UpdateAclCheckDetailStatus - Cloud Firewall - Alibaba Cloud Documentation Center

Updates the status of an access control list (ACL) check detail.

Operation description

QPS limit

The queries per second (QPS) limit for a single user is 10. If you exceed this limit, the system throttles your API calls, which may affect your business. Call this operation at a reasonable rate.

Try it now

Try this API in OpenAPI Explorer, no manual signing needed. Successful calls auto-generate SDK code matching your parameters. Download it with built-in credential security for local usage.

Test

RAM authorization

No authorization for this operation. If you encounter issues with this operation, contact technical support.

Request parameters

Parameter	Type	Required	Description	Example
Lang	string	No	The language of the content. Valid values: Valid values: en : English zh : Chinese (default)	zh
TaskId	string	Yes	The ID of the access control list (ACL) check task.	task-c92d4544ef7b6a42
Uuid	string	Yes	The unique ID of the ACL policy in the ACL check details.	bbbb43c9-a931-4d89-9939-86d509139a20
Status	string	Yes	The new status. Valid values: Valid values: Pending : To be processed Ignored : Ignored Processed : Processed	Pending

Response elements

Element	Type	Description	Example
	object
RequestId	string	The ID of the request.	850A84D6************00090125EEB1
CheckRecord	object	The ACL check record.
Acls	array<object>	A list of ACL check results.
	array<object>	The ACL check result.
Acl	object	The ACL check result.
Direction	string	The traffic direction that the access control policy controls. Valid values: in: Inbound traffic. out: Outbound traffic.	in
Order	integer	The priority of the access control policy. The priority number starts from 1. A smaller number indicates a higher priority.	desc
SourceType	string	The source address type in the access control policy. Valid values: net: Source CIDR block group: Source address book location: Source region	net
ApplicationName	string	The application type that the access control policy supports. Valid values: FTP HTTP HTTPS Memcache MongoDB MQTT MySQL RDP Redis SMTP SMTPS SSH SSL_No_Cert SSL VNC Note The supported application types depend on the value of Proto (Protocol Type). If Proto is set to TCP, you can select any of the preceding application types for ApplicationNameList. If you specify both ApplicationNameList and ApplicationName, ApplicationNameList takes precedence.	ANY
HitTimes	integer	The number of hits on the access control policy.	1
Description	string	The description of the access control policy.	test_policy
SourceGroupType	string	The type of the source address book in the access control policy. Valid values: ip: An IP address book that contains one or more IP address ranges. tag: An ECS tag address book that contains the IP addresses of ECS instances with specific tags. domain: A domain name address book that contains one or more domain names. threat: A threat intelligence address book that contains one or more malicious IP addresses or domain names. backsrc: An origin URL address book that contains the origin URLs of one or more Anti-DDoS or WAF instances.	ip
DnsResultTime	integer	The timestamp of the DNS resolution. This value is a UNIX timestamp. Unit: seconds.	1579261141
DnsResult	string	The result of the DNS resolution.	192.168.0.1/32
Proto	string	The protocol type of the traffic in the access control policy. Valid values: TCP UDP ICMP ANY (all protocol types) Note If you do not set this parameter, all protocol types are queried.	ANY
DestinationGroupType	string	The type of the destination address book in the access control policy. Valid values: ip: An IP address book that contains one or more IP address ranges. tag: An ECS tag address book that contains the IP addresses of ECS instances with specific tags. domain: A domain name address book that contains one or more domain names. threat: A threat intelligence address book that contains one or more malicious IP addresses or domain names. backsrc: An origin URL address book that contains the origin URLs of one or more Anti-DDoS or WAF instances.	domain
