All Products
Search

This Product

    Cloud Firewall:API overview

    Document Center

    Cloud Firewall:API overview

    Last Updated:Mar 30, 2026

    API standard and pre-built SDKs in multi-language

    The OpenAPI specification of this product (Cloudfw/2017-12-07) follows the RPC standard. Alibaba Cloud provides pre-built SDKs for popular programming languages to abstract low-level complexities such as request signing. This enables developers to call APIs using language-specific syntax without dealing with HTTP details directly.

    Custom signature

    If your specific needs, such as a customized signature, are not supported by the SDK, manually sign requests using the signature mechanism. Note that manual signing requires significant effort (usually about 5 business days). For support, join our DingTalk group (ID: 147535001692).

    Before you begin

    An Alibaba Cloud account has full administrative privileges. A compromised AccessKey pair exposes all associated resources to unauthorized access, posing a significant security risk. To call APIs securely, create a Resource Access Management (RAM) user with API access only, configure its AccessKey pairs, and implement the principle of least privilege (PoLP) through RAM policies. Use the Alibaba Cloud account only when its permissions are explicitly required for specific scenarios.

    Overview

    API

    Title

    Description
    DescribeUserBuyVersion DescribeUserBuyVersion Retrieves version information for a user.
    DescribeSlrGrant DescribeSlrGrant Queries the authorization information of a service-linked role (SLR) for a user.
    DescribeMemberInfo DescribeMemberInfo Describes member information.
    DescribeInstanceRiskLevels DescribeInstanceRiskLevels Queries the risk levels of instances.
    DescribeInternetOpenStatistic DescribeInternetOpenStatistic Retrieves statistics about assets exposed to the Internet.
    ModifyCfwInstance ModifyCfwInstance Updates instance information for pay-as-you-go 2.0 users.
    ReleasePostInstance ReleasePostInstance Releases a pay-as-you-go firewall.
    ReleaseExpiredInstance ReleaseExpiredInstance Releases an expired instance.
    DescribeRiskEventTopAttackAsset DescribeRiskEventTopAttackAsset Queries the top assets targeted by attacks.
    DescribeAttackAppCategory DescribeAttackAppCategory Queries a list of attack categories.
    DescribeOutgoingRiskTrend DescribeOutgoingRiskTrend Queries the trend of outgoing connection threats.
    DescribeUnprotectedPortTrend DescribeUnprotectedPortTrend Queries the trends of unprotected ports.
    DescribeVpcFirewallDropTrafficTrend DescribeVpcFirewallDropTrafficTrend Queries the traffic drop trend for a VPC firewall.
    DescribeOutgoingRiskDomainAndIpCount DescribeOutgoingRiskDomainAndIpCount Queries the number of intrusion prevention threats.
    Traffic Trend Traffic Trend
    DescribeNatFirewallDropTrafficTrend DescribeNatFirewallDropTrafficTrend Describes the trend of traffic blocked by the NAT firewall on the Overview page.
    DescribeInternetDropTrafficTrend DescribeInternetDropTrafficTrend Trends in internet security.
    DescribeInvadeEcsTrend DescribeInvadeEcsTrend Queries the trend of vulnerabilities on ECS instances.
    Pay by volume Pay by volume
    DescribePostpayEnabledProtection DescribePostpayEnabledProtection Queries the status of pay-as-you-go protection.
    DescribePostpayTrafficTotal DescribePostpayTrafficTotal Queries the total pay-as-you-go traffic for all border firewalls.
    DescribePostpayTrafficDetail DescribePostpayTrafficDetail Queries traffic details for pay-as-you-go billing.
    DescribePostpayUserInternetStatus DescribePostpayUserInternetStatus Queries the status of the Internet Border firewall for a pay-as-you-go instance.
    DescribePostpayUserNatStatus DescribePostpayUserNatStatus Queries the NAT border firewall status for a pay-as-you-go Cloud Firewall.
    DescribePostpayUserVpcStatus DescribePostpayUserVpcStatus Queries the VPC border firewall status for a pay-as-you-go user.
    UpdatePostpayUserInternetStatus UpdatePostpayUserInternetStatus Updates the Internet Border firewall status for a pay-as-you-go user.
    UpdatePostpayUserNatStatus UpdatePostpayUserNatStatus Updates the status of a NAT border firewall for a pay-as-you-go instance.
    UpdatePostpayUserVpcStatus UpdatePostpayUserVpcStatus Updates the status of the VPC border firewall for a pay-as-you-go user.

