Queries the details of all access control policies for a specific virtual private cloud (VPC) firewall.

Usage notes

This operation is used to query the access control policies of a VPC firewall. Different access control policies are used when a VPC firewall is used to protect the traffic between two VPCs that are connected by using a Cloud Enterprise Network (CEN) instance or an Express Connect circuit.

QPS limit

You can call this operation up to 10 times per second per account. If the number of calls per second exceeds the limit, throttling is triggered. Your business is affected. We recommend that you take note of the limit when you call this operation.

Debugging

OpenAPI Explorer automatically calculates the signature value. For your convenience, we recommend that you call this operation in OpenAPI Explorer. OpenAPI Explorer dynamically generates the sample code of the operation for different SDKs.

Request parameters

Parameter Type Required Example Description
Action String Yes DescribeVpcFirewallControlPolicy

The operation that you want to perform. Set the value to DescribeVpcFirewallControlPolicy.

Lang String No zh

The natural language of the request and response.

Valid values:

  • zh: Chinese (default)
  • en: English
VpcFirewallId String Yes vfw-a42bbb7b887148c9****

The ID of the policy group to which the access control policy belongs. Valid values:

  • If a VPC firewall protects the traffic between two VPCs that are connected by using a CEN instance, the value of this parameter is the ID of the CEN instance.
  • If a VPC firewall protects the traffic between two VPCs that are connected by using an Express Connect circuit, the value of this parameter is the instance ID of the VPC firewall.
Note You can call the DescribeVpcFirewallAclGroupList operation to query the ID.
CurrentPage String Yes 1

The number of the page to return.

PageSize String Yes 10

The number of entries to return on each page.

Maximum value: 50.

Source String No 192.0.XX.XX/24

The source address in the access control policy. Fuzzy match is supported.

Note The value of this parameter can be a CIDR block or an address book name.
Destination String No 192.0.XX.XX/24

The destination address in the access control policy. Fuzzy match is supported.

Note The value of this parameter can be a CIDR block, a domain name, or an address book name.
Description String No test

The description of the access control policy. Fuzzy match is supported.

Proto String No TCP

The type of the protocol in the access control policy. Valid values:

  • TCP
  • UDP
  • ICMP
  • ANY, which indicates all types of protocol
Note If this parameter is left empty, all types of protocol are queried.
AclAction String No accept

The action that Cloud Firewall performs on the traffic. Valid values:

  • accept: allows the traffic.
  • drop: blocks the traffic.
  • log: monitors the traffic.
Note If this parameter is left empty, access control policies that specify all the preceding actions are queried.
MemberUid String No 258039427902****

The ID of the member of the Alibaba Cloud account.

AclUuid String No 4037fbf7-3e39-4634-92a4-d0155247****

The ID of the access control policy.

Response parameters

Parameter Type Example Description
TotalCount String 20

The total number of the returned access control policies.

RequestId String CBF1E9B7-D6A0-4E9E-AD3E-2B47E6C2837D

The ID of the request.

Policys Array of DataItem

The information about the access control policies.

Destination String 192.0.XX.XX/24

The destination address in the access control policy. Valid values:

  • If the DestinationType parameter is set to net, the value of this parameter is a CIDR block.
  • If the DestinationType parameter is set to domain, the value of this parameter is a domain name.
  • If the DestinationType parameter is set to group, the value of this parameter is the name of an address book.
Order Integer 1

The priority of the access control policy.

The priority value starts from 1. A small priority value indicates a high priority.

DestPortGroup String my_port_group

The name of the destination port address book in the access control policy.

SourceType String net

The type of the source address in the access control policy. Valid values:

  • net: CIDR block
  • group: address book
ApplicationName String HTTP

The type of the application that the access control policy supports. Valid values:

  • HTTP
  • HTTPS
  • MySQL
  • SMTP
  • SMTPS
  • RDP
  • VNC
  • SSH
  • Redis
  • MQTT
  • MongoDB
  • Memcache
  • SSL
  • ANY, which indicates all types of applications
AclUuid String 4037fbf7-3e39-4634-92a4-d0155247****

The ID of the access control policy.

DestPortType String port

The type of the destination port in the access control policy. Valid values:

  • port: port
  • group: port address book
Source String 192.0.XX.XX/24

The source address in the access control policy. Valid values:

  • If the SourceType parameter is set to net, the value of this parameter is a CIDR block.
  • If the SourceType parameter is set to group, the value of this parameter is the name of an address book.
DestinationType String net

The type of the destination address in the access control policy. Valid values:

  • net: CIDR block
  • group: address book
  • domain: domain name
HitTimes Integer 100

The number of hits for the access control policy.

