Creating an ACL Rule
Function
This API is used to create an ACL rule.
Calling Method
For details, see Calling APIs.
URI
POST /v1/{project_id}/acl-rule
|
Parameter |
Mandatory |
Type |
Description |
|---|---|---|---|
|
project_id |
Yes |
String |
Parameter description: Project ID, which is used to specify the project that an asset belongs to. You can query the assets of a project by project ID. You can obtain the project ID from the API or console. For details, see Obtaining a Project ID. Constraints: N/A Value range: 32-bit UUID Default value: N/A |
|
Parameter |
Mandatory |
Type |
Description |
|---|---|---|---|
|
enterprise_project_id |
No |
String |
Parameter description: Enterprise project ID. If you plan enterprise projects based on your organization's plan, each enterprise project will have such an ID. After this parameter is configured, you can filter assets by enterprise project. You can obtain the enterprise project ID by referring to Obtaining an Enterprise Project ID. Constraints: N/A Value range: N/A Default value: 0 |
|
fw_instance_id |
No |
String |
Parameter description: Firewall ID. It is a unique ID generated after a firewall instance is created. You can obtain the firewall ID by referring to Obtaining a Firewall ID. Constraints: N/A Value range: 32-bit UUID Default value: N/A |
Request Parameters
|
Parameter |
Mandatory |
Type |
Description |
|---|---|---|---|
|
X-Auth-Token |
Yes |
String |
Parameter description: User token, which carries user identity information. After the token is configured, you can use it for API authentication. You can obtain the token by referring to Obtaining a User Token. Constraints: N/A Value range: N/A Default value: N/A |
|
Parameter |
Mandatory |
Type |
Description |
|---|---|---|---|
|
object_id |
Yes |
String |
Parameter description: Protected object ID, which is used to distinguish between Internet border protection and VPC border protection after a CFW is created. You can obtain the ID by calling the API for querying firewall instances. Find the value in data.records.protect_objects.object_id (The period [.] is used to separate different levels of objects). Constraints: If type is set to 0, object_id indicates the protected object ID of the Internet border. If type is set to 1, object_id indicates the protected object ID of the VPC border. The value of type can be obtained from data.records.protect_objects.type (The period [.] is used to separate different levels of objects). Value range: 32-bit UUID Default value: N/A |
|
type |
Yes |
Integer |
Parameter description: Rule type, which is used to distinguish different protected objects. Constraints: N/A Value range: 0: Internet border rule. The source and destination addresses must be EIPs or domain names. 1: Inter-VPC rule. The source and destination addresses must be private IP addresses. 2: NAT rule. The source address must be a private IP address, and the destination address must be an EIP or a domain name. Default value: N/A |
|
rules |
Yes |
Array of rules objects |
Parameter description: Rule list in a rule addition request. Constraints: N/A |
|
Parameter |
Mandatory |
Type |
Description |
|---|---|---|---|
|
name |
Yes |
String |
Parameter description: Rule name, which is defined by a user and is used to identify a rule. Constraints: The string lentgh can be 0 to 255 characters. Value range: N/A Default value: N/A |
|
sequence |
Yes |
OrderRuleAclDto object |
Parameter description: Change the rule sequence. Constraints: N/A Value range: N/A Default value: N/A |
|
address_type |
Yes |
Integer |
Parameter description: Internet protocol type of an IP address, which is specified by the customer. Constraints: N/A Value range: 0: IPv4; 1: IPv6 Default value: N/A |
|
action_type |
Yes |
Integer |
Parameter description: Rule action type, which is used to distinguish the action of a rule on traffic. Constraints: Only 0 and 1 are allowed. Value range: 0: permit; 1: deny Default value: N/A |
|
status |
Yes |
Integer |
Parameter description: Rule status, which is used to determine whether a rule is enabled. Constraints: Only 0 and 1 are allowed. Value range: 0: disable; 1: enable Default value: N/A |
|
applications |
No |
Array of strings |
Parameter description: List of protocols that a rule applies to. Constraints: N/A Value range: Rule application type. Its value can be HTTP, HTTPS, TLS1, DNS, SSH, MYSQL, SMTP, RDP, RDPS, VNC, POP3, IMAP4, SMTPS, POP3S, FTPS, ANY, or BGP. Default value: N/A |
|
long_connect_time |
No |
Long |
Parameter description: Duration (in seconds) of a persistent connection, that is, the maximum duration of a traffic session. Constraints: Only numbers are allowed. Value range: 1-86,400,000. Default value: N/A |
|
long_connect_time_hour |
No |
Long |
Parameter description: Persistent connection duration (in hours). Constraints: Only numbers are allowed. Value range: 0-24,000. Default value: N/A |
|
long_connect_time_minute |
No |
Long |
Parameter description: Persistent connection duration (in minutes). Constraints: Only numbers are allowed. Value range: 0–60 Default value: N/A |
|
long_connect_time_second |
No |
Long |
Parameter description: Persistent connection duration (in seconds). Constraints: Only numbers are allowed. Value range: 0–60 Default value: N/A |
|
long_connect_enable |
Yes |
Integer |
Parameter description: Specifies whether persistent connections are supported. Constraints: N/A Value range: 0: not supported; 1: supported Default value: N/A |
|
description |
No |
String |
Parameter description: Rule description, which is used to describe the usage of a rule. Constraints: N/A Value range: Can contain 0 to 255 characters. Default value: N/A |
