Modifies an access control list (ACL) rule.

Debugging

OpenAPI Explorer automatically calculates the signature value. For your convenience, we recommend that you call this operation in OpenAPI Explorer. OpenAPI Explorer dynamically generates the sample code of the operation for different SDKs.

Request parameters

Parameter Type Required Example Description
Action String Yes ModifyACLRule

The operation that you want to perform. Set the value to ModifyACLRule.

RegionId String Yes cn-shanghai

The ID of the region where the ACL is deployed.

AclId String Yes acl-xhwhyuo43l0n*******

The ID of the ACL.

AcrId String Yes acr-u98qztgtgvhb********

The ID of the ACL rule.

You can call the DescribeACLAttribute operation to query the ID of the ACL rule that is added to the ACL.

Description String No test

The description of the ACL rule.

The description must be 1 to 512 characters in length.

Direction String No in

The direction of traffic in which the ACL rule is applied. Valid values:

  • in: The ACL rule controls inbound network traffic of the on-premises network that is associated with the SAG instance.
  • out: The ACL rule controls outbound network traffic of the on-premises network that is associated with the SAG instance.
SourceCidr String No 0.0.0.0/0

The source CIDR block.

Specify the value of this parameter in CIDR notation. Example: 192.168.1.0/24.

DestCidr String No 0.0.0.0/0

The destination CIDR block.

Specify the value of this parameter in CIDR notation. Example: 192.168.10.0/24.

IpProtocol String No tcp

The protocol used by the ACL rule.

The supported protocols provided in this topic are for reference only. The actual protocols in the SAG console shall prevail. The value of the parameter is not case-sensitive.

SourcePortRange String No 80/80

The source port range. Valid values: 1 to 65535 and -1.

Examples:

  • 1/200: port 1 to port 200.
  • 80/80: port 80.
  • -1/-1: all ports.
DestPortRange String No 80/80

The destination port range. Valid values: 1 to 65535 and -1.

Examples:

  • 1/200: port 1 to port 200.
  • 80/80: port 80.
  • -1/-1: all ports.
Policy String No accept

The action of the ACL rule. Valid values:

  • accept: allows network traffic.
  • drop: blocks network traffic.
Priority Integer No 2

The priority of the ACL rule.

A smaller value indicates a higher priority. If multiple rules have the same priority, the rule that is applied earlier takes effect.

Valid values: 1 to 100. Default value: 1.

Type String No LAN

The type of the ACL rule: Valid values:

  • LAN: The ACL rule controls traffic of private IP addresses.
  • WAN: The ACL rule controls traffic of public IP addresses.
Name String No doctest

The name of the ACL rule.

The name must be 2 to 128 characters in length, and can contain letters, digits, underscores (_), and hyphens (-). The name must start with a letter.

DpiSignatureIds.N String No 1

The IDs of applications that match the ACL rule.

You can call the ListDpiSignatures operation to query application IDs and information about the applications.

DpiGroupIds.N String No 20

The IDs of application groups that match the ACL rule.

You can call the ListDpiGroups operation to query application group IDs and information about the applications.

Response parameters

Parameter Type Example Description
Policy String accept

The action of the ACL rule.

  • accept: allows network traffic.
  • drop: blocks network traffic.
Description String test

The description of the ACL rule.

RequestId String 7F3DD2C1-0F6B-4575-9106-B2D50DF7A711

The ID of the request.

SourcePortRange String -1/-1

The source port range.

SourceCidr String 0.0.0.0/0

The source CIDR block.

The value of this parameter is in CIDR notation. Example: 192.168.1.0/24.

Priority Integer 1

The priority of the ACL rule.

A smaller value indicates a higher priority. If multiple rules have the same priority, the rule that is applied earlier takes effect.

AclId String acl-jdc7tir4fkplwr****

The ID of ACL.

AcrId String acr-r8hezn2pi39s5a****

The ID of the ACL rule.

DestPortRange String -1/-1

The destination port range.

Direction String in

The direction of traffic in which the ACL rule is applied. Valid values:

  • in: The ACL rule controls inbound network traffic of the on-premises network that is associated with the SAG instance.
  • out: The ACL rule controls outbound network traffic of the on-premises network that is associated with the SAG instance.
DpiGroupIds Array of String 20

The IDs of application groups that match the ACL rule.

Name String doctest

The name of the ACL rule.

GmtCreate Long 1553777700000

The timestamp when the ACL rule was created.

The timestamp is of the Long data type. If multiple ACL rules have the same priority, the rule with the earliest timestamp takes effect.

DestCidr String 0.0.0.0/0

The destination CIDR block.

