You can call this operation to create an access control policy.

Debugging

OpenAPI Explorer automatically calculates the signature value. For your convenience, we recommend that you call this operation in OpenAPI Explorer. OpenAPI Explorer dynamically generates the sample code of the operation for different SDKs.

Request parameters

Parameter Type Required Example Description
AclAction String Yes accept

The action that Cloud Firewall performs on the traffic. Valid values:

  • accept: Allow
  • drop: Deny
  • log: Monitor
Action String Yes AddControlPolicy

The operation that you want to perform. Set the value to AddControlPolicy.

ApplicationName String Yes HTTP

The type of applications to which the policy is applied.

Valid values:

  • ANY
  • HTTP
  • HTTPS
  • MySQL
  • SMTP
  • SMTPS
  • RDP
  • VNC
  • SSH
  • Redis
  • MQTT
  • MongoDB
  • Memcache
  • SSL
Note The value of ANY indicates that the policy is applied to all types of applications.
Description String Yes test

The description of the access control policy.

Destination String Yes 1.2.3.4/24

The destination address to define in the access control policy.

  • If the DestinationType parameter is set to net, this parameter specifies the destination CIDR block. Example: 1.2.3.4/24
  • If the DestinationType parameter is set to group, this parameter specifies the name of the destination address book. Example: db_group
  • If the DestinationType parameter is set to domain, this parameter specifies the destination domain name. Example: *.aliyuncs.com
  • If the DestinationType parameter is set to location, this parameter specifies the destination region. For more information about region codes, see the following section. Example: ["BJ11", "ZB"]
DestinationType String Yes net

The type of the destination address to define in the access control policy. Valid values:

  • net: destination CIDR block
  • group: destination address book
  • domain: destination domain name
  • location: destination region
Direction String Yes in

The traffic direction to define in the access control policy. Valid values:

  • in: inbound traffic
  • out: outbound traffic
NewOrder String Yes -1

The priority of the access control policy. The priority value starts from 1. The smaller the priority number, the higher the priority.

Note The value of -1 indicates the lowest priority.
Proto String Yes TCP

The security protocol type to define in the access control policy. If you cannot determine the protocol type, you can set this parameter to ANY. Valid values:

  • ANY
  • TCP
  • UDP
  • ICMP
Source String Yes 1.2.3.0/24

The source address to define in the access control policy.

  • If the SourceType parameter is set to net, this parameter specifies the source CIDR block. Example: 1.2.3.0/24
  • If the SourceType parameter is set to group, this parameter specifies the name of the source address book. Example: db_group
  • If the SourceType parameter is set to location, this parameter specifies the source region. For more information about region codes, see the following section. Example: ["BJ11", "ZB"]
SourceType String Yes net

The source address type to define in the access control policy. Valid values:

  • net: source CIDR block
  • group: source address book
  • location: source region
DestPort String No 80

The destination port to define in the access control policy.

Note If the DestPortType parameter is set to port, this parameter is required.
DestPortGroup String No my_port_group

The name of the destination port address book to define in the access control policy.

Note If the DestPortType parameter is set to group, this parameter is required.
DestPortType String No port

The type of the destination port to define in the access control policy. Valid values:

  • port: port
  • group: port address book
Lang String No zh

The language of the request and response. Valid values:

  • en: English
  • zh: Chinese
SourceIp String No 1.2.3.5

The source IP address of the request.

The region codes are as follows:

  • Mainland China: ZD
  • Beijing: BJ11
  • Tianjin: TJ12
  • Hebei Province: HB13
  • Shanxi Province: SX14
  • Liaoning Province: LN21
  • Jilin Province: JL22
  • Shanghai: SH31
  • Jiangsu Province: JS32
  • Zhejiang Province: ZJ33
  • Anhui Province: AH34
  • Fujian Province: FJ35
  • Jiangxi Province: JX36
  • Shandong Province: SD37
  • Henan Province: HN41
  • Hubei Province: HB42
  • Hunan Province: HN43
  • Guangdong Province: GD44
  • Hainan Province: HN46
  • Chongqing: CQ50
  • Sichuan Province: SC51
  • Guizhou Province: GZ52
  • Yunnan Province: YN53
  • Shaanxi Province: SX61
  • Gansu Province: GS62
  • Qinghai Province: QH63
  • Heilongjiang Province: HLJ23
  • Tibet Autonomous Region: XZ54
  • Guangxi Zhuang Autonomous Region: GX45
  • Inner Mongolia Autonomous Region: NMG15
  • Ningxia Hui Autonomous Region: NX64
  • Xinjiang Uygur Autonomous Region: XJ65
  • Taiwan Province: TW
  • Hong Kong SAR: HK
  • Macao SAR: MO
  • Outside China: ZB
  • Asia (except China): ZC
  • Europe: EU
  • Africa: AF
  • North America: NA
  • South America: LA
  • Oceania: OA
  • Antarctica: AQ

Response parameters

Parameter Type Example Description
AclUuid String 00281255-d220-4db1-8f4f-c4df221ad84c

The unique ID of the access control policy.

RequestId String CBF1E9B7-D6A0-4E9E-AD3E-2B47E6C2837D

The ID of the request.

Examples

Sample requests


http(s)://[Endpoint]/? Action=AddControlPolicy
&AclAction=accept
&ApplicationName=ANY
&Description=demo_rule_1
&Destination=1.2.3.4/24
&DestinationType=net
&Direction=in
&NewOrder=-1
&Proto=TCP
&Source=1.2.3.0/24
&SourceType=net
&<Common request parameters>

Sample success responses

XML format

<AddControlPolicy>
	  <RequestId>CBF1E9B7-D6A0-4E9E-AD3E-2B47E6C2837D</RequestId>
	  <AclUuid>00281255-d220-4db1-8f4f-c4df221ad84c</AclUuid>
</AddControlPolicy>

JSON format

{
	"RequestId":"CBF1E9B7-D6A0-4E9E-AD3E-2B47E6C2837D",
	"AclUuid":"00281255-d220-4db1-8f4f-c4df221ad84c"
}

Error codes

For a list of error codes, visit the API Error Center.