ModifyWebPreciseAccessRule

Updated at:
Copy as MD

Creates or edits a precise access control rule for a website.

Try it now

Try this API in OpenAPI Explorer, no manual signing needed. Successful calls auto-generate SDK code matching your parameters. Download it with built-in credential security for local usage.

Test

RAM authorization

The table below describes the authorization required to call this API. You can define it in a Resource Access Management (RAM) policy. The table's columns are detailed below:

  • Action: The actions can be used in the Action element of RAM permission policy statements to grant permissions to perform the operation.

  • API: The API that you can call to perform the action.

  • Access level: The predefined level of access granted for each API. Valid values: create, list, get, update, and delete.

  • Resource type: The type of the resource that supports authorization to perform the action. It indicates if the action supports resource-level permission. The specified resource must be compatible with the action. Otherwise, the policy will be ineffective.

    • For APIs with resource-level permissions, required resource types are marked with an asterisk (*). Specify the corresponding Alibaba Cloud Resource Name (ARN) in the Resource element of the policy.

    • For APIs without resource-level permissions, it is shown as All Resources. Use an asterisk (*) in the Resource element of the policy.

  • Condition key: The condition keys defined by the service. The key allows for granular control, applying to either actions alone or actions associated with specific resources. In addition to service-specific condition keys, Alibaba Cloud provides a set of common condition keys applicable across all RAM-supported services.

  • Dependent action: The dependent actions required to run the action. To complete the action, the RAM user or the RAM role must have the permissions to perform all dependent actions.

Action

Access level

Resource type

Condition key

Dependent action

yundun-ddoscoo:ModifyWebPreciseAccessRule

update

*All Resource

*

None None

Request parameters

Parameter

Type

Required

Description

Example

ResourceGroupId

string

No

The ID of the resource group to which the Anti-DDoS Pro instance belongs. If you do not specify this parameter, the instance belongs to the default resource group.

rg-acfm2pz25js****

Domain

string

Yes

The domain of the website.

Note

You must configure a forwarding rule for the domain. You can call the DescribeDomains operation to query all domains.

example.aliyundoc.com

Rules

string

Yes

The configuration of the precise access control rule, specified as a JSON-formatted string. The string has the following structure:

  • action: String. Required. The action to perform on matching requests. Valid values:

    • accept: Allows the request.

    • block: Blocks the request.

    • challenge: Initiates a challenge to verify the request.

    • watch: Monitors the request.

  • name: String. Required. The name of the rule.

  • condition: Map. Required. The match conditions. The structure is as follows:

    Note

    If you specify multiple match conditions, they are evaluated with a logical AND.

    • field: String. Required. The match field.

    • match_method: String. Required. The match method.

      Note

      For information about the valid values for field and match_method, see the "Additional information about request parameters" section.

    • content: String. The value to match. You can specify either this parameter or content_list.

    • content_list: String. A list of values to match. You can specify either this parameter or content.

    Note

    For information about the valid values for match_method and content/content_list, see the "Additional information about request parameters" section.

  • header_name: String. Optional. The name of the request header. This parameter applies only when field is set to header.

  • case_insensitive: Boolean. Optional. The default value is false. Valid values:

    • false: case-sensitive

    • true: case-insensitive

[{"action":"block","name":"testrule","condition":[{"field":"uri","match_method":"contain","content":"/test/123"}]}]

Expires

integer

No

The validity period of the rule, in seconds. This parameter applies only when action is set to block. Requests that match the rule are blocked for the specified duration. If you do not specify this parameter, the rule is permanently effective.

600

Field and match method

Match fieldDescriptionMatch method
ipThe source IP address of the request.belong: Belongs to
nbelong: Does not belong to
ipinlist: In list
ipninlist: Not in list







uriThe URI of the request.contain: Contains
ncontain: Does not contain
equal: Equals
nequal: Does not equal
lless: Length is less than
lequal: Length equals
lgreat: Length is greater than
prefix: Matches prefix
inlist: Equals one of multiple values
ninlist: Does not equal any of multiple values



























refererThe referer of the request. This indicates the webpage from which the request is initiated.contain: Contains
ncontain: Does not contain
equal: Equals
nequal: Does not equal
lless: Length is less than
lequal: Length equals
lgreat: Length is greater than
nexist: Does not exist
inlist: Equals one of multiple values
ninlist: Does not equal any of multiple values



























