ModifyDnsFirewallPolicy - Cloud Firewall - Alibaba Cloud Documentation Center

Modifies a DNS firewall rule.

Operation description

You can use this operation to modify a DNS firewall policy to accept, deny, or monitor traffic.

Try it now

Try this API in OpenAPI Explorer, no manual signing needed. Successful calls auto-generate SDK code matching your parameters. Download it with built-in credential security for local usage.

Test

RAM authorization

The table below describes the authorization required to call this API. You can define it in a Resource Access Management (RAM) policy. The table's columns are detailed below:

Action: The actions can be used in the Action element of RAM permission policy statements to grant permissions to perform the operation.
API: The API that you can call to perform the action.
Access level: The predefined level of access granted for each API. Valid values: create, list, get, update, and delete.
Resource type: The type of the resource that support authorization to perform the action. It indicates if the action supports resource-level permission. The specified resource must be compatible with the action. Otherwise, the policy will be ineffective.
- For APIs with resource-level permissions, required resource types are marked with an asterisk (*). Specify the corresponding Alibaba Cloud Resource Name (ARN) in the Resource element of the policy.
- For APIs without resource-level permissions, it is shown as All Resources. Use an asterisk (*) in the Resource element of the policy.
Condition key: The condition keys defined by the service. The key allows for granular control, applying to either actions alone or actions associated with specific resources. In addition to service-specific condition keys, Alibaba Cloud provides a set of common condition keys applicable across all RAM-supported services.
Dependent action: The dependent actions required to run the action. To complete the action, the RAM user or the RAM role must have the permissions to perform all dependent actions.

Action

Access level

Resource type

Condition key

Dependent action

yundun-cloudfirewall:ModifyDnsFirewallPolicy

update

*DnsFirewallPolicy

acs:yundun-cloudfirewall::{#accountId}:dnsfirewallpolicy/{#AclUuid}

None

Request parameters

Parameter	Type	Required	Description	Example
SourceIp	string	No	The source IP address of the visitor.	192.0.XX.XX
Lang	string	No	The language of the content within the request and response. Valid values:-zh: Chinese-en: English	zh
AclAction	string	No	The action that is performed on traffic that hits the access control policy. Valid values: accept: Allow drop: Deny log: Monitor	log
Description	string	No	The description of the access control policy.	test
Destination	string	No	The destination address in the access control policy. If DestinationType is set to net, Destination specifies the destination CIDR block. For example: 1.2.3.4/24 If DestinationType is set to group, Destination specifies the name of the destination address book. For example: db_group If DestinationType is set to domain, Destination specifies the destination domain name. For example: .aliyuncs.com If DestinationType* is set to location, Destination specifies the destination region. For more information about the location codes, see the following description. For example: ["BJ11", "ZB"]	db_group
DestinationType	string	No	The type of the destination address in the access control policy. Valid values: net: destination CIDR block (CIDR address) group: destination address book domain: destination domain name	net
Source	string	No	The source address in the access control policy. Valid values: If SourceType is set to `net`, Source specifies the source CIDR block. For example: 10.2.21./24 If SourceType** is set to `group`, Source specifies the name of the source address book. For example: db_group.	192.0.21.**/24
AclUuid	string	Yes	The unique ID of the access control policy.	00281255-d220-4db1-8f4f-c4df22****
SourceType	string	No	The type of the source address in the access control policy. Valid values: net: source CIDR block (CIDR) group: source address book	net
Release	string	No	The status of the access control policy. By default, the policy is enabled after it is created. Valid values: true: enables the access control policy. false: disables the access control policy.	true
Priority	string	No	The priority of the access control policy before the modification.	1

Response parameters

Parameter	Type	Description	Example
	object
RequestId	string	The ID of the request.	9C50C2A9-4BBB-5504-8ADA-C41A79****

Examples

Success response

JSON format

{
  "RequestId": "9C50C2A9-4BBB-5504-8ADA-C41A79****"
}

Error codes

HTTP status code	Error code	Error message	Description
400	ErrorParametersUid	The aliUid parameter is invalid.	The aliUid parameter is invalid.
400	ErrorDBSelect	An error occurred while querying database.	An error occurred while querying database.
400	ErrorAclNotExist	The ACL does not exist.	The ACL does not exist.
400	ErrorParameterIpVersion	The IP version is invalid.	The IP version is invalid.
400	ErrorParametersSource	The source is invalid.	The source is invalid.
400	ErrorParametersDestination	The Destination parameter is invalid.	The Destination parameter is invalid.
400	ErrorParametersAction	The action is invalid.	The action is invalid.
400	ErrorParametersNewOrder	The newOrder is invalid.	The newOrder is invalid.
400	ErrorParameters	Parameters error.	Parameter error.
400	ErrorAddressCountExceed	The maximum number of addresses is exceeded.	The maximum number of address is exceeded.
400	ErrorDBUpdate	internal error: sql updat.	An error occurred while updating the database.
400	ErrorDBInsert	An error occurred while performing an insert operation in the database.	An error occurred while performing an insert operation in the database.
400	ErrorRecordLog	An error occurred while updating the operation log.	An error occurred while updating the operation log.
400	ErrorMarshalJSON	An error occurred while encoding JSON.	An error occurred while encoding JSON.
400	ErrorAclRuleDuplicate	acl rule duplicate.	The same strategy exists.

See Error Codes for a complete list.

Release notes

See Release Notes for a complete list.