ModifyPolicyContent - Anti-DDoS - Alibaba Cloud Documentation Center

Modifies the content of a mitigation policy.

Operation description

When you call this operation, you must specify all parameters. If you do not specify a parameter, its existing configuration is deleted.

Try it now

Try this API in OpenAPI Explorer, no manual signing needed. Successful calls auto-generate SDK code matching your parameters. Download it with built-in credential security for local usage.

Test

RAM authorization

The table below describes the authorization required to call this API. You can define it in a Resource Access Management (RAM) policy. The table's columns are detailed below:

Action: The actions can be used in the Action element of RAM permission policy statements to grant permissions to perform the operation.
API: The API that you can call to perform the action.
Access level: The predefined level of access granted for each API. Valid values: create, list, get, update, and delete.
Resource type: The type of the resource that supports authorization to perform the action. It indicates if the action supports resource-level permission. The specified resource must be compatible with the action. Otherwise, the policy will be ineffective.
- For APIs with resource-level permissions, required resource types are marked with an asterisk (*). Specify the corresponding Alibaba Cloud Resource Name (ARN) in the Resource element of the policy.
- For APIs without resource-level permissions, it is shown as All Resources. Use an asterisk (*) in the Resource element of the policy.
Condition key: The condition keys defined by the service. The key allows for granular control, applying to either actions alone or actions associated with specific resources. In addition to service-specific condition keys, Alibaba Cloud provides a set of common condition keys applicable across all RAM-supported services.
Dependent action: The dependent actions required to run the action. To complete the action, the RAM user or the RAM role must have the permissions to perform all dependent actions.