    Firewall switch

    API

    Title

    Description
    DescribeRegionInfo DescribeRegionInfo Retrieves information about regions.
    DescribeCtrlInstanceMemberAccounts DescribeCtrlInstanceMemberAccounts Queries a list of member accounts.
    DescribeFirewallTask DescribeFirewallTask Retrieves the details of a firewall task.
    Internet Border Firewall Internet Border Firewall
    DescribeResourceTypeAutoEnable DescribeResourceTypeAutoEnable Queries the default traffic redirection settings for an asset type.
    DescribeAssetList DescribeAssetList Retrieves information about assets that are protected by Cloud Firewall.
    DescribeAssetStatistic DescribeAssetStatistic Queries performance statistics for assets protected by Cloud Firewall.
    DescribeAssetRiskList DescribeAssetRiskList Retrieves a list of asset risk levels.
    CreateInstanceSyncTask CreateInstanceSyncTask Creates a sync task for Internet assets.
    ModifyResourceTypeAutoEnable ModifyResourceTypeAutoEnable Modifies the automatic protection settings for new assets.
    PutEnableFwSwitch PutEnableFwSwitch Enables a firewall.
    PutEnableAllFwSwitch PutEnableAllFwSwitch Enables all firewall switches.
    PutDisableFwSwitch PutDisableFwSwitch Disables a firewall switch.
    PutDisableAllFwSwitch PutDisableAllFwSwitch Disables all firewall switches.
    NAT Border Firewall NAT Border Firewall
    DescribeNatFirewallQuota DescribeNatFirewallQuota Retrieves the quotas for a NAT firewall.
    DescribeNatFirewallList DescribeNatFirewallList Queries NAT firewall details.
    DescribeFirewallVSwitch DescribeFirewallVSwitch Queries the vSwitches that are created by Cloud Firewall.
    DescribeNatFirewallPrecheckDetail DescribeNatFirewallPrecheckDetail Queries the precheck details for a NAT firewall.
    DescribeFirewallVswitchResources DescribeFirewallVswitchResources Queries the vSwitch resources for Cloud Firewall.
    DescribeSecurityProxyResources DescribeSecurityProxyResources Describes NAT firewall resources.
    CreateNatFirewallSyncTask CreateNatFirewallSyncTask Creates a sync task for NAT firewall assets.
    CreateNatFirewallPreCheck CreateNatFirewallPreCheck Runs a precheck for NAT firewall creation.
    CreateSecurityProxy CreateSecurityProxy Creates a NAT firewall.
    SwitchSecurityProxy SwitchSecurityProxy Enables or disables a NAT firewall.
    UpdateSecurityProxy UpdateSecurityProxy Updates a NAT firewall.
    DeleteSecurityProxy DeleteSecurityProxy Deletes the specified NAT firewall.
    VPC perimeter firewall VPC perimeter firewall
    DescribeVpcFirewallSummaryInfo DescribeVpcFirewallSummaryInfo Retrieves a summary of VPC firewalls.
    DescribeVpcFirewallAccessDetail DescribeVpcFirewallAccessDetail Queries the access details of a VPC firewall.
    DescribeVpcFirewallPrecheckDetail DescribeVpcFirewallPrecheckDetail Retrieves the details of a VPC firewall precheck.
    CreateVpcFirewallPrecheck CreateVpcFirewallPrecheck Creates a precheck task before you create a VPC firewall.
    CreateVpcFirewallTask CreateVpcFirewallTask Creates a sync task for VPC firewall assets.
    Cloud Enterprise Network (Enterprise Edition) Cloud Enterprise Network (Enterprise Edition)
    DescribeTrFirewallsV2List DescribeTrFirewallsV2List Queries the list of VPC firewalls for a transit router.
    DescribeTrFirewallsV2Detail DescribeTrFirewallsV2Detail Retrieves the details of a VPC firewall for a transit router.
    DescribeTrFirewallsV2RouteList DescribeTrFirewallsV2RouteList Queries the route tables for a VPC firewall for a transit router.
    DescribeTrFirewallV2RoutePolicyList DescribeTrFirewallV2RoutePolicyList Queries the list of routing policies for a VPC firewall for a transit router.
    DescribeTrFirewallPolicyBackUpAssociationList DescribeTrFirewallPolicyBackUpAssociationList You can obtain an ACL backup for a VPC firewall for a transit router.
