Modifies the configurations of an access control policy.
Operation description
This operation modifies the configurations of an access control policy that allows, denies, or monitors traffic passing through Cloud Firewall.
QPS limit
Each user can call this operation up to 10 times per second. If the limit is exceeded, API calls are throttled. This may affect your business. Plan your calls accordingly.
Try it now
Test
RAM authorization
|
Action |
Access level |
Resource type |
Condition key |
Dependent action |
|
yundun-cloudfirewall:ModifyControlPolicy |
update |
*ControlPolicy
|
None | None |
Request parameters
|
Parameter |
Type |
Required |
Description |
Example |
| Lang |
string |
No |
The language of the request and response. Valid values:
|
zh |
| AclAction |
string |
No |
The action that Cloud Firewall performs on the traffic. Valid values:
|
accept |
ApplicationName
deprecated
|
string |
No |
The application type supported by the access control policy. The following application types are supported:
Note
ANY indicates that the policy applies to all application types. Note
Specify either ApplicationNameList or ApplicationName. You cannot leave both empty. If you specify both, ApplicationNameList takes precedence. |
HTTP |
| Description |
string |
No |
The description of the access control policy. |
test |
| DestPort |
string |
No |
The destination port in the access control policy. |
80 |
| Destination |
string |
No |
The destination address in the access control policy.
|
192.0.XX.XX/24 |
| DestinationType |
string |
No |
The type of the destination address in the access control policy. Valid values:
|
net |
| Direction |
string |
No |
The direction of the traffic to which the access control policy applies. Valid values:
|
in |
| Proto |
string |
No |
The protocol type of the traffic in the access control policy. Valid values:
Note
ANY indicates that the policy applies to all protocol types. Note
If the traffic direction is outbound and the destination is a domain name that belongs to a threat intelligence address book or a cloud service address book, you can set this parameter to TCP or ANY. If you set this parameter to TCP, you can set the application to HTTP, HTTPS, SMTP, SMTPS, or SSL. If you set this parameter to ANY, you must set the application to ANY. |
TCP |
| Source |
string |
No |
The source address in the access control policy.
|
192.0.XX.XX/24 |
| AclUuid |
string |
Yes |
The unique ID of the access control policy. Note
To modify an access control policy, provide the unique ID of the policy. Call the DescribeControlPolicy operation to obtain the ID. |
00281255-d220-4db1-8f4f-c4df221ad84c |
| SourceType |
string |
No |
The type of the source address in the access control policy. Valid values:
|
net |
| DestPortType |
string |
No |
The type of the destination port in the access control policy. Valid values:
|
port |
| DestPortGroup |
string |
No |
The name of the destination port address book in the access control policy. |
my_port_group |
| Release |
string |
No |
The status of the access control policy. Valid values:
|
true |
| ApplicationNameList |
array |
No |
The list of application names. Note
Specify either ApplicationNameList or ApplicationName. You cannot leave both empty. If you specify both, ApplicationNameList takes precedence. |
|
|
string |
No |
The application name. |
HTTP |
|
| RepeatType |
string |
No |
The recurrence type for the policy validity period. Valid values:
Valid values:
|
Permanent |
| RepeatDays |
array |
No |
The days of the week or month on which the policy is recurrent.
Note
If RepeatType is set to Weekly, the values in the array cannot be repeated.
