ModifyPolicyContent - Anti-DDoS - Alibaba Cloud Documentation Center

Modifies the content of the mitigation policy.

Operation description

Make sure that all request parameters are configured when you call this operation. If any parameter is left empty, the configuration is deleted.

Debugging

You can run this interface directly in OpenAPI Explorer, saving you the trouble of calculating signatures. After running successfully, OpenAPI Explorer can automatically generate SDK code samples.

Debug

Authorization information

The following table shows the authorization information corresponding to the API. The authorization information can be used in the Action policy element to grant a RAM user or RAM role the permissions to call this API operation. Description:

Operation: the value that you can use in the Action element to specify the operation on a resource.
Access level: the access level of each operation. The levels are read, write, and list.
Resource type: the type of the resource on which you can authorize the RAM user or the RAM role to perform the operation. Take note of the following items:
- The required resource types are displayed in bold characters.
- If the permissions cannot be granted at the resource level, All Resources is used in the Resource type column of the operation.
Condition Key: the condition key that is defined by the cloud service.
Associated operation: other operations that the RAM user or the RAM role must have permissions to perform to complete the operation. To complete the operation, the RAM user or the RAM role must have the permissions to perform the associated operations.

Operation	Access level	Resource type	Condition key	Associated operation
yundun-antiddosbag:ModifyPolicyContent	update	*Policy `acs:yundun-antiddosbag:{#regionId}:{#accountId}:policy/{#PolicyId}`	none	none

