CreateRules - Server Load Balancer - Alibaba Cloud Documentation Center

Creates forwarding rules in a batch.

Operation description

Take note of the following when you call this operation to create forwarding rules:

When you configure the Redirect action, you must specify values for all parameters except for the HttpCode parameter.
If you configure multiple actions for a forwarding rule, the Rewrite action must be configured with the ForwardGroup action type.
CreateRules is an asynchronous operation. After a request is sent, the system returns a request ID and creates the forwarding rules in the background. You can call the ListRules operation to query the creation status of the forwarding rules:
- If the forwarding rules are in the Provisioning status, they are being created.
- If the forwarding rules are in the Available status, they are created.
A forwarding rule supports the following maximum number of conditions (RuleConditions) and actions (RuleActions):
- Conditions: 5 for Basic Edition, 10 for Standard Edition, and 10 for WAF-enabled Edition.
- Actions: 3 for Basic Edition, 5 for Standard Edition, and 5 for WAF-enabled Edition.

Try it now

Try this API in OpenAPI Explorer, no manual signing needed. Successful calls auto-generate SDK code matching your parameters. Download it with built-in credential security for local usage.

Test

RAM authorization

The table below describes the authorization required to call this API. You can define it in a Resource Access Management (RAM) policy. The table's columns are detailed below:

Action: The actions can be used in the Action element of RAM permission policy statements to grant permissions to perform the operation.
API: The API that you can call to perform the action.
Access level: The predefined level of access granted for each API. Valid values: create, list, get, update, and delete.
Resource type: The type of the resource that supports authorization to perform the action. It indicates if the action supports resource-level permission. The specified resource must be compatible with the action. Otherwise, the policy will be ineffective.
- For APIs with resource-level permissions, required resource types are marked with an asterisk (*). Specify the corresponding Alibaba Cloud Resource Name (ARN) in the Resource element of the policy.
- For APIs without resource-level permissions, it is shown as All Resources. Use an asterisk (*) in the Resource element of the policy.
Condition key: The condition keys defined by the service. The key allows for granular control, applying to either actions alone or actions associated with specific resources. In addition to service-specific condition keys, Alibaba Cloud provides a set of common condition keys applicable across all RAM-supported services.
Dependent action: The dependent actions required to run the action. To complete the action, the RAM user or the RAM role must have the permissions to perform all dependent actions.

