Modifies the accurate access control rule of a website.

Debugging

OpenAPI Explorer automatically calculates the signature value. For your convenience, we recommend that you call this operation in OpenAPI Explorer. OpenAPI Explorer dynamically generates the sample code of the operation for different SDKs.

Request parameters

Parameter Type Required Example Description
Action String Yes ModifyWebPreciseAccessRule

The operation that you want to perform. Set the value to ModifyWebPreciseAccessRule.

RegionId String No cn-hangzhou

The region ID of the instance. Valid values:

  • cn-hangzhou: Chinese mainland, which indicates Anti-DDoS Pro instances
  • ap-southeast-1: outside the Chinese mainland, which indicates Anti-DDoS Premium instances
ResourceGroupId String No rg-acfm2pz25js****

The ID of the resource group to which the instance belongs in Resource Management. This parameter is empty by default, which indicates that the instance belongs to the default resource group.

Domain String Yes example.aliyundoc.com

The domain name of the website.

Note A forwarding rule must be configured for the domain name. You can call the DescribeDomains operation to query all domain names.
Rules String Yes [{"action":"block","name":"testrule","condition":[{"field":"uri","match_method":"contain","content":"/test/123"}]}]

The settings of the accurate access control rule. This parameter is a JSON string. The following list describes the fields in the value of the parameter:

  • action: the action that is performed if the rule is matched. This field is required and must be of the string type. Valid values:
    • accept: allows the requests that match the rule.
    • block: blocks the requests that match the rule.
    • challenge: implements a CAPTCHA for the requests that match the rule.
  • name: the name of the rule. This field is required and must be of the string type.
  • condition: the match conditions. This field is required and must be of the map type. A match condition contains the following parameters.
    Note The AND logical operator is used to define the relationship among multiple match conditions.
    • field: the match field. This parameter is required and must be of the string type.
    • match_method: the logical relation. This parameter is required and must be of the string type.
      Note For information about the mappings between the field and match_method parameters, see the "Mappings between the field and match_method parameters" section of this topic.
    • content: the match content. This parameter is required and must be of the string type.
  • header_name: the HTTP header. This parameter is optional and must be of the string type. This parameter takes effect only when field is header.
Expires Integer No 600

The validity period of the rule. Unit: seconds. This parameter takes effect only when action of a rule is block. Access requests that match the rule are blocked within the specified validity period of the rule. If you do not specify this parameter, this rule takes effect all the time.

Mappings between the field and match_method parameters

field

Description

match_method

ip

The source IP address of the request.

belong: the Is Part Of relation

nbelong: the Is Not Part Of relation

uri

The request URI.

contain: the Contains relation

ncontain: the Does Not Contain relation

equal: the Equals relation

nequal: the Does Not Equal relation

lless: the Is Shorter Than relation

lequal: the Has a Length Of relation

lgreat: the Is Longer Than relation

regular: The match content is the regular expression of the URI.

referer

The URL of the source page from which the request is redirected.

contain: the Contains relation

ncontain: the Does Not Contain relation

equal: the Equals relation

nequal: the Does Not Equal relation

lless: the Is Shorter Than relation

lequal: the Has a Length Of relation

lgreat: the Is Longer Than relation

nexist: the Does Not Exist relation

regular: The match content is the regular expression of the URI.

user-agent

The browser information about the client that initiates the request. The information includes the browser identifier, rendering engine, and version.

contain: the Contains relation

ncontain: the Does Not Contain relation

equal: the Equals relation

nequal: the Does Not Equal relation

lless: the Is Shorter Than relation

lequal: the Has a Length Of relation

lgreat: the Is Longer Than relation

regular: The match content is the regular expression of the URI.

params

The query string in the request URL. The query string is the part that follows the question mark (?) in the URL. For example,

in demo.aliyundoc.com/index.html?action=login,

action=login

is the query string.

contain: the Contains relation

ncontain: the Does Not Contain relation

equal: the Equals relation

nequal: the Does Not Equal relation

lless: the Is Shorter Than relation

lequal: the Has a Length Of relation

lgreat: the Is Longer Than relation

cookie

The cookie information in the request.

contain: the Contains relation

ncontain: the Does Not Contain relation

equal: the Equals relation

nequal: the Does Not Equal relation

lless: the Is Shorter Than relation

lequal: the Has a Length Of relation

lgreat: the Is Longer Than relation

nexist: the Does Not Exist relation

content-type

The HTTP content type that is specified for the response. The HTTP content type is known as the Multipurpose Internet Mail Extensions (MIME) type.

contain: the Contains relation

ncontain: the Does Not Contain relation

equal: the Equals relation

nequal: the Does Not Equal relation

lless: the Is Shorter Than relation

lequal: the Has a Length Of relation

lgreat: the Is Longer Than relation

x-forwarded-for

The originating IP address. The HTTP X-Forwarded-For (XFF) header is used to identify the originating IP address of the request that is forwarded by an HTTP proxy or a load balancer. The XFF header is included only in the request that is forwarded by an HTTP proxy or a load balancer.

contain: the Contains relation

ncontain: the Does Not Contain relation

equal: the Equals relation

nequal: the Does Not Equal relation

lless: the Is Shorter Than relation

lequal: the Has a Length Of relation

lgreat: the Is Longer Than relation

nexist: the Does Not Exist relation

regular: The match content is the regular expression of the URI.

content-length

The number of bytes in the request body.

vless: the Is Smaller Than relation

vequal: the Has a Value Of relation

vgreat: the Is Larger Than relation

post-body

The content of the request.

contain: the Contains relation

ncontain: the Does Not Contain relation

equal: the Equals relation

nequal: the Does Not Equal relation

regular: The match content is the regular expression of the URI.

http-method

The request method, such as GET and POST.

equal: the Equals relation

nequal: the Does Not Equal relation

header

The header of the request, which is used to specify a custom HTTP header.

contain: the Contains relation

ncontain: the Does Not Contain relation

equal: the Equals relation

nequal: the Does Not Equal relation

lless: the Is Shorter Than relation

lequal: the Has a Length Of relation

lgreat: the Is Longer Than relation

nexist: the Does Not Exist relation

Response parameters

Parameter Type Example Description
RequestId String F908E959-ADA8-4D7B-8A05-FF2F67F50964

The ID of the request, which is used to locate and troubleshoot issues.

Examples

Sample requests

http(s)://[Endpoint]/?Action=ModifyWebPreciseAccessRule
&ResourceGroupId=rg-acfm2pz25js****
&Domain=example.aliyundoc.com
&Rules=[{"action":"block","name":"testrule","condition":[{"field":"uri","match_method":"contain","content":"/test/123"}]}]
&Expires=600
&<Common request parameters>

Sample success responses

XML format

HTTP/1.1 200 OK
Content-Type:application/xml

<ModifyWebPreciseAccessRuleResponse>
    <RequestId>F908E959-ADA8-4D7B-8A05-FF2F67F50964</RequestId>
</ModifyWebPreciseAccessRuleResponse>

JSON format

HTTP/1.1 200 OK
Content-Type:application/json

{
  "RequestId" : "F908E959-ADA8-4D7B-8A05-FF2F67F50964"
}

Error codes

For a list of error codes, visit the Error Center.