DescribeNetworkRuleAttributes - Anti-DDoS - Alibaba Cloud Documentation Center

Queries the mitigation settings of port forwarding rules for non-website services, including session persistence and DDoS mitigation policies.

Try it now

Try this API in OpenAPI Explorer, no manual signing needed. Successful calls auto-generate SDK code matching your parameters. Download it with built-in credential security for local usage.

Test

RAM authorization

The table below describes the authorization required to call this API. You can define it in a Resource Access Management (RAM) policy. The table's columns are detailed below:

Action: The actions can be used in the Action element of RAM permission policy statements to grant permissions to perform the operation.
API: The API that you can call to perform the action.
Access level: The predefined level of access granted for each API. Valid values: create, list, get, update, and delete.
Resource type: The type of the resource that supports authorization to perform the action. It indicates if the action supports resource-level permission. The specified resource must be compatible with the action. Otherwise, the policy will be ineffective.
- For APIs with resource-level permissions, required resource types are marked with an asterisk (*). Specify the corresponding Alibaba Cloud Resource Name (ARN) in the Resource element of the policy.
- For APIs without resource-level permissions, it is shown as All Resources. Use an asterisk (*) in the Resource element of the policy.
Condition key: The condition keys defined by the service. The key allows for granular control, applying to either actions alone or actions associated with specific resources. In addition to service-specific condition keys, Alibaba Cloud provides a set of common condition keys applicable across all RAM-supported services.
Dependent action: The dependent actions required to run the action. To complete the action, the RAM user or the RAM role must have the permissions to perform all dependent actions.

Action

Access level

Resource type

Condition key

Dependent action

yundun-ddoscoo:DescribeNetworkRuleAttributes

get

*All Resource

*

None

Request parameters

Parameter	Type	Required	Description	Example
NetworkRules	string	Yes	The port forwarding rules to query, expressed as a JSON string with the following structure. InstanceId: String type, required, the Anti-DDoS instance ID. Protocol: String type, required, the forwarding protocol type. Valid values: tcp, udp. FrontendPort: Integer type, required, the redirection port.	[{"InstanceId":"ddoscoo-cn-mp91j1ao****","Protocol":"tcp","FrontendPort":8080}]

Response elements

Element	Type	Description	Example
	object
RequestId	string	The ID of this request.	F9F2F77D-307C-4F15-8D02-AB5957EEBF97
NetworkRuleAttributes	array<object>	The mitigation settings of port forwarding rules for non-website services, including session persistence and DDoS mitigation policies.
	array<object>
FrontendPort	integer	The redirection port.	8080
InstanceId	string	The Anti-DDoS Proxy instance ID.	ddoscoo-cn-mp91j1ao****
Protocol	string	The forwarding protocol. Valid values: tcp udp	tcp
Config	object	The mitigation settings of the port forwarding rule.
NodataConn	string	The status of the empty connection filter. Valid values: on: enabled off: disabled	off
Synproxy	string	The status of the false source filter. Valid values: on: enabled off: disabled	off
PersistenceTimeout	integer	The timeout period for session persistence. Valid values: 30 to 3600, in seconds. Default value: 0, which indicates that session persistence is disabled.	0
Sla	object	The speed limit for destination configuration.
MaxconnEnable	integer	The status of the maximum number of concurrent connections to a destination IP address. Valid values: 0: disabled 1: enabled	0
CpsEnable	integer	The status of the maximum number of new connections to a destination IP address. Valid values: 0: disabled 1: enabled	1
Cps	integer	The maximum number of new connections to a destination IP address. Valid values: 100 to 100000.	100000
Maxconn	integer	The maximum number of concurrent connections to a destination IP address. Valid values: 1000 to 1000000.	1000000
Slimit	object	The source rate limiting configuration.
MaxconnEnable	integer	The status of the maximum number of concurrent connections from a source IP address. Valid values: 0: disabled 1: enabled	0
CpsEnable	integer	The status of the maximum number of new connections from a source IP address. Valid values: 0: disabled 1: enabled	0
Cps	integer	The maximum number of new connections from a source IP address. Valid values: 1 to 500000, in connections.	0
Pps	integer	The source PPS throttling. Valid values: 1 to 100000, in Packet/s. Default value: 0, which indicates that source PPS throttling is disabled.	0
Bps	integer	The source bandwidth throttling. Valid values: 1024 to 268435456, in Byte/s. Default value: 0, which indicates that source bandwidth throttling is disabled.	0
Maxconn	integer	The maximum number of concurrent connections from a source IP address. Valid values: 1 to 500000, in connections.	0
CpsMode	integer	The mode of the maximum number of new connections from a source IP address. Valid values: 1: manual 2: automatic	1
PayloadLen	object	The packet length limit configuration.
Min	integer	The minimum packet length. Valid values: 0 to 6000, in bytes.	0
Max	integer	The maximum packet length. Valid values: 0 to 6000, in bytes.	6000
Cc	object	The policy for controlling frequent source connections that exceed limits.
Sblack	array<object>	The policy for adding source IP addresses to the blacklist when source connections repeatedly exceed limits.
	object
Type	integer	The type of source IP blacklist configuration. Valid values: 1: source new connection throttling IP blacklist 2: source concurrent connection throttling IP blacklist 3: source PPS throttling IP blacklist 4: source bandwidth throttling IP blacklist	1
During	integer	The health check interval. The value is fixed at 60, in seconds.	60
Expires	integer	The validity period of the blacklist. Valid values: 60 to 604800, in seconds.	600
Cnt	integer	The number of times that source connections exceed the limit. The value is fixed at 5, which indicates that if source connections exceed the limit 5 times within the health check interval, the source IP address is added to the blacklist.	5

Examples

Success response

JSON format

{
  "RequestId": "F9F2F77D-307C-4F15-8D02-AB5957EEBF97",
  "NetworkRuleAttributes": [
    {
      "FrontendPort": 8080,
      "InstanceId": "ddoscoo-cn-mp91j1ao****",
      "Protocol": "tcp",
      "Config": {
        "NodataConn": "off",
        "Synproxy": "off",
        "PersistenceTimeout": 0,
        "Sla": {
          "MaxconnEnable": 0,
          "CpsEnable": 1,
          "Cps": 100000,
          "Maxconn": 1000000
        },
        "Slimit": {
          "MaxconnEnable": 0,
          "CpsEnable": 0,
          "Cps": 0,
          "Pps": 0,
          "Bps": 0,
          "Maxconn": 0,
          "CpsMode": 1
        },
        "PayloadLen": {
          "Min": 0,
          "Max": 6000
        },
        "Cc": {
          "Sblack": [
            {
              "Type": 1,
              "During": 60,
              "Expires": 600,
              "Cnt": 5
            }
          ]
        }
      }
    }
  ]
}

Error codes

See Error Codes for a complete list.

Release notes

See Release Notes for a complete list.