Help Center/ Cloud Firewall/ API Reference/ API/ IPS Management/ Viewing the Custom IPS Rule List
Updated on 2025-08-12 GMT+08:00

Viewing the Custom IPS Rule List

Function

This API is used to view the custom IPS rule list.

Calling Method

For details, see Calling APIs.

URI

GET /v1/{project_id}/ips/custom-rule

Table 1 Path Parameters

Parameter

Mandatory

Type

Description

project_id

Yes

String

Definition

Project ID, which is used to specify the project that an asset belongs to. You can query the assets of a project by project ID. You can obtain the project ID from the API or console. For details, see Obtaining a Project ID.

Constraints

N/A

Range

32-bit UUID.

Default Value

N/A

Table 2 Query Parameters

Parameter

Mandatory

Type

Description

action_type

No

Integer

Definition

Action.

Constraints

N/A

Range

0: Record logs only.

1: Block sessions.

2: Block IP addresses.

Default Value

N/A

affected_os

No

Integer

Definition

Affected OS.

Constraints

N/A

Range

0 (any), 1 (Windows), 2 (Linux), 3 (FreeBSD), 4 (Solaris), 5 (other Unix), 6 (network devices), 7 (macOS), 8 (iOS), 9 (Android), or 10 (other)

Default Value

N/A

attack_type

No

Integer

Definition

Attack type.

Constraints

N/A

Range

1 (access control), 2 (vulnerability scan), 3 (email attack), 4 (vulnerability exploit), 5 (web attack), 6 (password attack), 7 (hijacking), 8 (protocol anomaly), 9 (Trojan), 10 (worm), 11 (buffer overflow), 12 (hacker tool), 13 (spyware), 14 (DDoS flood), 15 (application-layer DDoS attack), 16 (other suspicious behavior), 17 (suspicious DNS activity), 18 (phishing), 19 (spam), or 20 (other attack)

Default Value

N/A

ips_name

No

String

Definition

IPS rule name.

Constraints

N/A

Range

N/A

Default Value

N/A

ips_id

No

String

Definition

IPS rule ID.

Constraints

N/A

Range

N/A

Default Value

N/A

protocol

No

Integer

Definition

Protocol type.

Constraints

N/A

Range

1 (FTP), 2 (TELNET), 3 (SMTP), 4 (DNS_TCP), 5 (DNS_UDP), 6 (DHCP), 7 (TFTP), 8 (FINGER), 9 (HTTP), 10 (POP3), 11 (SUNRPC_TCP), 12 (SUNRPC_UDP), 13 (NNTP), 14 (MSRPC_TCP), 15 (MSRPC_UDP), 16 (NETBIOS_NAME_TCP), 17 (NETBIOS_NAME_UDP), 18 (NETBIOS_SMB), 19 (NETBIOS_DATAGRAM), 20 (IMAP4), 21 (SNMP), 22 (LDAP), 23 (MSSQL), or 24 (ORACLE)

Default Value

N/A

severity

No

Integer

Definition

Severity.

Constraints

N/A

Range

critical, high, medium, or low

Default Value

N/A

software

No

Integer

Definition

Affected software.

Constraints

N/A

Range

0 (ANY), 1 (ADOBE), 2 (APACHE), 3 (APPLE), 4 (CA), 5 (CISCO), 6 (GOOGLE_CHROME), 7 (HP), 8 (IBM), 9 (IE), 10 (IIS), 11 (MC_AFEE), 12 (MEDIA_PLAYER), 13 (MICROSOFT_NET), 14 (MICROSOFT_EDGE), 15 (MICROSOFT_EXCHANGE), 16 (MICROSOFT_OFFICE), 17 (MICROSOFT_OUTLOOK), 18 (MICROSOFT_SHARE_POINT), 19 (MICROSOFT_WINDOWS), 20 (MOZILLA), 21 (MSSQL), 22 (MYSQL), 23 (NOVELL), 24 (ORACLE), 25 (SAMBA), 26 (SAMSUNG), 27 (SAP), 28 (SCADA), 29 (SQUID), 30 (SUN), 31 (SYMANTEC), 32 (TREND_MICRO), 33 (VMWARE), 34 (WORD_PRESS), or 35 (OTHERS)

Default Value

N/A

fw_instance_id

Yes

String

Definition

Firewall ID. It is a unique ID generated after a firewall instance is created. You can obtain the firewall ID by referring to Obtaining a Firewall ID.

