文档首页/ DDoS防护 AAD/ API参考/ DDoS原生高级防护API/ DDoS原生高级防护-策略管理/ 策略添加黑白名单 - AddPolicyBlackAndWhiteIpList
更新时间:2025-12-02 GMT+08:00
在线调试
CLI示例
查看PDF
分享

策略添加黑白名单 - AddPolicyBlackAndWhiteIpList

功能介绍

策略添加黑白名单

调用方法

请参见如何调用API

授权信息

账号具备所有API的调用权限,如果使用账号下的IAM用户调用当前API,该IAM用户需具备调用API所需的权限。

  • 如果使用角色与策略授权,具体权限要求请参见CNAD权限和授权项
  • 如果使用身份策略授权,需具备如下身份策略权限。

    授权项

    访问级别

    资源类型(*为必须)

    条件键

    别名

    依赖的授权项

    cnad:blackWhiteIpList:create

    Write

    -

    -

    -

    -

URI

POST /v1/cnad/policies/{policy_id}/ip-list/add

表1 路径参数

参数

是否必选

参数类型

描述

policy_id

String

策略id

请求参数

表2 请求Header参数

参数

是否必选

参数类型

描述

X-Auth-Token

String

用户Token。

通过调用IAM服务获取用户Token接口获取(响应消息头中X-Subject-Token的值)。

Content-Type

String

Content-Type
表3 请求Body参数

参数

是否必选

参数类型

描述

type

String

类型。white:白名单,black:黑名单

ip_list

Array of strings

ip列表

响应参数

状态码:200

OK

请求示例

将IP“1.1.1.1”和“2.2.2.2”加入到指定防护策略的白名单。

POST https://{endpoint}/v1/cnad/policies/{policy_id}/ip-list/add

{
  "type" : "white",
  "ip_list" : [ "1.1.1.1", "2.2.2.2" ]
}

响应示例

SDK代码示例

SDK代码示例如下。

将IP“1.1.1.1”和“2.2.2.2”加入到指定防护策略的白名单。

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
 
package com.huaweicloud.sdk.test;

import com.huaweicloud.sdk.core.auth.ICredential;
import com.huaweicloud.sdk.core.auth.GlobalCredentials;
import com.huaweicloud.sdk.core.exception.ConnectionException;
import com.huaweicloud.sdk.core.exception.RequestTimeoutException;
import com.huaweicloud.sdk.core.exception.ServiceResponseException;
import com.huaweicloud.sdk.aad.v1.region.AadRegion;
import com.huaweicloud.sdk.aad.v1.*;
import com.huaweicloud.sdk.aad.v1.model.*;

import java.util.List;
import java.util.ArrayList;

public class AddPolicyBlackAndWhiteIpListSolution {

    public static void main(String[] args) {
        // The AK and SK used for authentication are hard-coded or stored in plaintext, which has great security risks. It is recommended that the AK and SK be stored in ciphertext in configuration files or environment variables and decrypted during use to ensure security.
        // In this example, AK and SK are stored in environment variables for authentication. Before running this example, set environment variables CLOUD_SDK_AK and CLOUD_SDK_SK in the local environment
        String ak = System.getenv("CLOUD_SDK_AK");
        String sk = System.getenv("CLOUD_SDK_SK");

        ICredential auth = new GlobalCredentials()
                .withAk(ak)
                .withSk(sk);

        AadClient client = AadClient.newBuilder()
                .withCredential(auth)
                .withRegion(AadRegion.valueOf("<YOUR REGION>"))
                .build();
        AddPolicyBlackAndWhiteIpListRequest request = new AddPolicyBlackAndWhiteIpListRequest();
        request.withPolicyId("{policy_id}");
        BlackWhiteIpRequestBody body = new BlackWhiteIpRequestBody();
        List<String> listbodyIpList = new ArrayList<>();
        listbodyIpList.add("1.1.1.1");
        listbodyIpList.add("2.2.2.2");
        body.withIpList(listbodyIpList);
        body.withType(BlackWhiteIpRequestBody.TypeEnum.fromValue("white"));
        request.withBody(body);
        try {
            AddPolicyBlackAndWhiteIpListResponse response = client.addPolicyBlackAndWhiteIpList(request);
            System.out.println(response.toString());
        } catch (ConnectionException e) {
            e.printStackTrace();
        } catch (RequestTimeoutException e) {
            e.printStackTrace();
        } catch (ServiceResponseException e) {
            e.printStackTrace();
            System.out.println(e.getHttpStatusCode());
            System.out.println(e.getRequestId());
            System.out.println(e.getErrorCode());
            System.out.println(e.getErrorMsg());
        }
    }
}

