP</Proto>
        <Order>5</Order>
        <ApplicationId>27</ApplicationId>
        <Direction>in</Direction>
        <DestPortType>port</DestPortType>
        <Source>1.1.1.1/32</Source>
        <DestPort>1/1</DestPort>
        <AclAction>accept</AclAction>
        <AclUuid>53d82f0e-9bf1-4761-ab3b-a070b4811234</AclUuid>
        <Destination>1.1.1.1/32</Destination>
        <DnsResult>1.1.1.1,2.2.2.2</DnsResult>
        <DnsResultTime>1579261141</DnsResultTime>
  </Policys>
</DescribeControlPolicyResponse>

JSON format

{
    "TotalCount":58,
    "PageNo":1,
    "PageSize":10,
    "RequestId":"A08BC58F-A83D-43EB-BC31-2F0D723929CC",
    "Policys":[
        {
            "DestinationGroupCidrs":[

            ],
            "SourceGroupCidrs":[

            ],
            "ApplicationName":"RDP",
            "Description":"11",
            "HitTimes":0,
            "DestinationType":"net",
            "SourceType":"net",
            "Proto":"TCP",
            "Order":5,
            "ApplicationId":"27",
            "Direction":"in",
            "DestPortType":"port",
            "Source":"1.1.1.1/32",
            "DestPort":"1/1",
            "AclAction":"accept",
            "DestPortGroupPorts":[

            ],
            "AclUuid":"53d82f0e-9bf1-4761-ab3b-a070b4811234",
            "Destination":"1.1.1.1/32",
            "DnsResult": "1.1.1.1,2.2.2.2",
            "DnsResultTime": 1579261141
        }
    ]
}