This product(
Cloudfw/2017-12-07) OpenAPI adopts RPC Signature style. See signature details in Description of the signature mechanism. We have packaged SDKs for common programming languages for developers. Developers can directly call the OpenAPI of this product by downloading the SDK without paying attention to the technical details. If the existing SDK cannot meet the usage requirements, you can connect through the signature mechanism. It will take about 5 working days. Therefore, it is recommended to join our DingTalk service group (11370001915) and sign under the guidance of experts. Before using the API, you need to prepare your identity account and access key (AccessKey) to effectively access the API through client tools (SDK, CLI, etc.). For details see getAccessKey.
Firewall enabling and disabling
| API | Title | Description |
|---|---|---|
| DescribeAssetList | DescribeAssetList | Queries the assets that are protected by Cloud Firewall. |
| PutDisableFwSwitch | PutDisableFwSwitch | Turns off a firewall switch. |
| PutEnableAllFwSwitch | PutEnableAllFwSwitch | Turns on all firewall switches. |
| PutEnableFwSwitch | PutEnableFwSwitch | Enables firewalls for specific assets. |
| PutDisableAllFwSwitch | PutDisableAllFwSwitch | Turns off all firewall switches. |
Access control
| API | Title | Description |
|---|---|---|
| NAT Border | NAT Border | |
| CreateNatFirewallControlPolicy | CreateNatFirewallControlPolicy | Creates an access control policy for a NAT firewall. |
| DescribeNatFirewallControlPolicy | DescribeNatFirewallControlPolicy | Queries the information about all access control policies that are created for NAT firewalls. |
| DescribeNatFirewallPolicyPriorUsed | DescribeNatFirewallPolicyPriorUsed | Queries the priority range of access control policies that are created for a NAT firewall. |
| ModifyNatFirewallControlPolicyPosition | ModifyNatFirewallControlPolicyPosition | Modifies the priority of an access control policy that is created for a NAT firewall. |
| ModifyNatFirewallControlPolicy | ModifyNatFirewallControlPolicy | Modifies the configurations of an access control policy that is created for a NAT firewall. |
| DeleteNatFirewallControlPolicy | DeleteNatFirewallControlPolicy | Deletes an access control policy that is created for a NAT firewall. |
| VPC Border | VPC Border | |
| CreateVpcFirewallControlPolicy | CreateVpcFirewallControlPolicy | Creates an access control policy in a specified policy group for a virtual private cloud (VPC) firewall. |
| BatchCopyVpcFirewallControlPolicy | BatchCopyVpcFirewallControlPolicy | Copies all access control policies from a policy group of a source virtual private cloud (VPC) firewall to a policy group of a destination VPC firewall. |
| ResetVpcFirewallRuleHitCount | ResetVpcFirewallRuleHitCount | Clears the count on hits of an access control policy that is created for a virtual private cloud (VPC) firewall in a specific policy group. |
| DescribeVpcFirewallAclGroupList | DescribeVpcFirewallAclGroupList | Queries the information about all policy groups of access control policies that are created for virtual private cloud (VPC) firewalls. |
| DescribeVpcFirewallPolicyPriorUsed | DescribeVpcFirewallPolicyPriorUsed | Queries the priority range of access control policies that are created for a virtual private cloud (VPC) firewall in a specific policy group. |
| DescribeVpcFirewallControlPolicy | DescribeVpcFirewallControlPolicy | Queries the information about the access control policies for a specified virtual private cloud (VPC) firewall. |
| ModifyVpcFirewallControlPolicyPosition | ModifyVpcFirewallControlPolicyPosition | Modifies the priority of an access control policy that is created for a virtual private cloud (VPC) firewall in a specific policy group. |
| ModifyVpcFirewallControlPolicy | ModifyVpcFirewallControlPolicy | Modifies the configurations of an access control policy that is created for a virtual private cloud (VPC) firewall in a specified policy group. |
| DeleteVpcFirewallControlPolicy | DeleteVpcFirewallControlPolicy | Deletes an access control policy from a specific policy group for a virtual private cloud (VPC) firewall. |
| Internet Border | Internet Border | |
| DescribeACLProtectTrend | DescribeACLProtectTrend | Queries the statistics on the requests that are blocked by the access control list (ACL) feature. |
| DescribePolicyAdvancedConfig | DescribePolicyAdvancedConfig | Queries whether the strict mode is enabled for an access control policy. |
| ModifyPolicyAdvancedConfig | ModifyPolicyAdvancedConfig | Enables or disables the strict mode for an access control policy. |
| DescribePolicyPriorUsed | DescribePolicyPriorUsed | Queries the priority range of the access control policies that match specific query conditions. |
| DescribeDomainResolve | DescribeDomainResolve | Queries Domain Name System (DNS) records. |
| DescribeControlPolicy | DescribeControlPolicy | Queries the details about all access control policies. |
