Help Center/ Cloud Firewall/ API Reference/ API/ Blacklist/Whitelist Management/ Creating a Blacklist or Whitelist Rule

Updated on 2024-10-31 GMT+08:00

Online Debugging

CLI Examples

View PDF

Creating a Blacklist or Whitelist Rule

Function

This API is used to create a blacklist or whitelist rule.

Calling Method

For details, see Calling APIs.

URI

POST /v1/{project_id}/black-white-list

**Table 1** Path Parameters
Parameter	Mandatory	Type	Description
project_id	Yes	String	Project ID, which can be obtained by calling an API or from the console. For details, see Obtaining a Project ID.

**Table 2** Query Parameters
Parameter	Mandatory	Type	Description
enterprise_project_id	No	String	Enterprise project ID, which is the ID of a project planned based on organizations. You can obtain the enterprise project ID by referring to Obtaining an Enterprise Project ID. If the enterprise project function is not enabled, the value is 0.
fw_instance_id	No	String	Firewall ID, which can be obtained by referring to Obtaining a Firewall ID.

Request Parameters

**Table 3** Request header parameters
Parameter	Mandatory	Type	Description
X-Auth-Token	Yes	String	User token. You can obtain the token by referring to Obtaining a User Token.

**Table 4** Request body parameters
Parameter	Mandatory	Type	Description
object_id	Yes	String	Protected object ID, which is used to distinguish between Internet border protection and VPC border protection after a cloud firewall is created. You can obtain the ID by calling the API for querying firewall instances. In the return value, find the ID in data.records.protect_objects.object_id (The period [.] is used to separate different levels of objects). If the value of type is 0, the protected object ID belongs to the Internet border. If the value of type is 1, the protected object ID belongs to the VPC border. You can obtain the value of type from data.records.protect_objects.type (The period [.] is used to separate different levels of objects).
list_type	Yes	Integer	Blacklist/Whitelist type: 4 (blacklist), 5 (whitelist).
direction	Yes	Integer	Address direction: 0 (source), 1 (destination).
address_type	Yes	Integer	IP address type: 0 (IPv4), 1 (IPv6).
address	Yes	String	IP address
protocol	Yes	Integer	Protocol type: 6 (TCP), 17 (UDP), 1 (ICMP), 58 (ICMPv6), or -1 (any). It cannot be left blank when type is set to 0 (manual), and can be left blank when type is set to 1 (automatic).
port	Yes	String	Destination port.
description	No	String	Description.

Response Parameters

Status code: 200

**Table 5** Response body parameters
Parameter	Type	Description
data	BlackWhiteListId object	Response to the request for adding a blacklist/whitelist item.

**Table 6** BlackWhiteListId
Parameter	Type	Description
id	String	Blacklist/Whitelist ID.
name	String	Name of the blacklist or whitelist. Its value is the address of the blacklist or whitelist.

Status code: 400

**Table 7** Response body parameters
Parameter	Type	Description
error_code	String	Error code.
error_msg	String	Error description.

Example Requests

Add an IPv4 whitelist to object cfebd347-b655-4b84-b938-3c54317599b2 of project 9d80d070b6d44942af73c9c3d38e0429. Direction: source address; IP address: 1.1.1.1; protocol type: TCP; port number: 1.

https://{Endpoint}/v1/9d80d070b6d44942af73c9c3d38e0429/black-white-list

{
  "object_id" : "cfebd347-b655-4b84-b938-3c54317599b2",
  "list_type" : 5,
  "direction" : 0,
  "address" : "1.1.1.1",
  "protocol" : 6,
  "port" : "1",
  "address_type" : 0
}

Example Responses

Status code: 200

Response to the request for adding a blacklist or whitelist rule.

{
  "data" : {
    "id" : "6e91797b-05bd-4c69-9454-6af905178729",
    "name" : "10.10.1.3"
  }
}

Status code: 400

Bad Request

{
  "error_code" : "CFW.0020016",
  "error_msg" : "Incorrect instance status."
}

SDK Sample Code

The SDK sample code is as follows.