Destination	string	The destination address in the access control policy. Fuzzy query is supported. The value of this parameter varies based on the value of DestinationType. If DestinationType is set to `net`, the value of this parameter is a CIDR block. For example: 10.0.3.0/24. If DestinationType is set to `domain`, the value of this parameter is a domain name. For example: aliyun. If DestinationType is set to `group`, the value of this parameter is the name of an address book. For example: db_group. If DestinationType is set to `location`, the value of this parameter is a region name. For more information about region codes, see AddControlPolicy. For example: ["BJ11", "ZB"]. Note If you do not set this parameter, all types of destination addresses are queried.	kms.cn-shanghai.aliyuncs.com
HitLastTime	integer	The timestamp of the last hit. This value is a UNIX timestamp. Unit: seconds.	1579261141
DestPortGroup	string	The destination port type for the traffic in the access control policy. Valid values: port: Port group: Port address book	所有端口
AclUuid	string	The unique ID of the access control policy.	1e8ed1b2-cebc-4b95-a9cc-0cb7ce2c0c2c
DestPortType	string	The destination port type for the traffic in the access control policy. Valid values: port: Port group: Port address book	port
Source	string	The source address in the access control policy. Valid values: If SourceType is set to `net`, the value of Source is a source CIDR block. For example: 10.2.4.0/24 If SourceType is set to `group`, the value of Source is the name of a source address book. For example: db_group	10.71.94.24
DestinationType	string	The destination address type in the access control policy. Valid values: net: Destination CIDR block group: Destination address book domain: Destination domain name	group
DestPort	string	The destination port for the traffic in the access control policy.	22/22
IpVersion	integer	The IP version of the asset that Cloud Firewall protects. Valid values: 4 (default): IPv4. 6: IPv6.	4
AclAction	string	The action that Cloud Firewall performs on the traffic. Valid values: accept: Allow drop: Deny log: Monitor	log
Release	string	The status of the access control policy. The policy is enabled by default after it is created. Valid values: true: Enable the access control policy. false: Disable the access control policy.	true
ApplicationId	string	The ID of the application that the access control policy uses.	HTTP
DestinationGroupCidrs	array	A list of CIDR blocks in the destination address book of the access control policy.
	string	A list of CIDR blocks in the destination address book of the access control policy.	192.168.0.1/32
DestPortGroupPorts	array	A list of ports in the destination port address book.
	string	A list of ports in the destination port address book.	22/22
SourceGroupCidrs	array	A list of CIDR blocks in the source address book of the access control policy.
	string	A list of CIDR blocks in the source address book of the access control policy.	192.168.0.1/32
ApplicationNameList	array	A list of application types that the access control policy supports.
	string	A list of application types that the access control policy supports.	SSH
SpreadCnt	integer	The number of specifications that the access control policy occupies. This is the cumulative value of the specifications occupied by each policy. The number of specifications occupied by a single policy = Number of source CIDR blocks × Number of destination addresses (IP address ranges, regions, or domain names) × Number of applications × Number of port ranges.	10
CreateTime	integer	The time when the policy was created.	1761062400
ModifyTime	integer	The time when the policy was last modified.	1761062400
RepeatType	string	The recurrence type for the policy validity period. Valid values: Permanent (default): Always None: One-time Daily: Daily Weekly: Weekly Monthly: Monthly	None
RepeatDays	array	The days of the week or month on which the policy recurs. If RepeatType is set to `Permanent`, `None`, or `Daily`, RepeatDays is an empty set. For example: [] If RepeatType is set to Weekly, RepeatDays cannot be empty. For example: [0, 6] Note If RepeatType is set to Weekly, RepeatDays cannot contain duplicate values. If RepeatType is set to `Monthly`, RepeatDays cannot be empty. For example: [1, 31] Note If RepeatType is set to Monthly, RepeatDays cannot contain duplicate values.
