Updated on 2025-08-12 GMT+08:00

Adding a Basic Access Control Rule

Scenario

You can configure basic access control rules by application, endpoint, host, user, and client IP address to allow or block requests that match the rules.

For example, if application demo has a file download API, you can add a basic access control rule to block requests for accessing the file download API of application demo.

The following describes how to create a basic access control rule.

Procedure

  1. Log in to the web console of the API data security protection system as user sysadmin.
  2. In the navigation pane on the left, choose Security Policies > Access Control.
  3. Click the Basic Access Control tab, click Add, and set rule parameters. For the descriptions of parameters, see Table 1.

    Figure 1 Adding a basic access control rule
    Table 1 Parameters for adding a basic access control rule

    Parameter

    Description

    Rule Name

    Name of the rule.

    Description

    Rule description.

    Service Name

    Select the application to which the rule applies.

    Rule Conditions

    Configure the rule conditions, including the request method, URL, request body, endpoint type, client IP address, region, account, and account group.

    Action

    Configure the action triggered when the rule is matched.

    Priority

    When a request matches several basic access control rules, the rule with the highest priority takes effect.

    Effective Time

    The time or duration when the rule takes effect.
    • Effective permanently: The rule takes effect permanently when it is enabled.
    • Custom: The rule takes effect in a fixed time range every week or every day.

    Enabled/Disabled

    Enable or disable basic access control rules.
    • Enabled status: The rule takes effect immediately after being added.
    • Disabled status: The rule does not takes effect after being added. You need to manually enable it.

  4. Click OK.

Operation Results

An access control rule takes effect after being configured. Requests for accessing the application are allowed or blocked based on the rule.

Related Operations

On the Basic Access Control tab, you can also perform the following actions:

  • To modify a basic access control rule, locate it and click Edit on the right of the row.
  • To delete a basic access control rule, locate it and click Delete on the right of the row.
  • To delete several basic access control rules, select them all and click Delete in the upper right corner.
  • To enable several basic access control rules, select them all and click Enable in the upper right corner.
  • To disable several basic access control rules, select them all and click Disable in the upper right corner.