DescribeControlPolicy - API Reference| Alibaba Cloud Documentation Center

Debugging

OpenAPI Explorer automatically calculates the signature value. For your convenience, we recommend that you call this operation in OpenAPI Explorer. OpenAPI Explorer dynamically generates the sample code of the operation for different SDKs.

Request parameters


Parameter	Type	Required	Example	Description
Action	String	Yes	DescribeControlPolicy	The operation that you want to perform. Set the value to DescribeControlPolicy.
CurrentPage	String	Yes	1	The number of the page to return. Default value: 1
Direction	String	Yes	in	The direction of the traffic to which the access control policy applies. Valid values: in: inbound traffic out: outbound traffic
PageSize	String	Yes	10	The number of entries to return on each page. Maximum value: 50.
SourceIp	String	No	1.2.3.4	The source IP address of the request.
Lang	String	No	zh	The language of the request and response. Valid values: zh: Chinese en: English
Source	String	No	1.2.3.5	The source address defined in the access control policy. Fuzzy match is supported. The valid values of this parameter depend on the value of the SourceType parameter. If SourceType is set to `net`, the value of this parameter is an IP address or CIDR block. Example: 10.0.1.0/24. If SourceType is set to `group`, the value of this parameter is an address book. Example: db_group. If the address book does not contain any IP addresses, all source addresses are queried. If SourceType is set to `location`, the value of this parameter is a region. Example: beijing. If SourceType is `not specified`, all types of source addresses are queried.
Destination	String	No	1.2.3.0	The destination address defined in the access control policy. Fuzzy match is supported. The valid values of this parameter depend on the value of the DestinationType parameter. If DestinationType is set to `net`, the value of this parameter is an IP address or CIDR block. Example: 10.0.3.0/24. If DestinationType is set to `domain`, the value of this parameter is a domain name. Example: aliyun. If DestinationType is set to `group`, the value of this parameter is an address book. Example: db_group. If DestinationType is set to `location`, the value of this parameter is a region. Example: beijing. If DestinationType is `not specified`, all types of destination addresses are queried.
Description	String	No	test	The description of the access control policy. Fuzzy match is supported. Note If this parameter is not specified, the descriptions of all access control policies are queried.
Proto	String	No	TCP	The protocol type of traffic to which the access control policy applies. Valid values: TCP UDP ICMP ANY: all types of protocols Not specified: all types of protocols
AclAction	String	No	accept	The action that Cloud Firewall performs on the traffic. Valid values: accept: allows the traffic. drop: denies the traffic. log: monitors the traffic. Not specified: all actions.
Release	String	No	true	Specifies whether the access control policy is enabled. By default, an access control policy is enabled after it is created. Valid values: true: The access control policy is enabled. false: The access control policy is not enabled.
AclUuid	String	No	00281255-d220-4db1-8f4f-c4df221ad84c	The unique ID of the access control policy.

