Queries the details about all access control policies.

Description

You can call the DescribeControlPolicy operation to query the details about access control policies by page.

Limits

You can call this operation up to 10 times per second per account. If the number of the calls per second exceeds the limit, throttling is triggered. As a result, your business may be affected. We recommend that you take note of the limit when you call this operation.

Debugging

OpenAPI Explorer automatically calculates the signature value. For your convenience, we recommend that you call this operation in OpenAPI Explorer. OpenAPI Explorer dynamically generates the sample code of the operation for different SDKs.

Request parameters

Parameter Type Required Example Description
Action String Yes DescribeControlPolicy

The operation that you want to perform.

Set the value to DescribeControlPolicy.

CurrentPage String Yes 1

The number of the page to return.

Default value: 1.

Direction String Yes in

The direction of the traffic to which the access control policy applies. Valid values:

  • in: inbound traffic
  • out: outbound traffic
PageSize String Yes 10

The number of entries to return on each page.

Maximum value: 50.

SourceIp String No 192.0.XX.XX

The source IP address of the request.

Lang String No zh

The natural language of the request and response. Valid values:

  • zh: Chinese (default)
  • en: English
Source String No 192.0.XX.XX

The source address in the access control policy. Fuzzy match is supported. The value of this parameter depends on the value of the SourceType parameter.

  • If SourceType is set to net, the value of Source is an IP address or a CIDR block. Example: 10.0.1.0/24.
  • If SourceType is set to group, the value of Source is the name of an address book. Example: db_group. If the db_group address book does not contain addresses, all source addresses are queried.
  • If SourceType is set to location, the value of Source is a location. Example: beijing.
Note If you do not configure this parameter, access control policies of all source address types are queried.
Destination String No 192.0.XX.XX

The destination address in the access control policy. Fuzzy match is supported. The value of this parameter depends on the value of the DestinationType parameter.

  • If DestinationType is set to net, the value of Destination is an IP address or a CIDR block. Example: 10.0.3.0/24.
  • If DestinationType is set to domain, the value of Destination is a domain name. Example: aliyun.
  • If DestinationType is set to group, the value of Destination is the name of an address book. Example: db_group.
  • If DestinationType is set to location, the value of Destination is a location. Example: beijing.
Note If you do not configure this parameter, access control policies of all destination address types are queried.
Description String No test

The description of the access control policy. Fuzzy match is supported.

Note If you do not configure this parameter, the descriptions of all access control policies are queried.
Proto String No TCP

The type of protocol in the access control policy. Valid values:

  • TCP
  • UDP
  • ICMP
  • ANY: all types of protocols
    Note If you do not configure this parameter, access control policies of all protocol types are queried.
AclAction String No accept

The action that Cloud Firewall performs on the traffic. Valid values:

  • accept: allows the traffic.
  • drop: denies the traffic.
  • log: monitors the traffic.
Note If you do not configure this parameter, access control policies of all action types are queried.
Release String No true

Specifies whether the access control policy is enabled. By default, an access control policy is enabled after it is created. Valid values:

  • true: The access control policy is enabled.
  • false: The access control policy is disabled.
AclUuid String No 00281255-d220-4db1-8f4f-c4df221ad84c

The ID of the access control policy.

IpVersion String No 6

The IP version of the address in the access control policy. Valid values:

  • 4: IPv4 (default)
  • 6: IPv6

Response parameters

Parameter Type Example Description
PageNo String 1

The page number of the returned page.

PageSize String 10

The number of entries returned per page.

Policys Array of DataItem

The details about the access control policy.

AclAction String accept

The action that Cloud Firewall performs on the traffic. Valid values:

  • accept: allows the traffic.
  • drop: denies the traffic.
  • log: monitors the traffic.
AclUuid String 00281255-d220-4db1-8f4f-c4df221ad84c

The ID of the access control policy.

ApplicationId String 10***

The application ID in the access control policy.

