Query destination IPs of outbound connections via DescribeOutgoingDestinationIP - Cloud Firewall

Queries the destination IP addresses of outbound connections.

Try it now

Try this API in OpenAPI Explorer, no manual signing needed. Successful calls auto-generate SDK code matching your parameters. Download it with built-in credential security for local usage.

Test

RAM authorization

No authorization for this operation. If you encounter issues with this operation, contact technical support.

Request parameters

Parameter	Type	Required	Description	Example
Lang	string	No	The language of the response. Valid values: zh: Chinese. This is the default value. en: English.	zh
StartTime	string	Yes	The start of the time range to query. The value is a UNIX timestamp. Unit: seconds.	1656837360
EndTime	string	Yes	The end of the time range to query. The value is a UNIX timestamp. Unit: seconds.	1656923760
PageSize	string	No	The number of entries to return on each page. Default value: 6. Maximum value: 10.	10
CurrentPage	string	No	The page number of the returned page. Default value: 1.	1
CategoryId	string	No	The category ID of the asset. The value is empty by default. Valid values: All: all categories RiskDomain: risky domain names RiskIP: risky IP addresses AliYun: Alibaba Cloud products NotAliYun: non-Alibaba Cloud products	All
DstIP	string	No	The destination IP address of the outbound connection.	10.0.XX.XX
PublicIP	string	No	The public IP address of the ECS instance that initiates the outbound connection.	192.0.XX.XX
PrivateIP	string	No	The private IP address of the ECS instance that initiates the outbound connection.	192.168.XX.XX
Port	string	No	The port number.	80
Sort	string	No	The field to sort the query results by. Valid values: SessionCount (default): the number of requests. TotalBytes: the total volume of traffic.	SessionCount
Order	string	No	The order to sort the query results. Valid values: asc: ascending. desc (default): descending.	desc
TagIdNew	string	No	The ID of the intelligence tag. Valid values: AliYun: Alibaba Cloud product RiskDomain: risky domain name RiskIP: risky IP address TrustedDomain: trusted website AliPay: Alipay DingDing: DingTalk WeChat: WeChat QQ: Tencent QQ SecurityService: security service Microsoft: Microsoft Amazon: Amazon Pan: network disk Map: map Code: code hosting SystemService: system service Taobao: Taobao Google: Google ThirdPartyService: third-party platform service FirstFlow: first time Downloader: malicious download Alexa Top1M: popular website Miner: miner pool Intelligence: threat intelligence DDoS: DDoS trojan Ransomware: ransomware Spyware: spyware Rogue: rogue software Botnet: botnet Suspicious: suspicious website C&C: command and control (C&C) Gang: gang CVE: CVE Backdoor: backdoor trojan Phishing: phishing website APT: APT attack Supply Chain Attack: supply chain attack Malicious software: malicious software	AliYun
ApplicationName	string	No	The application type supported by the access control policy. Valid values: FTP HTTP HTTPS Memcache MongoDB MQTT MySQL RDP Redis SMTP SMTPS SSH SSL_No_Cert SSL VNC Note The valid values for this parameter depend on the value of the Proto parameter. If Proto is set to TCP, you can set ApplicationNameList to any of the listed application types. If you specify both ApplicationNameList and ApplicationName, only the value of ApplicationNameList takes effect.	FTP