Request parameters

Parameter	Type	Required	Description	Example
Id	string	Yes	The ID of the policy.	83967609-7ea5-4f6d-a6ea-380b09e****
Name	string	No	The name of the policy.	demo**
Content	object	No	The policy content.
BlackIpListExpireAt	long	No	The validity period of the IP address blacklist. The value is a UNIX timestamp.	1716878000
EnableIntelligence	boolean	No	Specifies whether to enable intelligent protection.	true
IntelligenceLevel	string	No	The level of intelligent protection. Valid values: default: normal. hard: strict. weak: loose.	default
WhitenGfbrNets	boolean	No	Specifies whether to add back-to-origin CIDR blocks of Anti-DDoS Proxy to the whitelist.	false
EnableDropIcmp	boolean	No	Specifies whether to enable ICMP blocking.	true
RegionBlockCountryList	array	No	The countries in the location blacklist.
	integer	No	The code of the country in the location blacklist.	11
RegionBlockProvinceList	array	No	The provinces in the location blacklist.
	integer	No	The code of the province in the location blacklist.	2
SourceLimit	object	No	The settings for source rate limiting.
Pps	integer	No	The packets per second (pps) limit on source IP addresses.	64
Bps	integer	No	The bandwidth limit on source IP addresses. Unit: bytes per second.	2048
SynPps	integer	No	The pps limit on source SYN packets.	64
SynBps	integer	No	The bandwidth limit on source SYN packets. Unit: bytes per second.	2048
SourceBlockList	array<object>	No	The source IP addresses that are added to the blacklist.
	object	No	The source IP address that is added to the blacklist.
Type	integer	Yes	The type of the source rate limit. Valid values: 3: the pps limit on source IP addresses. 4: the bandwidth limit on source IP addresses. 5: the pps limit on source SYN packets. 6: the bandwidth limit on source SYN packets.	3
BlockExpireSeconds	integer	Yes	The validity period of the blacklist to which the source IP address is added. Unit: seconds.	120
EverySeconds	integer	Yes	The statistical period during which the system collects data on source IP addresses to determine whether to add the source IP addresses to the blacklist. Unit: seconds.	60
ExceedLimitTimes	integer	Yes	The number of times that the source IP address exceeds a limit in a statistical period.	5
ReflectBlockUdpPortList	array	No	The ports whose traffic is filtered out by the filtering policies for UDP reflection attacks.
	integer	No	The port whose traffic is filtered out by the filtering policies for UDP reflection attacks. Note Only UDP ports are supported.	123
PortRuleList	array<object>	No	The port blocking rules.
	object	No	The port blocking rule.
Id	string	No	The ID of the rule.	412a7312-58ff-4e32-a202-0ab0*******
Protocol	string	Yes	The protocol type. Valid values: tcp udp	tcp
SrcPortStart	integer	Yes	The start of the source port range. Valid values: 0 to 65535.	0
SrcPortEnd	integer	Yes	The end of the source port range. Valid values: 0 to 65535.	65535
DstPortStart	integer	Yes	The start of the destination port range. Valid values: 0 to 65535.	0
DstPortEnd	integer	Yes	The end of the destination port range. Valid values: 0 to 65535.	65535
MatchAction	string	Yes	The action triggered if the rule is matched. Valid values: drop: The traffic is discarded.	drop
SeqNo	integer	Yes	The sequence number that indicates the order for the rule to take effect. The value is an integer. Note A smaller number indicates a higher priority.	1
FingerPrintRuleList	array<object>	No	The byte-match filter rules.
	object	No	The byte-match filter rule.
Id	string	No	The ID of the rule.	83967609-7ea5-4f6d-a6ea-380b09e****
Protocol	string	Yes	The protocol type. Valid values: tcp udp	tcp
SrcPortStart	integer	Yes	The start of the source port range. Valid values: 0 to 65535.	0
SrcPortEnd	integer	Yes	The end of the source port range. Valid values: 0 to 65535.	65535
DstPortStart	integer	Yes	The start of the destination port range. Valid values: 0 to 65535.	0
DstPortEnd	integer	Yes	The end of the destination port range. Valid values: 0 to 65535.	65535
MinPktLen	integer	Yes	The minimum packet length. Valid values: 1 to 1500.	1
MaxPktLen	integer	Yes	The maximum packet length. Valid values: 1 to 1500.	1500
Offset	integer	No	The offset. Valid values: 0 to 1500.	0
PayloadBytes	string	No	The payload. The value is a hexadecimal string.	abcd
MatchAction	string	Yes	The action triggered if the rule is matched. Valid values: permit: allows the traffic that matches the conditions in the byte-match filter rule. drop: discards the traffic that matches the conditions in the byte-match filter rule. ip_rate: limits rates on the source IP address whose traffic matches the conditions in the byte-match filter rule. The rate limit is specified by RateValue. session_rate: limits the number of sessions from the source IP address whose traffic matches the conditions in the byte-match filter rule. The rate limit is specified by RateValue.	drop
RateValue	integer	No	The rate limit. Valid values: 1 to 100000. Note This parameter is required when MatchAction is set to ip_rate or session_rate.	100
SeqNo	integer	Yes	The sequence number that indicates the order for the rule to take effect. The value is an integer. Note A smaller number indicates a higher priority.	1
EnableL4Defense	boolean	No	Specifies whether to enable port-specific mitigation.	true
L4RuleList	array<object>	No	The port-specific mitigation rules.
	object	No	The port-specific mitigation rule.
Name	string	Yes	The name of the rule.	test**
Priority	integer	Yes	The priority of the rule. Valid values: 1 to 100. Note A smaller value indicates a higher priority.	1
Method	string	Yes	The type of the rule. Valid values: char: string match. hex: hexadecimal string match.	char
Match	string	Yes	The condition based on which an action is performed. Valid values: 0: If the rule is matched, the action specified in the rule is performed. 1: If the rule is not matched, the action specified in the rule is performed.	0
Action	string	Yes	The action that is specified in the rule. Valid value: 2: The traffic is discarded.	2
Limited	integer	Yes	The minimum number of bytes in a session to trigger matching. Valid values: 0 to 2048.	0
ConditionList	array<object>	Yes	The match conditions.
conditionList	object	No	The match condition.
Arg	string	Yes	The term that is used for matching. Note If Method is set to char, the value of this parameter must be ASCII strings. If Method is set to hex, the value of this parameter must be hexadecimal strings. Maximum length: 2,048.	abcd
Position	integer	Yes	The start position for matching. Valid values: 0 to 2047.	0
Depth	integer	Yes	The number of bytes from the start position for matching. Valid values: 1 to 2048.	1200

Response parameters

Parameter	Type	Description	Example
	object	The response parameters.
RequestId	string	The request ID.	3777EF25-940B-51F4-BB1D-99B5********

Examples

Sample success responses

JSONformat

{
  "RequestId": "3777EF25-940B-51F4-BB1D-99B5********"
}

Error codes

For a list of error codes, visit the Service error codes.