ApplicationName String HTTP

The type of the application that the access control policy supports. Valid values:

  • FTP
  • HTTP
  • HTTPS
  • Memcache
  • MongoDB
  • MQTT
  • MySQL
  • RDP
  • Redis
  • SMTP
  • SMTPS
  • SSH
  • SSL
  • VNC
  • ANY: all types of applications
Description String test

The description of the access control policy.

DestPort String 80

The destination port in the access control policy.

DestPortGroup String my_port_group

The name of the destination port address book in the access control policy.

DestPortGroupPorts List [80,443]

The ports in the destination port address book.

DestPortType String port

The type of the destination port in the access control policy. Valid values:

  • port: port
  • group: port address book
Destination String 192.0.XX.XX/24

The destination address in the access control policy. The value of this parameter depends on the value of the DestinationType parameter. Valid values:

  • If DestinationType is set to net, the value of Destination is an IP address or a CIDR block. Example: 192.0.XX.XX/24.
  • If DestinationType is set to domain, the value of Destination is a domain name. Example: aliyuncs.com.
  • If DestinationType is set to group, the value of Destination is the name of an address book. Example: db_group.
  • If DestinationType is set to location, the value of Destination is a location. For information about location codes, see AddControlPolicy. Example: ["BJ11", "ZB"].
DestinationGroupCidrs List ["192.0.XX.XX/24", "192.0.XX.XX/32"]

The CIDR blocks in the destination address book.

DestinationGroupType String ip

The type of the destination address book in the access control policy. Valid values:

  • ip: an address book that includes one or more IP addresses
  • tag: an Elastic Compute Service (ECS) tag-based address book that includes the IP addresses of the ECS instances with one or more specific tags
  • domain: an address book that includes one or more domain names
  • threat: an address book that includes one or more malicious IP addresses or domain names
  • backsrc: an address book that includes one or more back-to-origin addresses of Anti-DDoS Pro or Anti-DDoS Premium instances or Web Application Firewall (WAF) instances
DestinationType String net

The type of the destination address in the access control policy. Valid values:

  • net: destination CIDR block
  • group: destination address book
  • domain: destination domain name
  • location: destination location
Direction String in

The direction of the traffic to which the access control policy applies. Valid values:

  • in: inbound traffic
  • out: outbound traffic
DnsResult String 192.0.XX.XX,192.0.XX.XX

The DNS resolution result.

DnsResultTime Long 1579261141

The timestamp of the DNS resolution result. The value is a UNIX timestamp. Unit: seconds.

HitLastTime Long 1579261141

The timestamp when the access control policy was last hit. The value is a UNIX timestamp. Unit: seconds.

HitTimes Long 100

The number of hits for the access control policy.

IpVersion Integer 6

The IP version of the address in the access control policy.

Valid values:

  • 4: IPv4
  • 6: IPv6
Order Integer 1

The priority of the access control policy.

The priority value starts from 1. A small priority value indicates a high priority.

Proto String TCP

The type of the security protocol in the access control policy. Valid values:

  • ANY
  • TCP
  • UDP
  • ICMP
Release String true

Indicates whether the access control policy is enabled. By default, an access control policy is enabled after it is created. Valid values:

  • true: The access control policy is enabled.
  • false: The access control policy is disabled.
Source String 192.0.XX.XX/24

The source address in the access control policy. Valid values:

  • If SourceType is set to net, the value of Source is a CIDR block. Example: 192.0.XX.XX/24.
  • If SourceType is set to group, the value of Source is the name of an address book. Example: db_group.
  • If SourceType is set to location, the value of Source is a location. For more information about location codes, see AddControlPolicy. Example: ["BJ11", "ZB"].
SourceGroupCidrs List ["192.0.XX.XX/24", "192.0.XX.XX/32"]

The CIDR blocks in the source address book.