Response elements

Element	Type	Description	Example
	object
TotalCount	integer	The total number of outbound IP addresses.	50
RequestId	string	The ID of the request.	F0F82705-CFC7-5F83-86C8-A063892F****
DstIPList	array<object>	The list of IP addresses for outbound connections.
	array<object>	The list of IP addresses for outbound connections.
AclCoverage	string	Indicates whether the access control policy is overwritten. Valid values: Uncovered: not overwritten. FullCoverage: overwritten.	Uncovered
DstIP	string	The destination IP address of the outbound connection.	10.0.XX.XX
AclRecommendDetail	string	The recommended information for the access control list (ACL).	Recommended to allow
HasAclRecommend	boolean	Indicates whether a recommended ACL exists. Valid values: true: yes. false: no.	true
InBytes	integer	The inbound traffic. Unit: bytes.	472
CategoryName	string	The name of the asset category. Valid values: Alibaba Cloud Product Non-Alibaba Cloud Product	Alibaba Cloud product
RuleName	string	The name of the ACL rule.	Default rule
RuleId	string	The UUID of the ACL rule.	fadsfd-dfadf-df****
SessionCount	integer	The number of requests.	4
GroupName	string	The name of the rule group.	Rule_test
SecuritySuggest	string	The security policy for the outbound connection. Valid values: pass: allow. alert: deny. drop: monitor.	pass
OutBytes	integer	The outbound traffic. Unit: bytes.	965
AclStatus	string	The health status of the access control policy. Valid values: Normal: healthy. Abnormal: unhealthy.	Normal
IsMarkNormal	boolean	Indicates whether the IP address is added to the whitelist. Valid values: true: yes. false: no.	true
CategoryId	string	The category ID of the asset. Valid values: Aliyun: Alibaba Cloud product. NotAliyun: non-Alibaba Cloud product.	Aliyun
TagList	array<object>	The list of tags.
	object	The list of tags.
RiskLevel	integer	The risk assessment level. Valid values: 1: low. 2: medium. 3: high.	1
TagName	string	The name of the intelligence tag.	Allow tag
TagId	string	The ID of the intelligence tag.	AliYun
TagDescribe	string	The description of the intelligence tag.	Allow tag
ClassId	string	The category of the intelligence tag. Valid values: Suspicious: suspicious. Malicious: malicious. Trusted: trusted.	Trusted
ApplicationPortList	array<object>	The list of application ports. Note The list displays a maximum of 99 application ports. If there are more than 99 ports, only the first 99 are shown.
	object	The list of ports.
Port	integer	The application port.	80
ApplicationName	string	The application type supported by the access control policy. Valid values: FTP HTTP HTTPS Memcache MongoDB MQTT MySQL RDP Redis SMTP SMTPS SSH SSL_No_Cert SSL VNC Note The valid values for this parameter depend on the value of the Proto parameter. If Proto is set to TCP, you can set ApplicationNameList to any of the listed application types. If you specify both ApplicationNameList and ApplicationName, only the value of ApplicationNameList takes effect.	HTTP
UnknownReason	array	The list of reasons why the protocol was not identified when the protocol is `Unknown`.
	string	The reason why the protocol analysis failed.	tcp_not_establish
CategoryClassId	string	The category of the intelligence tag. Valid values: Suspicious: suspicious. Malicious: malicious. Trusted: trusted.	Trusted
SecurityReason	string	The security reason.	Intelligent policy: The organization that owns the destination domain name is Alibaba Cloud Computing Co., Ltd. The primary business is Alibaba Cloud. No security risks are detected. This domain can be used to configure the outbound connection whitelist.
TotalBytes	string	The total traffic. Unit: bytes.	800
HasAcl	string	Indicates whether an access control rule exists. Valid values: true: yes. false: no.	true
AddressGroupList	array<object>	The information about the address book.
	object
AddressGroupUUID	string	The unique ID of the address book.	f04ac7ce-628b-4cb7-be61-310222b7****
AddressGroupName	string	The name of the address book.	IP address book
AssetCount	integer	The total number of assets that initiate outbound connections.	20
PrivateAssetCount	integer	The total number of private network assets that initiate outbound connections.	20
LocationName	string	The region name.	Qingdao, Shandong

Examples

Success response

JSON format

{
  "TotalCount": 50,
  "RequestId": "F0F82705-CFC7-5F83-86C8-A063892F****",
  "DstIPList": [
    {
      "AclCoverage": "Uncovered",
      "DstIP": "10.0.XX.XX",
      "AclRecommendDetail": "Recommended to allow",
      "HasAclRecommend": true,
      "InBytes": 472,
      "CategoryName": "Alibaba Cloud product",
      "RuleName": "Default rule",
      "RuleId": "fadsfd-dfadf-df****",
      "SessionCount": 4,
      "GroupName": "Rule_test",
      "SecuritySuggest": "pass",
      "OutBytes": 965,
      "AclStatus": "Normal",
      "IsMarkNormal": true,
      "CategoryId": "Aliyun",
      "TagList": [
        {
          "RiskLevel": 1,
          "TagName": "Allow tag",
          "TagId": "AliYun",
          "TagDescribe": "Allow tag",
          "ClassId": "Trusted"
        }
      ],
      "ApplicationPortList": [
        {
          "Port": 80,
          "ApplicationName": "HTTP",
          "UnknownReason": [
            "tcp_not_establish"
          ]
        }
      ],
      "CategoryClassId": "Trusted",
      "SecurityReason": "Intelligent policy: The organization that owns the destination domain name is Alibaba Cloud Computing Co., Ltd. The primary business is Alibaba Cloud. No security risks are detected. This domain can be used to configure the outbound connection whitelist.",
      "TotalBytes": "800",
      "HasAcl": "true",
      "AddressGroupList": [
        {
          "AddressGroupUUID": "f04ac7ce-628b-4cb7-be61-310222b7****",
          "AddressGroupName": "IP address book"
        }
      ],
      "AssetCount": 20,
      "PrivateAssetCount": 20,
      "LocationName": "Qingdao, Shandong"
    }
  ]
}

Error codes

HTTP status code	Error code	Error message	Description
400	ErrorAliUid	Aliuid invalid.	The aliuid is invalid.
400	ErrorTimeError	The time is invalid.	The time is invalid.
400	ErrorIpFormat	The IP address is invalid.	The IP address is invalid.
400	ErrorDBSelectError	A database select error occurred.	The error message returned because an internal error has occurred in querying the database.
400	ErrorPortError	The port is invalid.	The port is invalid.
400	ErrorSecuritySuggest	The security suggest is invalid.	The security suggest is invalid.
400	ErrorSortError	The sort is invalid.	The sort is invalid.
400	ErrorOrderFailed	The order is invalid.	The order is invalid.
400	ErrorPageNo	Either page number or page size is invalid.	Either page number or page size is invalid.
400	ErrorIntervalError	The interval is invalid.	The interval is invalid.
400	ErrorDataTypeError	The data type is invalid.	The data type is invalid.
400	ErrorMarshalJSON	internal error.	Internal error.

See Error Codes for a complete list.

Release notes

See Release Notes for a complete list.