All Products
Search
Document Center

Cloud Firewall:DescribeIPSRules

Last Updated:May 13, 2026

Query IPS rules

Try it now

Try this API in OpenAPI Explorer, no manual signing needed. Successful calls auto-generate SDK code matching your parameters. Download it with built-in credential security for local usage.

Test

RAM authorization

No authorization for this operation. If you encounter issues with this operation, contact technical support.

Request parameters

Parameter

Type

Required

Description

Example

SourceIp

string

No

The source IP address of the request.

8.139.222.XXX

Lang

string

No

The language of the request and response.

Valid values:

  • en :

    English

  • zh :

    Chinese

zh

Lang

string

No

The language of the request and response.

Valid values:

  • en :

    English

  • zh :

    Chinese

zh

RuleType

string

Yes

The rule type.

Valid values:

  • patchRule :

    Patch rule

  • basicRule :

    Basic rule

patchRule

PageNo

integer

Yes

The page number.

1

PageSize

integer

Yes

The number of entries per page.

10

QueryModify

string

No

Indicates whether to retrieve only modified rules.

true

RuleLevel

integer

No

The rule level.

Valid values:

  • 1 :

    Strict

  • 2 :

    Medium

  • 3 :

    Low

1

AttackType

string

No

The attack type.

web攻击

AttackApp

string

No

The application targeted by the attack.

SMB

RuleAction

string

No

The rule action.

Valid values:

  • drop :

    Block

  • alert :

    Monitor

alert

RuleId

string

No

The rule ID.

f835533b-01ef-49f4-b172-85bbfd0e****

RuleName

string

No

The rule name.

Nmap扫描探测

Cve

string

No

The CVE ID.

CVE-2026-25253

RuleClass

string

No

The inspection mode.

Valid values:

  • alert :

    Monitor

  • dropMiddle :

    Block (Medium)

  • dropStrict :

    Block (Strict)

  • dropLoose :

    Block (Loose, Medium, and Strict)

dropStrict

DefaultAction

string

No

The status of the rule.

Valid values:

  • 0 :

    Disabled

  • 1 :

    Enabled

1

Sort

string

No

The field to sort by.

UpdateTime

Order

string

No

The sort order.

Valid values:

  • asc :

    Ascending

  • desc :

    Descending

desc

FirewallType

string

No

The type of firewall.

Valid values:

  • VpcFirewall :

    VPC firewall

  • InternetFirewall :

    internet firewall

VpcFirewall

VpcFirewallId

string

No

The instance ID of the VPC firewall.

cen-rnbkqx4a8er21a****

AttackApps

array

No

The applications targeted by attacks.

string

No

A targeted application.

SSH

AttackAppCategory

array

No

The categories of applications targeted by attacks.

string

No

An application category.

AI Component

Response elements

Element

Type

Description

Example

object

PageNo

integer

The page number.

1

PageSize

integer

The page size.

10

RequestId

string

The request ID.

6DF55258-1448-5386-B263-4771D081****

TotalCount

integer

The total number of entries.

20

Rules

array<object>

The list of rules.

object

The details of the rule.

CurrentMode

string

The current action.

alert

UpdateTime

integer

The UNIX timestamp for when the rule was last updated.

1775101028

AttackType

string

The attack type.

异常连接

RuleLevel

integer

The rule level.

Valid values:

  • 1 :

    Strict

  • 2 :

    Medium

  • 3 :

    Low

1

RuleId

string

The rule ID.

f532f59d-2026-436b-8209-e04d8ebc2****

RuleName

string

The rule name.

Nmap扫描探测

DefaultMode

string

The default action.

Valid values:

  • drpo :

    drop

  • alert :

    alert

alert

Description

string

A description of the rule.

test

RuleClass

integer

The engine mode.

This parameter takes effect only when DefaultMode is set to drop.

Valid values:

  • 1 :

    drop - Loose/Medium/Strict

  • 2 :

    drop - Loose/Medium

  • 3 :

    drop - Strict

1

Cve

string

The CVE ID.

cve-2024-38816

AttackApp

string

The target application.

SMB

RuleUuid

string

The rule UUID.

d401b0cb-dc64-4bbe-bba0-3e7c744****

UserDefined

string

Specifies whether the rule is user-defined.

1

UserStatus

integer

The user-defined status of the rule.

1

OpenCount

integer

The total number of enabled rules.

1752

HighRiskCount

integer

The number of high-risk rules.

518

DropCount

integer

The number of rules that have the drop action.

976

UserDefineCount

integer

The total number of user-defined rules.

32

Examples

Success response

JSON format

{
  "PageNo": 1,
  "PageSize": 10,
  "RequestId": "6DF55258-1448-5386-B263-4771D081****",
  "TotalCount": 20,
  "Rules": [
    {
      "CurrentMode": "alert",
      "UpdateTime": 1775101028,
      "AttackType": "异常连接",
      "RuleLevel": 1,
      "RuleId": "f532f59d-2026-436b-8209-e04d8ebc2****",
      "RuleName": "Nmap扫描探测",
      "DefaultMode": "alert",
      "Description": "test",
      "RuleClass": 1,
      "Cve": "cve-2024-38816",
      "AttackApp": "SMB",
      "RuleUuid": "d401b0cb-dc64-4bbe-bba0-3e7c744****",
      "UserDefined": "1",
      "UserStatus": 1
    }
  ],
  "OpenCount": 1752,
  "HighRiskCount": 518,
  "DropCount": 976,
  "UserDefineCount": 32
}

Error codes

HTTP status code

Error code

Error message

Description

400 ErrorParametersUid invalid aliUid. Invalid Aliuid.
400 ErrorDBSelect An error occurred while querying database. An error occurred while querying database.
400 ErrorMarshalJSON internal error: marshal json. An error occurred. Try again later.
400 ErrorParameters Parameters error. Parameter error.

See Error Codes for a complete list.

Release notes

See Release Notes for a complete list.