Adds an access control policy to a specific policy group for a Virtual Private Cloud (VPC) firewall.
Debugging
Request parameters
Parameter | Type | Required | Example | Description |
---|---|---|---|---|
Action | String | Yes | CreateVpcFirewallControlPolicy |
The operation that you want to perform. Set the value to CreateVpcFirewallControlPolicy. |
AclAction | String | Yes | accept |
The action that Cloud Firewall performs on the traffic. Valid values:
|
ApplicationName | String | Yes | HTTP |
The application type that the access control policy supports. Valid values:
|
Description | String | Yes | test |
The description of the access control policy. |
Destination | String | Yes | 10.2.3.0/24 |
The destination address in the access control policy. Set this parameter in the following way:
|
DestinationType | String | Yes | net |
The type of the destination address in the access control policy. Valid values:
|
NewOrder | String | Yes | -1 |
The priority of the access control policy. The priority value starts from 1. A smaller priority value indicates a higher priority. Note The value of -1 indicates the lowest priority.
|
Proto | String | Yes | TCP |
The security protocol in the access control policy. Valid values:
|
Source | String | Yes | 10.2.3.0/24 |
The source address in the access control policy.
|
SourceType | String | Yes | net |
The type of the source address in the access control policy. Valid values:
|
VpcFirewallId | String | Yes | vfw-a42bbb7b887148c9**** |
The ID of the policy group to which you want to add the access control policy.
Note You can call the DescribeVpcFirewallAclGroupList operation to query the ID of the policy group.
|
Lang | String | No | zh |
The natural language of the request and response. Valid values:
|
DestPort | String | No | 80 |
The destination port in the access control policy. Note This parameter must be specified if the DestPortType parameter is set to
port .
|
DestPortType | String | No | net |
The type of the destination port in the access control policy. Valid values:
|
DestPortGroup | String | No | my_port_group |
The address book of destination ports in the access control policy. Note This parameter must be specified if the DestPortType parameter is set to
group .
|
Response parameters
Parameter | Type | Example | Description |
---|---|---|---|
AclUuid | String | 00281255-d220-4db1-8f4f-c4df221ad84c |
The unique ID of the access control policy. |
RequestId | String | CBF1E9B7-D6A0-4E9E-AD3E-2B47E6C2837D |
The ID of the request. |
Examples
Sample requests
http(s)://[Endpoint]/?Action=CreateVpcFirewallControlPolicy
&VpcFirewallId=vfw-a42bbb7b887148c9****
&AclAction=accept
&ApplicationName=ANY
&Description=demo_rule_1
&Destination=10.2.3.0/24
&DestinationType=net
&NewOrder=-1
&Proto=TCP
&Source=10.2.3.0/24
&SourceType=net
&<Common request parameters>
Sample success responses
XML
format
<CreateVpcFirewallControlPolicyResponse>
<RequestId>CBF1E9B7-D6A0-4E9E-AD3E-2B47E6C2837D</RequestId>
<AclUuid>00281255-d220-4db1-8f4f-c4d*********</AclUuid>
</CreateVpcFirewallControlPolicyResponse>
JSON
format
{
"RequestId": "CBF1E9B7-D6A0-4E9E-AD3E-2B47E6C2837D",
"AclUuid": "00281255-d220-4db1-8f4f-c4d*********"
}
Error codes
For a list of error codes, visit the API Error Center.