DescribeDnsFirewallPolicy - Cloud Firewall - Alibaba Cloud Documentation Center

Queries the list of access control lists (ACLs) for the DNS firewall.

Try it now

Try this API in OpenAPI Explorer, no manual signing needed. Successful calls auto-generate SDK code matching your parameters. Download it with built-in credential security for local usage.

Test

RAM authorization

No authorization for this operation. If you encounter issues with this operation, contact technical support.

Request parameters

Parameter	Type	Required	Description	Example
SourceIp	string	No	The source IP address of the visitor.	140.205.118.XXX
Lang	string	No	The language of the request and response. Valid values: zhen	zh
Lang	string	No	The language of the request and response. Valid values: zhen	zh
CurrentPage	string	Yes	The number of the page to return. Default value: 1.	1
PageSize	string	Yes	The number of entries to return on each page.	10
Source	string	No	The source address in the access control policy for the DNS firewall. Fuzzy match is supported. Note The source can be a CIDR block or the name of an address book.	192.0.XX.XX/24
Destination	string	No	The destination address in the access control policy for the DNS firewall. Fuzzy match is supported. Note The destination can be a CIDR block, a domain name, or the name of an address book.	10.2.XX.XX/24
Description	string	No	The description of the DNS firewall policy.	test
AclAction	string	No	The action that is performed on traffic that hits the access control policy for the DNS firewall. Valid values: accept: Allow drop: Deny log: Monitor Note If you do not specify this parameter, policies with all action types are queried.	accept
Release	string	No	The status of the access control policy. By default, a policy is enabled after it is created. Valid values: true: The access control policy is enabled. false: The access control policy is disabled.	true
AclUuid	string	No	The unique ID of the firewall rule.	b6c8f905-2eb6-442a-ba35-9416e****
IpVersion	string	No	The IP version. Valid values: 4: IPv4 6: IPv6	4

Response elements

Element	Type	Description	Example
	object
PageNo	string	The page number.	1
PageSize	string	The number of entries per page.	10
RequestId	string	The request ID.	0A4ACDE9-9F9F-56C1-B3B7-60971BA1****
TotalCount	string	The total number of entries.	10
Policys	array<object>	The details of the access control policies for the DNS firewall.
	object	The details of the access control policy for the DNS firewall.
Direction	string	The direction of traffic to which the access control policy applies. Valid values: in: inbound out: outbound	in
DestinationGroupType	string	The type of the destination address book in the access control policy. Valid values: ip: an IP address book, which contains one or more CIDR blocks. domain: a domain name address book, which contains one or more domain names.	ip
HitLastTime	integer	The time when the policy was last hit. The value is a UNIX timestamp. Unit: seconds.	1579261141
Destination	string	The destination address in the access control policy for the DNS firewall. If DestinationType is set to `net`, the value of this parameter is a destination CIDR block. If DestinationType is set to `domain`, the value of this parameter is a destination domain name. If DestinationType is set to `group`, the value of this parameter is the name of a destination address book.	x.x.x.x/32
SourceType	string	The type of the source address in the access control policy for the DNS firewall. Valid values: net: a source CIDR block group: a source address book	net
AclUuid	string	The unique ID of the access control policy.	01281255-d220-4db1-8f4f-c4df221a****
Priority	integer	The priority of the access control policy. A smaller value indicates a higher priority.	110
Source	string	The source address in the access control policy. If SourceType is set to `net`, the value of this parameter is a CIDR block. Example: 192.0.XX.XX/24. If SourceType is set to `group`, the value of this parameter is the name of a source address book. Example: db_group. If SourceType is set to `location`, the value of this parameter is a location. For more information about location codes, see AddControlPolicy. Example: ["BJ11", "ZB"].	192.0.XX.XX/24
DestinationType	string	The type of the destination address in the access control policy. Valid values: net: destination CIDR block group: destination address book domain: destination domain name location: destination region	net
HitTimes	integer	The number of hits on the access control policy.	100
IpVersion	integer	The IP version. Valid values: 4: IPv4 6: IPv6	6
Description	string	The description of the access control policy for the DNS firewall.	test
SourceGroupType	string	The type of the source address book in the access control policy. Valid values: ip: an IP address book, which contains one or more CIDR blocks. tag: an ECS tag address book, which contains the IP addresses of one or more ECSs that have a specific tag. domain: a domain name address book, which contains one or more domain names. threat: a threat intelligence address book, which contains one or more malicious IP addresses or domain names. backsrc: a back-to-origin address book, which contains the back-to-origin IP addresses of one or more Anti-DDoS or WAF instances.	ip
AclAction	string	The action that is performed on traffic that hits the access control policy. Valid values: accept: Allow drop: Deny log: Monitor	accept
Release	string	The status of the access control policy. By default, a policy is enabled after it is created. Valid values: true: The access control policy is enabled. false: The access control policy is disabled.	true
DestinationAddrs	array	The destination addresses in the address book.
	string	A destination address in the address book.	192.0.XX.XX/24
SourceAddrs	array	The source addresses.
	string	A source address.	10.2.XX.XX/24

Examples

Success response

JSON format

{
  "PageNo": "1",
  "PageSize": "10",
  "RequestId": "0A4ACDE9-9F9F-56C1-B3B7-60971BA1****",
  "TotalCount": "10",
  "Policys": [
    {
      "Direction": "in",
      "DestinationGroupType": "ip",
      "HitLastTime": 1579261141,
      "Destination": "x.x.x.x/32",
      "SourceType": "net",
      "AclUuid": "01281255-d220-4db1-8f4f-c4df221a****",
      "Priority": 110,
      "Source": "192.0.XX.XX/24",
      "DestinationType": "net",
      "HitTimes": 100,
      "IpVersion": 6,
      "Description": "test",
      "SourceGroupType": "ip",
      "AclAction": "accept",
      "Release": "true",
      "DestinationAddrs": [
        "192.0.XX.XX/24\n"
      ],
      "SourceAddrs": [
        "10.2.XX.XX/24\n"
      ]
    }
  ]
}

Error codes

HTTP status code	Error code	Error message	Description
400	ErrorParametersUid	The aliUid parameter is invalid.	The aliUid parameter is invalid.
400	ErrorDBSelect	An error occurred while querying database.	An error occurred while querying database.
400	ErrorParameterIpVersion	The IP version is invalid.	The IP version is invalid.
400	ErrorParametersSource	The source is invalid.	The source is invalid.
400	ErrorParametersAction	The action is invalid.	The action is invalid.
400	ErrorParametersNewOrder	The newOrder is invalid.	The newOrder is invalid.
400	ErrorParametersPageSizeOrNo	Either pageSize or pageNo is invalid.	Either pageSize or pageNo is invalid.
400	ErrorMarshalJSON	An error occurred while encoding JSON.	An error occurred while encoding JSON.
400	ErrorParametersDestination	The Destination parameter is invalid.	The Destination parameter is invalid.

See Error Codes for a complete list.

Release notes

See Release Notes for a complete list.