user-agentThe user agent of the client that initiated the request. This includes information such as the browser identity, rendering engine, and version.contain: Contains
ncontain: Does not contain
equal: Equals
nequal: Does not equal
lless: Length is less than
lequal: Length equals
lgreat: Length is greater than

inlist: Equals one of multiple values
ninlist: Does not equal any of multiple values



























paramsThe parameters in the request URL, which typically refer to the part after the question mark (?). For example, in demo.aliyundoc.com/index.html?action=login, action=login is the parameter part.contain: Contains
ncontain: Does not contain
equal: Equals
nequal: Does not equal
lless: Length is less than
lequal: Length equals
lgreat: Length is greater than
inlist: Equals one of multiple values
ninlist: Does not equal any of multiple values
























cookieThe cookie information in the request.contain: Contains
ncontain: Does not contain
equal: Equals
nequal: Does not equal
lless: Length is less than
lequal: Length equals
lgreat: Length is greater than
nexist: Does not exist
inlist: Equals one of multiple values
ninlist: Does not equal any of multiple values



























content-typeThe HTTP content type (MIME type) specified in the request.contain: Contains
ncontain: Does not contain
equal: Equals
nequal: Does not equal
lless: Length is less than
lequal: Length equals
lgreat: Length is greater than
inlist: Equals one of multiple values
ninlist: Does not equal any of multiple values
























x-forwarded-forThe original IP address of the client. X-Forwarded-For (XFF) is an HTTP request header used to identify the originating IP address of a client connecting to a web server through an HTTP proxy or a load balancer. This field is included only in requests forwarded by an HTTP proxy or a load balancer.contain: Contains
ncontain: Does not contain
equal: Equals
nequal: Does not equal
lless: Length is less than
lequal: Length equals
lgreat: Length is greater than
nexist: Does not exist
inlist: Equals one of multiple values
ninlist: Does not equal any of multiple values



























content-lengthThe size of the request body in bytes.vless: Value is less than
vequal: Value equals
vgreat: Value is greater than




post-bodyThe request body.contain: Contains
ncontain: Does not contain
equal: Equals
nequal: Does not equal

inlist: Equals one of multiple values
ninlist: Does not equal any of multiple values


















http-methodThe HTTP method, such as GET or POST.equal: Equals
nequal: Does not equal
inlist: Equals one of multiple values
ninlist: Does not equal any of multiple values









headerThe request header. This is used for custom HTTP header fields.contain: Contains
ncontain: Does not contain
equal: Equals
nequal: Does not equal
lless: Length is less than
lequal: Length equals
lgreat: Length is greater than
nexist: Does not exist
inlist: Equals one of multiple values
ninlist: Does not equal any of multiple values



























ja3-fingerprintThe JA3 fingerprint.equal: Equals
nequal: Does not equal
inlist: Equals one of multiple values
ninlist: Does not equal any of multiple values









ja4-fingerprintThe JA4 fingerprint.equal: Equals
nequal: Does not equal
inlist: Equals one of multiple values
ninlist: Does not equal any of multiple values









tls-fingerprintThe client TLS fingerprint.equal: Equals
nequal: Does not equal
inlist: Equals one of multiple values
ninlist: Does not equal any of multiple values









http2-fingerprintThe HTTP/2.0 fingerprint.equal: Equals
nequal: Does not equal
inlist: Equals one of multiple values
ninlist: Does not equal any of multiple values









schemeThe HTTP or HTTPS scheme.equal: Equals
nequal: Does not equal



protocolThe HTTP version.equal: Equals
nequal: Does not equal
inlist: Equals one of multiple values
ninlist: Does not equal any of multiple values









Match method and content

Match methodDescriptionMatch content
inlistEquals one of multiple values.content_list: A list of values to match
ninlistDoes not equal any of multiple values.content_list: A list of values to match
equalEquals.content: The value to match
nequalDoes not equal.content: The value to match
containContains.content: The value to match
ncontainDoes not contain.content: The value to match
llessLength is less than.content: The value to match
lequalLength equals.content: The value to match
lgreatLength is greater than.content: The value to match

Response elements

Element

Type

Description

Example

object

The response object.

RequestId

string

The unique ID of the request. You can use this ID to locate and troubleshoot issues.

F908E959-ADA8-4D7B-8A05-FF2F67F50964

Examples

Success response

JSON format

{
  "RequestId": "F908E959-ADA8-4D7B-8A05-FF2F67F50964"
}

Error codes

See Error Codes for a complete list.

Release notes

See Release Notes for a complete list.