Queries the details of all access control policies for a specific virtual private cloud (VPC) firewall.

Note Different access control policies are used for the VPC firewall that is used to protect each Cloud Enterprise Network (CEN) instance and the VPC firewall that is used to protect each Express Connect circuit.

Debugging

OpenAPI Explorer automatically calculates the signature value. For your convenience, we recommend that you call this operation in OpenAPI Explorer. OpenAPI Explorer dynamically generates the sample code of the operation for different SDKs.

Request parameters

Parameter Type Required Example Description
Action String Yes DescribeVpcFirewallControlPolicy

The operation that you want to perform.

Set the value to DescribeVpcFirewallControlPolicy.

CurrentPage String Yes 1

The page number of the current page.

Default value: 1.

PageSize String Yes 10

The number of entries to return on each page.

Maximum value: 50.

VpcFirewallId String Yes vfw-a42bbb7b887148c9****

The ID of the group to which the access control policy belongs. You can call the DescribeVpcFirewallAclGroupList operation to query the ID.

Valid values:

  • If the VPC firewall is used to protect a CEN instance, the value of this parameter is the ID of the CEN instance.

    Example: cen-ervw0g12b5jbw****

  • If the VPC firewall is used to protect an Express Connect circuit, the value of this parameter is the ID of the VPC firewall.

    Example: vfw-a42bbb7b887148c9****

Lang String No zh

The natural language of the request and response.

Valid values:

  • zh: Chinese
  • en: English
Source String No 10.0.1.0/24

The source address in the access control policy. Fuzzy match is supported.

Valid values:

  • If SourceType is set to net, the value of this parameter is a CIDR block.

    Example: 10.0.1.0/24

  • If SourceType is set to group, the value of this parameter is the name of an address book.

    Example: db_group

  • If SourceType is left empty, all source addresses are queried.
Note The value of this parameter depends on the value of the SourceType parameter.
Destination String No 10.0.3.0

The destination address in the access control policy. Fuzzy match is supported.

Valid values:

  • If DestinationType is set to net, the value of this parameter is a CIDR block.

    Example: 10.0.3.0/24

  • If DestinationType is set to domain, the value of this parameter is a domain name.

    Example: aliyun.com

  • If DestinationType is set to group, the value of this parameter is the name of an address book.

    Example: db_group

  • If DestinationType is left empty, all destination addresses are queried.
Note The value of this parameter depends on the value of the DestinationType parameter.
Description String No test

The description of the access control policy. Fuzzy match is supported.

Note If this parameter is left empty, the descriptions of all access control policies are queried.
Proto String No TCP

The type of the protocol in the access control policy.

Valid values:

  • TCP
  • UDP
  • ICMP
  • If this parameter is left empty, all types of protocol are queried.
  • ANY, which indicates all types of protocols.
AclAction String No accept

The action that Cloud Firewall performs on the traffic.

Valid values:

  • accept: allows the traffic.
  • drop: denies the traffic.
  • log: monitors the traffic.
  • If this parameter is left empty, access control policies that specify all the preceding actions are queried.

Response parameters

Parameter Type Example Description
Policys Array

The information about the access control policies.

AclAction String accept

The action that Cloud Firewall performs on the traffic.

Valid values:

  • accept: allows the traffic.
  • drop: denies the traffic.
  • log: monitors the traffic.
AclUuid String 00281255-d220-4db1-8f4f-c4df221a****

The ID of the access control policy.

ApplicationId String 10**

The ID of the application in the access control policy.

ApplicationName String HTTP

The type of the application that the access control policy supports.

Valid values:

  • HTTP
  • HTTPS
  • MySQL
  • SMTP
  • SMTPS
  • RDP
  • VNC
  • SSH
  • Redis
  • MQTT
  • MongoDB
  • Memcache
  • SSL
  • ANY, which indicates all types of applications
Description String test

The description of the access control policy.

DestPort String 80

The destination port in the access control policy.

DestPortGroup String my_port_group

The name of the destination port address book in the access control policy.

DestPortGroupPorts List [80,443]

The ports in the destination port address book.

DestPortType String port

The type of the destination port in the access control policy.

Valid values:

  • port: port
  • group: port address book
Destination String 10.0.3.0/24

The destination address in the access control policy.

