DescribeControlPolicy - API Reference| Alibaba Cloud Documentation Center

Debugging

OpenAPI Explorer automatically calculates the signature value. For your convenience, we recommend that you call this operation in OpenAPI Explorer. OpenAPI Explorer dynamically generates the sample code of the operation for different SDKs.

Request parameters


Parameter	Type	Required	Example	Description
Action	String	Yes	DescribeControlPolicy	The operation that you want to perform. Set the value to DescribeControlPolicy.
CurrentPage	String	Yes	1	The page number of the current page. Default value: 1.
Direction	String	Yes	in	The direction of the traffic to which the access control policy applies. Valid values: in: inbound traffic out: outbound traffic
PageSize	String	Yes	10	The number of entries to return on each page. Maximum value: 50.
SourceIp	String	No	1.2.3.4	The source IP address of the request.
Lang	String	No	zh	The natural language of the request and response. Valid values: zh: Chinese en: English
Source	String	No	1.2.3.5	The source address in the access control policy. Fuzzy match is supported. The value of this parameter depends on the value of the SourceType parameter. If SourceType is set to `net`, the value of this parameter is an IP address or a CIDR block. Example: 10.0.1.0/24. If SourceType is set to `group`, the value of this parameter is the name of an address book. Example: db_group. If the db_group address book does not contain addresses, all source addresses are queried. If SourceType is set to `location`, the value of this parameter is a location. Example: beijing. If SourceType is left empty, all types of source addresses are queried.
Destination	String	No	1.2.3.0	The destination address in the access control policy. Fuzzy match is supported. The value of this parameter depends on the value of the DestinationType parameter. If DestinationType is set to `net`, the value of this parameter is an IP address or a CIDR block. Example: 10.0.3.0/24. If DestinationType is set to `domain`, the value of this parameter is a domain name. Example: aliyun. If DestinationType is set to `group`, the value of this parameter is the name of an address book. Example: db_group. If DestinationType is set to `location`, the value of this parameter is a location. Example: beijing. If DestinationType is left empty, all types of destination addresses are queried.
Description	String	No	test	The description of the access control policy. Fuzzy match is supported. Note If this parameter is left empty, the descriptions of all access control policies are queried.
Proto	String	No	TCP	The type of protocol in the access control policy. Valid values: TCP UDP ICMP ANY: all types of protocols If this parameter is left empty, all types of protocols are queried.
AclAction	String	No	accept	The action that Cloud Firewall performs on the traffic. Valid values: accept: allows the traffic. drop: denies the traffic. log: monitors the traffic. If this parameter is left empty, access control policies that specify the preceding actions are queried.
Release	String	No	true	Specifies whether the access control policy is enabled. By default, an access control policy is enabled after it is created. Valid values: true: The access control policy is enabled. false: The access control policy is disabled.
AclUuid	String	No	00281255-d220-4db1-8f4f-c4df221ad84c	The ID of the access control policy.