|
direction |
No |
Integer |
Parameter description: Rule direction. It can be from the cloud to on-premises, or from on-premises to the cloud. Constraints: If type is set to 0 (Internet rule) or 2 (NAT rule), the direction is mandatory. Value range: 0: inbound (on-premises to cloud); 1: outbound (cloud to on-premises). Default value: N/A |
|
source |
Yes |
RuleAddressDtoForRequest object |
Parameter description: Source address DTO of a rule. Constraints: N/A |
|
destination |
Yes |
RuleAddressDtoForRequest object |
Parameter description: Destination address DTO of a rule. Constraints: N/A |
|
service |
Yes |
RuleServiceDto object |
Parameter description: Service object of a rule. Constraints: N/A |
|
tag |
No |
TagsVO object |
Parameter description: Tag object of a rule. Constraints: N/A |
|
Parameter |
Mandatory |
Type |
Description |
|---|---|---|---|
|
dest_rule_id |
No |
String |
Parameter description: ID of the target rule. After it is configured, the added rules will be placed after this rule. This parameter cannot be left blank when the added rule is not pinned on top, and can be left blank when the added rule is pinned on top. The rule ID can be obtained by calling the API for querying protection rules. Find the value in data.records.rule_id (The period [.] is used to separate different levels of objects). Constraints: If the added rule is not pinned on top, the rule ID specified here must be valid. Value range: N/A Default value: N/A |
|
top |
No |
Integer |
Parameter description: Whether a rule is pinned on top. Constraints: N/A Value range: 0: not pinned; 1: pinned Default value: N/A |
|
bottom |
No |
Integer |
Parameter description: Whether a rule is pinned at the bottom. Constraints: N/A Value range: 0: not pinned; 1: pinned Default value: N/A |
|
Parameter |
Mandatory |
Type |
Description |
|---|---|---|---|
|
type |
Yes |
Integer |
Parameter description: Input type of the source or destination address Constraints: If type is set to 0 (Internet rule) or 2 (NAT rule), the direction is mandatory. Value range: 0 (manual input), 1 (associated IP address group), 2 (domain name), 3 (geographical location), 4 (domain name group) 5 (multiple objects), 6 (domain name group - network), 7 (domain name group - application). Default value: N/A |
|
address_type |
No |
Integer |
Parameter description: IP address protocol type, which is used to distinguish different Internet protocols. Constraints: If type is set to 0 (manual input), this parameter cannot be left blank. Value range: Address type: 0 (IPv4); 1: (IPv6) Default value: N/A |
|
address |
No |
String |
Parameter description: IP address information, which is used to specify the IP address of the rule. Constraints: If type is set to 0 (manual input), this parameter cannot be left blank. Value range: N/A Default value: N/A |
|
address_set_id |
No |
String |
Parameter description: ID of the associated IP address group. You can query the IP address group ID by calling the API for querying address groups. Find the value in data.records.set_id (The period [.] is used to separate different levels of objects). Constraints: If type is set to 1 (associated IP address group), this parameter cannot be left blank. Value range: N/A Default value: N/A |
|
address_set_name |
No |
String |
Parameter description: Name of the associated IP address group. You can query the IP address group name by calling the API for querying address groups. Find the value in data.records.name (The period [.] is used to separate different levels of objects). Constraints: If type is set to 1 (associated IP address group), this parameter cannot be left blank. Value range: N/A Default value: N/A |
|
domain_address_name |
No |
String |
Parameter description: Domain name or domain name group name, which is used to specify the domain name or domain name group name referenced by the rule. Constraints: The value cannot be left blank when type is set to 2 (domain name) or 7 (domain name group - application). The value can contain up to 255 characters. Value range: N/A Default value: N/A |
|
region_list_json |
No |
String |
Parameter description: JSON value of the rule region list, which is used to specify the region name list referenced by the rule. Constraints: N/A Value range: N/A Default value: N/A |
|
region_list |
No |
Array of IpRegionDto objects |
Parameter description: Rule region list. Constraints: N/A |
|
domain_set_id |
No |
String |
Parameter description: Domain group ID, which is used to specify the domain name group referenced by a rule. Its value can be obtained by calling the API for querying the domain name group list. Find the value in data.records.set_id (The period [.] is used to separate different levels of objects). Constraints: The value cannot be left blank when type is set to 4 (domain name group) or 7 (domain name group - application). Value range: N/A Default value: N/A |
|
domain_set_name |
No |
String |
Parameter description: Domain group name, which is used to specify the domain name group referenced by a rule. Its value can be obtained by calling the API for querying the domain name group list. Find the value in data.records.name (The period [.] is used to separate different levels of objects). Constraints: The value cannot be left blank when type is set to 4 (domain name group) or 7 (domain name group - application). Value range: N/A Default value: N/A |
|
ip_address |
No |
Array of strings |
