Updating an ACL Rule
Function
This API is used to update an ACL rule.
Calling Method
For details, see Calling APIs.
URI
PUT /v1/{project_id}/acl-rule/{acl_rule_id}
|
Parameter |
Mandatory |
Type |
Description |
|---|---|---|---|
|
project_id |
Yes |
String |
Project ID, which can be obtained by calling an API or from the console. For details, see Obtaining a Project ID. |
|
acl_rule_id |
Yes |
String |
Rule ID, which can be obtained by calling the API for querying protection rules. Find the value in data.records.rule_id (The period [.] is used to separate different levels of objects). |
|
Parameter |
Mandatory |
Type |
Description |
|---|---|---|---|
|
enterprise_project_id |
No |
String |
Enterprise project ID, which is the ID of a project planned based on organizations. You can obtain the enterprise project ID by referring to Obtaining an Enterprise Project ID. If the enterprise project function is not enabled, the value is 0. |
|
fw_instance_id |
No |
String |
Firewall ID, which can be obtained by referring to Obtaining a Firewall ID. |
Request Parameters
|
Parameter |
Mandatory |
Type |
Description |
|---|---|---|---|
|
X-Auth-Token |
Yes |
String |
User token. You can obtain the token by referring to Obtaining a User Token. |
|
Parameter |
Mandatory |
Type |
Description |
|---|---|---|---|
|
address_type |
No |
Integer |
Address type: 0 (IPv4), 1 (IPv6). |
|
name |
No |
String |
Rule name. |
|
direction |
No |
Integer |
Direction: 0 (inbound) or 1 (outbound). This parameter is mandatory when type is set to 0 (Internet rule) or 2 (NAT rule). |
|
action_type |
No |
Integer |
Rule action: 0 (permit), 1 (deny). |
|
status |
No |
Integer |
Rule status: 0 (disabled), 1 (enabled). |
|
applications |
No |
Array of strings |
Rule application list. Rule application type: HTTP, HTTPS, TLS1, DNS, SSH, MYSQL, SMTP, RDP, RDPS, VNC, POP3, ** IMAP4**, SMTPS, POP3S, FTPS, ANY, or BGP. |
|
description |
No |
String |
Rule description. |
|
long_connect_time_hour |
No |
Long |
Persistent connection duration (hour). |
|
long_connect_time_minute |
No |
Long |
Persistent connection duration (minute). |
|
long_connect_time_second |
No |
Long |
Persistent connection duration (second). |
|
long_connect_time |
No |
Long |
Persistent connection duration. |
|
long_connect_enable |
No |
Integer |
Whether to support persistent connections: 0 (no), 1 (yes). |
|
source |
No |
RuleAddressDto object |
Source address DTO. |
|
destination |
No |
RuleAddressDto object |
Destination address DTO. |
|
service |
No |
RuleServiceDto object |
Service object. |
|
type |
No |
Integer |
Rule type: 0 (Internet rule), 1 (VPC rule), or 2 (NAT rule). |
|
tag |
No |
TagsVO object |
Tag object attached to a rule. |
|
Parameter |
Mandatory |
Type |
Description |
|---|---|---|---|
|
type |
Yes |
Integer |
Address type: 0 (manual input), 1 (associated IP address group), 2 (domain name), 3 (geographical location), 4 (domain name group) 5 (multiple objects), 6 (domain name group - DNS resolution), 7 (domain name group - website filtering). |
|
address_type |
No |
Integer |
Address type: 0 (IPv4), 1 (IPv6). If its value is 0, the input cannot be left blank. |
|
address |
No |
String |
IP address information. It cannot be left blank if type is set to 0. |
|
address_set_id |
No |
String |
ID of an associated IP address group. This parameter cannot be left blank when type is set to 1. You can obtain the value by calling the API for querying the address group list. Find the value in data.records.set_id (The period [.] is used to separate different levels of objects). |
|
address_set_name |
No |
String |
Name of an associated IP address group. This parameter cannot be left blank when type is set to 1. You can obtain the value by calling the API for querying the address group list. Find the value in data.records.name (The period [.] is used to separate different levels of objects). |
|
domain_address_name |
No |
String |
Name of a domain name address. This parameter is valid when type is set to 2 (domain name) or 7 (application domain name group). |
|