将IP“1.1.1.1”和“2.2.2.2”加入到指定防护策略的白名单。

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
 
# coding: utf-8

import os
from huaweicloudsdkcore.auth.credentials import GlobalCredentials
from huaweicloudsdkaad.v1.region.aad_region import AadRegion
from huaweicloudsdkcore.exceptions import exceptions
from huaweicloudsdkaad.v1 import *

if __name__ == "__main__":
    # The AK and SK used for authentication are hard-coded or stored in plaintext, which has great security risks. It is recommended that the AK and SK be stored in ciphertext in configuration files or environment variables and decrypted during use to ensure security.
    # In this example, AK and SK are stored in environment variables for authentication. Before running this example, set environment variables CLOUD_SDK_AK and CLOUD_SDK_SK in the local environment
    ak = os.environ["CLOUD_SDK_AK"]
    sk = os.environ["CLOUD_SDK_SK"]

    credentials = GlobalCredentials(ak, sk)

    client = AadClient.new_builder() \
        .with_credentials(credentials) \
        .with_region(AadRegion.value_of("<YOUR REGION>")) \
        .build()

    try:
        request = AddPolicyBlackAndWhiteIpListRequest()
        request.policy_id = "{policy_id}"
        listIpListbody = [
            "1.1.1.1",
            "2.2.2.2"
        ]
        request.body = BlackWhiteIpRequestBody(
            ip_list=listIpListbody,
            type="white"
        )
        response = client.add_policy_black_and_white_ip_list(request)
        print(response)
    except exceptions.ClientRequestException as e:
        print(e.status_code)
        print(e.request_id)
        print(e.error_code)
        print(e.error_msg)

将IP“1.1.1.1”和“2.2.2.2”加入到指定防护策略的白名单。

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
 
package main

import (
	"fmt"
	"github.com/huaweicloud/huaweicloud-sdk-go-v3/core/auth/global"
    aad "github.com/huaweicloud/huaweicloud-sdk-go-v3/services/aad/v1"
	"github.com/huaweicloud/huaweicloud-sdk-go-v3/services/aad/v1/model"
    region "github.com/huaweicloud/huaweicloud-sdk-go-v3/services/aad/v1/region"
)

func main() {
    // The AK and SK used for authentication are hard-coded or stored in plaintext, which has great security risks. It is recommended that the AK and SK be stored in ciphertext in configuration files or environment variables and decrypted during use to ensure security.
    // In this example, AK and SK are stored in environment variables for authentication. Before running this example, set environment variables CLOUD_SDK_AK and CLOUD_SDK_SK in the local environment
    ak := os.Getenv("CLOUD_SDK_AK")
    sk := os.Getenv("CLOUD_SDK_SK")

    auth := global.NewCredentialsBuilder().
        WithAk(ak).
        WithSk(sk).
        Build()

    client := aad.NewAadClient(
        aad.AadClientBuilder().
            WithRegion(region.ValueOf("<YOUR REGION>")).
            WithCredential(auth).
            Build())

    request := &model.AddPolicyBlackAndWhiteIpListRequest{}
	request.PolicyId = "{policy_id}"
	var listIpListbody = []string{
        "1.1.1.1",
	    "2.2.2.2",
    }
	request.Body = &model.BlackWhiteIpRequestBody{
		IpList: listIpListbody,
		Type: model.GetBlackWhiteIpRequestBodyTypeEnum().WHITE,
	}
	response, err := client.AddPolicyBlackAndWhiteIpList(request)
	if err == nil {
        fmt.Printf("%+v\n", response)
    } else {
        fmt.Println(err)
    }
}

更多编程语言的SDK代码示例,请参见API Explorer的代码示例页签,可生成自动对应的SDK代码示例。

状态码

状态码

描述

200

OK

401

Unauthorized

403

Forbidden

404

Not Found

错误码

请参见CNAD错误码

父主题: DDoS原生高级防护-策略管理

相关文档