    DescribeTransitRouterResourcesList DescribeTransitRouterResourcesList Queries a list of Transit Router resources.
    CreateTrFirewallV2 CreateTrFirewallV2 Creates a VPC firewall for a transit router.
    CreateTrFirewallV2RoutePolicy CreateTrFirewallV2RoutePolicy Creates a routing rule for a VPC firewall for a transit router.
    ModifyTrFirewallV2Configuration ModifyTrFirewallV2Configuration Modifies the configuration of a VPC firewall for a transit router.
    ModifyFirewallV2RoutePolicySwitch ModifyFirewallV2RoutePolicySwitch Enables or disables a routing policy.
    ModifyTrFirewallV2RoutePolicyScope ModifyTrFirewallV2RoutePolicyScope Modifies the scope of a routing policy for a VPC firewall that is created for a Transit Router (TR).
    DeleteTrFirewallV2 DeleteTrFirewallV2 Deletes a VPC firewall for a transit router.
    DeleteFirewallV2RoutePolicies DeleteFirewallV2RoutePolicies Deletes a routing policy for a VPC firewall for a transit router.
    Cloud Enterprise Network (Basic Edition) Cloud Enterprise Network (Basic Edition)
    DescribeVpcFirewallCenSummaryList DescribeVpcFirewallCenSummaryList Queries a list of Cloud Enterprise Network (CEN) instances for a VPC.
    DescribeVpcFirewallCenList DescribeVpcFirewallCenList Retrieves the details of VPC firewalls that protect traffic between a specified VPC and network instances in a Cloud Enterprise Network (CEN) instance.
    DescribeVpcFirewallCenDetail DescribeVpcFirewallCenDetail Retrieves the details of a VPC firewall that protects traffic between a network instance in a Cloud Enterprise Network (CEN) and a specified VPC.
    DescribeNetworkInstanceList DescribeNetworkInstanceList Queries a list of network instances.
    DescribeVpcZone DescribeVpcZone Queries the zones that are available for VPCs.
    DescribeVpcFirewallZone DescribeVpcFirewallZone Describes the available zones for a VPC firewall.
    DescribeVpcFirewallManualVSwitchList DescribeVpcFirewallManualVSwitchList Queries the list of vSwitches for a VPC firewall created in manual mode.
    CreateVpcFirewallCenConfigure CreateVpcFirewallCenConfigure Creates a VPC firewall to protect traffic between a network instance in a Cloud Enterprise Network (CEN) and a specified VPC.
    ModifyVpcFirewallCenConfigure ModifyVpcFirewallCenConfigure Modifies the configuration of a VPC firewall that protects traffic between network instances in a Cloud Enterprise Network (CEN) and a specified VPC.
    ModifyVpcFirewallCenSwitchStatus ModifyVpcFirewallCenSwitchStatus Modifies the status of a VPC firewall that protects traffic between network instances in a Cloud Enterprise Network (CEN) and a specified VPC.
    DeleteVpcFirewallCenConfigure DeleteVpcFirewallCenConfigure Deletes a VPC firewall that protects traffic between a network instance in a Cloud Enterprise Network (CEN) and a specified VPC.
    high-speed channel high-speed channel
    DescribeVpcFirewallList DescribeVpcFirewallList Retrieves information about a VPC firewall that protects traffic between two VPCs connected by an Express Connect circuit.
    DescribeVpcFirewallDetail DescribeVpcFirewallDetail Retrieves the details of a VPC firewall that protects traffic between two VPCs connected by an Express Connect circuit.
    CreateVpcFirewallConfigure CreateVpcFirewallConfigure Creates a VPC firewall to protect traffic between two VPCs that are connected using Express Connect.
    ModifyVpcFirewallConfigure ModifyVpcFirewallConfigure Modifies the configuration of a VPC firewall that protects traffic between two VPCs connected by an Express Connect circuit.
    ModifyVpcFirewallSwitchStatus ModifyVpcFirewallSwitchStatus Enables or disables a VPC firewall. A VPC firewall protects traffic between two VPCs that are connected by an Express Connect circuit.
    DeleteVpcFirewallConfigure DeleteVpcFirewallConfigure Deletes a VPC firewall that protects traffic between two VPCs that are connected by an Express Connect circuit.

