ListPolicy - Anti-DDoS - Alibaba Cloud Documentation Center

Lists mitigation policies.

Try it now

Try this API in OpenAPI Explorer, no manual signing needed. Successful calls auto-generate SDK code matching your parameters. Download it with built-in credential security for local usage.

Test

RAM authorization

The table below describes the authorization required to call this API. You can define it in a Resource Access Management (RAM) policy. The table's columns are detailed below:

Action: The actions can be used in the Action element of RAM permission policy statements to grant permissions to perform the operation.
API: The API that you can call to perform the action.
Access level: The predefined level of access granted for each API. Valid values: create, list, get, update, and delete.
Resource type: The type of the resource that supports authorization to perform the action. It indicates if the action supports resource-level permission. The specified resource must be compatible with the action. Otherwise, the policy will be ineffective.
- For APIs with resource-level permissions, required resource types are marked with an asterisk (*). Specify the corresponding Alibaba Cloud Resource Name (ARN) in the Resource element of the policy.
- For APIs without resource-level permissions, it is shown as All Resources. Use an asterisk (*) in the Resource element of the policy.
Condition key: The condition keys defined by the service. The key allows for granular control, applying to either actions alone or actions associated with specific resources. In addition to service-specific condition keys, Alibaba Cloud provides a set of common condition keys applicable across all RAM-supported services.
Dependent action: The dependent actions required to run the action. To complete the action, the RAM user or the RAM role must have the permissions to perform all dependent actions.

Action

Access level

Resource type

Condition key

Dependent action

yundun-antiddosbag:ListPolicy

list

*Policy

acs:yundun-antiddosbag:{#regionId}:{#accountId}:policy/*

None

Request parameters

Parameter	Type	Required	Description	Example
Name	string	No	The policy name.	test**
Type	string	No	The type of the policy. Valid values: default: the default mitigation policy. l3: the IP mitigation policy. l4: the port-specific mitigation policy.	l3
PageNo	integer	No	The page number for a paged query.	1
PageSize	integer	No	The number of entries per page for a paged query. The default value is 10.	10
ProductType	string	No	The type of the product to which the policy applies. Valid values: ecs: queries the default policy for ECS. slb: queries the default policy for SLB. eip: queries the default policy for EIP. gf-eip: queries the default policy for Anti-DDoS Pro EIP. Note This parameter takes effect only when Type is set to `default`.	ecs