Action

Access level

Resource type

Condition key

Dependent action

alb:CreateRules

create

*LoadBalancer

acs:alb:{#regionId}:{#accountId}:loadbalancer/{#loadbalancerId}

*ServerGroup

acs:alb:{#regionId}:{#accountId}:servergroup/{#servergroupId}

None

Request parameters

Parameter	Type	Required	Description	Example
ListenerId	string	Yes	The ID of the Application Load Balancer (ALB) listener.	lsn-l16uo9y******
ClientToken	string	No	The client token that is used to ensure the idempotence of the request. Generate a value from your client to make sure that the value is unique among different requests. The token can contain only ASCII characters. Note If you do not specify this parameter, the system automatically uses the RequestId of the request as the ClientToken. The RequestId of each request is unique.	5A2CFF0E-5718-45B5-9D4D-70B3FF3898
DryRun	boolean	No	Specifies whether to perform a dry run. Valid values: true: Performs a dry run. The system checks the required parameters, request format, and service limits. If the request fails the dry run, an error message is returned. If the request passes the dry run, the `DryRunOperation` error code is returned. false (default): Sends a normal request. After the request passes the check, a `2xx` HTTP status code is returned and the forwarding rules are created.	false
Rules	array<object>	Yes	The forwarding rules.
	array<object>	Yes	The forwarding rule.
Priority	integer	Yes	The priority of the forwarding rule.	1
RuleActions	array<object>	Yes	The actions of the forwarding rule.
	array<object>	Yes	The action of the forwarding rule.
FixedResponseConfig	object	No	The configuration of the action to return a fixed response.
Content	string	No	The fixed response. The response can be up to 1 KB in size and can contain only ASCII characters.	test
ContentType	string	No	The format of the fixed response. Valid values: text/plain, text/css, text/html, application/javascript, and application/json.	text/plain
HttpCode	string	No	The HTTP status code of the response. Valid values are 2xx, 4xx, and 5xx. x is a digit.	200
ForwardGroupConfig	object	No	The configuration of the action to forward requests to vServer groups.
ServerGroupTuples	array<object>	No	The destination vServer groups.
	object	No	The destination vServer group.
ServerGroupId	string	No	The vServer group ID.	sgp-ffm94ovy7lqw******
Weight	integer	No	The weight. A larger value specifies a higher weight. More requests are forwarded to the vServer group with a higher weight. Valid values: 0 to 100. If you specify only one destination vServer group, the default value of this parameter is 100. If you specify multiple destination vServer groups, you must specify a weight for each vServer group.	100
ServerGroupStickySession	object	No	Session persistence for vServer groups.
Enabled	boolean	No	Specifies whether to enable session persistence. Valid values: true: enables session persistence. false (default): disables session persistence.	false
Timeout	integer	No	The timeout period. Unit: seconds. Valid values: 1 to 86400. Default value: 1000.	30
InsertHeaderConfig	object	No	The configuration of the action to insert a header.
Key	string	No	The key of the header to be inserted. The key can be 1 to 40 characters in length, and can contain letters, digits, underscores (_), and hyphens (-). The header keys in InsertHeaderConfig cannot be the same. Note The following header keys are not supported (case-insensitive): `slb-id`, `slb-ip`, `x-forwarded-for`, `x-forwarded-proto`, `x-forwarded-eip`, `x-forwarded-port`, `x-forwarded-client-srcport`, `connection`, `upgrade`, `content-length`, `transfer-encoding`, `keep-alive`, `te`, `host`, `cookie`, `remoteip`, `authority`, and `x-forwarded-host`.	key
Value	string	No	The value of the header to be inserted. ValueType is set to SystemDefined, you can specify one of the following values: ClientSrcPort: the client port. ClientSrcIp: the client IP address. Protocol: the protocol of the client request (HTTP or HTTPS). SLBId: the ID of the ALB instance. SLBPort: the listening port of the ALB instance. If ValueType is set to UserDefined, you can specify a custom header value. The value must be 1 to 128 characters in length, and can contain wildcard characters, including asterisks () and question marks (?). It can also contain printable characters with an ASCII value of `ch >= 32 && ch < 127`. The value cannot start or end with a space. The value cannot end with a `\`. The value cannot contain `"`. If ValueType* is set to ReferenceHeader, you can reference a field in the request header. The value must be 1 to 128 characters in length, and can contain lowercase letters, digits, hyphens (-), and underscores (_).	value
ValueType	string	No	The type of the header value. Valid values: UserDefined: You can specify a custom header value. ReferenceHeader: You can reference a field in the request header. SystemDefined: The value is a system-defined value.	SystemDefined
Order	integer	Yes	The order of the action. Valid values: 1 to 50000. The actions are performed in ascending order. The value must be unique.	1
RedirectConfig	object	No	The configuration for the redirection action. Note You cannot use default values for all parameters of RedirectConfig except httpCode.
