Modifies the configuration of an access control policy for a specified VPC firewall policy group.
Operation description
This operation modifies the configuration of an access control policy for a specified VPC firewall policy group. VPC firewall instances use different access control policies to protect Cloud Enterprise Network (CEN) instances and Express Connect circuits.
QPS limits
The queries per second (QPS) limit for this operation is 10 for a single user. If the number of calls to this operation per second exceeds the limit, rate limiting is triggered. This may affect your business. Plan your calls accordingly.
Try it now
Test
RAM authorization
|
Action |
Access level |
Resource type |
Condition key |
Dependent action |
|
yundun-cloudfirewall:ModifyVpcFirewallControlPolicy |
update |
*VpcFirewallControlPolicy
|
None | None |
Request parameters
|
Parameter |
Type |
Required |
Description |
Example |
| Lang |
string |
No |
The language of the response message. Valid values:
|
zh |
| AclAction |
string |
No |
The action that is performed on traffic that hits the access control policy. Valid values:
|
accept |
ApplicationName
deprecated
|
string |
No |
The application type supported by the access control policy. Valid values:
|
HTTP |
| Description |
string |
No |
The description of the access control policy. |
test |
| DestPort |
string |
No |
The destination port in the access control policy. |
80 |
| Destination |
string |
No |
The destination address in the access control policy.
|
10.2.X.X/XX |
| DestinationType |
string |
No |
The type of the destination address in the access control policy. Valid values:
|
net |
| VpcFirewallId |
string |
Yes |
The ID of the VPC firewall instance. You can call the DescribeVpcFirewallAclGroupList operation to query the ID.
|
vfw-a42bbb7b887148c9**** |
| Proto |
string |
No |
The protocol type for the traffic to which the access control policy applies. Valid values:
|
TCP |
| Source |
string |
No |
The source address in the access control policy. Valid values:
|
10.2.X.X/XX |
| AclUuid |
string |
Yes |
The unique ID of the access control policy. To modify an access control policy, you must provide the unique ID of the policy. You can call the DescribeVpcFirewallControlPolicy operation to query the ID. |
00281255-d220-4db1-8f4f-c4df221a**** |
| SourceType |
string |
No |
The type of the source address in the access control policy. Valid values:
|
net |
| DestPortType |
string |
No |
The type of the destination port for the traffic to which the access control policy applies.
|
port |
| DestPortGroup |
string |
No |
The name of the destination port address book for the traffic to which the access control policy applies. |
my_port_group |
| Release |
string |
No |
The status of the access control policy. By default, an access control policy is enabled after it is created. Valid values:
|
true |
| ApplicationNameList |
array |
No |
The list of application names. |
|
|
string |
No |
The application name. |
["ANY"] |
|
| RepeatType |
string |
No |
The recurrence type for the policy to take effect. Valid values:
Valid values:
|
Permanent |
| RepeatDays |
array |
No |
The days of a week or month on which the policy takes effect.
Note
If RepeatType is set to `Weekly`, the elements in the array cannot be repeated.
Note
If RepeatType is set to `Monthly`, the elements in the array cannot be repeated. |
|
|
integer |
No |
The day of a week or month on which the policy takes effect. Note
If RepeatType is set to `Weekly`, valid values are 0 to 6. The week starts on Sunday. If RepeatType is set to `Monthly`, valid values are 1 to 31. |
1 |
|
| RepeatStartTime |
string |
No |
The start time of the recurrence. The time is in the HH:mm format. The time is on the hour or on the half hour, and is at least 30 minutes earlier than the end time. Example: 08:00. Note
If RepeatType is set to `Permanent` or `None`, this parameter is empty. If RepeatType is set to `Daily`, `Weekly`, or `Monthly`, you must specify this parameter. |
08:00 |
| RepeatEndTime |
string |
No |
The end time of the recurrence. The time is in the HH:mm format. The time is on the hour or on the half hour, and is at least 30 minutes later than the start time. Example: 23:30. Note
If RepeatType is set to `Permanent` or `None`, this parameter is empty. If RepeatType is set to `Daily`, `Weekly`, or `Monthly`, you must specify this parameter. |
23:30 |
| StartTime |
integer |
No |