Valid values:

  • If DestinationType is set to net, the value of this parameter is a CIDR block.

    Example: 10.0.3.0/24

  • If DestinationType is set to domain, the value of this parameter is a domain name.

    Example: aliyuncs.com

  • If DestinationType is set to group, the value of this parameter is the name of an address book.

    Example: db_group

Note The value of this parameter depends on the value of the DestinationType parameter.
DestinationGroupCidrs List ["10.0.4.0/24", "10.0.0.1/32"]

The CIDR blocks in the destination address book of the access control policy.

DestinationType String net

The type of the destination address in the access control policy.

Valid values:

  • net: destination CIDR block
  • group: destination address book
  • domain: destination domain name
Direction String in

The direction of the traffic to which the access control policy applies.

Valid values:

  • in: inbound traffic
  • out: outbound traffic
HitTimes Integer 100

The number of hits for the access control policy.

Order Integer 1

The priority of the access control policy.

The priority value starts from 1. A small priority value indicates a high priority. The value -1 indicates the lowest priority.

Proto String TCP

The type of the protocol in the access control policy.

Valid values:

  • TCP
  • UDP
  • ICMP
  • ANY, which indicates all types of protocols
Source String 10.0.6.0/24

The source address in the access control policy.

Valid values:

  • If SourceType is set to net, the value of this parameter is a CIDR block.

    Example: 10.0.6.0/24

  • If SourceType is set to group, the value of this parameter is the name of an address book.

    Example: db_group

Note The value of this parameter depends on the value of the SourceType parameter.
SourceGroupCidrs List ["10.0.6.0/24", "10.0.0.2/32"]

The CIDR blocks in the source address book of the access control policy.

SourceType String net

The type of the source address in the access control policy.

Valid values:

  • net: source CIDR block
  • group: source address book
RequestId String CBF1E9B7-D6A0-4E9E-AD3E-2B47E6C2837D

The ID of the request.

TotalCount String 20

The total number of the returned access control policies.

Examples

Sample requests

http(s)://[Endpoint]/?Action=DescribeVpcFirewallControlPolicy
&CurrentPage=1
&PageSize=10
&VpcFirewallId=vfw-a42bbb7b887148c9****
&<Common request parameters>

Sample success responses

XML format

<DescribeVpcFirewallControlPolicyResponse>
  <TotalCount>1</TotalCount>
  <PageNo>1</PageNo>
  <PageSize>10</PageSize>
  <RequestId>A08BC58F-A83D-43EB-BC31-2F0D723929CC</RequestId>
  <Policys>
        <ApplicationName>HTTP</ApplicationName>
        <Description>11</Description>
        <HitTimes>0</HitTimes>
        <DestinationType>net</DestinationType>
        <SourceType>net</SourceType>
        <Proto>TCP</Proto>
        <Order>5</Order>
        <ApplicationId>27</ApplicationId>
        <DestPortType>port</DestPortType>
        <Source>10.1.1.1/32</Source>
        <DestPort>80/80</DestPort>
        <AclAction>accept</AclAction>
        <AclUuid>53d82f0e-9bf1-4761-ab3b-a070b4811234</AclUuid>
        <Destination>10.2.1.1/32</Destination>
  </Policys>
</DescribeVpcFirewallControlPolicyResponse>

JSON format

{
    "TotalCount":1,
    "PageNo":1,
    "PageSize":10,
    "RequestId":"A08BC58F-A83D-43EB-BC31-2F0D723929CC",
    "Policys":[
        {
            "DestinationGroupCidrs":[

            ],
            "SourceGroupCidrs":[

            ],
            "ApplicationName":"HTTP",
            "Description":"11",
            "HitTimes":0,
            "DestinationType":"net",
            "SourceType":"net",
            "Proto":"TCP",
            "Order":5,
            "ApplicationId":"27",
            "DestPortType":"port",
            "Source":"10.1.1.1/32",
            "DestPort":"80/80",
            "AclAction":"accept",
            "DestPortGroupPorts":[

            ],
            "AclUuid":"53d82f0e-9bf1-4761-ab3b-a070b4811234",
            "Destination":"10.2.1.1/32"
        }
    ]
}