    flow analysis

    API

    Title

    Description
    Active outreach Active outreach
    Visual Analysis Visual Analysis
    DescribeInternetTimeTop DescribeInternetTimeTop Queries the top Internet traffic statistics over time.
    DescribeNatFirewallTimeTop DescribeNatFirewallTimeTop Queries the top traffic data of a NAT firewall at a specific point in time.
    DescribeNetworkTrafficTopRatio DescribeNetworkTrafficTopRatio Queries the ratio of the top network traffic.
    DescribeOutgoingStatistic DescribeOutgoingStatistic Retrieves outbound connection statistics.
    DescribeOutgoingAssetList DescribeOutgoingAssetList Retrieves a list of assets with outbound connections.
    DescribeConfiguredDomainNames DescribeConfiguredDomainNames Queries the list of domain names for outbound connections.
    DescribeConfiguredDestinationIP DescribeConfiguredDestinationIP Queries the list of configured destination IP addresses for outbound connections.
    DescribeOutgoingDestinationCategory DescribeOutgoingDestinationCategory Queries the categories of outbound connection destinations.
    DescribeOutgoingTag DescribeOutgoingTag Queries outbound connection tags.
    DescribeOutgoingDomain DescribeOutgoingDomain Retrieves information about outbound domain names.
    DescribeOutgoingDomainDetail DescribeOutgoingDomainDetail Retrieves details about an outbound domain.
    DescribeOutgoingDestination DescribeOutgoingDestination This operation queries outbound destinations.
    DescribeOutgoingDestinationIP DescribeOutgoingDestinationIP Queries the destination IP addresses of outbound connections.
    DescribeOutgoingDestinationIPDetail DescribeOutgoingDestinationIPDetail Retrieves the details of an outbound destination IP address.
    Public network exposure Public network exposure
    DescribeInternetTrafficTop DescribeInternetTrafficTop Queries the top Internet traffic trends.
    DescribeInternetTrafficTrend DescribeInternetTrafficTrend Queries Internet traffic trends.
    DescribeNatFirewallTrafficTrend DescribeNatFirewallTrafficTrend Overview: NAT Traffic Trend
    DescribeInternetServiceNameList DescribeInternetServiceNameList Retrieves a list of Internet service names.
    DescribeInternetOpenIp DescribeInternetOpenIp Describes a Cloud Firewall access control policy group.
    DescribeInternetOpenPort DescribeInternetOpenPort Queries the ports that are open to the Internet.
    DescribeInternetOpenService DescribeInternetOpenService Queries services exposed to the Internet.
    DescribeInternetOpenDetail DescribeInternetOpenDetail Retrieves the details of assets exposed to the Internet.
    DescribeInternetSlb DescribeInternetSlb Retrieves the details of Internet-facing SLB instances.
    DescribeOpenIpAccessSrcStat DescribeOpenIpAccessSrcStat Retrieves statistics about access sources for public IP addresses.
    VPC exchange visits VPC exchange visits
    DescribeNetworkInstanceRelationList DescribeNetworkInstanceRelationList Queries the relationships between network instances.
    DescribeVpcFirewallAssetList DescribeVpcFirewallAssetList Queries the assets protected by the VPC firewall.
    AI access traffic AI access traffic
    DescribeAITrafficAnalysisStatus DescribeAITrafficAnalysisStatus Queries the enabling status of AI-powered traffic analysis.
    DescribeVpcFirewallDomainList DescribeVpcFirewallDomainList Queries a list of domain names accessed through a VPC firewall.
    DescribeVpcFirewallDomainRelationList DescribeVpcFirewallDomainRelationList Queries the access relationships for specified domain names that pass through a VPC firewall.
    UpdateAITrafficAnalysisStatus UpdateAITrafficAnalysisStatus Changes the enabling status of AI-powered traffic analysis.
    ModifyObjectGroupOperation ModifyObjectGroupOperation Modifies the operation for an object group.

    Detection Response

    API

    Title

    Description
    intrusion prevention intrusion prevention
    DescribeRiskEventTopAttackApp DescribeRiskEventTopAttackApp Retrieves the ranking of applications that are targeted by intrusion prevention attacks.
    DescribeRiskEventTopAttackType DescribeRiskEventTopAttackType Queries the ranking of attack types for intrusion prevention events.
    DescribeRiskEventStatistic DescribeRiskEventStatistic Queries statistics about intrusion prevention events.
    DescribeRiskEventGroup DescribeRiskEventGroup Retrieves the details of intrusion prevention events.
    Vulnerability Protection Vulnerability Protection
    DescribeVulnerabilityProtectedList DescribeVulnerabilityProtectedList Retrieves a list of vulnerabilities that Cloud Firewall can protect against.
    DescribeUnprotectedVulnTrend DescribeUnprotectedVulnTrend Queries the trend of unprotected vulnerabilities.
    Fall-down perception Fall-down perception
    DescribeInvadeEventList DescribeInvadeEventList Queries a list of breach awareness events detected by Cloud Firewall.
    DescribeInvadeEventNameList DescribeInvadeEventNameList Retrieves a list of vulnerability names.
    DescribeInvadeEventStatistic DescribeInvadeEventStatistic Queries statistics about intrusion events.
    DescribeInvadeEventDetail DescribeInvadeEventDetail Retrieves the details of a breach awareness event.
    Data leakage Data leakage
    DescribeSdlEventList DescribeSdlEventList Retrieves a list of data leak events.
    DescribeSdlEventSdList DescribeSdlEventSdList Retrieves the list of sensitive data from a data breach.
    DescribeSdlEventDetail DescribeSdlEventDetail Retrieves the details of a data leak event.
    DescribeSdlEventStatistic DescribeSdlEventStatistic Queries statistics about data leaks.
    DescribeSdlStatistic DescribeSdlStatistic Retrieves the details of sensitive data.
    DescribeSensitiveSwitch DescribeSensitiveSwitch Queries the status of the sensitive data detection switch.
    ModifySensitiveSwitch ModifySensitiveSwitch Modifies the status of the sensitive data detection switch.
    EnableSdlProtectedAsset EnableSdlProtectedAsset Enables data breach protection for assets.
    DisableSdlProtectedAsset DisableSdlProtectedAsset Disables sensitive data discovery for a protected asset.