Response parameters


Parameter	Type	Example	Description
PageNo	String	1	The number of the page to return.
PageSize	String	10	The number of entries returned per page.
Policys	Array		The information about the access control policy.
AclAction	String	accept	The action that Cloud Firewall performs on the traffic. Valid values: accept: allows the traffic. drop: denies the traffic. log: monitors the traffic.
AclUuid	String	00281255-d220-4db1-8f4f-c4df221ad84c	The unique ID of the access control policy.
ApplicationId	String	10***	The application ID defined in the access control policy.
ApplicationName	String	HTTP	The application type defined in the access control policy. Valid values: FTP HTTP HTTPS Memcache MongoDB MQTT MySQL RDP Redis SMTP SMTPS SSH SSL VNC ANY: all types of applications
Description	String	test	The description of the access control policy.
DestPort	String	80	The destination port defined in the access control policy.
DestPortGroup	String	my_port_group	The name of the destination port address book defined in the access control policy.
DestPortGroupPorts	List	[80,443]	The ports in the destination port address book.
DestPortType	String	port	The destination port type defined in the access control policy. Valid values: port: port group: port address book
Destination	String	1.2.3.4/24	The destination address defined in the access control policy. The valid values of this parameter depend on the value of the DestinationType parameter. Valid values: If DestinationType is set to net, the value of this parameter is an IP address or CIDR block. Example: 10.0.3.0/24. If DestinationType is set to domain, the value of this parameter is a domain name. For example, aliyuncs.com. If DestinationType is set to group, the value of this parameter is an address book. Example: db_group. If DestinationType is set to location, the value of this parameter is a region. For information about region codes, see AddControlPolicy. Example: ["BJ11", "ZB"].
DestinationGroupCidrs	List	["1.2.3.0/24", "1.2.3.1/32"]	The CIDR blocks in the destination address book defined in the access control policy.
DestinationGroupType	String	ip	The type of the destination address book defined in the access control policy. Valid values: ip: an address book that includes one or more IP addresses tag: an address book that includes one or more IP addresses with Elastic Compute Service (ECS) tags domain: an address book that includes one or more domain names threat: an address book that includes one or more malicious IP addresses or domain names backsrc: an address book that includes one or more back-to-origin addresses of Anti-DDoS Pro or Premium instances or WAF instances.
DestinationType	String	net	The destination address type defined in the access control policy. Valid values: net: CIDR block group: address book domain: domain name location: region
Direction	String	in	The direction of traffic to which the access control policy applies. Valid values: in: inbound traffic out: outbound traffic
DnsResult	String	1.1.1.1,2.2.2.2	The DNS resolution result.
DnsResultTime	Long	1579261141	The timestamp of the DNS resolution result.
HitTimes	Integer	100	The number of policy hits.
Order	Integer	1	The priority of the access control policy. The priority value starts from 1. A smaller value indicates a higher priority. Note The value of -1 indicates the lowest priority.
Proto	String	TCP	The security protocol type defined in the access control policy. Valid values: ANY TCP UDP ICMP
Release	String	true	Indicates whether the access control policy is enabled. By default, an access control policy is enabled after it is created. Valid values: true: The access control policy is enabled. false: The access control policy is not enabled.
Source	String	1.2.3.0/24	The source address defined in the access control policy. Valid values: If SourceType is set to `net`, the value of this parameter is a CIDR block. Example: 10.0.1.0/24. If SourceType is set to `group`, the value of this parameter is an address book. Example: db_group. If SourceType is set to `location`, the value of this parameter is a region. For information about the location codes, see AddControlPolicy. Example: ["BJ11", "ZB"].
SourceGroupCidrs	List	["10.0.0.0/24", "10.0.0.1/32"]	The CIDR blocks in the source address book defined in the access control policy.
SourceGroupType	String	ip	The type of the source address book defined in the access control policy. Valid values: ip: an address book that includes one or more IP addresses tag: an address book that includes one or more IP addresses with ECS tags domain: an address book that includes one or more domain names threat: an address book that includes one or more malicious IP addresses or domain names backsrc: an address book that includes one or more back-to-origin addresses of Anti-DDoS Pro or Premium instances or WAF instances
SourceType	String	net	The type of the source address book defined in the access control policy. Valid values: net: source CIDR block group: source address book location: source region
RequestId	String	CBF1E9B7-D6A0-4E9E-AD3E-2B47E6C2837D	The ID of the request.
TotalCount	String	100	The total number of the returned access control policies.

Examples

Sample requests

http(s)://[Endpoint]/? Action=DescribeControlPolicy
&CurrentPage=1
&Direction=in
&PageSize=10
&<Common request parameters>

Sample success responses

XML format

<DescribeControlPolicyResponse>
  <TotalCount>58</TotalCount>
  <PageNo>1</PageNo>
  <PageSize>10</PageSize>
  <RequestId>A08BC58F-A83D-43EB-BC31-2F0D723929CC</RequestId>
  <Policys>
        <ApplicationName>RDP</ApplicationName>
        <Description>11</Description>
        <HitTimes>0</HitTimes>
        <DestinationType>net</DestinationType>
        <SourceType>net</SourceType>
        <Proto>TCP</Proto>
        <Order>5</Order>
        <ApplicationId>27</ApplicationId>
        <Direction>in</Direction>
        <DestPortType>port</DestPortType>
        <Source>1.1.1.1/32</Source>
        <DestPort>1/1</DestPort>
        <AclAction>accept</AclAction>
        <AclUuid>53d82f0e-9bf1-4761-ab3b-a070b4811234</AclUuid>
        <Destination>1.1.1.1/32</Destination>
        <DnsResult>1.1.1.1,2.2.2.2</DnsResult>
        <DnsResultTime>1579261141</DnsResultTime>
  </Policys>
</DescribeControlPolicyResponse>

JSON format

{
    "TotalCount":58,
    "PageNo":1,
    "PageSize":10,
    "RequestId":"A08BC58F-A83D-43EB-BC31-2F0D723929CC",
    "Policys":[
        {
            "DestinationGroupCidrs":[

            ],
            "SourceGroupCidrs":[

            ],
            "ApplicationName":"RDP",
            "Description":"11",
            "HitTimes":0,
            "DestinationType":"net",
            "SourceType":"net",
            "Proto":"TCP",
            "Order":5,
            "ApplicationId":"27",
            "Direction":"in",
            "DestPortType":"port",
            "Source":"1.1.1.1/32",
            "DestPort":"1/1",
            "AclAction":"accept",
            "DestPortGroupPorts":[

            ],
            "AclUuid":"53d82f0e-9bf1-4761-ab3b-a070b4811234",
            "Destination":"1.1.1.1/32",
            "DnsResult": "1.1.1.1,2.2.2.2",
            "DnsResultTime": 1579261141
        }
    ]
}

Error code

For a list of error codes, visit the API Error Center.