Java

Add an IPv4 whitelist to object cfebd347-b655-4b84-b938-3c54317599b2 of project 9d80d070b6d44942af73c9c3d38e0429. Direction: source address; IP address: 1.1.1.1; protocol type: TCP; port number: 1.

    
     
       
       
         package com.huaweicloud.sdk.test;

import com.huaweicloud.sdk.core.auth.ICredential;
import com.huaweicloud.sdk.core.auth.BasicCredentials;
import com.huaweicloud.sdk.core.exception.ConnectionException;
import com.huaweicloud.sdk.core.exception.RequestTimeoutException;
import com.huaweicloud.sdk.core.exception.ServiceResponseException;
import com.huaweicloud.sdk.cfw.v1.region.CfwRegion;
import com.huaweicloud.sdk.cfw.v1.*;
import com.huaweicloud.sdk.cfw.v1.model.*;


public class AddBlackWhiteListSolution {

    public static void main(String[] args) {
        // The AK and SK used for authentication are hard-coded or stored in plaintext, which has great security risks. It is recommended that the AK and SK be stored in ciphertext in configuration files or environment variables and decrypted during use to ensure security.
        // In this example, AK and SK are stored in environment variables for authentication. Before running this example, set environment variables CLOUD_SDK_AK and CLOUD_SDK_SK in the local environment
        String ak = System.getenv("CLOUD_SDK_AK");
        String sk = System.getenv("CLOUD_SDK_SK");
        String projectId = "{project_id}";

        ICredential auth = new BasicCredentials()
                .withProjectId(projectId)
                .withAk(ak)
                .withSk(sk);

        CfwClient client = CfwClient.newBuilder()
                .withCredential(auth)
                .withRegion(CfwRegion.valueOf("<YOUR REGION>"))
                .build();
        AddBlackWhiteListRequest request = new AddBlackWhiteListRequest();
        AddBlackWhiteListDto body = new AddBlackWhiteListDto();
        body.withPort("1");
        body.withProtocol(6);
        body.withAddress("1.1.1.1");
        body.withAddressType(0);
        body.withDirection(0);
        body.withListType(5);
        body.withObjectId("cfebd347-b655-4b84-b938-3c54317599b2");
        request.withBody(body);
        try {
            AddBlackWhiteListResponse response = client.addBlackWhiteList(request);
            System.out.println(response.toString());
        } catch (ConnectionException e) {
            e.printStackTrace();
        } catch (RequestTimeoutException e) {
            e.printStackTrace();
        } catch (ServiceResponseException e) {
            e.printStackTrace();
            System.out.println(e.getHttpStatusCode());
            System.out.println(e.getRequestId());
            System.out.println(e.getErrorCode());
            System.out.println(e.getErrorMsg());
        }
    }
}

        

      

    
   

Python

Add an IPv4 whitelist to object cfebd347-b655-4b84-b938-3c54317599b2 of project 9d80d070b6d44942af73c9c3d38e0429. Direction: source address; IP address: 1.1.1.1; protocol type: TCP; port number: 1.

    
     
       
       
         # coding: utf-8

import os
from huaweicloudsdkcore.auth.credentials import BasicCredentials
from huaweicloudsdkcfw.v1.region.cfw_region import CfwRegion
from huaweicloudsdkcore.exceptions import exceptions
from huaweicloudsdkcfw.v1 import *

if __name__ == "__main__":
    # The AK and SK used for authentication are hard-coded or stored in plaintext, which has great security risks. It is recommended that the AK and SK be stored in ciphertext in configuration files or environment variables and decrypted during use to ensure security.
    # In this example, AK and SK are stored in environment variables for authentication. Before running this example, set environment variables CLOUD_SDK_AK and CLOUD_SDK_SK in the local environment
    ak = os.environ["CLOUD_SDK_AK"]
    sk = os.environ["CLOUD_SDK_SK"]
    projectId = "{project_id}"

    credentials = BasicCredentials(ak, sk, projectId)

    client = CfwClient.new_builder() \
        .with_credentials(credentials) \
        .with_region(CfwRegion.value_of("<YOUR REGION>")) \
        .build()

    try:
        request = AddBlackWhiteListRequest()
        request.body = AddBlackWhiteListDto(
            port="1",
            protocol=6,
            address="1.1.1.1",
            address_type=0,
            direction=0,
            list_type=5,
            object_id="cfebd347-b655-4b84-b938-3c54317599b2"
        )
        response = client.add_black_white_list(request)
        print(response)
    except exceptions.ClientRequestException as e:
        print(e.status_code)
        print(e.request_id)
        print(e.error_code)
        print(e.error_msg)