The start time of the policy validity period. The value is a UNIX timestamp. The time is on the hour or on the half hour, and is at least 30 minutes earlier than the end time. Note
If RepeatType is set to `Permanent`, this parameter is empty. If RepeatType is set to `None`, `Daily`, `Weekly`, or `Monthly`, you must specify this parameter. |
1694761200 |
| EndTime |
integer |
No |
The end time of the policy validity period. The value is a UNIX timestamp. The time is on the hour or on the half hour, and is at least 30 minutes later than the start time. Note
If RepeatType is set to `Permanent`, this parameter is empty. If RepeatType is set to `None`, `Daily`, `Weekly`, or `Monthly`, you must specify this parameter. |
1694764800 |
| DomainResolveType |
string |
No |
The domain name resolution method for the access control policy. Valid values:
|
FQDN |
Response elements
|
Element |
Type |
Description |
Example |
|
object |
|||
| RequestId |
string |
The ID of the request. |
CBF1E9B7-D6A0-4E9E-AD3E-2B47E6C2837D |
Examples
Success response
JSON format
{
"RequestId": "CBF1E9B7-D6A0-4E9E-AD3E-2B47E6C2837D"
}
Error codes
|
HTTP status code |
Error code |
Error message |
Description |
|---|---|---|---|
| 400 | ErrorParametersUid | The aliUid parameter is invalid. | The aliUid parameter is invalid. |
| 400 | ErrorDBSelect | An error occurred while querying database. | An error occurred while querying database. |
| 400 | ErrorParametersSource | The source is invalid. | The source is invalid. |
| 400 | ErrorParametersProto | The protocol is invalid. | The protocol is invalid. |
| 400 | ErrorParametersDestination | The Destination parameter is invalid. | The Destination parameter is invalid. |
| 400 | ErrorParametersDestPort | The dst_port is invalid. | The dst_port is invalid. |
| 400 | ErrorParametersAction | The action is invalid. | The action is invalid. |
| 400 | ErrorAddressCountExceed | The maximum number of addresses is exceeded. | The maximum number of address is exceeded. |
| 400 | ErrorAclNotExist | The ACL does not exist. | The ACL does not exist. |
| 400 | ErrorRecordLog | An error occurred while updating the operation log. | An error occurred while updating the operation log. |
| 400 | ErrorAclEffectiveTimeNonPermanent | ACL rule is not allowed to update status when effective is not permanent. | ACL rule is not allowed to update status when effective is not permanent. |
| 400 | ErrorUUIDNew | The UUID is invalid. | The UUID is invalid. |
| 400 | ErrorParameterIpVersion | The IP version is invalid. | The IP version is invalid. |
| 400 | ErrorParametersDirection | The direction is invalid. | The direction is invalid. |
| 400 | ErrorDomainResolve | A domain resolution error occurred. | An error occurred while resolving the domain. |
| 400 | ErrorParameters | Parameters error. | Parameter error. |
| 400 | ErrorAclExtendedCountExceed | ACL or extended ACL rules are not matched. | The quota for access control policies or extra access control policies is exhausted. |
| 400 | ErrorAclDomainAnyCountExceed | The number of resolved domain names cannot exceed 200. ACL configuration can be continued for HTTP, HTTPS, SMTP, SMTPS, and SSL applications. | The domain name is resolved to more than 200 IP addresses. We recommend that you set Application in your access control policy to HTTPS, HTTPS, SMTP, SMTPS, or SSL. |
| 400 | ErrorDBUpdate | internal error: sql updat. | An error occurred while updating the database. |
| 400 | ErrorDBInsert | An error occurred while performing an insert operation in the database. | An error occurred while performing an insert operation in the database. |
| 400 | ErrorParametersFtpNotSupport | domain destination not support ftp. | FTP application is not supported when the policy destination is a domain name |
| 400 | ErrorParametersApplicationName | Specified parameter ApplicationName is not valid. | Specified parameter ApplicationName is not valid. |
| 400 | ErrorParametersApplicationNameList | Specified parameter ApplicationNameList is not valid. | Specified parameter ApplicationNameList is not valid. |
| 400 | ErrorParametersAclUuid | Specified parameter AclUuid is not valid. | Specified parameter AclUuid is not valid. |
| 400 | ErrorAddressGroupNotExist | The address group does not exist. | The address group does not exist. |
| 400 | ErrorParametersVpcFirewallId | Specified parameter VpcFirewallId is not valid. | Specified parameter VpcFirewallId is not valid. |
See Error Codes for a complete list.
Release notes
See Release Notes for a complete list.