	integer	The days of the week or month on which the policy recurs. If RepeatType is set to `Permanent`, `None`, or `Daily`, RepeatDays is an empty set. For example: [] If RepeatType is set to Weekly, RepeatDays cannot be empty. For example: [0, 6] Note If RepeatType is set to Weekly, RepeatDays cannot contain duplicate values. If RepeatType is set to `Monthly`, RepeatDays cannot be empty. For example: [1, 31] Note If RepeatType is set to Monthly, RepeatDays cannot contain duplicate values.	1
RepeatStartTime	string	The start time of the recurrence. For example: 08:00. The time must be on the hour or half-hour, and at least 30 minutes earlier than the end time. Note If RepeatType is set to Permanent or None, RepeatStartTime is empty. If RepeatType is set to Daily, Weekly, or Monthly, you must specify RepeatStartTime.	08:00
RepeatEndTime	string	The end time of the recurrence. For example: 23:30. The time must be on the hour or half-hour, and at least 30 minutes later than the start time. Note If RepeatType is set to Permanent or None, RepeatEndTime is empty. If RepeatType is set to Daily, Weekly, or Monthly, you must specify RepeatEndTime.	23:30
StartTime	integer	The start time of the query. This value is a UNIX timestamp. Unit: seconds.	1736130347
EndTime	integer	The end time of the query. This value is a UNIX timestamp. Unit: seconds.	1752754426
AddressListCount	integer	The number of addresses in the address book.	1
GroupUuid	string	The unique ID of the address book. Note For more information, see DescribeAddressBook.	5a96a798-9b73-47f7-831e-1d7aa3c987a9
AutoAddTagEcs	integer	Indicates whether to automatically add the public IP addresses of new ECS instances that match the specified tags to the address book. New ECS instances include newly purchased instances with configured tags and instances with modified tags.	0
GroupName	string	The name of the address book.	subscribe
ReferenceCount	integer	The number of times the address book is referenced.	1
GroupType	string	The type of the address book. Valid values: ip: IP address book. domain: domain name address book. port: port address book. tag: ECS tag address book. allCloud: cloud service address book. threat: threat intelligence address book.	port
TagRelation	string	The relationship between multiple ECS tags.	and
TagList	array<object>	A list of ECS tags.
	object	The ECS tag.
TagValue	string	The value of the ECS tag.	tfTestAcc0
TagKey	string	The key of the ECS tag.	produce
AddressList	array	A list of addresses in the address book.
	string	A list of addresses in the address book.	183.2.201.71/32,60.28.235.22/32,210.51.58.107/32,60.28.235.81/32,210.51.58.51/32,60.28.235.52/32,1.1.1.1/32,154.212.141.143/32,167.94.146.55/32,185.226.197.47/32,101.251.238.174/32
NatGatewayId	string	The ID of the NAT Gateway.	ngw-gw85zno51npz7lgc04z89
DomainResolveType	integer	The domain name resolution method for the access control policy. Valid values: FQDN: Based on FQDN DNS: Based on dynamic DNS resolution FQDN_AND_DNS: Based on FQDN and dynamic DNS resolution	0
VpcFirewallId	string	The instance ID of the VPC firewall.	cen-cw4z051hr8x53qniv5
AclStatus	string	The status of the ACL check.	configuring
AclAssessmentDetail	string	The assessment details of the ACL policy.	无流量命中策略。
RecordAssessmentDetail	string	The assessment details of the ACL check.	由于业务下线或其它原因等，导致对象策略一段时间命中次数为0。
CheckName	string	The name of the ACL check. Valid values: PolicyHitCountZero: Policy with no traffic hits PolicySourceDestinationSame: Invalid policy where the source and destination are the same PolicyDuplicate: Duplicate or redundant policy PolicyConflict: Policy that conflicts with business DefaultPolicyNotDeny: Default policy is not a Deny All whitelist PolicyPortHighRisk: Risky policy that allows high-risk ports PolicyTooLoose: Control policy is too loose AddressBookIpSeparated: IP address books are duplicate, overlapping, or scattered AddressBookPortSeparated: Port address books are duplicate, overlapping, or scattered AddressBookDomainValid: Domain name address book validity check	PolicyHitCountZero
Description	string	The description of the rule.	dwd_mysql_lingwan_faxing_chat_config_di
LastCheckTime	string	The timestamp of the last check. Unit: seconds.	1724982259
Level	string	The risk level.	High
PolicyTotalCount	integer	The total number of policies.	1
TaskId	string	The ID of the ACL check task.	task-c92d4544ef7b6a42