Constraints

N/A

Range

32-bit UUID.

Default Value

N/A

limit

Yes

Integer

Definition

Maximum number of records that can be returned.

Constraints

N/A

Range

1-1024

Default Value

N/A

offset

Yes

Integer

Definition

Offset. The records after this offset will be queried.

Constraints

N/A

Range

0 - 1024

Default Value

N/A

Request Parameters

None

Response Parameters

Status code: 200

Table 3 Response body parameters

Parameter

Type

Description

data

CustomerIpsPageInfo object

Table 4 CustomerIpsPageInfo

Parameter

Type

Description

limit

Integer

Definition

Maximum number of records that can be returned.

Constraints

N/A

Range

1-1024

Default Value

N/A

offset

Integer

Definition

Offset. The records after this offset will be queried.

Constraints

N/A

Range

0 - 1024

Default Value

N/A

records

Array of CustomerIpsListVO objects

Definition

Custom IPS rule list.

Range

N/A

total

Integer

Definition

Number of custom IPS rules.

Range

N/A

Table 5 CustomerIpsListVO

Parameter

Type

Description

action

Integer

Definition

Action.

Range

0 (log only) or 1 (reset/block)

affected_os

Integer

Definition

Affected OS.

Range

0 (any), 1 (Windows), 2 (Linux), 3 (FreeBSD), 4 (Solaris), 5 (other Unix), 6 (network devices), 7 (macOS), 8 (iOS), 9 (Android), or 10 (other)

attack_type

Integer

Definition

Attack type.

Constraints

N/A

Range

1 (access control), 2 (vulnerability scan), 3 (email attack), 4 (vulnerability exploit), 5 (web attack), 6 (password attack), 7 (hijacking), 8 (protocol anomaly), 9 (Trojan), 10 (worm), 11 (buffer overflow), 12 (hacker tool), 13 (spyware), 14 (DDoS flood), 15 (application-layer DDoS attack), 16 (other suspicious behavior), 17 (suspicious DNS activity), 18 (phishing), 19 (spam), or 20 (other attack)

Default Value

N/A

config_status

Integer

Definition

Rule status.

Range

0 (initialized), 1 (configuring), 2 (configuration succeeded), or 3 (configuration failed)

content

String

Definition

Content that matches an IPS attack.

Range

N/A

dst_port_type

Integer

Definition

Port type.

Range

-1 (any), 0 (include), or 1 (exclude)

dst_ports

String

Definition

Port.

Range

1 - 65535

ips_cfw_id

String

Definition

ID of a custom IPS rule in CFW.

Constraints

N/A

Range

32-bit UUID.

Default Value

N/A

ips_id

String

Definition

IPS rule ID.

Range

N/A

ips_name

String

Definition

IPS rule name.

Range

N/A

protocol

Integer

Definition

Protocol type.

Range

1** (FTP), 2 (TELNET), 3 (SMTP), 4 (DNS_TCP), 5 (DNS_UDP), 6 (DHCP), 7 (TFTP), 8 (FINGER), 9 (HTTP), 10 (POP3), 11 (SUNRPC_TCP), 12 (SUNRPC_UDP), 13 (NNTP), 14 (MSRPC_TCP), 15 (MSRPC_UDP), 16 (NETBIOS_NAME_TCP), 17 (NETBIOS_NAME_UDP), 18 (NETBIOS_SMB), 19 (NETBIOS_DATAGRAM), 20 (IMAP4), 21 (SNMP), 22 (LDAP), 23 (MSSQL), or 24 (ORACLE)

severity

Integer

Definition

Severity.

Range

critical, high, medium, or low

software

Integer

Definition

Affected software.

Range

0 (ANY), 1 (ADOBE), 2 (APACHE), 3 (APPLE), 4 (CA), 5 (CISCO), 6 (GOOGLE_CHROME), 7 (HP), 8 (IBM), 9 (IE), 10 (IIS), 11 (MC_AFEE), 12 (MEDIA_PLAYER), 13 (MICROSOFT_NET), 14 (MICROSOFT_EDGE), 15 (MICROSOFT_EXCHANGE), 16 (MICROSOFT_OFFICE), 17 (MICROSOFT_OUTLOOK), 18 (MICROSOFT_SHARE_POINT), 19 (MICROSOFT_WINDOWS), 20 (MOZILLA), 21 (MSSQL), 22 (MYSQL), 23 (NOVELL), 24 (ORACLE), 25 (SAMBA), 26 (SAMSUNG), 27 (SAP), 28 (SCADA), 29 (SQUID), 30 (SUN), 31 (SYMANTEC), 32 (TREND_MICRO), 33 (VMWARE), 34 (WORD_PRESS), or 35 (OTHERS)

src_port_type

Integer

Definition

Port type. The value can be -1 (Any), 0 (include), or 1 (exclude).

Range

N/A

src_ports

String

Definition

Port.

Range

N/A

Status code: 400

Table 6 Response body parameters

Parameter

Type

Description

error_code

String

Definition

Error code.

Range

N/A

error_msg

String

Definition

Error message.

Range

N/A

Example Requests

Query the custom IPS rule list of the firewall whose project ID is eb7accd78ea845078275b2ad5280a109 and firewall ID is 8a996d43-75bd-48b4-b1b8-de0706b72b8f. The offset is 0, and the maximum number of returned records is 10.

https://{Endpoint}/v1/eb7accd78ea845078275b2ad5280a109/ips/custom-rule?fw_instance_id=8a996d43-75bd-48b4-b1b8-de0706b72b8f&offset=0&limit=10

Example Responses

Status code: 200

OK

{
  "data" : {
    "limit" : 1000,
    "offset" : 0,
    "records" : [ {
      "action" : 0,
      "affected_os" : 1,
      "attack_type" : 1,
      "config_status" : 2,
      "content" : "content:\"test\";distance:0;within:65535;nocase;",
      "dst_port_type" : 1,
      "dst_ports" : "2",
      "ips_cfw_id" : "3d42ef53-9b44-4d8c-b83e-b1cce27bd543",
      "ips_id" : "350000",
      "ips_name" : "Custom IPS.",
      "protocol" : 9,
      "severity" : 0,
      "software" : 1,
      "src_port_type" : 0,
      "src_ports" : "1"
    } ],
    "total" : 1
  }
}

Status code: 400

Bad Request

{
  "error_code" : "CFW.00200003",
  "error_msg" : "Parameter error."
}

SDK Sample Code

The SDK sample code is as follows.

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
package com.huaweicloud.sdk.test;

import com.huaweicloud.sdk.core.auth.ICredential;
import com.huaweicloud.sdk.core.auth.BasicCredentials;
import com.huaweicloud.sdk.core.exception.ConnectionException;
import com.huaweicloud.sdk.core.exception.RequestTimeoutException;
import com.huaweicloud.sdk.core.exception.ServiceResponseException;
import com.huaweicloud.sdk.cfw.v1.region.CfwRegion;
import com.huaweicloud.sdk.cfw.v1.*;
import com.huaweicloud.sdk.cfw.v1.model.*;


public class ListCustomerIpsSolution {

    public static void main(String[] args) {
        // The AK and SK used for authentication are hard-coded or stored in plaintext, which has great security risks. It is recommended that the AK and SK be stored in ciphertext in configuration files or environment variables and decrypted during use to ensure security.
        // In this example, AK and SK are stored in environment variables for authentication. Before running this example, set environment variables CLOUD_SDK_AK and CLOUD_SDK_SK in the local environment
        String ak = System.getenv("CLOUD_SDK_AK");
        String sk = System.getenv("CLOUD_SDK_SK");
        String projectId = "{project_id}";

        ICredential auth = new BasicCredentials()
                .withProjectId(projectId)
                .withAk(ak)
                .withSk(sk);

        CfwClient client = CfwClient.newBuilder()
                .withCredential(auth)
                .withRegion(CfwRegion.valueOf("<YOUR REGION>"))
                .build();
        ListCustomerIpsRequest request = new ListCustomerIpsRequest();
        try {
            ListCustomerIpsResponse response = client.listCustomerIps(request);
            System.out.println(response.toString());
        } catch (ConnectionException e) {
            e.printStackTrace();
        } catch (RequestTimeoutException e) {
            e.printStackTrace();
        } catch (ServiceResponseException e) {
            e.printStackTrace();
            System.out.println(e.getHttpStatusCode());
            System.out.println(e.getRequestId());
            System.out.println(e.getErrorCode());
            System.out.println(e.getErrorMsg());
        }
    }
}
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
# coding: utf-8

import os
from huaweicloudsdkcore.auth.credentials import BasicCredentials
from huaweicloudsdkcfw.v1.region.cfw_region import CfwRegion
from huaweicloudsdkcore.exceptions import exceptions
from huaweicloudsdkcfw.v1 import *

if __name__ == "__main__":
    # The AK and SK used for authentication are hard-coded or stored in plaintext, which has great security risks. It is recommended that the AK and SK be stored in ciphertext in configuration files or environment variables and decrypted during use to ensure security.
    # In this example, AK and SK are stored in environment variables for authentication. Before running this example, set environment variables CLOUD_SDK_AK and CLOUD_SDK_SK in the local environment
    ak = os.environ["CLOUD_SDK_AK"]
    sk = os.environ["CLOUD_SDK_SK"]
    projectId = "{project_id}"

    credentials = BasicCredentials(ak, sk, projectId)

    client = CfwClient.new_builder() \
        .with_credentials(credentials) \
        .with_region(CfwRegion.value_of("<YOUR REGION>")) \
        .build()

    try:
        request = ListCustomerIpsRequest()
        response = client.list_customer_ips(request)
        print(response)
    except exceptions.ClientRequestException as e:
        print(e.status_code)
        print(e.request_id)
        print(e.error_code)
        print(e.error_msg)
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
package main

import (
	"fmt"
	"github.com/huaweicloud/huaweicloud-sdk-go-v3/core/auth/basic"
    cfw "github.com/huaweicloud/huaweicloud-sdk-go-v3/services/cfw/v1"
	"github.com/huaweicloud/huaweicloud-sdk-go-v3/services/cfw/v1/model"
    region "github.com/huaweicloud/huaweicloud-sdk-go-v3/services/cfw/v1/region"
)

func main() {
    // The AK and SK used for authentication are hard-coded or stored in plaintext, which has great security risks. It is recommended that the AK and SK be stored in ciphertext in configuration files or environment variables and decrypted during use to ensure security.
    // In this example, AK and SK are stored in environment variables for authentication. Before running this example, set environment variables CLOUD_SDK_AK and CLOUD_SDK_SK in the local environment
    ak := os.Getenv("CLOUD_SDK_AK")
    sk := os.Getenv("CLOUD_SDK_SK")
    projectId := "{project_id}"

    auth := basic.NewCredentialsBuilder().
        WithAk(ak).
        WithSk(sk).
        WithProjectId(projectId).
        Build()

    client := cfw.NewCfwClient(
        cfw.CfwClientBuilder().
            WithRegion(region.ValueOf("<YOUR REGION>")).
            WithCredential(auth).
            Build())

    request := &model.ListCustomerIpsRequest{}
	response, err := client.ListCustomerIps(request)
	if err == nil {
        fmt.Printf("%+v\n", response)
    } else {
        fmt.Println(err)
    }
}

For SDK sample code of more programming languages, see the Sample Code tab in API Explorer. SDK sample code can be automatically generated.

Status Codes

Status Code

Description

200

OK

400

Bad Request

Error Codes

See Error Codes.