Host	string	No	The destination hostname. Valid values: ${host} (default): You cannot append other characters to this value. Other values. The value must meet the following requirements: The hostname must be 3 to 128 characters in length, and can contain lowercase letters, digits, hyphens (-), periods (.), wildcard characters (), equal signs (=), tildes (~), underscores (_), plus signs (+), backslashes (\), circumflex accents (^), exclamation marks (!), dollar signs ($), ampersands (&), vertical bars (\|), parentheses (()), brackets ([]), and question marks (?). The hostname must contain at least one period (.). A period (.) cannot be the first or last character. The rightmost domain label can contain only letters and wildcard characters. It cannot contain digits or hyphens (-). The leftmost `domainlable` can be an asterisk (). A hyphen (-) cannot be the first or last character of a domain label. Wildcard characters, including asterisks (*) and question marks (?), can be placed at any position of a domain label.	${host}
HttpCode	string	No	The redirection method. Valid values: 301, 302, 303, 307, and 308.	301
Path	string	No	The destination path. Valid values: ${path} (default): You can reference ${host}, ${protocol}, and ${port}. Each variable can be referenced only once. You can use these variables together or combine them with the strings that are specified in the following list. Other values. The value must meet the following requirements: The value must be 1 to 128 characters in length, case-sensitive, and can contain wildcard characters, including asterisks () and question marks (?). The value must start with a forward slash (/). It can contain letters, digits, and the following special characters: `$-_.+/&~@:'?`. It cannot contain `“%#;!()[]^,”\"`. It can contain wildcard characters, including asterisks (*) and question marks (?).	/
Port	string	No	The destination port. ${port} (default): You cannot use this value with other characters. Other values: 1 to 63335.	443
Protocol	string	No	The destination protocol. Valid values: ${protocol} (default): You can only use this value. You cannot modify it or append other characters to it. HTTP HTTPS Note HTTPS listeners support redirection to only HTTPS. HTTP listeners support redirection to HTTP and HTTPS.	HTTPS
Query	string	No	The destination query string. ${query} (default): You can reference ${host}, ${protocol}, and ${port}. Each variable can be referenced only once. You can use these variables together or combine them with the strings that are specified in the following list. Other values. The value must meet the following requirements: The value must be 1 to 128 characters in length. The value can contain printable characters. It cannot contain spaces or the following special characters: `#[]{}\\|<>"`. If the value contains letters, the letters must be lowercase.	${query}
RewriteConfig	object	No	The configuration of the rewrite action. Note If you configure multiple actions for a forwarding rule, the RewriteConfig action must be used with the ForwardGroup action type.
Host	string	No	The destination hostname for the internal redirection. Valid values: ${host} (default): You cannot append other characters to this value. Other values. The value must meet the following requirements: The hostname must be 3 to 128 characters in length, and can contain lowercase letters, digits, hyphens (-), periods (.), wildcard characters (), equal signs (=), tildes (~), underscores (_), plus signs (+), backslashes (\), circumflex accents (^), exclamation marks (!), dollar signs ($), ampersands (&), vertical bars (\|), parentheses (()), brackets ([]), and question marks (?). The hostname must contain at least one period (.). A period (.) cannot be the first or last character. The rightmost domain label can contain only letters and wildcard characters. It cannot contain digits or hyphens (-). The leftmost `domainlable` can be an asterisk (). A hyphen (-) cannot be the first or last character of a domain label. Wildcard characters, including asterisks (*) and question marks (?), can be placed at any position of a domain label.	www.rewrite.alb
Path	string	No	The destination path. Valid values: ${path} (default): You can reference ${host}, ${protocol}, and ${port}. Each variable can be referenced only once. You can use these variables together or combine them with the strings that are specified in the following list. Other values. The value must meet the following requirements: The value must be 1 to 128 characters in length, case-sensitive, and can contain wildcard characters, including asterisks () and question marks (?). The value must start with a forward slash (/). It can contain letters, digits, and the following special characters: `$-_.+/&~@:'?`. It cannot contain `“%#;!()[]^,”\"`. It can contain wildcard characters, including asterisks (*) and question marks (?).	/tea
Query	string	No	The query string for the internal redirection. ${query} (default): You can reference ${host}, ${protocol}, and ${port}. Each variable can be referenced only once. You can use these variables together or combine them with the strings that are specified in the following list. Other values. The value must meet the following requirements: The value must be 1 to 128 characters in length. The value can contain printable characters. It cannot contain spaces or the following special characters: `#[]{}\\|<>"`. If the value contains letters, the letters must be lowercase.	${query}
