Creates a firewall rule for a simple application server.


Firewalls can be used to implement access control on simple application servers and define security domains in the cloud. By default, the firewall of each simple application server allows traffic on Secure Shell (SSH) port 22, HTTP port 80, and HTTPS port 443 and denies traffic on the other ports. You can add firewall rules to allow traffic on more ports.

QPS limits

The queries per second (QPS) limit for a single user for the API operation is 10 calls per minute. If the number of calls to the API operation per minute exceeds the limit, throttling is triggered. As a result, your business may be affected. We recommend that you take note of the limit when you call this operation. For more information, see QPS limit.

Request parameters

Parameter Type Required Example Description
InstanceId String Yes ace0706b2ac4454d984295a94213****

The ID of the simple application server.

RegionId String Yes cn-hangzhou

The region ID of the simple application server.

RuleProtocol String Yes TCP

The transport layer protocol. Valid values:

  • TCP
  • UDP
Port String Yes 3306

The port range. Valid values of port numbers: 1 to 65535. Specify a port range in the format of <start port number>/<end port number>. Example: 1024/1055, which indicates the port range of 1024 to 1055.

ClientToken String No 123e4567-e89b-12d3-a456-426655440000

The client token that is used to ensure the idempotence of the request. You can use the client to generate the value, but you must ensure that it is unique among different requests. The token can only contain ASCII characters and cannot exceed 64 characters in length. For more information, see How to ensure idempotence.

Action String Yes CreateFirewallRule

The operation that you want to perform. Set the value to CreateFirewallRule.

Remark String No The default port of the test-MySQL server

The remarks of the firewall rule.

Response parameters

Parameter Type Example Description
RequestId String 20758A-585D-4A41-A9B2-28DA8F4F534F

The ID of the request.

FirewallId String 8007e18c61024aafbd776d52d0****

The ID of the firewall rule.


Sample requests
&Remark = The default port of the test-MySQL server
&<Common request parameters>

Sample success responses

XML format

HTTP/1.1 200 OK

    <RequestId>20758A-585D-4A41-A9B2-28DA8F4F534F    </RequestId>

JSON format

HTTP/1.1 200 OK

  "RequestId" : "20758A-585D-4A41-A9B2-28DA8F4F534F\t",
  "FirewallId" : "8007e18c61024aafbd776d52d0****"

Error codes

HTTP status code Error code Error message Description
400 InvalidProtocol.ValueNotSupported The specified parameter Protocol is invalid. The error message returned because the specified RuleProtocol parameter is invalid.
400 InvalidPort.ValueNotSupported The specified parameter Port is invalid. The error message returned because the specified Port parameter is invalid.
400 RegionIdNotMatchHost The parameter regionId does not match the endpoint host. The error message returned because the specified RegionId parameter does not match the service address that you selected.
403 FirewallRuleLimitExceed The maximum number of firewall rules in an instance is exceeded. The error message returned because the maximum number of firewall rules that can be created for the simple application server is reached.
403 FirewallRuleAlreadyExist The specified Rule already exist The error message returned because the firewall rule already exists.
404 InvalidInstanceId.NotFound The specified InstanceId does not exist. The error message returned because the specified InstanceId parameter is invalid.
500 InternalError An error occurred while processing your request. The error message returned because an internal error has occurred. Try again later. If the problem persists, submit a ticket.

For a list of error codes, visit the API Error Center.