Response elements

Element	Type	Description	Example
	object
RequestId	string	The ID of the request.	B4B379C2-9319-4C6B-B579-FE36831B09F4
PolicyList	array<object>	The list of policies.
	array<object>	The list of policies.
Id	string	The policy ID.	877afbdf-3982-4d36-9886-f043********
Name	string	The policy name.	test**
Type	string	The type of the policy. Valid values: default: the default mitigation policy. l3: the IP mitigation policy. l4: the port-specific mitigation policy.	l3
Remark	string	The remarks of the policy.	test
AttachedCount	integer	The number of protected objects associated with the policy.	0
Content	object	The content of the policy.
BlackIpListExpireAt	integer	The timeout period for the IP address blacklist. This value is a UNIX timestamp.	1716878000
EnableIntelligence	boolean	Indicates whether AI-powered protection is enabled.	true
IntelligenceLevel	string	The protection level of AI-powered protection. Valid values: default: Normal. hard: Strict. weak: Loose.	default
WhitenGfbrNets	boolean	Indicates whether to add the origin URLs of Anti-DDoS Pro & Premium (the Chinese mainland & outside the Chinese mainland) to the whitelist.	false
EnableDropIcmp	boolean	Indicates whether the ICMP protocol is disabled.	false
RegionBlockCountryList	array	The list of countries in the Location Blacklist.
	integer	The country code for the Location Blacklist.	11
RegionBlockProvinceList	array	The list of provinces in the Location Blacklist.
	integer	The province code for the Location Blacklist.	2
SourceLimit	object	The Source Rate Limiting settings.
Pps	integer	The source PPS limit. Unit: packets/s.	64
Bps	integer	The source bandwidth limit. Unit: bytes/s.	2048
SynPps	integer	The source SYN PPS limit. Unit: packets/s.	64
SynBps	integer	The source SYN bandwidth limit. Unit: bytes/s.	2048
SourceBlockList	array<object>	The list of source IP addresses to be added to the blacklist for rate limiting.
	object	The list of source IP addresses to be added to the blacklist for rate limiting.
Type	integer	The type of source rate limiting. Valid values: 3: source PPS limit. 4: source bandwidth limit. 5: source SYN PPS limit. 6: source SYN bandwidth limit.	3
BlockExpireSeconds	integer	The duration for which a source IP address is added to the blacklist. Unit: seconds.	120
EverySeconds	integer	The statistical period for adding a source IP address to the blacklist for rate limiting. Unit: seconds.	60
ExceedLimitTimes	integer	The number of times a source IP address exceeds the rate limit within a statistical period.	5
ReflectBlockUdpPortList	array	The list of ports to be filtered for reflection attack prevention.
	integer	The port to be filtered for reflection attack prevention.	123
PortRuleList	array<object>	The list of Port Blocking rules.
	object	The list of Port Blocking rules.
Id	string	The rule ID.	8f3c3062-6c20-425d-8405-2bd1********
Protocol	string	The protocol type. Valid values: tcp: Transmission Control Protocol. udp: User Datagram Protocol.	udp
SrcPortStart	integer	The start of the source port range. Valid values: 0 to 65535.	0
SrcPortEnd	integer	The end of the source port range. Valid values: 0 to 65535.	65535
DstPortStart	integer	The start of the destination port range. Valid values: 0 to 65535.	0
DstPortEnd	integer	The end of the destination port range. Valid values: 0 to 65535.	65535
MatchAction	string	The action to take upon a match. Valid values: drop: drops the packet.	drop
SeqNo	integer	The priority of the rule. The value is an integer.	1
FingerPrintRuleList	array<object>	A list of rules for byte-match filtering.
	object	The list of Byte-Match Filter rules.
Id	string	The rule ID.	2c0b09cd-a565-4481-9acb-418b********
Protocol	string	The protocol type. Valid values: tcp: Transmission Control Protocol. udp: User Datagram Protocol.	udp
SrcPortStart	integer	The start of the source port range. Valid values: 0 to 65535.	0
SrcPortEnd	integer	The end of the source port range. Valid values: 0 to 65535.	65535
DstPortStart	integer	The start of the destination port range. Valid values: 0 to 65535.	0
DstPortEnd	integer	The end of the destination port range. Valid values: 0 to 65535.	65535
MinPktLen	integer	The minimum packet length. Valid values: 1 to 1500.	1
MaxPktLen	integer	The maximum packet length. Valid values: 1 to 1500.	1500
Offset	integer	The offset. Valid values: 0 to 1500.	0
PayloadBytes	string	The detection payload. The value is a hexadecimal string.	abcd
MatchAction	string	The action to take upon a match. Valid values: accept: allows traffic that matches the fingerprint feature. drop: drops traffic that matches the fingerprint feature. ip_rate: applies rate limiting to the source IP address of traffic that matches the fingerprint feature. Set the rate limit using the RateValue parameter. session_rate: applies rate limiting to the source session of traffic that matches the fingerprint feature. Set the rate limit using the RateValue parameter.	drop
RateValue	integer	The rate limit. Valid values: 1 to 100000. Note This parameter is required when MatchAction is set to ip_rate or session_rate.	1000
SeqNo	integer	The priority of the rule. The value is an integer.	1
EnableL4Defense	boolean	Indicates whether port-specific mitigation is enabled.	true
L4RuleList	array<object>	The list of port-specific mitigation rules.
	array<object>	The list of port-specific mitigation rules.
Name	string	The rule name.	test**
Priority	integer	The priority of the rule.	1
Method	string	The rule type. Valid values: char: string match. hex: hexadecimal match.	char
Match	string	The logical operator. Valid values: 0: executes the action upon a match. 1: executes the action upon a mismatch.	1
Action	string	The action. Valid values: 2: drops the packet.	2
Limited	integer	The minimum number of bytes in a session stream to trigger rule matching. Valid values: 0 to 2048.	0
ConditionList	array<object>	The list of detection conditions.
	array<object>	The list of detection conditions.
Arg	string	The detection content. Note If the rule type is char, the value must be an ASCII string. If the rule type is hex, the value must be a hexadecimal string. The maximum length is 2048 characters.	test
Position	integer	The start position for detection. Valid values: 0 to 2047.	0
Depth	integer	The length of the detection window. Valid values: 1 to 2048.	32
Encode	string	The character type. Valid values: str: string. hex: hexadecimal.	str
Pattern	string	The match pattern. Valid values: contain: contains. not_contain: does not contain.	contain
Content	string	The content to match. If Encode is set to str, the value must meet the following requirements: The length of Content cannot exceed 1500. End - Start must be greater than or equal to the length of Content. If Encode is set to hex, the value must meet the following requirements: Content must be a hexadecimal string. The length of Content must be an even number. The length of Content cannot exceed 3000. End - Start + 1 must be greater than or equal to the length of Content / 2.	test**
Offset	object	The match range.
Start	integer	The start position. Valid values: 0 to 1499.	0
End	integer	The end position. Valid values: 0 to 1499. Note The end position must be greater than or equal to the start position.	1499
PortVersion	string	The version of the port-specific mitigation policy. Valid values: (empty): the default surf DPI engine policy. 2: the new stream DPI engine policy. Note This parameter is supported only by port-specific mitigation policies.	2
Total	integer	The total number of policies.	10