Type	string	Yes	The action type. Valid values: ForwardGroup: Forwards requests to multiple vServer groups. Redirect: Redirects requests. FixedResponse: Returns a fixed response. Rewrite: Rewrites requests. InsertHeader: Inserts a header. RemoveHeader: Deletes a header. TrafficLimit: Throttles traffic. TrafficMirror: Mirrors traffic. Cors: Enables cross-origin resource sharing (CORS). Note A forwarding rule must contain a ForwardGroup, Redirect, or FixedResponse action. If you want to use these actions with other action types, you must configure these actions to be performed last.	ForwardGroup
TrafficLimitConfig	object	No	The traffic throttling configuration.
QPS	integer	No	The number of queries per second (QPS). Valid values: 1 to 1000000.	5000
PerIpQps	integer	No	The QPS of a single IP address. Valid values: 1 to 1000000. Note If you specify both QPS and PerIpQps, the value of PerIpQps must be smaller than the value of QPS.	100
TrafficMirrorConfig	object	No	The traffic mirroring configuration.
TargetType	string	No	The type of the destination to which traffic is mirrored. Valid values: ForwardGroupMirror: Mirrors traffic to a vServer group.	ForwardGroupMirror
MirrorGroupConfig	object	No	The vServer group to which traffic is mirrored.
ServerGroupTuples	array<object>	No	The vServer groups to which traffic is mirrored.
	object	No	The vServer group to which traffic is mirrored.
ServerGroupId	string	No	The ID of the vServer group.	sgp-u9cmf16iu69******
RemoveHeaderConfig	object	No	The configuration for deleting an HTTP header.
Key	string	No	The key of the header to be deleted. The key can be 1 to 40 characters in length, and can contain letters, digits, underscores (_), and hyphens (-). The header keys in RemoveHeader cannot be the same. If Direction is set to Request, the following header keys are not supported (case-insensitive): `slb-id`, `slb-ip`, `x-forwarded-for`, `x-forwarded-proto`, `x-forwarded-eip`, `x-forwarded-port`, `x-forwarded-client-srcport`, `connection`, `upgrade`, `content-length`, `transfer-encoding`, `keep-alive`, `te`, `host`, `cookie`, `remoteip`, `authority`, and `x-forwarded-host`. If Direction is set to Response, the following header keys are not supported (case-insensitive): `connection`, `upgrade`, `content-length`, and `transfer-encoding`.	key
CorsConfig	object	No	The CORS configuration.
AllowOrigin	array	No	The allowed origins.
	string	No	The list of allowed origins. You can specify only one asterisk () or one or more values. A value must start with `http://` or `https://`, followed by a valid domain name or a level-1 wildcard domain name. Example: `http://.test.abc.example.com`. You can specify a port or not. The port number must be in the range of 1 to 65535.	http://www.test.com
AllowMethods	array	No	The allowed HTTP methods for cross-origin requests.
	string	No	The allowed HTTP methods for cross-origin requests. Valid values: GET POST PUT DELETE HEAD OPTIONS PATCH	GET
AllowHeaders	array	No	The allowed headers for cross-origin requests.
	string	No	The allowed headers for cross-origin requests. You can specify an asterisk (*) or one or more values. Multiple values are separated by commas (,). A value can be 1 to 32 characters in length, and can contain letters, digits, underscores (_), and hyphens (-). Underscores (_) and hyphens (-) cannot be the first or last characters.	AllowHeader
ExposeHeaders	array	No	The headers that can be exposed.
	string	No	The headers that can be exposed. You can specify an asterisk (*) or one or more values. Multiple values are separated by commas (,). A value can be 1 to 32 characters in length, and can contain letters, digits, underscores (_), and hyphens (-). Underscores (_) and hyphens (-) cannot be the first or last characters.	ExposeHeader
AllowCredentials	string	No	Specifies whether to allow credentials. Valid values: on: yes. off: no. Valid values: off : off on : on	on
MaxAge	integer	No	The maximum cache time of preflight requests in the browser. Unit: seconds. Valid values: -1 to 172800.	600
RuleConditions	array<object>	Yes	The conditions of the forwarding rule.
	array<object>	Yes	The condition of the forwarding rule.
CookieConfig	object	No	The cookie-based routing condition.
Values	array<object>	No	The key-value pairs of the cookie.
	object	No	The key-value pair of the cookie.
Key	string	No	The key of the cookie. The key must be 1 to 100 characters in length. It can contain printable characters, wildcard characters (* and ?), and lowercase letters. It cannot contain spaces or the following special characters: `;#[]{}\\|<>&"`.	key
Value	string	No	The value of the cookie. The value must be 1 to 100 characters in length. It can contain printable characters, wildcard characters (* and ?), and lowercase letters. It cannot contain spaces or the following special characters: `;#[]{}\\|<>&"`.	value
HeaderConfig	object	No	The header-based routing condition.
Key	string	No	The key of the request header. The key must be 1 to 40 characters in length. It can contain letters, digits, hyphens (-), and underscores (_). The key cannot be Cookie or Host.	port
Values	array	No	The values of the request header.
	string	No	The value of the request header. The values of the same header key cannot be the same. The value must be 1 to 128 characters in length. It can contain printable characters with an ASCII value of `ch >= 32 && ch < 127`, asterisks (*), and question marks (?). It cannot contain `"`. The value cannot start or end with a space. The value cannot end with a `\`.	5006
