Modifies the accurate access control rule of a website.

Debugging

OpenAPI Explorer automatically calculates the signature value. For your convenience, we recommend that you call this operation in OpenAPI Explorer. OpenAPI Explorer dynamically generates the sample code of the operation for different SDKs.

Request parameters

Parameter Type Required Example Description
Action String Yes ModifyWebPreciseAccessRule

The operation that you want to perform. Set the value to ModifyWebPreciseAccessRule.

Domain String Yes www.aliyun.com

The domain name of the website.

Note A forwarding rule must be configured for the domain name. You can call the DescribeDomains operation to query all domain names.
Rules String Yes [{"action":"block","name":"testrule","condition":[{"field":"uri","match_method":"contain","content":"/test/123"}]}]

Details about the accurate access control rule. This parameter is a JSON string. The fields in the value are described as follows:

  • action: the action performed if the rule is matched. This field is required and must be of the STRING type. Valid values:
    • accept
    • block
    • challenge
  • name: the name of the rule. This field is required and must be of the STRING type.
  • condition: the match conditions. This field is required and must be of the MAP type.
    Note The AND operator is used to define the relationship among multiple match conditions.
    • field: the match field. It is required and must be of the STRING type.
    • match_method: the logical relation. It is required and must be of the STRING type.
      Note For information about the mappings between the field and match_method parameters, see the Mappings between the field and match_method parameters table in this topic.
    • content: the match content. It is required and must be of the STRING type.
  • header_name: the HTTP header, which must be of the STRING type. This parameter only takes effect when field is header.
RegionId String No cn-hangzhou

The region ID of the instance. Valid values:

  • cn-hangzhou: mainland China, which indicates an Anti-DDoS Pro instance
  • ap-southeast-1: outside mainland China, which indicates an Anti-DDoS Premium instance
ResourceGroupId String No default

The ID of the resource group to which the instance belongs in Resource Management. This parameter is empty by default, which indicates that the instance belongs to the default resource group.

Expires Integer No 600

The validity period of the rule. Unit: seconds. This parameter only takes effect when action is block. Access requests that hit the rule are blocked within the specified validity period of the rule. If you do not specify this parameter, this rule takes effect all the time.

Mappings between the field and match_method parameters

field

Description

match_method

ip

The source IP address of the request.

belong: the Is Part Of relation

nbelong: the Is Not Part Of relation

uri

The URI of the request.

contain: the Contains relation

ncontain: the Does Not Contain relation

equal: the Equals relation

nequal: the Does Not Equal relation

lless: the Is Shorter Than relation

lequal: the Has a Length Of relation

lgreat: the Is Longer Than relation

regular: The match content is the regular expression of the URI.

referer

The source URI of the request, namely, the page from which the access request is redirected.

contain: the Contains relation

ncontain: the Does Not Contain relation

equal: the Equals relation

nequal: the Does Not Equal relation

lless: the Is Shorter Than relation

lequal: the Has a Length Of relation

lgreat: the Is Longer Than relation

nexist: the Does Not Exist relation

regular: The match content is the regular expression of the URI.

user-agent

The browser ID, rendering engine ID, version information, and other browser-related information of the client that initiates the request.

contain: the Contains relation

ncontain: the Does Not Contain relation

equal: the Equals relation

nequal: the Does Not Equal relation

lless: the Is Shorter Than relation

lequal: the Has a Length Of relation

lgreat: the Is Longer Than relation

regular: The match content is the regular expression of the information.

params

The parameter part in the request URL, usually the part that follows the question mark (?) in the URL. For example,

in www.abc.com/index.html? action=login, action=login

is the parameter part.

contain: the Contains relation

ncontain: the Does Not Contain relation

equal: the Equals relation

nequal: the Does Not Equal relation

lless: the Is Shorter Than relation

lequal: the Has a Length Of relation

lgreat: the Is Longer Than relation

cookie

The cookie information in the request.

contain: the Contains relation

ncontain: the Does Not Contain relation

equal: the Equals relation

nequal: the Does Not Equal relation

lless: the Is Shorter Than relation

lequal: the Has a Length Of relation

lgreat: the Is Longer Than relation

nexist: the Does Not Exist relation

content-type

The HTTP content type of the response specified by the request, namely, MIME type information.

contain: the Contains relation

ncontain: the Does Not Contain relation

equal: the Equals relation

nequal: the Does Not Equal relation

lless: the Is Shorter Than relation

lequal: the Has a Length Of relation

lgreat: the Is Longer Than relation

x-forwarded-for

The actual IP address of the client that initiates an access request. X-Forwarded-For (XFF) is used to identify the HTTP request header field of the initial IP address of the client that initiates the access request that is forwarded through an HTTP proxy server or a Server Load Balancer (SLB) instance. XFF is only included in the access requests that are forwarded by the HTTP proxy or SLB instances.

contain: the Contains relation

ncontain: the Does Not Contain relation

equal: the Equals relation

nequal: the Does Not Equal relation

lless: the Is Shorter Than relation

lequal: the Has a Length Of relation

lgreat: the Is Longer Than relation

nexist: the Does Not Exist relation

Regular: The match content is the regular expression of the IP address.

content-length

The amount of bytes in the HTTP body of the request.

vless: the Is Smaller Than relation

vequal: the Has a Value Of relation

vgreat: the Is Larger Than relation

post-body

The content of the request.

contain: the Contains relation

ncontain: the Does Not Contain relation

equal: the Equals relation

nequal: the Does Not Equal relation

regular: The match content is the regular expression of the HTTP request header.

http-method

The request method, such as GET and POST.

equal: the Equals relation

nequal: the Does Not Equal relation

header

The header of the request, which is used to customize the HTTP header.

contain: the Contains relation

ncontain: the Does Not Contain relation

equal: the Equals relation

nequal: the Does Not Equal relation

lless: the Is Shorter Than relation

lequal: the Has a Length Of relation

lgreat: the Is Longer Than relation

nexist: the Does Not Exist relation

Response parameters

Parameter Type Example Description
RequestId String 0bcf28g5-d57c-11e7-9bs0-d89d6717dxbc

The ID of the request.

Examples

Sample requests

http(s)://[Endpoint]/? Action=ModifyWebPreciseAccessRule
&Domain=www.aliyun.com
&Rules=[{"action":"block","name":"testrule","condition":[{"field":"uri","match_method":"contain","content":"/test/123"}]}]
&<Common request parameters>

Sample success responses

XML format

<ModifyWebPreciseAccessRuleResponse>
      <RequestId>0bcf28g5-d57c-11e7-9bs0-d89d6717dxbc</RequestId>
</ModifyWebPreciseAccessRuleResponse>

JSON format

{
    "RequestId":"0bcf28g5-d57c-11e7-9bs0-d89d6717dxbc"
}

Error codes

For a list of error codes, visit the API Error Center.