region_list_json |
No |
String |
JSON value of the rule region list. |
|
region_list |
No |
Array of IpRegionDto objects |
Rule region list. |
|
domain_set_id |
No |
String |
Domain name group ID. The value cannot be left blank when type is set to 4 (domain name group) or 7 (domain name group - website filtering). Its value can be obtained by calling the API for querying the domain name group list. Find the value in data.records.set_id (The period [.] is used to separate different levels of objects). |
|
domain_set_name |
No |
String |
Domain name group name. The value cannot be left blank when type is set to 4 (domain name group) or 7 (domain name group - website filtering). Its value can be obtained by calling the API for querying the domain name group list. Find the value in data.records.name (The period [.] is used to separate different levels of objects). |
|
ip_address |
No |
Array of strings |
IP address list. This parameter cannot be left blank when type is set to 5 (multiple objects). |
|
address_group |
No |
Array of strings |
Address group ID list. This parameter cannot be left blank when type is set to 5 (multiple objects). Its value can be obtained by calling the API for querying the address group list. Find the value in data.records.set_id (The period [.] is used to separate different levels of objects). In the search criteria, query_address_set_type must be set to 0 (user-defined address group). |
|
address_group_names |
No |
Array of AddressGroupVO objects |
Address group name list. |
|
address_set_type |
No |
Integer |
Address group type. It cannot be left blank when type is set to 1 (associated IP address group). It value can be 0 (user-defined address group), 1 (WAF back-to-source IP address group), 2 (DDoS back-to-source IP address group), or 3 (NAT64 address group). |
|
predefined_group |
No |
Array of strings |
Pre-defined address group ID list. This parameter cannot be left blank when type is set to 5 (multiple objects). Its value can be obtained by calling the API for querying the address group list. Find the value in data.records.set_id (The period [.] is used to separate different levels of objects). In the search criteria, query_address_set_type must be set to 1 (predefined address group). |
|
Parameter |
Mandatory |
Type |
Description |
|---|---|---|---|
|
region_id |
No |
String |
Region ID. |
|
description_cn |
No |
String |
Region description in Chinese, which is used only for China regions. |
|
description_en |
No |
String |
Region description in English, which is used only for non-China regions. |
|
region_type |
No |
Integer |
Region type: 0 (country), 1 (province), or 2 (continent). |
|
Parameter |
Mandatory |
Type |
Description |
|---|---|---|---|
|
address_set_type |
No |
Integer |
Address group type: 0 (user-defined address group), 1 (WAF back-to-source IP address group), 2 (DDoS back-to-source IP address group), or 3 (NAT64 address group). |
|
name |
No |
String |
Name of an associated IP address group, which can be obtained by calling the API for querying the address group list. Find the value in data.records.name (The period [.] is used to separate different levels of objects). |
|
set_id |
No |
String |
ID of an associated IP address group, which can be obtained by calling the API for querying the address group list. Find the value in data.records.set_id (The period [.] is used to separate different levels of objects). |
|
Parameter |
Mandatory |
Type |
Description |
|---|---|---|---|
|
type |
Yes |
Integer |
Service input type: 0 (manual), 1 (automatic). |
|
protocol |
No |
Integer |
Protocol type: 6 (TCP), 17 (UDP), 1 (ICMP), 58 (ICMPv6), or -1 (any). It cannot be left blank when type is set to 0 (manual). |
|
protocols |
No |
Array of integers |
Protocol list. Protocol type: 6 (TCP), 17 (UDP), 1 (ICMP), 58 (ICMPv6), or -1 (any). It cannot be left blank when type is set to 0 (manual). |
|
source_port |
No |
String |
Source port. |
|
dest_port |
No |
String |
Destination port. |
|
service_set_id |
No |
String |