| ModifyControlPolicyPosition | ModifyControlPolicyPosition | Modifies the priority of an IPv4 access control policy for the Internet firewall. An IPv4 access control policy refers to a policy whose source IP address and destination IP address are IPv4 addresses. |
| ModifyControlPolicy | ModifyControlPolicy | Modifies the configurations of an access control policy. |
| DeleteControlPolicy | DeleteControlPolicy | Deletes an access control policy. |
| AddControlPolicy | AddControlPolicy | Creates an access control policy. |
VPC firewalls
| API | Title | Description |
|---|---|---|
| Intrusion Prevention | Intrusion Prevention | |
| ModifyVpcFirewallDefaultIPSConfig | ModifyVpcFirewallDefaultIPSConfig | Modifies the intrusion prevention configurations of a virtual private cloud (VPC) firewall. |
| DescribeVpcFirewallDefaultIPSConfig | DescribeVpcFirewallDefaultIPSConfig | Queries the intrusion prevention configurations of a virtual private cloud (VPC) firewall. |
| Express Connect | Express Connect | |
| DeleteVpcFirewallConfigure | DeleteVpcFirewallConfigure | Deletes a virtual private cloud (VPC) firewall that controls traffic between two VPCs. The VPCs are connected by using an Express Connect circuit. |
| ModifyVpcFirewallConfigure | ModifyVpcFirewallConfigure | Modifies the configurations of a virtual private cloud (VPC) firewall. The VPC firewall controls traffic between two VPCs that are connected by using an Express Connect circuit. |
| ModifyVpcFirewallSwitchStatus | ModifyVpcFirewallSwitchStatus | Enables or disables a virtual private cloud (VPC) firewall. The VPC firewall protects traffic between two VPCs that are connected by using an Express Connect circuit. |
| DescribeVpcFirewallDetail | DescribeVpcFirewallDetail | Queries the details about a virtual private cloud (VPC) firewall. The VPC firewall controls traffic between two VPCs that are connected by using an Express Connect circuit. |
| DescribeVpcFirewallList | DescribeVpcFirewallList | Queries the details about virtual private cloud (VPC) firewalls by page. Each VPC firewall protects traffic between two VPCs that are connected by using an Express Connect circuit. |
| CreateVpcFirewallConfigure | CreateVpcFirewallConfigure | Creates a Virtual Private Cloud (VPC) firewall to protect traffic between two VPCs that are connected by using an Express Connect. |
| CEN (Basic Edition) | CEN (Basic Edition) | |
| CreateVpcFirewallCenConfigure | CreateVpcFirewallCenConfigure | Creates a virtual private cloud (VPC) firewall to protect traffic between a specified VPC and a network instance that is attached to a Cloud Enterprise Network (CEN) instance. |
| ModifyVpcFirewallCenSwitchStatus | ModifyVpcFirewallCenSwitchStatus | Enables or disables a virtual private cloud (VPC) firewall. The VPC firewall protects mutual access traffic between a VPC and a specified network instance that is attached to a Cloud Enterprise Network (CEN) instance. |
| ModifyVpcFirewallCenConfigure | ModifyVpcFirewallCenConfigure | Modifies the configurations of a virtual private cloud (VPC) firewall. The VPC firewall protects mutual access traffic between a VPC and a specified network instance that is attached to a Cloud Enterprise Network (CEN) instance. |
| DescribeVpcFirewallCenList | DescribeVpcFirewallCenList | Queries virtual private cloud (VPC) firewalls. Each VPC firewall protects mutual access traffic between a specified VPC and a network instance that is attached to a Cloud Enterprise Network (CEN) instance. |
| DescribeVpcFirewallCenDetail | DescribeVpcFirewallCenDetail | Queries the details about a virtual private cloud (VPC) firewall. The VPC firewall protects access traffic between a VPC and a network instance that is attached to a Cloud Enterprise Network (CEN) instance. |
| DeleteVpcFirewallCenConfigure | DeleteVpcFirewallCenConfigure | Deletes a virtual private cloud (VPC) firewall. The VPC firewall protects mutual access traffic between a VPC and a specified network instance that is attached to a Cloud Enterprise Network (CEN) instance. |
| CEN (Enterprise Edition) | CEN (Enterprise Edition) | |
| CreateTrFirewallV2 | CreateTrFirewallV2 | Creates a virtual private cloud (VPC) firewall for a transit router. |
| DescribeTrFirewallsV2Detail | DescribeTrFirewallsV2Detail | Queries the details of the virtual private cloud (VPC) firewalls that are created for transit routers. |
| DescribeTrFirewallsV2List | DescribeTrFirewallsV2List | Queries the virtual private cloud (VPC) firewalls that are created for transit routers. |
| DescribeTrFirewallV2RoutePolicyList | DescribeTrFirewallV2RoutePolicyList | Queries the routing policies of a virtual private cloud (VPC) firewall that is created for a transit router. |
| DescribeTrFirewallPolicyBackUpAssociationList | DescribeTrFirewallPolicyBackUpAssociationList | Queries information about the transit routers that are associated with a virtual private cloud (VPC) firewall created for a transit router. |
| ModifyFirewallV2RoutePolicySwitch | ModifyFirewallV2RoutePolicySwitch | Modifies the status of a routing policy. |