Note
If RepeatType is set to Monthly, the values in the array cannot be repeated. |
|
|
integer |
No |
The day of the week or month on which the policy is recurrent. Note
If RepeatType is set to Weekly, the valid values are 0 to 6. The week starts on Sunday. If RepeatType is set to Monthly, the valid values are 1 to 31. |
1 |
|
| RepeatStartTime |
string |
No |
The start time of the recurrence. The time is in the HH:mm format and in 24-hour format. Example: 08:00. Note
If RepeatType is set to Permanent or None, leave this parameter empty. If RepeatType is set to Daily, Weekly, or Monthly, you must specify this parameter. |
08:00 |
| RepeatEndTime |
string |
No |
The end time of the recurrence. The time is in the HH:mm format and in 24-hour format. Example: 23:00. Note
If RepeatType is set to Permanent or None, leave this parameter empty. If RepeatType is set to Daily, Weekly, or Monthly, you must specify this parameter. |
23:30 |
| StartTime |
integer |
No |
The start time of the policy validity period. The value is a UNIX timestamp. The time must be on the hour or half hour, and at least 30 minutes earlier than the end time. Note
If RepeatType is set to Permanent, leave this parameter empty. If RepeatType is set to None, Daily, Weekly, or Monthly, you must specify this parameter. |
1694761200 |
| EndTime |
integer |
No |
The end time of the policy validity period. The value is a UNIX timestamp. The time must be on the hour or half hour, and at least 30 minutes later than the start time. Note
If RepeatType is set to Permanent, leave this parameter empty. If RepeatType is set to None, Daily, Weekly, or Monthly, you must specify this parameter. |
1694764800 |
| DomainResolveType |
string |
No |
The domain name resolution method for the access control policy. Valid values:
|
FQDN |
Response elements
|
Element |
Type |
Description |
Example |
|
object |
|||
| RequestId |
string |
The ID of the request. |
CBF1E9B7-D6A0-4E9E-AD3E-2B47E6C2837D |
Examples
Success response
JSON format
{
"RequestId": "CBF1E9B7-D6A0-4E9E-AD3E-2B47E6C2837D"
}
Error codes
|
HTTP status code |
Error code |
Error message |
Description |
|---|---|---|---|
| 400 | ErrorParametersUid | The aliUid parameter is invalid. | The aliUid parameter is invalid. |
| 400 | ErrorParametersDirection | The direction is invalid. | The direction is invalid. |
| 400 | ErrorDBSelect | An error occurred while querying database. | An error occurred while querying database. |
| 400 | ErrorRecordLog | An error occurred while updating the operation log. | An error occurred while updating the operation log. |
| 400 | ErrorParameters | Error Parameters | The parameter is invalid. |
| 400 | ErrorParametersSource | The source is invalid. | The source is invalid. |
| 400 | ErrorParametersDestination | The Destination parameter is invalid. | The Destination parameter is invalid. |
| 400 | ErrorParametersFtpNotSupport | domain destination not support ftp. | FTP application is not supported when the policy destination is a domain name |
| 400 | ErrorAclDomainAnyCountExceed | The number of resolved domain names cannot exceed 200. ACL configuration can be continued for HTTP, HTTPS, SMTP, SMTPS, and SSL applications. | The domain name is resolved to more than 200 IP addresses. We recommend that you set Application in your access control policy to HTTPS, HTTPS, SMTP, SMTPS, or SSL. |
| 400 | ErrorAclNotExist | The ACL does not exist. | The ACL does not exist. |
| 400 | ErrorAclEffectiveTimeNonPermanent | ACL rule is not allowed to update status when effective is not permanent. | ACL rule is not allowed to update status when effective is not permanent. |
| 400 | ErrorAclExtendedCountExceed | ACL or extended ACL rules are not matched. | The quota for access control policies or extra access control policies is exhausted. |
| 400 | ErrorDBUpdate | internal error: sql updat. | An error occurred while updating the database. |
| 400 | ErrorDBInsert | An error occurred while performing an insert operation in the database. | An error occurred while performing an insert operation in the database. |
| 400 | ErrorMarshalJSON | An error occurred while encoding JSON. | An error occurred while encoding JSON. |
| 400 | ErrorParametersDestinationCount | Exceeding the number of countries in a single ACL. | Exceeds the number of selected areas for one ACL. It is recommended to split it into multiple ACLs. |
| 400 | ErrorEmptyDomainResolveType | Empty DomainResolveType only support HTTP/HTTPS/SSL/SMTP/SMTPS apps. | Empty domain name resolution mode is not supported. |
| 400 | ErrorParametersApplicationName | Specified parameter ApplicationName is not valid. | Specified parameter ApplicationName is not valid. |
| 400 | ErrorParametersApplicationNameList | Specified parameter ApplicationNameList is not valid. | Specified parameter ApplicationNameList is not valid. |
| 400 | ErrorParametersAclUuid | Specified parameter AclUuid is not valid. | Specified parameter AclUuid is not valid. |
| 400 | ErrorAddressGroupNotExist | The address group does not exist. | The address group does not exist. |
| 400 | ErrorParametersProtoAppsMismatch | The protocol and applicationName mismatch. | The protocol and applicationName mismatch. |
| 400 | ErrorApplicationTemplateNotFound | Application template not found. | Application template does not exist |
| 400 | ErrorWebFilterTemplateNotFound | Web filter template not found. | Web filtering template does not exist |
See Error Codes for a complete list.
Release notes
See Release Notes for a complete list.