HostConfig	object	No	The host-based routing condition.
Values	array	No	The hostnames.
	string	No	The hostname. Only one hostname can be specified in a condition, and the hostname cannot be the same as that in other conditions. The hostname must be 3 to 128 characters in length, and can contain lowercase letters, digits, hyphens (-), periods (.), asterisks (), equal signs (=), tildes (~), underscores (_), plus signs (+), backslashes (\), circumflex accents (^), exclamation marks (!), dollar signs ($), ampersands (&), vertical bars (\|), parentheses (()), brackets ([]), and question marks (?). The hostname must contain at least one period (.). A period (.) cannot be the first or last character. The rightmost domain label can contain only letters and wildcard characters. It cannot contain digits or hyphens (-). The leftmost `domainlable` can be an asterisk (). A hyphen (-) cannot be the first or last character of a domain label. Wildcard characters, including asterisks () and question marks (?), can be placed at any position of a domain label. For exact match and wildcard match, the value cannot start with a tilde (~). For regular expression match, the value cannot start with an asterisk ().	www.example.com
MethodConfig	object	No	The method-based routing condition.
Values	array	No	The HTTP request methods.
	string	No	The request method. Valid values: HEAD, GET, POST, OPTIONS, PUT, PATCH, and DELETE.	PUT
PathConfig	object	No	The path-based routing condition.
Values	array	No	The paths.
	string	No	The forwarding path. The path must meet the following requirements: The path must be 1 to 128 characters in length, case-sensitive, and can contain wildcard characters (* and ?). A URL that is not a regular expression must start with a forward slash (/). It can contain letters, digits, and the following special characters: `$-_.+/&~@:'?`. It cannot contain `“%#;!()[]^,”\"`. It can contain wildcard characters ( and ?). A URL that is a regular expression must start with a tilde (~). It can contain letters, digits, and the following special characters: `.-_/=?~^*$:()[]+\|`.	/test
QueryStringConfig	object	No	The query string-based routing condition.
Values	array<object>	No	The key-value pairs of the query string.
	object	No	The key-value pair of the query string.
Key	string	No	The key of the query string. The key must be 1 to 100 characters in length. It can contain printable characters, wildcard characters (* and ?), and lowercase letters. It cannot contain spaces or the following special characters: `#[]{}\\|<>&"`.	key
Value	string	No	The value of the query string. The value must be 1 to 128 characters in length. It can contain lowercase letters, printable characters, and wildcard characters (* and ?). It cannot contain spaces or the following special characters: `#[]{}\\|<>&"`.	value
ResponseHeaderConfig	object	No	The configuration of the response header.
Key	string	No	The key of the response header. The key must be 1 to 40 characters in length. It can contain letters, digits, hyphens (-), and underscores (_). The key cannot be Cookie or Host.	key
Values	array	No	The values of the response header.
	string	No	The value of the response header. The value must be 1 to 128 characters in length. It can contain printable characters with an ASCII value of `ch >= 32 && ch < 127`, lowercase letters, and wildcard characters (* and ?). It cannot contain `"`. The value cannot start or end with a space. The value cannot end with a `\`.	value
ResponseStatusCodeConfig	object	No	The configuration of the response status code.
Values	array	No	The response status codes.
	string	No	The response status code.	200
Type	string	Yes	The type of the condition. Valid values: Host: The condition is based on the hostname. Path: The condition is based on the path. Header: The condition is based on the request header. QueryString: The condition is based on the query string. Method: The condition is based on the request method. Cookie: The condition is based on the cookie. SourceIp: The condition is based on the source IP address. ResponseHeader: The condition is based on the response header. ResponseStatusCode: The condition is based on the response status code. Valid values: Cookie : Cookie Path : Path ResponseHeader : ResponseHeader SourceIp : SourceIp Header : Header ResponseStatusCode : ResponseStatusCode QueryString : QueryString Host : Host Method : Method	SourceIp
SourceIpConfig	object	No	The source IP address-based routing condition.
Values	array	No	The source IP addresses or CIDR blocks.
	string	No	Add one or more IP addresses or CIDR blocks. You can add up to five source IP addresses to a forwarding rule.	192.168.XX.XX/32
RuleName	string	Yes	The name of the forwarding rule.	rule-443-64
Direction	string	No	The direction of the forwarding rule. Valid values: Response : Response Request : Request	Request
Tag	array<object>	No	The tags.
	object	No	The tag.
Key	string	No	The tag key. The tag key can be up to 128 characters in length and cannot start with aliyun or acs:. It cannot contain http:// or https://.	test_tag_key
Value	string	No	The tag value. The tag value can be up to 128 characters in length and cannot start with aliyun or acs:. It cannot contain http:// or https://.	test_tag_value