    Protection Configuration

    API

    Title

    Description
    Access Control Access Control
    DescribeAclApps DescribeAclApps Queries multiple access control applications.
    DescribeAclWhitelist DescribeAclWhitelist Queries the Access Control List (ACL) whitelist.
    Boundaries of the Internet Boundaries of the Internet
    DescribeAclRuleCount DescribeAclRuleCount Retrieves the total number of access control list (ACL) configurations.
    DescribeControlPolicy DescribeControlPolicy Retrieves information about all access control policies.
    DescribeACLProtectTrend DescribeACLProtectTrend Queries the trend of traffic blocked by Internet access control.
    DescribePolicyAdvancedConfig DescribePolicyAdvancedConfig Queries the status of strict mode for access control policies.
    DescribePolicyPriorUsed DescribePolicyPriorUsed Queries the priority range of access control policies.
    DescribeControlPolicyDomainResolve DescribeControlPolicyDomainResolve Queries the domain name resolution results for an access control policy.
    AddControlPolicy AddControlPolicy Adds an access control policy.
    AddDomainResolveRealtimeTask AddDomainResolveRealtimeTask Creates a real-time domain name resolution task.
    ModifyControlPolicyPriority ModifyControlPolicyPriority Modifies the priority of an access control policy.
    ModifyPolicyAdvancedConfig ModifyPolicyAdvancedConfig Enables or disables the strict mode for access control policies.
    DeleteControlPolicy DeleteControlPolicy Deletes an access control policy.
    DeleteControlPolicyTemplate DeleteControlPolicyTemplate Deletes an access control policy template.
    ResetRuleHitCount ResetRuleHitCount Resets the hit count of a rule.
    NAT Border NAT Border
    DescribeNatAclPageStatus DescribeNatAclPageStatus Queries the paging status of the NAT firewall.
    DescribeNatFirewallAclGroupList DescribeNatFirewallAclGroupList Queries the access control policy groups for NAT firewalls.
    DescribeNatFirewallControlPolicy DescribeNatFirewallControlPolicy Retrieves the details of all access control policies for NAT firewalls.
    DescribeNatFirewallPolicyPriorUsed DescribeNatFirewallPolicyPriorUsed Queries the priority range of an access control policy for a NAT firewall.
    CreateNatFirewallControlPolicy CreateNatFirewallControlPolicy Creates an access control policy for the NAT firewall.
    ModifyNatFirewallControlPolicy ModifyNatFirewallControlPolicy Modifies the configuration of an access control policy for a NAT firewall.
    ModifyNatFirewallControlPolicyPosition ModifyNatFirewallControlPolicyPosition Modifies the priority of an access control policy for a NAT firewall.
    ResetNatFirewallRuleHitCount ResetNatFirewallRuleHitCount Resets the hit count of a NAT firewall rule.
    DeleteNatFirewallControlPolicy DeleteNatFirewallControlPolicy Deletes an access control policy for a NAT firewall.
    DeleteNatFirewallControlPolicyBatch DeleteNatFirewallControlPolicyBatch Deletes a batch of NAT firewall policies.
    VPC Boundary VPC Boundary
    DescribeVpcFirewallAssetRegionList DescribeVpcFirewallAssetRegionList Returns a list of regions in which the VPC firewall is enabled.
    DescribeVpcFirewallAclGroupList DescribeVpcFirewallAclGroupList Retrieves information about all access control policy groups for a VPC firewall.
    DescribeVpcFirewallControlPolicy DescribeVpcFirewallControlPolicy Queries all access control policies for a specified VPC firewall.
    DescribeVpcFirewallPolicyPriorUsed DescribeVpcFirewallPolicyPriorUsed Queries the effective priority range for access control policies in a specified VPC firewall policy group.
    CreateVpcFirewallControlPolicy CreateVpcFirewallControlPolicy Adds an access control policy to a policy group for a specified VPC firewall.