Action

Access level

Resource type

Condition key

Dependent action

yundun-antiddosbag:ModifyPolicyContent

update

*Policy

acs:yundun-antiddosbag:{#regionId}:{#accountId}:policy/{#PolicyId}

None

Request parameters

Parameter	Type	Required	Description	Example
Id	string	Yes	The policy ID.	83967609-7ea5-4f6d-a6ea-380b09e****
Name	string	No	The policy name.	demo**
Content	object	No	The policy content.
BlackIpListExpireAt	integer	No	The timeout period for the IP address blacklist. This value is a UNIX timestamp.	1716878000
EnableIntelligence	boolean	No	Specifies whether to enable AI-powered protection.	true
IntelligenceLevel	string	No	The protection level of AI-powered protection. Valid values: default: Normal. hard: Strict. weak: Loose.	default
WhitenGfbrNets	boolean	No	Specifies whether to add the origin URLs of Anti-DDoS Pro (for the Chinese mainland) and Anti-DDoS Premium (for outside the Chinese mainland) to the whitelist.	false
EnableDropIcmp	boolean	No	Specifies whether to disable the ICMP protocol.	true
RegionBlockCountryList	array	No	The list of countries for the Location Blacklist.
	integer	No	The country code for the Location Blacklist.	11
RegionBlockProvinceList	array	No	The list of provinces for the Location Blacklist.
	integer	No	The province code for the Location Blacklist.	2
SourceLimit	object	No	The Source Rate Limiting settings.
Pps	integer	No	The source rate limit for PPS. Unit: packets/s.	64
Bps	integer	No	The source rate limit for bandwidth. Unit: bytes/s.	2048
SynPps	integer	No	The source rate limit for SYN PPS. Unit: packets/s.	64
SynBps	integer	No	The source rate limit for SYN bandwidth. Unit: bytes/s.	2048
SourceBlockList	array<object>	No	The blacklist for Source Rate Limiting.
	object	No	The blacklist for Source Rate Limiting.
Type	integer	Yes	The type of Source Rate Limiting. Valid values: 3: PPS-based. 4: bandwidth-based. 5: SYN PPS-based. 6: SYN bandwidth-based.	3
BlockExpireSeconds	integer	Yes	The duration for which a source IP address is added to the blacklist. Unit: seconds.	120
EverySeconds	integer	Yes	The statistical period for adding a source IP address to the blacklist. Unit: seconds.	60
ExceedLimitTimes	integer	Yes	The number of times a source IP address exceeds the rate limit within a statistical period.	5
ReflectBlockUdpPortList	array	No	The list of ports to filter for reflection attack prevention.
	integer	No	The port to filter for reflection attack prevention. Note Only UDP is supported.	123
PortRuleList	array<object>	No	The list of Port Blocking rules.
	object	No	The list of Port Blocking rules.
Id	string	No	The rule ID.	412a7312-58ff-4e32-a202-0ab0*******
Protocol	string	Yes	The protocol type. Valid values: tcp: Transmission Control Protocol. udp: User Datagram Protocol.	tcp
SrcPortStart	integer	Yes	The start of the source port range. Valid values: 0 to 65535.	0
SrcPortEnd	integer	Yes	The end of the source port range. Valid values: 0 to 65535.	65535
DstPortStart	integer	Yes	The start of the destination port range. Valid values: 0 to 65535.	0
DstPortEnd	integer	Yes	The end of the destination port range. Valid values: 0 to 65535.	65535
MatchAction	string	Yes	The action to take on a matched packet. Valid values: drop: Drops the packet.	drop
SeqNo	integer	Yes	The priority of the rule. The value is an integer. Note A smaller value indicates a higher priority.	1
FingerPrintRuleList	array<object>	No	The list of Byte-Match Filter rules.
	object	No	The list of Byte-Match Filter rules.
Id	string	No	The rule ID.	83967609-7ea5-4f6d-a6ea-380b09e****
Protocol	string	Yes	The protocol type. Valid values: tcp: Transmission Control Protocol. udp: User Datagram Protocol.	tcp
SrcPortStart	integer	Yes	The start of the source port range. Valid values: 0 to 65535.	0
SrcPortEnd	integer	Yes	The end of the source port range. Valid values: 0 to 65535.	65535
DstPortStart	integer	Yes	The start of the destination port range. Valid values: 0 to 65535.	0
DstPortEnd	integer	Yes	The end of the destination port range. Valid values: 0 to 65535.	65535
MinPktLen	integer	Yes	The minimum packet length. Valid values: 1 to 1500.	1
MaxPktLen	integer	Yes	The maximum packet length. Valid values: 1 to 1500.	1500
Offset	integer	No	The offset. Valid values: 0 to 1500.	0
PayloadBytes	string	No	The detection payload. The value is a hexadecimal string.	abcd
MatchAction	string	Yes	The action to take on a packet that matches the fingerprint. Valid values: permit: Allows the traffic that matches the fingerprint. drop: Drops the traffic that matches the fingerprint. ip_rate: Rate-limits the traffic from the source IP address. Set the rate limit using the RateValue parameter. session_rate: Rate-limits the traffic from the source session. Set the rate limit using the RateValue parameter.	drop
RateValue	integer	No	The rate limit. Valid values: 1 to 100000. Note This parameter is required when MatchAction is set to ip_rate or session_rate.	100
SeqNo	integer	Yes	The priority of the rule. The value is an integer. Note A smaller value indicates a higher priority.	1
EnableL4Defense	boolean	No	Specifies whether to enable port-specific mitigation.	true
L4RuleList	array<object>	No	The list of port-specific mitigation rules.
	array<object>	No	The list of port-specific mitigation rules.
Name	string	Yes	The rule name.	test**
Priority	integer	No	The priority of the rule. Valid values: 1 to 100. Note A smaller value indicates a higher priority.	1
Method	string	No	The rule type. Valid values: char: String matching. hex: Hexadecimal matching.	char
Match	string	No	The logical operator. Valid values: 0: Executes the action when a match is found. 1: Executes the action when no match is found.	0
Action	string	No	The action. Valid values: 2: Drop.	2
Limited	integer	No	The minimum number of bytes in a session stream to trigger rule matching. Valid values: 0 to 2048	0
ConditionList	array<object>	No	The list of detection conditions.
	array<object>	No	The list of detection conditions.
Arg	string	No	The detection content. Note If the rule type is char, the value must be an ASCII string. If the rule type is hex, the value must be a hexadecimal string. The maximum length is 2048 characters.	abcd
Position	integer	No	The start position for detection. Valid values: 0 to 2047.	0
Depth	integer	No	The length of the detection window. Valid values: 1 to 2048.	1200
Encode	string	No	The character type. Valid values: str: String. hex: Hexadecimal.	str
Pattern	string	No	The matching pattern. Valid values: contain: Contains. not_contain: Does not contain.	contain
Content	string	No	The content to match. If Encode is set to str, the value must meet the following requirements: The length of Content cannot exceed 1500. The value of End minus Start must be greater than or equal to the length of Content. If Encode is set to hex, the value must meet the following requirements: Content must be a hexadecimal string. The length of Content must be an even number. The length of Content cannot exceed 3000. The value of End minus Start plus 1 must be greater than or equal to half the length of Content.	test**
Offset	object	No	The matching range.
Start	integer	No	The start position. Valid values: 0 to 1499.	0
End	integer	No	The end position. Valid values: 0 to 1499. Note The end position must be greater than or equal to the start position.	1499
PortVersion	string	No	The version of the port-specific mitigation policy. Valid values: Leave empty: Modifies the policy for the default surf Deep Packet Inspection (DPI) engine. 2: Modifies the policy for the new stream DPI engine. Note This parameter is supported only by port-specific mitigation policies.	2

Response elements

Element	Type	Description	Example
	object	The response parameters.
RequestId	string	The ID of the request.	3777EF25-940B-51F4-BB1D-99B5********

Examples

Success response

JSON format

{
  "RequestId": "3777EF25-940B-51F4-BB1D-99B5********"
}

Error codes

See Error Codes for a complete list.

Release notes

See Release Notes for a complete list.