DestPort String 80

The destination port in the access control policy.

Description String test

The description of the access control policy.

AclAction String accept

The action that Cloud Firewall performs on the traffic. Valid values:

  • accept: The traffic is allowed.
  • drop: The traffic is blocked.
  • log: The traffic is monitored.
ApplicationId String 10**

The ID of the application in the access control policy.

Proto String TCP

The type of the protocol in the access control policy. Valid values:

  • TCP
  • UDP
  • ICMP
  • ANY, which indicates all types of protocols
DestinationGroupCidrs Array of String ["192.0.XX.XX/24", "192.0.XX.XX/32"]

The CIDR blocks in the destination address book of the access control policy.

DestPortGroupPorts Array of String [80,443]

The ports in the destination port book of the access control policy.

SourceGroupCidrs Array of String ["192.0.XX.XX/24", "198.51.XX.XX/32"]

The CIDR blocks in the source address book of the access control policy.

MemberUid String 258039427902****

The ID of the member of the Alibaba Cloud account.

Examples

Sample requests

http(s)://[Endpoint]/?Action=DescribeVpcFirewallControlPolicy
&Lang=zh
&VpcFirewallId=vfw-a42bbb7b887148c9****
&CurrentPage=1
&PageSize=10
&Source=192.0.XX.XX/24
&Destination=192.0.XX.XX/24
&Description=test
&Proto=TCP
&AclAction=accept
&MemberUid=258039427902****
&AclUuid=4037fbf7-3e39-4634-92a4-d0155247****
&Common request parameters

Sample responses

XML format

HTTP/1.1 200 OK
Content-Type:application/xml

<DescribeVpcFirewallControlPolicyResponse>
    <TotalCount>20</TotalCount>
    <RequestId>CBF1E9B7-D6A0-4E9E-AD3E-2B47E6C2837D</RequestId>
    <Policys>
        <Destination>192.0.XX.XX/24</Destination>
        <Order>1</Order>
        <DestPortGroup>my_port_group</DestPortGroup>
        <SourceType>net</SourceType>
        <ApplicationName>HTTP</ApplicationName>
        <AclUuid>4037fbf7-3e39-4634-92a4-d0155247****</AclUuid>
        <DestPortType>port</DestPortType>
        <Source>192.0.XX.XX/24</Source>
        <DestinationType>net</DestinationType>
        <HitTimes>100</HitTimes>
        <DestPort>80</DestPort>
        <Description>test</Description>
        <AclAction>accept</AclAction>
        <ApplicationId>10**</ApplicationId>
        <Proto>TCP</Proto>
        <DestinationGroupCidrs>["192.0.XX.XX/24", "192.0.XX.XX/32"]</DestinationGroupCidrs>
        <DestPortGroupPorts>[80,443]</DestPortGroupPorts>
        <SourceGroupCidrs>["192.0.XX.XX/24", "198.51.XX.XX/32"]</SourceGroupCidrs>
        <MemberUid>258039427902****</MemberUid>
    </Policys>
</DescribeVpcFirewallControlPolicyResponse>

JSON format

HTTP/1.1 200 OK
Content-Type:application/json

{
  "TotalCount" : "20",
  "RequestId" : "CBF1E9B7-D6A0-4E9E-AD3E-2B47E6C2837D",
  "Policys" : [ {
    "Destination" : "192.0.XX.XX/24",
    "Order" : 1,
    "DestPortGroup" : "my_port_group",
    "SourceType" : "net",
    "ApplicationName" : "HTTP",
    "AclUuid" : "4037fbf7-3e39-4634-92a4-d0155247****",
    "DestPortType" : "port",
    "Source" : "192.0.XX.XX/24",
    "DestinationType" : "net",
    "HitTimes" : 100,
    "DestPort" : "80",
    "Description" : "test",
    "AclAction" : "accept",
    "ApplicationId" : "10**",
    "Proto" : "TCP",
    "DestinationGroupCidrs" : [ "[\"192.0.XX.XX/24\", \"192.0.XX.XX/32\"]" ],
    "DestPortGroupPorts" : [ "[80,443]" ],
    "SourceGroupCidrs" : [ "[\"192.0.XX.XX/24\", \"198.51.XX.XX/32\"]" ],
    "MemberUid" : "258039427902****"
  } ]
}