edit-icon download-icon

Create an IP access control (CreateIpControl)

Last Updated: Feb 25, 2018

Description

Add an IP access control policy in a region to reject (or permit) API calls from specified IP addresses.

  • This function is intended for API providers.
  • An IP address access control policy is not effective until it is bound to an API. However, it is immediately effective once bound to an API.
  • You can add IP addresses to a policy when creating this policy or using the AddIpControlPolicyItem interface.
  • An empty IP address access control policy is invalid.

Request parameters

Parameter Type Required Description
Action String Yes Operation interface name, a required parameter, value: CreateIpControl
IpControlName String Yes IP address access control name, which contains 4–50 characters including English letters (upper and lower cases), Chinese characters, numbers, and underscores (_). The name cannot start with an underscore.
IpControlType String Yes IP address access control type:
  • ALLOW: whitelist
  • REFUSE: blacklist
Description String No The description must not exceed 200 characters.
IpControlPolicys.N.CidrIp String No Specific IP address or IP network segment in the policy
  • This parameter cannot be blank for an access control policy.
  • If multiple IP addresses or IP address segments are input in a policy, they must be separated by a semicolon (;). A policy can contain a maximum of 10 IP addresses or IP address segments.
  • In IpControlPolicys.N, the value of N is in the range of [1, 100].
IpControlPolicys.N.AppId String No ID of the application controlled by the policy. This parameter can be set only when the access control type is whitelist (IpControlType is ALLOW).
  • Only one application ID can be added each time.
  • If this parameter is left blank, the policy does not restrict specific application IDs.
  • If this parameter is set, the policy controls API calls based on both IP addresses and application IDs.
  • If this parameter is set and the API security authentication mode is set to “No authentication”, all API calls are restricted.
  • If the policy is a blacklist (IpControlType is REFUSE) and this parameter is set, the API Gateway ignores this parameter and applies access control only to the specified IP addresses.
  • In IpControlPolicys.N, the value of N is in the range of [1, 100].

Response parameters

Parameter Type Description
RequestId String ID of the current request
IpControlId String Access control policy ID

Example

Sample request

  1. https://apigateway.cn-qingdao.aliyuncs.com/?Action=CreateIpControl
  2. &IpControlName=controlNameTest
  3. &IpControlType=ALLOW
  4. &Description=test
  5. &IpControlPolicys.1.CidrIp=114.1.1.0/24
  6. &IpControlPolicys.1.AppId=11111
  7. &<Public Request Parameters>

Sample response

XML format

  1. <CreateSignatureResponse>
  2. <RequestId>CE5722A6-AE78-4741-A9B0-6C817D360510</RequestId>
  3. <IpControlId>7ea91319a34d48a09b5c9c871d9768b1</IpControlId>
  4. </CreateSignatureResponse>

JSON format

  1. {
  2. "RequestId":"CE5722A6-AE78-4741-A9B0-6C817D360510",
  3. "IpControlId":"7ea91319a34d48a09b5c9c871d9768b1"
  4. }
Thank you! We've received your feedback.