SourceGroupType String ip

The type of the source address book in the access control policy. Valid values:

  • ip: an address book that includes one or more IP addresses
  • tag: an ECS tag-based address book that includes the IP addresses of the ECS instances with one or more specific tags
  • domain: an address book that includes one or more domain names
  • threat: an address book that includes one or more malicious IP addresses or domain names
  • backsrc: an address book that includes one or more back-to-origin addresses of Anti-DDoS Pro or Anti-DDoS Premium instances or WAF instances
SourceType String net

The type of the source address book in the access control policy. Valid values:

  • net: source CIDR block
  • group: source address book
  • location: source location
RequestId String CBF1E9B7-D6A0-4E9E-AD3E-2B47E6C2837D

The ID of the request.

TotalCount String 100

The total number of the returned access control policies.

Examples

Sample requests

http(s)://[Endpoint]/?Action=DescribeControlPolicy
&CurrentPage=1
&Direction=in
&PageSize=10
&<Common request parameters>

Sample success responses

XML format

<DescribeControlPolicyResponse>
  <TotalCount>100</TotalCount>
  <PageSize>10</PageSize>
  <RequestId>CBF1E9B7-D6A0-4E9E-AD3E-2B47E6C2837D</RequestId>
  <PageNo>1</PageNo>
  <Policys>
        <Order>1</Order>
        <Destination>192.0.XX.XX/24</Destination>
        <DnsFailedDomain></DnsFailedDomain>
        <ApplicationName>HTTP</ApplicationName>
        <Description>test</Description>
        <IpVersion>6</IpVersion>
        <HitLastTime>1579261141</HitLastTime>
        <SourceType>net</SourceType>
        <DnsResultTime>1579261141</DnsResultTime>
        <DnsResult>192.0.XX.XX,192.0.XX.XX</DnsResult>
        <DestPort>80</DestPort>
        <AclAction>accept</AclAction>
        <DestinationType>net</DestinationType>
        <Direction>in</Direction>
        <Source>192.0.XX.XX/24</Source>
        <DestPortType>port</DestPortType>
        <Proto>TCP</Proto>
        <HitTimes>100</HitTimes>
        <DestinationGroupType>ip</DestinationGroupType>
        <SourceGroupType>ip</SourceGroupType>
        <AclUuid>00281255-d220-4db1-8f4f-c4df221ad84c</AclUuid>
        <ApplicationId>10***</ApplicationId>
        <Release>true</Release>
        <DestPortGroup>my_port_group</DestPortGroup>
        <SourceGroupCidrs>["192.0.XX.XX/24", "192.0.XX.XX/32"]</SourceGroupCidrs>
        <DestinationGroupCidrs>["192.0.XX.XX/24", "192.0.XX.XX/32"]</DestinationGroupCidrs>
        <DestPortGroupPorts>[80,443]</DestPortGroupPorts>
  </Policys>
</DescribeControlPolicyResponse>

JSON format

{
    "TotalCount": 100,
    "PageSize": 10,
    "RequestId": "CBF1E9B7-D6A0-4E9E-AD3E-2B47E6C2837D",
    "PageNo": 1,
    "Policys": {
        "Order": 1,
        "Destination": "192.0.XX.XX/24",
        "DnsFailedDomain": "",
        "ApplicationName": "HTTP",
        "Description": "test",
        "IpVersion": 6,
        "HitLastTime": 1579261141,
        "SourceType": "net",
        "DnsResultTime": 1579261141,
        "DnsResult": "192.0.XX.XX,192.0.XX.XX",
        "DestPort": 80,
        "AclAction": "accept",
        "DestinationType": "net",
        "Direction": "in",
        "Source": "192.0.XX.XX/24",
        "DestPortType": "port",
        "Proto": "TCP",
        "HitTimes": 100,
        "DestinationGroupType": "ip",
        "SourceGroupType": "ip",
        "AclUuid": "00281255-d220-4db1-8f4f-c4df221ad84c",
        "ApplicationId": "10***",
        "Release": true,
        "DestPortGroup": "my_port_group",
        "SourceGroupCidrs": "[\"192.0.XX.XX/24\", \"192.0.XX.XX/32\"]",
        "DestinationGroupCidrs": "[\"192.0.XX.XX/24\", \"192.0.XX.XX/32\"]",
        "DestPortGroupPorts": "[80,443]"
    }
}