Examples

Success response

JSON format

{
  "RequestId": "850A84D6************00090125EEB1",
  "CheckRecord": {
    "Acls": [
      {
        "Acl": {
          "Direction": "in",
          "Order": 0,
          "SourceType": "net",
          "ApplicationName": "ANY",
          "HitTimes": 1,
          "Description": "test_policy",
          "SourceGroupType": "ip",
          "DnsResultTime": 1579261141,
          "DnsResult": "192.168.0.1/32",
          "Proto": "ANY",
          "DestinationGroupType": "domain",
          "Destination": "kms.cn-shanghai.aliyuncs.com",
          "HitLastTime": 1579261141,
          "DestPortGroup": "所有端口",
          "AclUuid": "1e8ed1b2-cebc-4b95-a9cc-0cb7ce2c0c2c",
          "DestPortType": "port",
          "Source": "10.71.94.24",
          "DestinationType": "group",
          "DestPort": "22/22",
          "IpVersion": 4,
          "AclAction": "log",
          "Release": "true",
          "ApplicationId": "HTTP",
          "DestinationGroupCidrs": [
            "192.168.0.1/32"
          ],
          "DestPortGroupPorts": [
            "22/22"
          ],
          "SourceGroupCidrs": [
            "192.168.0.1/32"
          ],
          "ApplicationNameList": [
            "SSH"
          ],
          "SpreadCnt": 10,
          "CreateTime": 1761062400,
          "ModifyTime": 1761062400,
          "RepeatType": "None",
          "RepeatDays": [
            1
          ],
          "RepeatStartTime": "08:00",
          "RepeatEndTime": "23:30",
          "StartTime": 1736130347,
          "EndTime": 1752754426,
          "AddressListCount": 1,
          "GroupUuid": "5a96a798-9b73-47f7-831e-1d7aa3c987a9",
          "AutoAddTagEcs": 0,
          "GroupName": "subscribe",
          "ReferenceCount": 1,
          "GroupType": "port",
          "TagRelation": "and",
          "TagList": [
            {
              "TagValue": "tfTestAcc0",
              "TagKey": "produce"
            }
          ],
          "AddressList": [
            "183.2.201.71/32,60.28.235.22/32,210.51.58.107/32,60.28.235.81/32,210.51.58.51/32,60.28.235.52/32,1.1.1.1/32,154.212.141.143/32,167.94.146.55/32,185.226.197.47/32,101.251.238.174/32"
          ],
          "NatGatewayId": "ngw-gw85zno51npz7lgc04z89",
          "DomainResolveType": 0,
          "VpcFirewallId": "cen-cw4z051hr8x53qniv5"
        },
        "AclStatus": "configuring",
        "AclAssessmentDetail": "无流量命中策略。"
      }
    ],
    "RecordAssessmentDetail": "由于业务下线或其它原因等，导致对象策略一段时间命中次数为0。",
    "CheckName": "PolicyHitCountZero",
    "Description": "dwd_mysql_lingwan_faxing_chat_config_di",
    "LastCheckTime": "1724982259",
    "Level": "High",
    "PolicyTotalCount": 1,
    "TaskId": "task-c92d4544ef7b6a42"
  }
}

Error codes

HTTP status code	Error code	Error message	Description
400	ErrorAclCheckNotExist	ACL check not exist.	The access control configuration check does not exist.
400	ErrorAclCheckDetailNotExist	ACL check detail not exist.	The details of the access control configuration check do not exist.

See Error Codes for a complete list.

Release notes

See Release Notes for a complete list.