The value of this parameter is in CIDR notation. Example: 192.168.10.0/24.

DpiSignatureIds Array of String 1

The IDs of applications that match the ACL rule.

IpProtocol String ALL

The protocol used by the ACL rule.

Examples

Sample requests

http(s)://[Endpoint]/?Action=ModifyACLRule
&RegionId=cn-shanghai
&AclId=acl-xhwhyuo43l0n*******
&AcrId=acr-u98qztgtgvhb********
&Description=test
&Direction=in
&SourceCidr=0.0.0.0/0
&DestCidr=0.0.0.0/0
&IpProtocol=tcp
&SourcePortRange=80/80
&DestPortRange=80/80
&Policy=accept
&Priority=2
&Type=LAN
&Name=doctest
&DpiSignatureIds=["1"]
&DpiGroupIds=["20"]
&Common request parameters

Sample success responses

XML format

HTTP/1.1 200 OK
Content-Type:application/xml

<ModifyACLRuleResponse>
    <Policy>accept</Policy>
    <Description>test</Description>
    <RequestId>7F3DD2C1-0F6B-4575-9106-B2D50DF7A711</RequestId>
    <SourcePortRange>-1/-1</SourcePortRange>
    <SourceCidr>0.0.0.0/0</SourceCidr>
    <Priority>1</Priority>
    <AclId>acl-jdc7tir4fkplwr****</AclId>
    <AcrId>acr-r8hezn2pi39s5a****</AcrId>
    <DestPortRange>-1/-1</DestPortRange>
    <Direction>in</Direction>
    <DpiGroupIds>20</DpiGroupIds>
    <Name>doctest</Name>
    <GmtCreate>1553777700000</GmtCreate>
    <DestCidr>0.0.0.0/0</DestCidr>
    <DpiSignatureIds>1</DpiSignatureIds>
    <IpProtocol>ALL</IpProtocol>
</ModifyACLRuleResponse>

JSON format

HTTP/1.1 200 OK
Content-Type:application/json

{
  "Policy" : "accept",
  "Description" : "test",
  "RequestId" : "7F3DD2C1-0F6B-4575-9106-B2D50DF7A711",
  "SourcePortRange" : "-1/-1",
  "SourceCidr" : "0.0.0.0/0",
  "Priority" : 1,
  "AclId" : "acl-jdc7tir4fkplwr****",
  "AcrId" : "acr-r8hezn2pi39s5a****",
  "DestPortRange" : "-1/-1",
  "Direction" : "in",
  "DpiGroupIds" : [ "20" ],
  "Name" : "doctest",
  "GmtCreate" : 1553777700000,
  "DestCidr" : "0.0.0.0/0",
  "DpiSignatureIds" : [ "1" ],
  "IpProtocol" : "ALL"
}

Error codes

HttpCode Error code Error message Description
400 ACL.NoSupportWanType An SAG 1000 device does not support a WAN ACL. The error message returned because an SAG-1000 device does not support a WAN ACL rule.
400 ACL.InvalidType The specified ACL type is invalid. The error message returned because the specified ACL rule type is invalid.
403 Forbidden User not authorized to operate on the specified resource. The error message returned because you do not have the permissions to manage the specified resource.
403 MissingParameter The input parameter is missing, please check your input. The error message returned because one or more required parameters are empty. Check whether you have configured all required parameters.
403 InvalidDescription Description not valid. The error message returned because the length of the description exceeds the upper limit.
403 InvalidParameter The specified parameter is invalid. The error message returned because a parameter is set to an invalid value.
403 FeatureNotSupport The current edition of the smart access gateway does not support this feature. The error message returned because the current version of the specified SAG device does not support this feature.
403 FeatureNotSupportForActiveSmartAG The current edition of the active smart access gateway does not support this feature. The error message returned because the current version of the active SAG device does not support this feature.
403 FeatureNotSupportForStandBySmartAG The current edition of the standby smart access gateway does not support this feature. The error message returned because the current version of the standby SAG device does not support this feature.
403 NotSupportedProtocol The specified protocol of the ACL rule is not supported. The error message returned because the protocol type that you specified for the ACL rule is not supported.
403 InvalidId.ACL The specified ACL ID is invalid. The error message returned because the specified ACL ID is invalid.
403 InvalidId.ACR The specified ACL rule ID is invalid. The error message returned because the specified ACL rule ID is invalid.
403 InvalidPortRange The specified port range is invalid. The error message returned because the specified port range is invalid.
403 InternalError An internal server error occurred. The error message returned because an internal server error occurred.

For a list of error codes, see Service error codes.