Parameter description: IP address list, which is used to specify the IP address list referenced by a rule. Constraints: This parameter cannot be left blank when type is set to 5 (multiple objects). Value range: N/A Default value: N/A |
|
address_set_type |
No |
Integer |
Parameter description: Address group type, which is used to specify the address group type referenced by a rule. Constraints: If address is set to 1 (associated IP address group), this parameter cannot be left blank. Value range: 0 (user-defined address group), 1 (WAF proxy IP address group), or 3 (NAT64 address group). Default value: N/A |
|
predefined_group |
No |
Array of strings |
Parameter description: ID list of predefined address groups. It is used to specify the predefined address group ID list referenced by a rule. Its value can be obtained by calling the API for querying the address group list. Find the value in data.records.set_id (The period [.] is used to separate different levels of objects). In the search criteria, query_address_set_type must be set to 1 (predefined address group). Constraints: This parameter cannot be left blank when type is set to 5 (multiple objects). Value range: It value can be 0 (user-defined address group), 1 (WAF proxy IP address group), 2 (DDoS back-to-source IP address group), or 3 (NAT64 address group). Default value: N/A |
|
address_group |
No |
Array of strings |
Parameter description: Address group ID list, which is used to specify the list of address group IDs referenced by a rule. Its value can be obtained by calling the API for querying the address group list. Find the value in data.records.set_id (The period [.] is used to separate different levels of objects). In the search criteria, query_address_set_type must be set to 0 (user-defined address group). Constraints: This parameter cannot be left blank when type is set to 5 (multiple objects). Value range: N/A Default value: N/A |
|
Parameter |
Mandatory |
Type |
Description |
|---|---|---|---|
|
region_id |
No |
String |
Parameter description: Region ID, which is used to specify the region where a rule is used. You can obtain the region ID by referring to Obtaining the Names and IDs of an Account, IAM User, Project, User Group, Region, and Agency. Constraints: N/A Value range: N/A Default value: N/A |
|
description_cn |
No |
String |
Parameter description: Region description in Chinese, which is used only for China regions and can be obtained from the region information table. Constraints: N/A Value range: N/A Default value: N/A |
|
description_en |
No |
String |
Parameter description: Region description in English, which is used only for non-China regions and can be obtained from the region information table. Constraints: N/A Value range: N/A Default value: N/A |
|
region_type |
No |
Integer |
Parameter description: Area type Constraints: N/A Value range: 0: country; 1: province; 2: continent Default value: N/A |
|
Parameter |
Mandatory |
Type |
Description |
|---|---|---|---|
|
type |
Yes |
Integer |
Parameter description: Service input type, which is used to specify the service input type of a rule. Constraints: N/A Value range: 0: manual input; 1: automatic input Default value: N/A |
|
protocol |
No |
Integer |
Parameter description: Service protocol type, which is used to specify the service protocol type referenced by a rule. Constraints: If type is set to 0 (manual), this parameter cannot be left blank. Value range: Protocol type: 6 (TCP), 17 (UDP), 1 (ICMP), 58 (ICMPv6), or -1 (Any). Default value: N/A |
|
protocols |
No |
Array of integers |
Parameter description: Protocol list, which is used to specify the protocol list referenced by a rule. Constraints: If type is set to 0 (manual), this parameter cannot be left blank. Value range: Protocol type: 6 (TCP), 17 (UDP), 1 (ICMP), 58 (ICMPv6), or -1 (Any). Default value: N/A |
|
source_port |
No |
String |
Parameter description: Source port, that is, the port of the session initiator. Constraints: N/A Value range: N/A Default value: N/A |
|
dest_port |
No |
String |
Parameter description: Destination port, that is, the port of the session receiver. Constraints: N/A Value range: N/A Default value: N/A |
|
service_set_id |
No |
String |
Parameter description: Service group ID, which specifies the service group referenced by a rule. The service group ID can be obtained by calling the API for querying the service group list. Find the value in data.records.set_id (The period [.] is used to separate different levels of objects). Constraints: If address is set to 1 (associated IP address group), this parameter cannot be left blank. Value range: N/A Default value: N/A |
|
service_set_name |
No |
String |
Parameter description: Name of a service (protocol, source port, or destination port) group. It specifies the service group referenced by a rule. It can be obtained by calling the API for querying the service group list. Find the value in data.records.name (The period [.] is used to separate different levels of objects). Constraints: If address is set to 1 (associated IP address group), this parameter cannot be left blank. Value range: N/A Default value: N/A |
|
custom_service |
No |
Array of ServiceItem objects |
Parameter description: Custom service, which is used to specify the service referenced by a rule. Constraints: N/A Value range: N/A Default value: N/A |
|
predefined_group |
No |
Array of strings |
Parameter description: ID list of predefined service groups, which is used to specify predefined service groups referenced by a rule. Service group ID, which can be obtained by calling the API for querying the service group list. Find the value in data.records.set_id (The period [.] is used to separate different levels of objects). Constraints: In the search criteria, query_service_set_type must be set to 1 (predefined service group). Value range: N/A Default value: N/A |