Service group ID. This parameter cannot be left blank when type is set to 1 (associated IP address group). Its value can be obtained by calling the API for querying the service group list. Find the value in data.records.set_id (The period [.] is used to separate different levels of objects). |
|
service_set_name |
No |
String |
Service group name. This parameter cannot be left blank when type is set to 1 (associated IP address group). Its value can be obtained by calling the API for querying the service group list. Find the value in data.records.name (The period [.] is used to separate different levels of objects). |
|
custom_service |
No |
Array of ServiceItem objects |
Custom service. |
|
predefined_group |
No |
Array of strings |
Predefined service group ID list. The service group ID can be obtained by calling the API for querying the service group list. Find the value in data.records.set_id (The period [.] is used to separate different levels of objects). In the search criteria, query_service_set_type must be set to 1 (predefined service group). |
|
service_group |
No |
Array of strings |
Service group ID list. The service group ID can be obtained by calling the API for querying the service group list. Find the value in data.records.set_id (The period [.] is used to separate different levels of objects). In the search criteria, query_service_set_type must be set to 0 (user-defined service group). |
|
service_group_names |
No |
Array of ServiceGroupVO objects |
Service group name list. |
|
service_set_type |
No |
Integer |
Service group type: 0 (user-defined service group), 1 (common web service), 2 (common remote login and ping), or 3 (common database). |
|
Parameter |
Mandatory |
Type |
Description |
|---|---|---|---|
|
protocol |
No |
Integer |
Protocol type: 6 (TCP), 17 (UDP), 1 (ICMP), 58 (ICMPv6), or -1 (any). It cannot be left blank when RuleServiceDto.type is set to 0 (manual). |
|
source_port |
No |
String |
Source port. |
|
dest_port |
No |
String |
Destination port. |
|
description |
No |
String |
Service member description. |
|
name |
No |
String |
Service member name. |
|
Parameter |
Mandatory |
Type |
Description |
|---|---|---|---|
|
name |
No |
String |
Service group name. |
|
protocols |
No |
Array of integers |
Protocol list. Protocol type: 6 (TCP), 17 (UDP), 1 (ICMP), 58 (ICMPv6), or -1 (any). |
|
service_set_type |
No |
Integer |
Service group type: 0 (user-defined service group), 1 (predefined service group). |
|
set_id |
No |
String |
Service group ID, which can be obtained by calling the API for querying the service group list. Find the value in data.records.set_id (The period [.] is used to separate different levels of objects). |
Response Parameters
Status code: 200
|
Parameter |
Type |
Description |
|---|---|---|
|
data |
RuleId object |
Rule data. |
Status code: 400
|
Parameter |
Type |
Description |
|---|---|---|
|
error_code |
String |
Error code. |
|
error_msg |
String |
Error description. |
Example Requests
The following example shows how to update an IPv4 inbound rule. The rule name is Test rule, the source is the IP address 1.1.1.1, the destination is the IP address 2.2.2.2, the service type is service, the protocol type is TCP, the source port is 0, and the destination port is 0. Persistent connections are not supported. The action is to allow. The status is enabled.
https://{Endpoint}/v1/9d80d070b6d44942af73c9c3d38e0429/acl-rule/ceaa0407-b9c8-4dfd-9eca-b6ead2dfd031
{
"name" : "Test rule.",
"status" : 1,
"action_type" : 0,
"description" : "",
"source" : {
"type" : 0,
"address" : "1.1.1.1"
},
"destination" : {
"type" : 0,
"address" : "2.2.2.2"
},
"service" : {
"type" : 0,
"protocol" : 6,
"source_port" : "0",
"dest_port" : "0"
},
"type" : 0,
"address_type" : 0,
"tag" : {
"tag_key" : "",
"tag_value" : ""
},
"long_connect_enable" : 0,
"direction" : 0
}
Example Responses
Status code: 200
OK
{
"data" : {
"id" : "ceaa0407-b9c8-4dfd-9eca-b6ead2dfd031"
}
}
Status code: 400
Bad Request
{
"error_code" : "CFW.00200005",
"error_msg" : "Object not found."
}
SDK Sample Code
The SDK sample code is as follows.