        

      

    
   

Go

Add an IPv4 whitelist to object cfebd347-b655-4b84-b938-3c54317599b2 of project 9d80d070b6d44942af73c9c3d38e0429. Direction: source address; IP address: 1.1.1.1; protocol type: TCP; port number: 1.

    
     
       
       
         package main

import (
	"fmt"
	"github.com/huaweicloud/huaweicloud-sdk-go-v3/core/auth/basic"
    cfw "github.com/huaweicloud/huaweicloud-sdk-go-v3/services/cfw/v1"
	"github.com/huaweicloud/huaweicloud-sdk-go-v3/services/cfw/v1/model"
    region "github.com/huaweicloud/huaweicloud-sdk-go-v3/services/cfw/v1/region"
)

func main() {
    // The AK and SK used for authentication are hard-coded or stored in plaintext, which has great security risks. It is recommended that the AK and SK be stored in ciphertext in configuration files or environment variables and decrypted during use to ensure security.
    // In this example, AK and SK are stored in environment variables for authentication. Before running this example, set environment variables CLOUD_SDK_AK and CLOUD_SDK_SK in the local environment
    ak := os.Getenv("CLOUD_SDK_AK")
    sk := os.Getenv("CLOUD_SDK_SK")
    projectId := "{project_id}"

    auth := basic.NewCredentialsBuilder().
        WithAk(ak).
        WithSk(sk).
        WithProjectId(projectId).
        Build()

    client := cfw.NewCfwClient(
        cfw.CfwClientBuilder().
            WithRegion(region.ValueOf("<YOUR REGION>")).
            WithCredential(auth).
            Build())

    request := &model.AddBlackWhiteListRequest{}
	request.Body = &model.AddBlackWhiteListDto{
		Port: "1",
		Protocol: int32(6),
		Address: "1.1.1.1",
		AddressType: int32(0),
		Direction: int32(0),
		ListType: int32(5),
		ObjectId: "cfebd347-b655-4b84-b938-3c54317599b2",
	}
	response, err := client.AddBlackWhiteList(request)
	if err == nil {
        fmt.Printf("%+v\n", response)
    } else {
        fmt.Println(err)
    }
}

        

      

    
   

For SDK sample code of more programming languages, see the Sample Code tab in API Explorer. SDK sample code can be automatically generated.

Status Codes

Status Code	Description
200	Response to the request for adding a blacklist or whitelist rule.
400	Bad Request
401	Unauthorized
403	Forbidden
404	Not Found
500	Internal Server Error

Error Codes

See Error Codes.

Parent topic: Blacklist/Whitelist Management

Previous topic: Blacklist/Whitelist Management

Next topic: Updating a Blacklist or Whitelist

Feedback

Was this page helpful?

Helpful Not helpful

Provide feedback

Thank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.

The system is busy. Please try again later.

Which of the following issues have you encountered?

Content is inconsistent with the product UI

Unclear descriptions

Lack of examples or code

Incorrect steps

Can't find what I need

Lack of best practices

Feedback (optional)

0/500

Select at least one type of issue, and enter your comments or suggestions.

Enter a maximum of 500 characters.

Submit Cancel

For any further questions, feel free to contact us through the chatbot.

Chatbot

Creating a Blacklist or Whitelist Rule

Function

Calling Method

URI

Request Parameters

Response Parameters

Example Requests

Example Responses

SDK Sample Code

Java

Python

Go

More

Status Codes

Error Codes

Feedback

Was this page helpful?