|
service_group |
No |
Array of strings |
Parameter description: Service group ID list, which is used to specify the service groups referenced by a rule. Service group ID, which can be obtained by calling the API for querying the service group list. Find the value in data.records.set_id (The period [.] is used to separate different levels of objects). Constraints: In the search criteria, query_service_set_type must be set to 0 (user-defined service group). Value range: N/A Default value: N/A |
|
service_group_names |
No |
Array of ServiceGroupVO objects |
Parameter description: Name of a service (protocol, source port, or destination port) group. List. Constraints: N/A |
|
service_set_type |
No |
Integer |
Parameter description: Service group type, which is used to specify the service group type referenced by a rule. Constraints: N/A Value range: 0 (user-defined service group), 1 (common web service), 2 (common remote login and ping), or 3 (common database). Default value: N/A |
|
Parameter |
Mandatory |
Type |
Description |
|---|---|---|---|
|
protocol |
No |
Integer |
Parameter description: Protocol type, which is used to specify the network protocol of a rule. Constraints: If RuleServiceDto.type is set to 0, this parameter cannot be left blank. Value range: 6 (TCP), 17 (UDP), 1 (ICMP), 58 (ICMPv6), or -1 (Any). Default value: N/A |
|
source_port |
No |
String |
Parameter description: Source port, that is, the port of the session initiator. Constraints: N/A Value range: N/A Default value: N/A |
|
dest_port |
No |
String |
Parameter description: Destination port, that is, the port of the session receiver. Constraints: N/A Value range: N/A Default value: N/A |
|
description |
No |
String |
Parameter description: Service (protocol, source port, or destination port) member. Constraints: The value must be a string consisting of 0 to 255 characters. Value range: N/A Default value: N/A |
|
name |
No |
String |
Parameter description: Service (protocol, source port, or destination port) member. Constraints: The value must be a string consisting of 0 to 255 characters. Value range: N/A Default value: N/A |
|
Parameter |
Mandatory |
Type |
Description |
|---|---|---|---|
|
name |
No |
String |
Parameter description: Name of a service (protocol, source port, or destination port) group. Constraints: N/A Value range: N/A Default value: N/A |
|
protocols |
No |
Array of integers |
Parameter description: Protocol List Constraints: N/A Value range: Protocol type: 6 (TCP), 17 (UDP), 1 (ICMP), 58 (ICMPv6), or -1 (Any). Default value: N/A |
|
service_set_type |
No |
Integer |
Parameter description: Type of a service (protocol, source port, or destination port) group. Constraints: N/A Value range: 0: custom service group; 1: predefined service group Default value: N/A |
|
set_id |
No |
String |
Parameter description: Service group ID, which can be obtained by calling the API for querying the service group list. Find the value in data.records.set_id (The period [.] is used to separate different levels of objects). Constraints: N/A Value range: N/A Default value: N/A |
|
Parameter |
Mandatory |
Type |
Description |
|---|---|---|---|
|
tag_id |
No |
String |
Parameter description: Rule ID Constraints: N/A Value range: N/A Default value: N/A |
|
tag_key |
No |
String |
Parameter description: Rule tag key. Constraints: N/A Value range: N/A Default value: N/A |
|
tag_value |
No |
String |
Parameter description: Rule tag value. Constraints: N/A Value range: N/A Default value: N/A |
Response Parameters
Status code: 200
|
Parameter |
Type |
Description |
|---|---|---|
|
data |
RuleIdList object |
Parameter description: Data of the return value for creating a rule. Constraints: N/A |
|
Parameter |
Type |
Description |
|---|---|---|
|
id |
String |
Parameter description: Rule ID Value range: N/A |
|
name |
String |
Parameter description: Rule Value range: N/A |
Status code: 400
|
Parameter |
Type |
Description |
|---|---|---|
|
error_code |
String |
Error code. |
|
error_msg |
String |
Error description. |
Example Requests
The following example shows how to add an IPv4 inbound rule. The rule name is Test rule, the source is the IP address 1.1.1.1, the destination is the IP address 2.2.2.2, the service type is service, the protocol type is TCP, the source port is 0, and the destination port is 0. Persistent connections are not supported. The action is to allow. The status is enabled.
https://{Endpoint}/v1/9d80d070b6d44942af73c9c3d38e0429/acl-rule
{
"object_id" : "ae42418e-f077-41a0-9d3b-5b2f5ad9102b",
"rules" : [ {
"name" : "Test rule.",
"status" : 1,
"action_type" : 0,
"description" : "",
"source" : {
"type" : 0,
"address" : "1.1.1.1"
},
"destination" : {
"type" : 0,
"address" : "2.2.2.2"
},
"service" : {
"type" : 0,
"protocol" : 6,
"source_port" : "0",
"dest_port" : "0"
},
"address_type" : 0,
"tag" : {
"tag_key" : "",
"tag_value" : ""
},
"long_connect_enable" : 0,
"direction" : 0,
"sequence" : {
"top" : 1,
"dest_rule_id" : null
}
} ],
"type" : 0
}Example Responses
Status code: 200
Response to the request for creating an ACL rule.
{
"data" : {
"rules" : [ {
"id" : "0475c516-0e41-4caf-990b-0c504eebd73f",
"name" : "testName"
} ]
}
}Status code: 400
Bad Request
{
"error_code" : "CFW.00900016",
"error_msg" : "Import is in progress. Please wait until it is complete."
}SDK Sample Code
The SDK sample code is as follows.