    ModifyVpcFirewallControlPolicy ModifyVpcFirewallControlPolicy Modifies an access control policy in a policy group for a VPC firewall.
    ModifyVpcFirewallControlPolicyPosition ModifyVpcFirewallControlPolicyPosition Modifies the priority of an access control policy in a policy group for a VPC firewall.
    ModifyVpcFirewallAclEngineMode ModifyVpcFirewallAclEngineMode Modifies the ACL engine mode for a VPC firewall.
    ResetVpcFirewallRuleHitCount ResetVpcFirewallRuleHitCount Resets the hit count of an access control policy in a specified VPC firewall policy group to zero.
    DeleteVpcFirewallControlPolicy DeleteVpcFirewallControlPolicy Deletes an access control policy from a specific VPC firewall policy group.
    BatchDeleteVpcFirewallControlPolicy BatchDeleteVpcFirewallControlPolicy Deletes access control policies for a VPC firewall in a batch.
    DNS boundary DNS boundary
    DescribeVpcListLite DescribeVpcListLite Queries a list of Virtual Private Clouds (VPCs).
    DescribeDnsFirewallPolicy DescribeDnsFirewallPolicy Queries the list of access control lists (ACLs) for the DNS firewall.
    DescribePrefixLists DescribePrefixLists Queries prefix lists.
    AddDnsFirewallPolicy AddDnsFirewallPolicy Adds a DNS firewall Access Control List (ACL).
    ModifyDnsFirewallPolicy ModifyDnsFirewallPolicy Modifies a DNS firewall rule.
    DeleteDnsFirewallPolicy DeleteDnsFirewallPolicy Deletes a DNS firewall policy.
    IPS Protection IPS Protection
    DescribeThreatIntelligenceSwitch DescribeThreatIntelligenceSwitch Retrieves information about threat intelligence configurations.
    ModifyThreatIntelligenceSwitch ModifyThreatIntelligenceSwitch Modifies the threat intelligence configuration.
    ModifyIpsRulesToDefault ModifyIpsRulesToDefault Resets Intrusion Prevention System (IPS) rules to the default settings.
    DescribeSignatureLibVersion DescribeSignatureLibVersion Describes the version information of the signature library.
    Boundaries of the Internet Boundaries of the Internet
    DescribeDefaultIPSConfig DescribeDefaultIPSConfig Provides Intrusion Prevention System (IPS) protection for internet traffic.
    DescribeUserIPSWhitelist DescribeUserIPSWhitelist Queries the intrusion prevention system (IPS) whitelist for the Internet Border.
    ModifyIpsRules ModifyIpsRules Modifies Intrusion Prevention System (IPS) rules.
    ModifyDefaultIPSConfig ModifyDefaultIPSConfig Modifies the default intrusion prevention system (IPS) configuration.
    ModifyUserIPSWhitelist ModifyUserIPSWhitelist Modifies the intrusion prevention system (IPS) whitelist for the Internet Border.
    Private Network Traceability Private Network Traceability
    DescribeIpsPrivateAssoc DescribeIpsPrivateAssoc Queries the list of IPS Private IP Tracing associations.
    CreateIpsPrivateAssoc CreateIpsPrivateAssoc Creates an association for private IP traffic tracing with the Intrusion Prevention System (IPS).
    DeleteIpsPrivateAssoc DeleteIpsPrivateAssoc Creates a private network association for an IPS.
    VPC Boundary VPC Boundary
    DescribeVfwIPSConfigList DescribeVfwIPSConfigList Queries the intrusion prevention system (IPS) configurations for VPC firewalls.
    DescribeVpcFirewallDefaultIPSConfig DescribeVpcFirewallDefaultIPSConfig Queries the intrusion prevention configuration of a specified VPC firewall.
    DescribeVpcFirewallIPSWhitelist DescribeVpcFirewallIPSWhitelist Describes the intrusion prevention system (IPS) whitelist for a VPC firewall.
    ModifyVpcFirewallDefaultIPSConfig ModifyVpcFirewallDefaultIPSConfig Modifies the intrusion prevention configuration of a VPC firewall.
    ModifyVpcFirewallIPSWhitelist ModifyVpcFirewallIPSWhitelist Modifies the intrusion prevention system (IPS) whitelist for a VPC firewall.
    TLS Check TLS Check
    ListTlsInspectCACertificates ListTlsInspectCACertificates This operation lists the Transport Layer Security (TLS) inspection certificate authority (CA) certificates.