Response parameters


Parameter	Type	Example	Description
PageNo	String	1	The page number of the current page.
PageSize	String	10	The number of entries returned per page.
Policys	Array		The details of the access control policy.
AclAction	String	accept	The action that Cloud Firewall performs on the traffic. Valid values: accept: allows the traffic. drop: denies the traffic. log: monitors the traffic.
AclUuid	String	00281255-d220-4db1-8f4f-c4df221ad84c	The ID of the access control policy.
ApplicationId	String	10***	The application ID in the access control policy.
ApplicationName	String	HTTP	The type of the application that the access control policy supports. Valid values: FTP HTTP HTTPS Memcache MongoDB MQTT MySQL RDP Redis SMTP SMTPS SSH SSL VNC ANY: all types of applications
Description	String	test	The description of the access control policy.
DestPort	String	80	The destination port in the access control policy.
DestPortGroup	String	my_port_group	The name of the destination port address book in the access control policy.
DestPortGroupPorts	List	[80,443]	The ports in the destination port address book.
DestPortType	String	port	The type of the destination port in the access control policy. Valid values: port: port group: port address book
Destination	String	1.2.3.4/24	The destination address in the access control policy. The value of this parameter depends on the value of the DestinationType parameter. Valid values: If DestinationType is set to net, the value of this parameter is an IP address or a CIDR block. Example: 10.0.3.0/24. If DestinationType is set to domain, the value of this parameter is a domain name. Example: aliyuncs.com. If DestinationType is set to group, the value of this parameter is the name of an address book. Example: db_group. If DestinationType is set to location, the value of this parameter is a location. For information about location codes, see AddControlPolicy. Example: ["BJ11", "ZB"].
DestinationGroupCidrs	List	["1.2.3.0/24", "1.2.3.1/32"]	The CIDR blocks in the destination address book.
DestinationGroupType	String	ip	The type of the destination address book in the access control policy. Valid values: ip: an address book that includes one or more IP addresses tag: an Elastic Compute Service (ECS) tag-based address book that includes the IP addresses of the ECS instances with one or more specific tags. domain: an address book that includes one or more domain names threat: an address book that includes one or more malicious IP addresses or domain names backsrc: an address book that includes one or more back-to-origin addresses of Anti-DDoS Pro or Anti-DDoS Premium instances or Web Application Firewall (WAF) instances
DestinationType	String	net	The type of the destination address in the access control policy. Valid values: net: destination CIDR block group: destination address book domain: destination domain name location: destination location
Direction	String	in	The direction of the traffic to which the access control policy applies. Valid values: in: inbound traffic out: outbound traffic
DnsResult	String	1.1.1.1,2.2.2.2	The DNS resolution result.
DnsResultTime	Long	1579261141	The timestamp of the DNS resolution result.
HitTimes	Integer	100	The number of hits for the access control policy.
Order	Integer	1	The priority of the access control policy. The priority value starts from 1. A small priority value indicates a high priority. Note The value -1 indicates the lowest priority.
Proto	String	TCP	The type of the security protocol in the access control policy. Valid values: ANY TCP UDP ICMP
Release	String	true	Indicates whether the access control policy is enabled. By default, an access control policy is enabled after it is created. Valid values: true: The access control policy is enabled. false: The access control policy is disabled.
Source	String	1.2.3.0/24	The source address in the access control policy. Valid values: If SourceType is set to `net`, the value of this parameter is a CIDR block. Example: 10.0.1.0/24. If SourceType is set to `group`, the value of this parameter is the name of an address book. Example: db_group. If SourceType is set to `location`, the value of this parameter is a location. For more information about location codes, see AddControlPolicy. Example: ["BJ11", "ZB"].
SourceGroupCidrs	List	["10.0.0.0/24", "10.0.0.1/32"]	The CIDR blocks in the source address book.
SourceGroupType	String	ip	The type of the source address book in the access control policy. Valid values: ip: an address book that includes one or more IP addresses tag: a ECS-tag based address book that includes one or more IP addresses with ECS tags domain: an address book that includes one or more domain names threat: an address book that includes one or more malicious IP addresses or domain names backsrc: an address book that includes one or more back-to-origin addresses of Anti-DDoS Pro or Anti-DDoS Premium instances or WAF instances
SourceType	String	net	The type of the source address book defined in the access control policy. Valid values: net: source CIDR block group: source address book location: source location
RequestId	String	CBF1E9B7-D6A0-4E9E-AD3E-2B47E6C2837D	The ID of the request.
TotalCount	String	100	The total number of the returned access control policies.

Examples

Sample requests

http(s)://[Endpoint]/?Action=DescribeControlPolicy
&CurrentPage=1
&Direction=in
&PageSize=10
&<Common request parameters>

Sample success responses

XML format

<DescribeControlPolicyResponse>
  <TotalCount>58</TotalCount>
  <PageNo>1</PageNo>
  <PageSize>10</PageSize>
  <RequestId>A08BC58F-A83D-43EB-BC31-2F0D723929CC</RequestId>
  <Policys>
        <ApplicationName>RDP</ApplicationName>
        <Description>11</Description>
        <HitTimes>0</HitTimes>
        <DestinationType>net</DestinationType>
        <SourceType>net</SourceType>
        <Proto>TCP</Proto>
        <Order>5</Order>
        <ApplicationId>27</ApplicationId>
        <Direction>in</Direction>
        <DestPortType>port</DestPortType>
        <Source>1.1.1.1/32</Source>
        <DestPort>1/1</DestPort>
        <AclAction>accept</AclAction>
        <AclUuid>53d82f0e-9bf1-4761-ab3b-a070b4811234</AclUuid>
        <Destination>1.1.1.1/32</Destination>
        <DnsResult>1.1.1.1,2.2.2.2</DnsResult>
        <DnsResultTime>1579261141</DnsResultTime>
  </Policys>
</DescribeControlPolicyResponse>

JSON format

{
    "TotalCount":58,
    "PageNo":1,
    "PageSize":10,
    "RequestId":"A08BC58F-A83D-43EB-BC31-2F0D723929CC",
    "Policys":[
        {
            "DestinationGroupCidrs":[

            ],
            "SourceGroupCidrs":[

            ],
            "ApplicationName":"RDP",
            "Description":"11",
            "HitTimes":0,
            "DestinationType":"net",
            "SourceType":"net",
            "Proto":"TCP",
            "Order":5,
            "ApplicationId":"27",
            "Direction":"in",
            "DestPortType":"port",
            "Source":"1.1.1.1/32",
            "DestPort":"1/1",
            "AclAction":"accept",
            "DestPortGroupPorts":[

            ],
            "AclUuid":"53d82f0e-9bf1-4761-ab3b-a070b4811234",
            "Destination":"1.1.1.1/32",
            "DnsResult": "1.1.1.1,2.2.2.2",
            "DnsResultTime": 1579261141
        }
    ]
}