AddControlPolicy - API Reference| Alibaba Cloud Documentation Center

Debugging

OpenAPI Explorer automatically calculates the signature value. For your convenience, we recommend that you call this operation in OpenAPI Explorer. OpenAPI Explorer dynamically generates the sample code of the operation for different SDKs.

Request parameters


Parameter	Type	Required	Example	Description
Action	String	Yes	AddControlPolicy	The operation that you want to perform. Set the value to AddControlPolicy.
AclAction	String	Yes	accept	The action that Cloud Firewall performs on the traffic. Valid values: accept: allows the traffic. drop: denies the traffic. log: monitors the traffic.
ApplicationName	String	Yes	HTTP	The application type that the access control policy supports. Valid values: FTP HTTP HTTPS Memcache MongoDB MQTT MySQL RDP Redis SMTP SMTPS SSH SSL VNC ANY: all types of applications Note The value of this parameter depends on the value of Proto. If Proto is set to TCP, ApplicationName can be set to any valid value. If Proto is set to UDP, ICMP, or ANY, You must set ApplicationName to ANY.
Description	String	Yes	Allow all TCP traffic	The description of the access control policy.
Destination	String	Yes	1.2.3.4/24	The destination address defined in the access control policy. Valid values: If DestinationType is set to net, the value of this parameter is a CIDR block. Example: 1.2.3.4/24. If DestinationType is set to group, the value of this parameter is an address book. Example: db_group. If DestinationType is set to domain, the value of this parameter is a domain name. Example: *.aliyuncs.com. If DestinationType is set to location, the value of this parameter is a region. Example: ["BJ11", "ZB"].
DestinationType	String	Yes	net	The destination address type defined in the access control policy. Valid values: net: CIDR block group: address book domain: domain name location: region
Direction	String	Yes	in	The direction of traffic to which the access control policy applies. Valid values: in: inbound traffic out: outbound traffic
NewOrder	String	Yes	-1	The priority of the access control policy. The priority value starts from 1. A small priority value indicates a high priority. Note The value of -1 indicates the lowest priority.
Proto	String	Yes	TCP	The protocol type of traffic to which the access control policy applies. Valid values: ANY(any protocol type) TCP UDP ICMP
Source	String	Yes	1.2.3.0/24	The source address defined in the access control policy. Valid values: If SourceType is set to net, the value of this parameter is a CIDR block. Example: 1.2.3.0/24. If SourceType is set to group, the value of this parameter is an address book. Example: db_group. If SourceType is set to location, the value of this parameter is a region. Example: ["BJ11", "ZB"].
SourceType	String	Yes	net	The type of the source address book defined in the access control policy. Valid values: net: CIDR block group: address book location: source region
SourceIp	String	No	1.2.3.5	The source IP address of the request.
Lang	String	No	zh	The natural language of the request and response. Valid values: zh: Chinese en: English
DestPort	String	No	80	The destination port defined in the access control policy. Valid values: If Proto is set to ICMP, the value of DestPort is empty. Note If Proto is set to ICMP, access control does not take effect on the destination port. If Proto is set to TCP, UDP, or ANY and DestPortType is set to group, the value of DestPort is empty. Note If DestPortType is set to group, you do not need to specify the destination port number. All ports that are to be controlled by the access control policy are included in the destination port address book. If Proto is set to TCP, UDP, or ANY and DestPortType is set to port, the value of DestPort is the destination port number.
DestPortType	String	No	port	The destination port type defined in the access control policy. Valid values: port: port group: port address book
DestPortGroup	String	No	my_port_group	The destination port address book defined in the access control policy. Note If DestPortType is set to group, you must specify the destination port address book.
Release	String	No	true	Specifies whether the access control policy is enabled. By default, an access control policy is enabled after it is created. Valid values: true: The access control policy is enabled. false: The access control policy is not enabled.

Location codes:

China: ZD
Beijing: BJ11
Tianjin: TJ12
Hebei: HB13
Shanxi: SX14
Liaoning: LN21
Jilin: JL22
Shanghai: SH31
Jiangsu: JS32
Zhejiang: ZJ33
Anhui: AH34
Fujian: FJ35
Jiangxi: JX36
Shandong: SD37
Henan: HN41
Hubei: HB42
Hunan: HN43
Guangdong: GD44
Hainan: HN46
Chongqing: CQ50
Sichuan: SC51
Guizhou: GZ52
Yunnan: YN53
Shaanxi: SX61
Gansu: GS62
Qinghai: QH63
Heilongjiang: HLJ23
Xizang: XZ54
Guangxi: GX45
Nei Mongol: NMG15
Ningxia: NX64
Xinjiang: XJ65
Taiwan: TW
Hong Kong S.A.R: HK
Macao S.A.R: MO
Areas outside China: ZB
Asia (except mainland China):ZC
Europe: EU
Africa: AF
North America: NA
South America: LA
Oceania: OA
Antarctica: AQ

Response parameters


Parameter	Type	Example	Description
AclUuid	String	00281255-d220-4db1-8f4f-c4df221ad84c	The unique ID of the access control policy.
RequestId	String	CBF1E9B7-D6A0-4E9E-AD3E-2B47E6C2837D	The ID of the request.

Examples

Sample requests

http(s)://[Endpoint]/? Action=AddControlPolicy
&AclAction=accept
&ApplicationName=ANY
&Description=demo_rule_1
&Destination=1.2.3.4/24
&DestinationType=net
&Direction=in
&NewOrder=-1
&Proto=TCP
&Source=1.2.3.0/24
&SourceType=net
&<Common request parameters>

Sample success responses

XML format

<AddControlPolicyResponse>
      <RequestId>CBF1E9B7-D6A0-4E9E-AD3E-2B47E6C2837D</RequestId>
      <AclUuid>00281255-d220-4db1-8f4f-c4df221ad84c</AclUuid>
</AddControlPolicyResponse>

JSON format

{
    "RequestId": "CBF1E9B7-D6A0-4E9E-AD3E-2B47E6C2837D",
    "AclUuid": "00281255-d220-4db1-8f4f-c4df221ad84c"
}

Error codes

For a list of error codes, visit the API Error Center.