    GetTlsInspectCertificateDownloadUrl GetTlsInspectCertificateDownloadUrl Retrieves the download path for the certificate of a Transport Layer Security (TLS) inspection policy.
    strategy analysis strategy analysis
    DescribeAclCheckQuota DescribeAclCheckQuota Queries the quota for access control list (ACL) checks.
    DescribeAclChecks DescribeAclChecks Queries Access Control List (ACL) checks in batches.
    DescribeAclCheck DescribeAclCheck Retrieves the details of an Access Control List (ACL) check.
    CreateAclCheck CreateAclCheck Creates an access control list (ACL) check.
    UpdateAclCheckDetailStatus UpdateAclCheckDetailStatus Updates the status of an access control list (ACL) check detail.
    Address Book Address Book
    DescribeAddressBook DescribeAddressBook Queries address books in a batch.
    AddAddressBook AddAddressBook Creates an address book. You can create an IPv4 address book, an ECS tag-based address book, an IPv6 address book, a domain name address book, or an ACK address book.
    ModifyAddressBook ModifyAddressBook Modifies an address book.
    DeleteAddressBook DeleteAddressBook Deletes an address book.
    Synchronize nodes Synchronize nodes
    DescribeAccessInstanceRegionList DescribeAccessInstanceRegionList Queries the regions that contain synchronization nodes.
    DescribeAccessInstanceTask DescribeAccessInstanceTask Queries the progress of a synchronization task on a node.
    DescribeAccessInstanceVpcList DescribeAccessInstanceVpcList Queries the VPCs associated with synchronization nodes.
    DescribeAccessInstanceVSwitchList DescribeAccessInstanceVSwitchList Queries the vSwitches for synchronization nodes.
    DescribeAccessInstanceZoneList DescribeAccessInstanceZoneList Returns a list of available zones for access instances.
    ACK Cluster ACK Cluster
    DescribeAckClusters DescribeAckClusters Queries for Container Service for Kubernetes (ACK) clusters based on specified conditions, such as cluster type and specifications.
    DescribeAckClusterConnectors DescribeAckClusterConnectors Queries a list of ACK cluster connectors in batches.
    DescribeAckClusterConnector DescribeAckClusterConnector Retrieves the details of a specified ACK cluster connector.
    DescribeAckClusterNamespaces DescribeAckClusterNamespaces Queries the namespaces in an Alibaba Cloud Container Service for Kubernetes (ACK) cluster.
    DescribeAckClusterPodLabels DescribeAckClusterPodLabels Queries the labels within an Alibaba Cloud Container Service for Kubernetes (ACK) cluster.
    CreateAckClusterConnector CreateAckClusterConnector Creates an ACK cluster connector.
    UpdateAckClusterConnector UpdateAckClusterConnector Updates an ACK cluster connector.
    DeleteAckClusterConnector DeleteAckClusterConnector Deletes an ACK cluster connector.
    Private DNS Private DNS
    DescribePrivateDnsEndpointList DescribePrivateDnsEndpointList Queries a list of private DNS endpoints.
    DescribePrivateDnsEndpointDetail DescribePrivateDnsEndpointDetail Retrieves the details of a private DNS endpoint.
    DescribePrivateDnsStatistics DescribePrivateDnsStatistics Returns statistics about private DNS.
    CreatePrivateDnsEndpoint CreatePrivateDnsEndpoint Creates a private DNS endpoint.
    ModifyPrivateDnsEndpoint ModifyPrivateDnsEndpoint Modifies a private DNS endpoint.
    DeletePrivateDnsEndpoint DeletePrivateDnsEndpoint Deletes a private DNS endpoint.
    DescribePrivateDnsDomainNameList DescribePrivateDnsDomainNameList Queries a list of private DNS domain names.
    AddPrivateDnsDomainName AddPrivateDnsDomainName Adds a private DNS domain name.
    DeletePrivateDnsDomainName DeletePrivateDnsDomainName Deletes private DNS domain names.
    DeletePrivateDnsAllDomainName DeletePrivateDnsAllDomainName Deletes all private DNS domain names.