Examples

Success response

JSON format

{
  "RequestId": "B4B379C2-9319-4C6B-B579-FE36831B09F4",
  "PolicyList": [
    {
      "Id": "877afbdf-3982-4d36-9886-f043********",
      "Name": "test**",
      "Type": "l3",
      "Remark": "test",
      "AttachedCount": 0,
      "Content": {
        "BlackIpListExpireAt": 1716878000,
        "EnableIntelligence": true,
        "IntelligenceLevel": "default",
        "WhitenGfbrNets": false,
        "EnableDropIcmp": false,
        "RegionBlockCountryList": [
          11
        ],
        "RegionBlockProvinceList": [
          2
        ],
        "SourceLimit": {
          "Pps": 64,
          "Bps": 2048,
          "SynPps": 64,
          "SynBps": 2048
        },
        "SourceBlockList": [
          {
            "Type": 3,
            "BlockExpireSeconds": 120,
            "EverySeconds": 60,
            "ExceedLimitTimes": 5
          }
        ],
        "ReflectBlockUdpPortList": [
          123
        ],
        "PortRuleList": [
          {
            "Id": "8f3c3062-6c20-425d-8405-2bd1********",
            "Protocol": "udp",
            "SrcPortStart": 0,
            "SrcPortEnd": 65535,
            "DstPortStart": 0,
            "DstPortEnd": 65535,
            "MatchAction": "drop",
            "SeqNo": 1
          }
        ],
        "FingerPrintRuleList": [
          {
            "Id": "2c0b09cd-a565-4481-9acb-418b********",
            "Protocol": "udp",
            "SrcPortStart": 0,
            "SrcPortEnd": 65535,
            "DstPortStart": 0,
            "DstPortEnd": 65535,
            "MinPktLen": 1,
            "MaxPktLen": 1500,
            "Offset": 0,
            "PayloadBytes": "abcd",
            "MatchAction": "drop",
            "RateValue": 1000,
            "SeqNo": 1
          }
        ],
        "EnableL4Defense": true,
        "L4RuleList": [
          {
            "Name": "test**",
            "Priority": 1,
            "Method": "char",
            "Match": "1",
            "Action": "2",
            "Limited": 0,
            "ConditionList": [
              {
                "Arg": "test",
                "Position": 0,
                "Depth": 32,
                "Encode": "str",
                "Pattern": "contain",
                "Content": "test**",
                "Offset": {
                  "Start": 0,
                  "End": 1499
                }
              }
            ]
          }
        ],
        "PortVersion": "2"
      }
    }
  ],
  "Total": 10
}

Error codes

See Error Codes for a complete list.

Release notes

See Release Notes for a complete list.