Response elements

Element	Type	Description	Example
	object	Creates multiple forwarding rules.
JobId	string	The ID of the asynchronous task.	72dcd26b-f12d-4c27-b3af-18f6aed5****
RequestId	string	The request ID.	365F4154-92F6-4AE4-92F8-7FF34B540710
RuleIds	array<object>	The forwarding rules.
	object	The forwarding rule.
RuleId	string	The forwarding rule ID.	rule-a3x3pg1yohq3lq****
Priority	integer	The priority of the forwarding rule. Valid values: 1 to 10000. A smaller value indicates a higher priority. Note The priorities of the forwarding rules created for the same listener must be unique.	10

Examples

Success response

JSON format

{
  "JobId": "72dcd26b-f12d-4c27-b3af-18f6aed5****",
  "RequestId": "365F4154-92F6-4AE4-92F8-7FF34B540710",
  "RuleIds": [
    {
      "RuleId": "rule-a3x3pg1yohq3lq****",
      "Priority": 10
    }
  ]
}

Error codes

HTTP status code	Error code	Error message	Description
400	IncorrectStatus.Listener	The status of %s [%s] is incorrect.
400	OperationDenied.IpGroupCanNotUsedForMirrorAction	The operation is not allowed because of %s.	The operation is not allowed because of %s.
400	OperationDenied.SameGroupForForwardAndMirrorAction	The operation is not allowed because of %s.	The operation is not allowed because of %s.
400	OperationDenied.GRPCServerGroup	The operation is not allowed because of %s.
400	Conflict.Priority	There is already %s having the same configuration with %s.
400	ResourceQuotaExceeded.LoadBalancerRulesNum	The quota of %s is exceeded for resource %s, usage %s/%s.
400	ResourceQuotaExceeded.ServerGroupAttachedNum	The quota of %s is exceeded for resource %s, usage %s/%s.
400	ResourceQuotaExceeded.LoadBalancerServersNum	The quota of %s is exceeded for resource %s, usage %s/%s.
400	ResourceQuotaExceeded.ServerAddedNum	The quota of %s is exceeded for resource %s, usage %s/%s.
400	QuotaExceeded.RuleWildcardsNum	The quota of %s is exceeded, usage %s/%s.	The quota of %s is exceeded, usage %s/%s.
400	QuotaExceeded.RuleMatchEvaluationsNum	The quota of %s is exceeded, usage %s/%s.
400	QuotaExceeded.RuleActionsNum	The quota of %s is exceeded, usage %s/%s.	The quota of %s is exceeded. Usage: %s/%s.
400	Mismatch.VpcId	The %s is mismatched for %s and %s.	The %s is mismatched for %s and %s.
400	Mismatch.Protocol	The %s is mismatched for %s and %s.	The %s is mismatched for %s and %s.
400	OperationDenied.RewriteMissingForwardGroup	The operation is not allowed because of RewriteMissingForwardGroup.	The operation is not allowed because rewrite is missing the forward group.
400	OperationDenied.MirrorActionSupportHttpGroupOnly	The operation is not allowed because of MirrorActionSupportHttpGroupOnly.
400	OperationDenied.ProtocolMustSameForForwardGroupAction	The operation is not allowed because of ProtocolMustSameForForwardGroupAction.
404	ResourceNotFound.Listener	The specified resource %s is not found.
404	ResourceNotFound.ServerGroup	The specified resource %s is not found.

See Error Codes for a complete list.

Release notes

See Release Notes for a complete list.