    Log Monitoring

    API

    Title

    Description
    DescribeLogStoreInfo Get Log Service Information Retrieves the details of the Logstore in Simple Log Service.
    DescribeTrafficLog DescribeTrafficLog Queries log traffic information.
    DescribeSlsAnalyzeOpenStatus DescribeSlsAnalyzeOpenStatus Queries the enabled status of Log Service (SLS).
    DescribeClearAuthInfo DescribeClearAuthInfo Retrieves information about cleared authorizations.
    DescribeLocationInfo DescribeLocationInfo Retrieves information about geographic locations.
    DescribeIspInfo DescribeIspInfo Retrieves information about ISPs.
    DescribeCreatedNatFirewall DescribeCreatedNatFirewall Retrieves a list of created NAT firewalls.
    DescribeBatchSlsDispatchStatus DescribeBatchSlsDispatchStatus Queries the status of log delivery.
    ModifySlsDispatchStatus ModifySlsDispatchStatus Modifies the log delivery settings for Simple Log Service (SLS).
    ModifyUserSlsLogStorageTime ModifyUserSlsLogStorageTime Modifies the storage duration for user logs.
    ClearLogStoreStorage ClearLogStoreStorage Clears the storage for firewall logs.

    System Settings

    API

    Title

    Description
    Alarm Notification Alarm Notification
    DescribeUserAlarmConfig DescribeUserAlarmConfig Retrieves the user's alert configuration.
    ModifyUserAlarmConfig ModifyUserAlarmConfig Modifies user alert configuration.
    Unified management of multiple accounts Unified management of multiple accounts
    DescribeInstanceRdAccounts DescribeInstanceRdAccounts Queries the member accounts in a resource directory for a Cloud Firewall instance.
    DescribeInstanceMembers DescribeInstanceMembers Retrieves information about the member accounts of Cloud Firewall.
    AddInstanceMembers AddInstanceMembers Adds member accounts to Cloud Firewall.
    ModifyInstanceMemberAttributes ModifyInstanceMemberAttributes Updates the information about members in Cloud Firewall.
    DeleteInstanceMembers DeleteInstanceMembers Deletes Cloud Firewall member accounts.
    Download Tasks Download Tasks
    DescribeDownloadTask DescribeDownloadTask Queries the information and download URLs of file download tasks.
    DescribeDownloadTaskType DescribeDownloadTaskType Queries the types of download tasks. The returned types correspond to the TaskType field in other download-related API operations.
    CreateDownloadTask CreateDownloadTask Creates a file download task.
    DeleteDownloadTask DeleteDownloadTask Deletes a file download task.
    Toolbox Toolbox
    Policy Backup and Rollback Policy Backup and Rollback
    DescribeAclBackupList DescribeAclBackupList Queries a list of access control list (ACL) backups.
    AddAclBackupData AddAclBackupData Creates an access control list (ACL) backup.
    UseAclBackupData UseAclBackupData Restores access control policies from a backup.
    DeleteAclBackupData DeleteAclBackupData Deletes an access control list (ACL) backup.
    DescribeSecurityMode DescribeSecurityMode Queries the settings of the safe mode.

    Abandoned

    API

    Title

    Description
    DescribePageDocuments DescribePageDocuments Queries the frequently asked questions (FAQ) for a page.
    DescribeDomainResolve DescribeDomainResolve Retrieves the Domain Name System (DNS) resolution results for a domain name.
    DescribeFirewallDropStatistics DescribeFirewallDropStatistics Retrieves statistics on packets dropped by the firewall.
    DescribeUserAssetIPTrafficInfo DescribeUserAssetIPTrafficInfo Queries the traffic information for a specified asset.
    DescribeCfwRiskLevelSummary DescribeCfwRiskLevelSummary Queries a summary of threat levels for Cloud Firewall.
    DescribeRiskSecurityGroupDetail DescribeRiskSecurityGroupDetail Retrieves the details of a risk security group.
    DescribeSecurityProxy DescribeSecurityProxy Retrieves the details of NAT firewalls.
    CreateVpcFirewallCenManualConfigure CreateVpcFirewallCenManualConfigure Manually creates a VPC border firewall.
    BatchCopyVpcFirewallControlPolicy BatchCopyVpcFirewallControlPolicy Copies all policies from a source VPC firewall policy group to a destination VPC firewall policy group.
    ModifyControlPolicyPosition ModifyControlPolicyPosition Modifies the priority of an IPv4 access control policy for the Internet firewall. For this type of policy, the source and destination IP addresses are in IPv4 format.

    Other

    API

    Title

    Description
    DescribeVpcFirewallTrafficAssetList DescribeVpcFirewallTrafficAssetList Retrieves a list of assets that access domain names through a VPC firewall.
    SetAutoProtectNewAssets SetAutoProtectNewAssets Enables automatic protection for new assets.
    DescribeRegionResourceTypeAutoEnable DescribeRegionResourceTypeAutoEnable Queries the traffic redirection settings for a region and resource type.

    Others

    API

    Title

    Description
    CreateSlsLogDispatch CreateSlsLogDispatch Create Cloud Firewall SLS Log Delivery
    DescribeRiskEventPayload DescribeRiskEventPayload Queries the attack payloads of intrusion events.
    ModifyControlPolicy ModifyControlPolicy Updates the configurations of an access control policy.