Java
The following example shows how to update an IPv4 inbound rule. The rule name is Test rule, the source is the IP address 1.1.1.1, the destination is the IP address 2.2.2.2, the service type is service, the protocol type is TCP, the source port is 0, and the destination port is 0. Persistent connections are not supported. The action is to allow. The status is enabled.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 |
package com.huaweicloud.sdk.test; import com.huaweicloud.sdk.core.auth.ICredential; import com.huaweicloud.sdk.core.auth.BasicCredentials; import com.huaweicloud.sdk.core.exception.ConnectionException; import com.huaweicloud.sdk.core.exception.RequestTimeoutException; import com.huaweicloud.sdk.core.exception.ServiceResponseException; import com.huaweicloud.sdk.cfw.v1.region.CfwRegion; import com.huaweicloud.sdk.cfw.v1.*; import com.huaweicloud.sdk.cfw.v1.model.*; public class UpdateAclRuleSolution { public static void main(String[] args) { // The AK and SK used for authentication are hard-coded or stored in plaintext, which has great security risks. It is recommended that the AK and SK be stored in ciphertext in configuration files or environment variables and decrypted during use to ensure security. // In this example, AK and SK are stored in environment variables for authentication. Before running this example, set environment variables CLOUD_SDK_AK and CLOUD_SDK_SK in the local environment String ak = System.getenv("CLOUD_SDK_AK"); String sk = System.getenv("CLOUD_SDK_SK"); String projectId = "{project_id}"; ICredential auth = new BasicCredentials() .withProjectId(projectId) .withAk(ak) .withSk(sk); CfwClient client = CfwClient.newBuilder() .withCredential(auth) .withRegion(CfwRegion.valueOf("<YOUR REGION>")) .build(); UpdateAclRuleRequest request = new UpdateAclRuleRequest(); request.withAclRuleId("{acl_rule_id}"); UpdateRuleAclDto body = new UpdateRuleAclDto(); TagsVO tagbody = new TagsVO(); tagbody.withTagKey("") .withTagValue(""); RuleServiceDto servicebody = new RuleServiceDto(); servicebody.withType(0) .withProtocol(6) .withSourcePort("0") .withDestPort("0"); RuleAddressDto destinationbody = new RuleAddressDto(); destinationbody.withType(0) .withAddress("2.2.2.2"); RuleAddressDto sourcebody = new RuleAddressDto(); sourcebody.withType(0) .withAddress("1.1.1.1"); body.withTag(tagbody); body.withType(UpdateRuleAclDto.TypeEnum.NUMBER_0); body.withService(servicebody); body.withDestination(destinationbody); body.withSource(sourcebody); body.withLongConnectEnable(UpdateRuleAclDto.LongConnectEnableEnum.NUMBER_0); body.withDescription(""); body.withStatus(1); body.withActionType(UpdateRuleAclDto.ActionTypeEnum.NUMBER_0); body.withDirection(UpdateRuleAclDto.DirectionEnum.NUMBER_0); body.withName("Test rule."); body.withAddressType(UpdateRuleAclDto.AddressTypeEnum.NUMBER_0); request.withBody(body); try { UpdateAclRuleResponse response = client.updateAclRule(request); System.out.println(response.toString()); } catch (ConnectionException e) { e.printStackTrace(); } catch (RequestTimeoutException e) { e.printStackTrace(); } catch (ServiceResponseException e) { e.printStackTrace(); System.out.println(e.getHttpStatusCode()); System.out.println(e.getRequestId()); System.out.println(e.getErrorCode()); System.out.println(e.getErrorMsg()); } } } |
Python
The following example shows how to update an IPv4 inbound rule. The rule name is Test rule, the source is the IP address 1.1.1.1, the destination is the IP address 2.2.2.2, the service type is service, the protocol type is TCP, the source port is 0, and the destination port is 0. Persistent connections are not supported. The action is to allow. The status is enabled.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 |
# coding: utf-8 import os from huaweicloudsdkcore.auth.credentials import BasicCredentials from huaweicloudsdkcfw.v1.region.cfw_region import CfwRegion from huaweicloudsdkcore.exceptions import exceptions from huaweicloudsdkcfw.v1 import * if __name__ == "__main__": # The AK and SK used for authentication are hard-coded or stored in plaintext, which has great security risks. It is recommended that the AK and SK be stored in ciphertext in configuration files or environment variables and decrypted during use to ensure security. # In this example, AK and SK are stored in environment variables for authentication. Before running this example, set environment variables CLOUD_SDK_AK and CLOUD_SDK_SK in the local environment ak = os.environ["CLOUD_SDK_AK"] sk = os.environ["CLOUD_SDK_SK"] projectId = "{project_id}" credentials = BasicCredentials(ak, sk, projectId) client = CfwClient.new_builder() \ .with_credentials(credentials) \ .with_region(CfwRegion.value_of("<YOUR REGION>")) \ .build() try: request = UpdateAclRuleRequest() request.acl_rule_id = "{acl_rule_id}" tagbody = TagsVO( tag_key="", tag_value="" ) servicebody = RuleServiceDto( type=0, protocol=6, source_port="0", dest_port="0" ) destinationbody = RuleAddressDto( type=0, address="2.2.2.2" ) sourcebody = RuleAddressDto( type=0, address="1.1.1.1" ) request.body = UpdateRuleAclDto( tag=tagbody, type=0, service=servicebody, destination=destinationbody, source=sourcebody, long_connect_enable=0, description="", status=1, action_type=0, direction=0, name="Test rule.", address_type=0 ) response = client.update_acl_rule(request) print(response) except exceptions.ClientRequestException as e: print(e.status_code) print(e.request_id) print(e.error_code) print(e.error_msg) |
Go
The following example shows how to update an IPv4 inbound rule. The rule name is Test rule, the source is the IP address 1.1.1.1, the destination is the IP address 2.2.2.2, the service type is service, the protocol type is TCP, the source port is 0, and the destination port is 0. Persistent connections are not supported. The action is to allow. The status is enabled.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 |
package main import ( "fmt" "github.com/huaweicloud/huaweicloud-sdk-go-v3/core/auth/basic" cfw "github.com/huaweicloud/huaweicloud-sdk-go-v3/services/cfw/v1" "github.com/huaweicloud/huaweicloud-sdk-go-v3/services/cfw/v1/model" region "github.com/huaweicloud/huaweicloud-sdk-go-v3/services/cfw/v1/region" ) func main() { // The AK and SK used for authentication are hard-coded or stored in plaintext, which has great security risks. It is recommended that the AK and SK be stored in ciphertext in configuration files or environment variables and decrypted during use to ensure security. // In this example, AK and SK are stored in environment variables for authentication. Before running this example, set environment variables CLOUD_SDK_AK and CLOUD_SDK_SK in the local environment ak := os.Getenv("CLOUD_SDK_AK") sk := os.Getenv("CLOUD_SDK_SK") projectId := "{project_id}" auth := basic.NewCredentialsBuilder(). WithAk(ak). WithSk(sk). WithProjectId(projectId). Build() client := cfw.NewCfwClient( cfw.CfwClientBuilder(). WithRegion(region.ValueOf("<YOUR REGION>")). WithCredential(auth). Build()) request := &model.UpdateAclRuleRequest{} request.AclRuleId = "{acl_rule_id}" tagKeyTag:= "" tagValueTag:= "" tagbody := &model.TagsVo{ TagKey: &tagKeyTag, TagValue: &tagValueTag, } protocolService:= int32(6) sourcePortService:= "0" destPortService:= "0" servicebody := &model.RuleServiceDto{ Type: int32(0), Protocol: &protocolService, SourcePort: &sourcePortService, DestPort: &destPortService, } addressDestination:= "2.2.2.2" destinationbody := &model.RuleAddressDto{ Type: int32(0), Address: &addressDestination, } addressSource:= "1.1.1.1" sourcebody := &model.RuleAddressDto{ Type: int32(0), Address: &addressSource, } typeUpdateRuleAclDto:= model.GetUpdateRuleAclDtoTypeEnum().E_0 longConnectEnableUpdateRuleAclDto:= model.GetUpdateRuleAclDtoLongConnectEnableEnum().E_0 descriptionUpdateRuleAclDto:= "" statusUpdateRuleAclDto:= int32(1) actionTypeUpdateRuleAclDto:= model.GetUpdateRuleAclDtoActionTypeEnum().E_0 directionUpdateRuleAclDto:= model.GetUpdateRuleAclDtoDirectionEnum().E_0 nameUpdateRuleAclDto:= "Test rule." addressTypeUpdateRuleAclDto:= model.GetUpdateRuleAclDtoAddressTypeEnum().E_0 request.Body = &model.UpdateRuleAclDto{ Tag: tagbody, Type: &typeUpdateRuleAclDto, Service: servicebody, Destination: destinationbody, Source: sourcebody, LongConnectEnable: &longConnectEnableUpdateRuleAclDto, Description: &descriptionUpdateRuleAclDto, Status: &statusUpdateRuleAclDto, ActionType: &actionTypeUpdateRuleAclDto, Direction: &directionUpdateRuleAclDto, Name: &nameUpdateRuleAclDto, AddressType: &addressTypeUpdateRuleAclDto, } response, err := client.UpdateAclRule(request) if err == nil { fmt.Printf("%+v\n", response) } else { fmt.Println(err) } } |
More
For SDK sample code of more programming languages, see the Sample Code tab in API Explorer. SDK sample code can be automatically generated.
Status Codes
|
Status Code |
Description |
|---|---|
|
200 |
OK |
|
400 |
Bad Request |
|
401 |
Unauthorized |
|
403 |
Forbidden |
|
404 |
Not Found |
|
500 |
Internal Server Error |
Error Codes
See Error Codes.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot
