DescribeWebPreciseAccessRule - Anti-DDoS - Alibaba Cloud Documentation Center

Queries the precise access control rules configured for a website.

Try it now

Try this API in OpenAPI Explorer, no manual signing needed. Successful calls auto-generate SDK code matching your parameters. Download it with built-in credential security for local usage.

Test

RAM authorization

The table below describes the authorization required to call this API. You can define it in a Resource Access Management (RAM) policy. The table's columns are detailed below:

Action: The actions can be used in the Action element of RAM permission policy statements to grant permissions to perform the operation.
API: The API that you can call to perform the action.
Access level: The predefined level of access granted for each API. Valid values: create, list, get, update, and delete.
Resource type: The type of the resource that supports authorization to perform the action. It indicates if the action supports resource-level permission. The specified resource must be compatible with the action. Otherwise, the policy will be ineffective.
- For APIs with resource-level permissions, required resource types are marked with an asterisk (*). Specify the corresponding Alibaba Cloud Resource Name (ARN) in the Resource element of the policy.
- For APIs without resource-level permissions, it is shown as All Resources. Use an asterisk (*) in the Resource element of the policy.
Condition key: The condition keys defined by the service. The key allows for granular control, applying to either actions alone or actions associated with specific resources. In addition to service-specific condition keys, Alibaba Cloud provides a set of common condition keys applicable across all RAM-supported services.
Dependent action: The dependent actions required to run the action. To complete the action, the RAM user or the RAM role must have the permissions to perform all dependent actions.

Action

Access level

Resource type

Condition key

Dependent action

yundun-ddoscoo:DescribeWebPreciseAccessRule

get

*All Resource

*

None

Request parameters

Parameter	Type	Required	Description	Example
ResourceGroupId	string	No	The ID of the resource group to which the Anti-DDoS Pro instance belongs in Resource Management. This parameter is empty by default, which indicates that the instance belongs to the default resource group.	default
Domains	array	Yes	The domain name of the website. Note A forwarding rule must be configured for the domain name. You can call DescribeDomains to query all domain names.	www.aliyun.com
	string	No	The domain name of the website.	www.test****.com
Owner	string	No	The source of the rule. Valid values: manual (default): The rule is manually created. clover: The rule is automatically generated.	manual

Response elements

Element	Type	Description	Example
	object
RequestId	string	The ID of the request.	209EEFBF-B0C7-441E-8C28-D0945A57A638
PreciseAccessConfigList	array<object>	The precise access control rules for the website.
	array<object>
Domain	string	The domain name of the website.	www.aliyun.com
RuleList	array<object>	The list of rules.
	array<object>
Action	string	The action that is performed on requests that match the rule. Valid values: accept: allows the requests. block: blocks the requests. challenge: triggers a JavaScript Challenge for the requests.	accept
Owner	string	The source of the rule. Valid values: manual (default): The rule is manually created. clover: The rule is automatically generated.	manual
ExpirePeriod	integer	The validity period of the rule. This value is a UNIX timestamp. Unit: seconds.	1598889600
Name	string	The name of the rule.	testrule
ConditionList	array<object>	The list of match conditions.
	object
MatchMethod	string	The logical operator.	belong
Field	string	The match field.	ip
Content	string	The match content.	1.1.1.1
HeaderName	string	The name of the custom HTTP header field. Note This parameter is required only when Field is set to header.	null
ContentList	array	The match conditions of the rule. The value is a JSON string. The value contains the following fields: Note If you specify multiple match conditions, the logical relation between these conditions is AND. field: The match field. This parameter is of the string type. match_method: The match method. This parameter is of the string type. Note For more information about the valid values of field and match_method, see the "Additional information about field and match_method" section in this topic. content: The match content. This parameter is of the string type. header_name: The name of the header field. This parameter is of the string type. This parameter is required only when field is set to header.
	string	The match condition.	{"field":"uri","match_method":"contain","content":"/test/123"}
Expires	integer	The validity period of the rule. Unit: seconds. This parameter is required only when the action of the rule is block. Requests that match the rule are blocked within the validity period. A value of 0 indicates that the rule is permanently valid.	0

Additional information about field and match_method

Match field (field)	Description	Applicable logical operator (match_method)
ip	The source IP address of the request.	belong: belongs to nbelong: does not belong to
uri	The URI of the request.	contain: contains ncontain: does not contain equal: equals nequal: does not equal lless: length is less than lequal: length equals lgreat: length is greater than regular: matches a regular expression
referer	The Referer header of the request, which indicates the source from which the request is redirected.	contain: contains ncontain: does not contain equal: equals nequal: does not equal lless: length is less than lequal: length equals lgreat: length is greater than nexist: does not exist regular: matches a regular expression
user-agent	The User-Agent header of the request, which includes information such as the browser identifier, rendering engine, and version.	contain: contains ncontain: does not contain equal: equals nequal: does not equal lless: length is less than lequal: length equals lgreat: length is greater than regular: matches a regular expression
params	The parameters in the URL of the request. This refers to the part of the URL that follows the question mark (?). For example, in `demo.aliyundoc.com/index.html?action=login`, `action=login` is the parameter part.	contain: contains ncontain: does not contain equal: equals nequal: does not equal lless: length is less than lequal: length equals lgreat: length is greater than
cookie	The Cookie header of the request.	contain: contains ncontain: does not contain equal: equals nequal: does not equal lless: length is less than lequal: length equals lgreat: length is greater than nexist: does not exist
content-type	The Content-Type header of the request, which specifies the Multipurpose Internet Mail Extensions (MIME) type of the HTTP content.	contain: contains ncontain: does not contain equal: equals nequal: does not equal lless: length is less than lequal: length equals lgreat: length is greater than
x-forwarded-for	The real IP address of the client that initiated the request. The X-Forwarded-For (XFF) header field is used to identify the original IP address of a client that connects to a web server through an HTTP proxy or a Server Load Balancer (SLB) instance. This header is included only in requests that are forwarded by an HTTP proxy or an SLB instance.	contain: contains ncontain: does not contain equal: equals nequal: does not equal lless: length is less than lequal: length equals lgreat: length is greater than nexist: does not exist regular: matches a regular expression
content-length	The number of bytes in the request body.	vless: value is less than vequal: value equals vgreat: value is greater than
post-body	The content of the request body.	contain: contains ncontain: does not contain equal: equals nequal: does not equal regular: matches a regular expression
http-method	The HTTP method of the request, such as GET or POST.	equal: equals nequal: does not equal
header	The header of the request. You can specify a custom HTTP header field.	contain: contains ncontain: does not contain equal: equals nequal: does not equal lless: length is less than lequal: length equals lgreat: length is greater than nexist: does not exist

Examples

Success response

JSON format

{
  "RequestId": "209EEFBF-B0C7-441E-8C28-D0945A57A638",
  "PreciseAccessConfigList": [
    {
      "Domain": "www.aliyun.com",
      "RuleList": [
        {
          "Action": "accept",
          "Owner": "manual",
          "ExpirePeriod": 1598889600,
          "Name": "testrule",
          "ConditionList": [
            {
              "MatchMethod": "belong",
              "Field": "ip",
              "Content": "1.1.1.1",
              "HeaderName": "null",
              "ContentList": [
                "{\"field\":\"uri\",\"match_method\":\"contain\",\"content\":\"/test/123\"}"
              ]
            }
          ],
          "Expires": 0
        }
      ]
    }
  ]
}

Error codes

See Error Codes for a complete list.

Release notes

See Release Notes for a complete list.