| DeleteTrFirewallV2 | DeleteTrFirewallV2 | Deletes a virtual private cloud (VPC) firewall that is created for a transit router. |
Multi-account control
| API | Title | Description |
|---|---|---|
| AddInstanceMembers | AddInstanceMembers | Adds members to Cloud Firewall. |
| DeleteInstanceMembers | DeleteInstanceMembers | Removes members from Cloud Firewall. |
| ModifyInstanceMemberAttributes | ModifyInstanceMemberAttributes | Updates the information about members in Cloud Firewall. |
| DescribeInstanceMembers | DescribeInstanceMembers | Queries the information about members in Cloud Firewall. |
Intrusion prevention
| API | Title | Description |
|---|---|---|
| DescribeRiskEventPayload | DescribeRiskEventPayload | Queries the attack payloads of intrusion events. |
| DescribeVulnerabilityProtectedList | DescribeVulnerabilityProtectedList | Queries the vulnerabilities that are supported by Cloud Firewall. |
| DescribeRiskEventGroup | DescribeRiskEventGroup | Queries the details of intrusion events. |
| DescribeUserAssetIPTrafficInfo | DescribeUserAssetIPTrafficInfo | Queries the information about the traffic of a specified asset that belongs to your Alibaba Cloud account. |
| DescribeInvadeEventList | DescribeInvadeEventList | Queries the information about the breach awareness events of a firewall. |
| DescribeOutgoingDestinationIP | DescribeOutgoingDestinationIP | Queries the information about the destination IP addresses in outbound connections. |
| DescribeOutgoingDomain | DescribeOutgoingDomain | Queries the information about the domain names in outbound connections. |
Address books
| API | Title | Description |
|---|---|---|
| AddAddressBook | AddAddressBook | Creates an address book for access control. Supported address book types are IP address books, Elastic Compute Service (ECS) tag-based address books, port address books, and domain address books. An ECS tag-based address book includes the public IP addresses of the ECS instances that have specific tags. |
| DeleteAddressBook | DeleteAddressBook | Deletes an address book for access control. |
| ModifyAddressBook | ModifyAddressBook | Modifies the address book that is configured for access control. |
| DescribeAddressBook | DescribeAddressBook | Queries the details about an address book for an access control policy. |
Traffic Analysis
| API | Title | Description |
|---|---|---|
| DescribeInternetOpenIp | DescribeInternetOpenIp | Queries the IP addresses that are open to the Internet. |
| DescribeInternetTrafficTrend | DescribeInternetTrafficTrend | Queries the trends of Internet traffic. |
Other
| API | Title | Description |
|---|---|---|
| DescribeAssetRiskList | DescribeAssetRiskList | Queries the risk levels of assets. |
| DescribeVpcListLite | DescribeVpcListLite | Queries virtual private clouds (VPCs). |
| ModifyVpcFirewallIPSWhitelist | ModifyVpcFirewallIPSWhitelist | Modifies the IPS whitelist of a virtual private cloud (VPC) firewall. |
| DescribeVpcFirewallIPSWhitelist | DescribeVpcFirewallIPSWhitelist | Queries the IPS whitelist of a virtual private cloud (VPC) firewall. |
| DeleteControlPolicyTemplate | DeleteControlPolicyTemplate | Deletes an access control policy template. |
| DescribePrefixLists | DescribePrefixLists | Queries prefix lists. |
| CreateDownloadTask | CreateDownloadTask | Creates a file download task. |
| DescribeDownloadTaskType | DescribeDownloadTaskType | Queries the types of download tasks. The type corresponds to the TaskType fields in the download task-related operations. |
| DeleteDownloadTask | DeleteDownloadTask | Deletes file download tasks. |
| DescribeDownloadTask | DescribeDownloadTask | Queries file download tasks, including the task information and download URLs. |
| DeleteNatFirewallControlPolicyBatch | DeleteNatFirewallControlPolicyBatch | Deletes access control policies that are created for a NAT firewall at a time. |
| ResetNatFirewallRuleHitCount | ResetNatFirewallRuleHitCount | Resets the number of NAT firewall hits. |
| DescribeNatAclPageStatus | DescribeNatAclPageStatus | Queries the pagination status of NAT firewalls. |
| DescribeInstanceRiskLevels | DescribeInstanceRiskLevels | Queries the risk levels of instances. |
| DescribeCfwRiskLevelSummary | DescribeCfwRiskLevelSummary | Queries the firewall risk level. |
| DescribeVpcZone | DescribeVpcZone | Queries virtual private cloud (VPC) zones. |
| DescribeSignatureLibVersion | DescribeSignatureLibVersion | Queries the information about signature library versions. |
| DescribePostpayTrafficTotal | DescribePostpayTrafficTotal | Queries the total traffic of Cloud Firewall that uses the pay-as-you-go billing method. The traffic for each type of firewall is queried. |
| DescribePostpayTrafficDetail | DescribePostpayTrafficDetail | Queries the traffic details of Cloud Firewall that uses the pay-as-you-go billing method. |
| BatchDeleteVpcFirewallControlPolicy | BatchDeleteVpcFirewallControlPolicy | Deletes multiple access control policies for a virtual private cloud (VPC) firewall at a time. |