The following example shows how to add an IPv4 inbound rule. The rule name is Test rule, the source is the IP address 1.1.1.1, the destination is the IP address 2.2.2.2, the service type is service, the protocol type is TCP, the source port is 0, and the destination port is 0. Persistent connections are not supported. The action is to allow. The status is enabled.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 |
package com.huaweicloud.sdk.test;
import com.huaweicloud.sdk.core.auth.ICredential;
import com.huaweicloud.sdk.core.auth.BasicCredentials;
import com.huaweicloud.sdk.core.exception.ConnectionException;
import com.huaweicloud.sdk.core.exception.RequestTimeoutException;
import com.huaweicloud.sdk.core.exception.ServiceResponseException;
import com.huaweicloud.sdk.cfw.v1.region.CfwRegion;
import com.huaweicloud.sdk.cfw.v1.*;
import com.huaweicloud.sdk.cfw.v1.model.*;
import java.util.List;
import java.util.ArrayList;
public class AddAclRuleSolution {
public static void main(String[] args) {
// The AK and SK used for authentication are hard-coded or stored in plaintext, which has great security risks. It is recommended that the AK and SK be stored in ciphertext in configuration files or environment variables and decrypted during use to ensure security.
// In this example, AK and SK are stored in environment variables for authentication. Before running this example, set environment variables CLOUD_SDK_AK and CLOUD_SDK_SK in the local environment
String ak = System.getenv("CLOUD_SDK_AK");
String sk = System.getenv("CLOUD_SDK_SK");
String projectId = "{project_id}";
ICredential auth = new BasicCredentials()
.withProjectId(projectId)
.withAk(ak)
.withSk(sk);
CfwClient client = CfwClient.newBuilder()
.withCredential(auth)
.withRegion(CfwRegion.valueOf("<YOUR REGION>"))
.build();
AddAclRuleRequest request = new AddAclRuleRequest();
AddRuleAclDto body = new AddRuleAclDto();
TagsVO tagRules = new TagsVO();
tagRules.withTagKey("")
.withTagValue("");
RuleServiceDto serviceRules = new RuleServiceDto();
serviceRules.withType(0)
.withProtocol(6)
.withSourcePort("0")
.withDestPort("0");
RuleAddressDtoForRequest destinationRules = new RuleAddressDtoForRequest();
destinationRules.withType(0)
.withAddress("2.2.2.2");
RuleAddressDtoForRequest sourceRules = new RuleAddressDtoForRequest();
sourceRules.withType(0)
.withAddress("1.1.1.1");
OrderRuleAclDto sequenceRules = new OrderRuleAclDto();
sequenceRules.withTop(1);
List<AddRuleAclDtoRules> listbodyRules = new ArrayList<>();
listbodyRules.add(
new AddRuleAclDtoRules()
.withName("Test rule.")
.withSequence(sequenceRules)
.withAddressType(AddRuleAclDtoRules.AddressTypeEnum.NUMBER_0)
.withActionType(0)
.withStatus(AddRuleAclDtoRules.StatusEnum.NUMBER_1)
.withLongConnectEnable(AddRuleAclDtoRules.LongConnectEnableEnum.NUMBER_0)
.withDescription("")
.withDirection(AddRuleAclDtoRules.DirectionEnum.NUMBER_0)
.withSource(sourceRules)
.withDestination(destinationRules)
.withService(serviceRules)
.withTag(tagRules)
);
body.withRules(listbodyRules);
body.withType(AddRuleAclDto.TypeEnum.NUMBER_0);
body.withObjectId("ae42418e-f077-41a0-9d3b-5b2f5ad9102b");
request.withBody(body);
try {
AddAclRuleResponse response = client.addAclRule(request);
System.out.println(response.toString());
} catch (ConnectionException e) {
e.printStackTrace();
} catch (RequestTimeoutException e) {
e.printStackTrace();
} catch (ServiceResponseException e) {
e.printStackTrace();
System.out.println(e.getHttpStatusCode());
System.out.println(e.getRequestId());
System.out.println(e.getErrorCode());
System.out.println(e.getErrorMsg());
}
}
}
|
The following example shows how to add an IPv4 inbound rule. The rule name is Test rule, the source is the IP address 1.1.1.1, the destination is the IP address 2.2.2.2, the service type is service, the protocol type is TCP, the source port is 0, and the destination port is 0. Persistent connections are not supported. The action is to allow. The status is enabled.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 |
# coding: utf-8
import os
from huaweicloudsdkcore.auth.credentials import BasicCredentials
from huaweicloudsdkcfw.v1.region.cfw_region import CfwRegion
from huaweicloudsdkcore.exceptions import exceptions
from huaweicloudsdkcfw.v1 import *
if __name__ == "__main__":
# The AK and SK used for authentication are hard-coded or stored in plaintext, which has great security risks. It is recommended that the AK and SK be stored in ciphertext in configuration files or environment variables and decrypted during use to ensure security.
# In this example, AK and SK are stored in environment variables for authentication. Before running this example, set environment variables CLOUD_SDK_AK and CLOUD_SDK_SK in the local environment
ak = os.environ["CLOUD_SDK_AK"]
sk = os.environ["CLOUD_SDK_SK"]
projectId = "{project_id}"
credentials = BasicCredentials(ak, sk, projectId)
client = CfwClient.new_builder() \
.with_credentials(credentials) \
.with_region(CfwRegion.value_of("<YOUR REGION>")) \
.build()
try:
request = AddAclRuleRequest()
tagRules = TagsVO(
tag_key="",
tag_value=""
)
serviceRules = RuleServiceDto(
type=0,
protocol=6,
source_port="0",
dest_port="0"
)
destinationRules = RuleAddressDtoForRequest(
type=0,
address="2.2.2.2"
)
sourceRules = RuleAddressDtoForRequest(
type=0,
address="1.1.1.1"
)
sequenceRules = OrderRuleAclDto(
top=1
)
listRulesbody = [
AddRuleAclDtoRules(
name="Test rule.",
sequence=sequenceRules,
address_type=0,
action_type=0,
status=1,
long_connect_enable=0,
description="",
direction=0,
source=sourceRules,
destination=destinationRules,
service=serviceRules,
tag=tagRules
)
]
request.body = AddRuleAclDto(
rules=listRulesbody,
type=0,
object_id="ae42418e-f077-41a0-9d3b-5b2f5ad9102b"
)
response = client.add_acl_rule(request)
print(response)
except exceptions.ClientRequestException as e:
print(e.status_code)
print(e.request_id)
print(e.error_code)
print(e.error_msg)
|
The following example shows how to add an IPv4 inbound rule. The rule name is Test rule, the source is the IP address 1.1.1.1, the destination is the IP address 2.2.2.2, the service type is service, the protocol type is TCP, the source port is 0, and the destination port is 0. Persistent connections are not supported. The action is to allow. The status is enabled.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 |
package main
import (
"fmt"
"github.com/huaweicloud/huaweicloud-sdk-go-v3/core/auth/basic"
cfw "github.com/huaweicloud/huaweicloud-sdk-go-v3/services/cfw/v1"
"github.com/huaweicloud/huaweicloud-sdk-go-v3/services/cfw/v1/model"
region "github.com/huaweicloud/huaweicloud-sdk-go-v3/services/cfw/v1/region"
)
func main() {
// The AK and SK used for authentication are hard-coded or stored in plaintext, which has great security risks. It is recommended that the AK and SK be stored in ciphertext in configuration files or environment variables and decrypted during use to ensure security.
// In this example, AK and SK are stored in environment variables for authentication. Before running this example, set environment variables CLOUD_SDK_AK and CLOUD_SDK_SK in the local environment
ak := os.Getenv("CLOUD_SDK_AK")
sk := os.Getenv("CLOUD_SDK_SK")
projectId := "{project_id}"
auth := basic.NewCredentialsBuilder().
WithAk(ak).
WithSk(sk).
WithProjectId(projectId).
Build()
client := cfw.NewCfwClient(
cfw.CfwClientBuilder().
WithRegion(region.ValueOf("<YOUR REGION>")).
WithCredential(auth).
Build())
request := &model.AddAclRuleRequest{}
tagKeyTag:= ""
tagValueTag:= ""
tagRules := &model.TagsVo{
TagKey: &tagKeyTag,
TagValue: &tagValueTag,
}
protocolService:= int32(6)
sourcePortService:= "0"
destPortService:= "0"
serviceRules := &model.RuleServiceDto{
Type: int32(0),
Protocol: &protocolService,
SourcePort: &sourcePortService,
DestPort: &destPortService,
}
addressDestination:= "2.2.2.2"
destinationRules := &model.RuleAddressDtoForRequest{
Type: int32(0),
Address: &addressDestination,
}
addressSource:= "1.1.1.1"
sourceRules := &model.RuleAddressDtoForRequest{
Type: int32(0),
Address: &addressSource,
}
topSequence:= int32(1)
sequenceRules := &model.OrderRuleAclDto{
Top: &topSequence,
}
descriptionRules:= ""
directionRules:= model.GetAddRuleAclDtoRulesDirectionEnum().E_0
var listRulesbody = []model.AddRuleAclDtoRules{
{
Name: "Test rule.",
Sequence: sequenceRules,
AddressType: model.GetAddRuleAclDtoRulesAddressTypeEnum().E_0,
ActionType: int32(0),
Status: model.GetAddRuleAclDtoRulesStatusEnum().E_1,
LongConnectEnable: model.GetAddRuleAclDtoRulesLongConnectEnableEnum().E_0,
Description: &descriptionRules,
Direction: &directionRules,
Source: sourceRules,
Destination: destinationRules,
Service: serviceRules,
Tag: tagRules,
},
}
request.Body = &model.AddRuleAclDto{
Rules: listRulesbody,
Type: model.GetAddRuleAclDtoTypeEnum().E_0,
ObjectId: "ae42418e-f077-41a0-9d3b-5b2f5ad9102b",
}
response, err := client.AddAclRule(request)
if err == nil {
fmt.Printf("%+v\n", response)
} else {
fmt.Println(err)
}
}
|
For SDK sample code of more programming languages, see the Sample Code tab in API Explorer. SDK sample code can be automatically generated.
The following example shows how to add an IPv4 inbound rule. The rule name is Test rule, the source is the IP address 1.1.1.1, the destination is the IP address 2.2.2.2, the service type is service, the protocol type is TCP, the source port is 0, and the destination port is 0. Persistent connections are not supported. The action is to allow. The status is enabled.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 |
package com.huaweicloud.sdk.test;
import com.huaweicloud.sdk.core.auth.ICredential;
import com.huaweicloud.sdk.core.auth.BasicCredentials;
import com.huaweicloud.sdk.core.exception.ConnectionException;
import com.huaweicloud.sdk.core.exception.RequestTimeoutException;
import com.huaweicloud.sdk.core.exception.ServiceResponseException;
import com.huaweicloud.sdk.cfw.v1.region.CfwRegion;
import com.huaweicloud.sdk.cfw.v1.*;
import com.huaweicloud.sdk.cfw.v1.model.*;
import java.util.List;
import java.util.ArrayList;
public class AddAclRuleSolution {
public static void main(String[] args) {
// The AK and SK used for authentication are hard-coded or stored in plaintext, which has great security risks. It is recommended that the AK and SK be stored in ciphertext in configuration files or environment variables and decrypted during use to ensure security.
// In this example, AK and SK are stored in environment variables for authentication. Before running this example, set environment variables CLOUD_SDK_AK and CLOUD_SDK_SK in the local environment
String ak = System.getenv("CLOUD_SDK_AK");
String sk = System.getenv("CLOUD_SDK_SK");
String projectId = "{project_id}";
ICredential auth = new BasicCredentials()
.withProjectId(projectId)
.withAk(ak)
.withSk(sk);
CfwClient client = CfwClient.newBuilder()
.withCredential(auth)
.withRegion(CfwRegion.valueOf("<YOUR REGION>"))
.build();
AddAclRuleRequest request = new AddAclRuleRequest();
AddRuleAclDto body = new AddRuleAclDto();
TagsVO tagRules = new TagsVO();
tagRules.withTagKey("")
.withTagValue("");
RuleServiceDto serviceRules = new RuleServiceDto();
serviceRules.withType(0)
.withProtocol(6)
.withSourcePort("0")
.withDestPort("0");
RuleAddressDtoForRequest destinationRules = new RuleAddressDtoForRequest();
destinationRules.withType(0)
.withAddress("2.2.2.2");
RuleAddressDtoForRequest sourceRules = new RuleAddressDtoForRequest();
sourceRules.withType(0)
.withAddress("1.1.1.1");
OrderRuleAclDto sequenceRules = new OrderRuleAclDto();
sequenceRules.withTop(1);
List<AddRuleAclDtoRules> listbodyRules = new ArrayList<>();
listbodyRules.add(
new AddRuleAclDtoRules()
.withName("Test rule.")
.withSequence(sequenceRules)
.withAddressType(AddRuleAclDtoRules.AddressTypeEnum.NUMBER_0)
.withActionType(0)
.withStatus(AddRuleAclDtoRules.StatusEnum.NUMBER_1)
.withLongConnectEnable(AddRuleAclDtoRules.LongConnectEnableEnum.NUMBER_0)
.withDescription("")
.withDirection(AddRuleAclDtoRules.DirectionEnum.NUMBER_0)
.withSource(sourceRules)
.withDestination(destinationRules)
.withService(serviceRules)
.withTag(tagRules)
);
body.withRules(listbodyRules);
body.withType(AddRuleAclDto.TypeEnum.NUMBER_0);
body.withObjectId("ae42418e-f077-41a0-9d3b-5b2f5ad9102b");
request.withBody(body);
try {
AddAclRuleResponse response = client.addAclRule(request);
System.out.println(response.toString());
} catch (ConnectionException e) {
e.printStackTrace();
} catch (RequestTimeoutException e) {
e.printStackTrace();
} catch (ServiceResponseException e) {
e.printStackTrace();
System.out.println(e.getHttpStatusCode());
System.out.println(e.getRequestId());
System.out.println(e.getErrorCode());
System.out.println(e.getErrorMsg());
}
}
}
|
The following example shows how to add an IPv4 inbound rule. The rule name is Test rule, the source is the IP address 1.1.1.1, the destination is the IP address 2.2.2.2, the service type is service, the protocol type is TCP, the source port is 0, and the destination port is 0. Persistent connections are not supported. The action is to allow. The status is enabled.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 |
# coding: utf-8
import os
from huaweicloudsdkcore.auth.credentials import BasicCredentials
from huaweicloudsdkcfw.v1.region.cfw_region import CfwRegion
from huaweicloudsdkcore.exceptions import exceptions
from huaweicloudsdkcfw.v1 import *
if __name__ == "__main__":
# The AK and SK used for authentication are hard-coded or stored in plaintext, which has great security risks. It is recommended that the AK and SK be stored in ciphertext in configuration files or environment variables and decrypted during use to ensure security.
# In this example, AK and SK are stored in environment variables for authentication. Before running this example, set environment variables CLOUD_SDK_AK and CLOUD_SDK_SK in the local environment
ak = os.environ["CLOUD_SDK_AK"]
sk = os.environ["CLOUD_SDK_SK"]
projectId = "{project_id}"
credentials = BasicCredentials(ak, sk, projectId)
client = CfwClient.new_builder() \
.with_credentials(credentials) \
.with_region(CfwRegion.value_of("<YOUR REGION>")) \
.build()
try:
request = AddAclRuleRequest()
tagRules = TagsVO(
tag_key="",
tag_value=""
)
serviceRules = RuleServiceDto(
type=0,
protocol=6,
source_port="0",
dest_port="0"
)
destinationRules = RuleAddressDtoForRequest(
type=0,
address="2.2.2.2"
)
sourceRules = RuleAddressDtoForRequest(
type=0,
address="1.1.1.1"
)
sequenceRules = OrderRuleAclDto(
top=1
)
listRulesbody = [
AddRuleAclDtoRules(
name="Test rule.",
sequence=sequenceRules,
address_type=0,
action_type=0,
status=1,
long_connect_enable=0,
description="",
direction=0,
source=sourceRules,
destination=destinationRules,
service=serviceRules,
tag=tagRules
)
]
request.body = AddRuleAclDto(
rules=listRulesbody,
type=0,
object_id="ae42418e-f077-41a0-9d3b-5b2f5ad9102b"
)
response = client.add_acl_rule(request)
print(response)
except exceptions.ClientRequestException as e:
print(e.status_code)
print(e.request_id)
print(e.error_code)
print(e.error_msg)
|
The following example shows how to add an IPv4 inbound rule. The rule name is Test rule, the source is the IP address 1.1.1.1, the destination is the IP address 2.2.2.2, the service type is service, the protocol type is TCP, the source port is 0, and the destination port is 0. Persistent connections are not supported. The action is to allow. The status is enabled.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 |
package main
import (
"fmt"
"github.com/huaweicloud/huaweicloud-sdk-go-v3/core/auth/basic"
cfw "github.com/huaweicloud/huaweicloud-sdk-go-v3/services/cfw/v1"
"github.com/huaweicloud/huaweicloud-sdk-go-v3/services/cfw/v1/model"
region "github.com/huaweicloud/huaweicloud-sdk-go-v3/services/cfw/v1/region"
)
func main() {
// The AK and SK used for authentication are hard-coded or stored in plaintext, which has great security risks. It is recommended that the AK and SK be stored in ciphertext in configuration files or environment variables and decrypted during use to ensure security.
// In this example, AK and SK are stored in environment variables for authentication. Before running this example, set environment variables CLOUD_SDK_AK and CLOUD_SDK_SK in the local environment
ak := os.Getenv("CLOUD_SDK_AK")
sk := os.Getenv("CLOUD_SDK_SK")
projectId := "{project_id}"
auth := basic.NewCredentialsBuilder().
WithAk(ak).
WithSk(sk).
WithProjectId(projectId).
Build()
client := cfw.NewCfwClient(
cfw.CfwClientBuilder().
WithRegion(region.ValueOf("<YOUR REGION>")).
WithCredential(auth).
Build())
request := &model.AddAclRuleRequest{}
tagKeyTag:= ""
tagValueTag:= ""
tagRules := &model.TagsVo{
TagKey: &tagKeyTag,
TagValue: &tagValueTag,
}
protocolService:= int32(6)
sourcePortService:= "0"
destPortService:= "0"
serviceRules := &model.RuleServiceDto{
Type: int32(0),
Protocol: &protocolService,
SourcePort: &sourcePortService,
DestPort: &destPortService,
}
addressDestination:= "2.2.2.2"
destinationRules := &model.RuleAddressDtoForRequest{
Type: int32(0),
Address: &addressDestination,
}
addressSource:= "1.1.1.1"
sourceRules := &model.RuleAddressDtoForRequest{
Type: int32(0),
Address: &addressSource,
}
topSequence:= int32(1)
sequenceRules := &model.OrderRuleAclDto{
Top: &topSequence,
}
descriptionRules:= ""
directionRules:= model.GetAddRuleAclDtoRulesDirectionEnum().E_0
var listRulesbody = []model.AddRuleAclDtoRules{
{
Name: "Test rule.",
Sequence: sequenceRules,
AddressType: model.GetAddRuleAclDtoRulesAddressTypeEnum().E_0,
ActionType: int32(0),
Status: model.GetAddRuleAclDtoRulesStatusEnum().E_1,
LongConnectEnable: model.GetAddRuleAclDtoRulesLongConnectEnableEnum().E_0,
Description: &descriptionRules,
Direction: &directionRules,
Source: sourceRules,
Destination: destinationRules,
Service: serviceRules,
Tag: tagRules,
},
}
request.Body = &model.AddRuleAclDto{
Rules: listRulesbody,
Type: model.GetAddRuleAclDtoTypeEnum().E_0,
ObjectId: "ae42418e-f077-41a0-9d3b-5b2f5ad9102b",
}
response, err := client.AddAclRule(request)
if err == nil {
fmt.Printf("%+v\n", response)
} else {
fmt.Println(err)
}
}
|
For SDK sample code of more programming languages, see the Sample Code tab in API Explorer. SDK sample code can be automatically generated.
Status Codes
|
Status Code |
Description |
|---|---|
|
200 |
Response to the request for creating an ACL rule. |
|
400 |
Bad Request |
|
401 |
Unauthorized: Request error. |
|
403 |
Forbidden: Access forbidden. |
|
404 |
Not Found: Web page not found. |
|
500 |
Internal Server Error |
Error Codes
See Error Codes.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot
