Help Center/ Cloud Firewall/ API Reference/ API/ IPS Management/ Querying Custom IPS Rule Details
Updated on 2025-08-12 GMT+08:00

Querying Custom IPS Rule Details

Function

Function: Query custom IPS rule details. Feature: Query custom IPS rule details based on the IPS ID entered in the path.

Calling Method

For details, see Calling APIs.

URI

GET /v1/{project_id}/ips/custom-rule/{ips_cfw_id}

Table 1 Path Parameters

Parameter

Mandatory

Type

Description

ips_cfw_id

Yes

String

Definition

ID of a custom IPS rule in CFW.

Constraints

N/A

Range

32-bit UUID.

Default Value

N/A

project_id

Yes

String

Definition

Project ID, which is used to specify the project that an asset belongs to. You can query the assets of a project by project ID. You can obtain the project ID from the API or console. For details, see Obtaining a Project ID.

Constraints

N/A

Range

32-bit UUID.

Default Value

N/A

Table 2 Query Parameters

Parameter

Mandatory

Type

Description

fw_instance_id

Yes

String

Definition

Firewall ID. It is a unique ID generated after a firewall instance is created. You can obtain the firewall ID by referring to Obtaining a Firewall ID.

Constraints

N/A

Range

32-bit UUID.

Default Value

N/A

Request Parameters

None

Response Parameters

Status code: 200

Table 3 Response body parameters

Parameter

Type

Description

data

CustomerIpsVO object

Definition

Returned data of a custom IPS rule.

Range

N/A

Table 4 CustomerIpsVO

Parameter

Type

Description

action

Integer

Definition

Action.

Range

0 (log only) or 1 (reset/block)

affected_os

Integer

Definition

Affected OS.

Range

0 (any), 1 (Windows), 2 (Linux), 3 (FreeBSD), 4 (Solaris), 5 (other Unix), 6 (network devices), 7 (macOS), 8 (iOS), 9 (Android), or 10 (other)

attack_type

Integer

Definition

Attack type.

Range

1 (access control), 2 (vulnerability scan), 3 (email attack), 4 (vulnerability exploit), 5 (web attack), 6 (password attack), 7 (hijacking), 8 (protocol anomaly), 9 (Trojan), 10 (worm), 11 (buffer overflow), 12 (hacker tool), 13 (spyware), 14 (DDoS flood), 15 (application-layer DDoS attack), 16 (other suspicious behavior), 17 (suspicious DNS activity), 18 (phishing), 19 (spam), or 20 (other attack)

config_status

Integer

Definition

Rule status.

Range

0 (initialized), 1 (configuring), 2 (configuration succeeded), or 3 (configuration failed)

contents

Array of IpsContent objects

Definition

Content that matches an IPS attack.

Range

direction

Integer

Definition

Default value: null. 0: from the client to the server; 1: from the server to the client.

Range

N/A

dst_port

Port object

ips_cfw_id

String

Definition

ID of a custom IPS rule in CFW.

Constraints

N/A

Range

32-bit UUID.

Default Value

N/A

ips_id

String

Definition

IPS rule ID.

Range

N/A

ips_name

String

Definition

IPS rule name.

Range

N/A

protocol

Integer

Definition

Protocol type.

Range

1** (FTP), 2 (TELNET), 3 (SMTP), 4 (DNS_TCP), 5 (DNS_UDP), 6 (DHCP), 7 (TFTP), 8 (FINGER), 9 (HTTP), 10 (POP3), 11 (SUNRPC_TCP), 12 (SUNRPC_UDP), 13 (NNTP), 14 (MSRPC_TCP), 15 (MSRPC_UDP), 16 (NETBIOS_NAME_TCP), 17 (NETBIOS_NAME_UDP), 18 (NETBIOS_SMB), 19 (NETBIOS_DATAGRAM), 20 (IMAP4), 21 (SNMP), 22 (LDAP), 23 (MSSQL), or 24 (ORACLE)

severity

Integer

Definition

Severity.

Range

critical, high, medium, or low

software

Integer

Definition

Affected software.

Range

0 (ANY), 1 (ADOBE), 2 (APACHE), 3 (APPLE), 4 (CA), 5 (CISCO), 6 (GOOGLE_CHROME), 7 (HP), 8 (IBM), 9 (IE), 10 (IIS), 11 (MC_AFEE), 12 (MEDIA_PLAYER), 13 (MICROSOFT_NET), 14 (MICROSOFT_EDGE), 15 (MICROSOFT_EXCHANGE), 16 (MICROSOFT_OFFICE), 17 (MICROSOFT_OUTLOOK), 18 (MICROSOFT_SHARE_POINT), 19 (MICROSOFT_WINDOWS), 20 (MOZILLA), 21 (MSSQL), 22 (MYSQL), 23 (NOVELL), 24 (ORACLE), 25 (SAMBA), 26 (SAMSUNG), 27 (SAP), 28 (SCADA), 29 (SQUID), 30 (SUN), 31 (SYMANTEC), 32 (TREND_MICRO), 33 (VMWARE), 34 (WORD_PRESS), or 35 (OTHERS)

src_port

Port object

Table 5 IpsContent

Parameter

Type

Description

content

String

Definition

Content.

Range

N/A

depth

Integer

Definition

Depth.

Range

N/A

is_hex

Boolean

Definition

Whether the packet content is in hexadecimal format.

Range

N/A

is_ignore

Boolean

Definition

Case insensitive or not.

Range

N/A

is_uri

Boolean

Definition

Whether to intercept packets in a URI.

Range

N/A

offset

Integer

Definition

Offset.

Range

N/A

relative_position

Integer

Definition

Relative position.

Range

N/A

Table 6 Port

Parameter

Type

Description

port_type

Integer

Definition

Port type.

Range

-1 (any), 0 (include), or 1 (exclude)

ports

String

Definition

Port.

Range

N/A

Status code: 400

Table 7 Response body parameters

Parameter

Type

Description

error_code

String

Definition

Error code.

Range

N/A

error_msg

String

Definition

Error message.

Range

N/A

Example Requests

Query details about the IPS rule whose project ID is 3d84b4755b39476997c9f7b5a95c25ed, firewall ID is d6e0a4d0-8b16-47fe-98b6-e1b0a7a14788, protected object ID is 64b8978e-20c0-4b43-b178-885e3cbb380d, and custom IPS rule ID is c059d198-5996-46dd-9ed8-83167e6babe8.

https://{Endpoint}/v1/3d84b4755b39476997c9f7b5a95c25ed/ips/custom-rule/c059d198-5996-46dd-9ed8-83167e6babe8?fw_instance_id=d6e0a4d0-8b16-47fe-98b6-e1b0a7a14788&object_id=64b8978e-20c0-4b43-b178-885e3cbb380d

Example Responses

Status code: 200

OK

{
  "data" : {
    "action" : 1,
    "affected_os" : 0,
    "attack_type" : 1,
    "config_status" : 2,
    "contents" : [ {
      "content" : "apitest",
      "depth" : 65535,
      "is_hex" : false,
      "is_ignore" : true,
      "is_uri" : false,
      "offset" : 0,
      "relative_position" : 0
    } ],
    "direction" : -1,
    "dst_port" : {
      "port_type" : -1
    },
    "ips_cfw_id" : "c059d198-5996-46dd-9ed8-83167e6babe8",
    "ips_id" : "350020",
    "ips_name" : "Deletable_editable_API_verification",
    "protocol" : 9,
    "severity" : 0,
    "software" : 0,
    "src_port" : {
      "port_type" : -1
    }
  }
}

Status code: 400

Bad Request

{
  "error_code" : "CFW.00200003",
  "error_msg" : "Parameter error."
}

SDK Sample Code

The SDK sample code is as follows.

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
package com.huaweicloud.sdk.test;

import com.huaweicloud.sdk.core.auth.ICredential;
import com.huaweicloud.sdk.core.auth.BasicCredentials;
import com.huaweicloud.sdk.core.exception.ConnectionException;
import com.huaweicloud.sdk.core.exception.RequestTimeoutException;
import com.huaweicloud.sdk.core.exception.ServiceResponseException;
import com.huaweicloud.sdk.cfw.v1.region.CfwRegion;
import com.huaweicloud.sdk.cfw.v1.*;
import com.huaweicloud.sdk.cfw.v1.model.*;


public class ShowCustomerIpsInfoSolution {

    public static void main(String[] args) {
        // The AK and SK used for authentication are hard-coded or stored in plaintext, which has great security risks. It is recommended that the AK and SK be stored in ciphertext in configuration files or environment variables and decrypted during use to ensure security.
        // In this example, AK and SK are stored in environment variables for authentication. Before running this example, set environment variables CLOUD_SDK_AK and CLOUD_SDK_SK in the local environment
        String ak = System.getenv("CLOUD_SDK_AK");
        String sk = System.getenv("CLOUD_SDK_SK");
        String projectId = "{project_id}";

        ICredential auth = new BasicCredentials()
                .withProjectId(projectId)
                .withAk(ak)
                .withSk(sk);

        CfwClient client = CfwClient.newBuilder()
                .withCredential(auth)
                .withRegion(CfwRegion.valueOf("<YOUR REGION>"))
                .build();
        ShowCustomerIpsInfoRequest request = new ShowCustomerIpsInfoRequest();
        request.withIpsCfwId("{ips_cfw_id}");
        try {
            ShowCustomerIpsInfoResponse response = client.showCustomerIpsInfo(request);
            System.out.println(response.toString());
        } catch (ConnectionException e) {
            e.printStackTrace();
        } catch (RequestTimeoutException e) {
            e.printStackTrace();
        } catch (ServiceResponseException e) {
            e.printStackTrace();
            System.out.println(e.getHttpStatusCode());
            System.out.println(e.getRequestId());
            System.out.println(e.getErrorCode());
            System.out.println(e.getErrorMsg());
        }
    }
}
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
# coding: utf-8

import os
from huaweicloudsdkcore.auth.credentials import BasicCredentials
from huaweicloudsdkcfw.v1.region.cfw_region import CfwRegion
from huaweicloudsdkcore.exceptions import exceptions
from huaweicloudsdkcfw.v1 import *

if __name__ == "__main__":
    # The AK and SK used for authentication are hard-coded or stored in plaintext, which has great security risks. It is recommended that the AK and SK be stored in ciphertext in configuration files or environment variables and decrypted during use to ensure security.
    # In this example, AK and SK are stored in environment variables for authentication. Before running this example, set environment variables CLOUD_SDK_AK and CLOUD_SDK_SK in the local environment
    ak = os.environ["CLOUD_SDK_AK"]
    sk = os.environ["CLOUD_SDK_SK"]
    projectId = "{project_id}"

    credentials = BasicCredentials(ak, sk, projectId)

    client = CfwClient.new_builder() \
        .with_credentials(credentials) \
        .with_region(CfwRegion.value_of("<YOUR REGION>")) \
        .build()

    try:
        request = ShowCustomerIpsInfoRequest()
        request.ips_cfw_id = "{ips_cfw_id}"
        response = client.show_customer_ips_info(request)
        print(response)
    except exceptions.ClientRequestException as e:
        print(e.status_code)
        print(e.request_id)
        print(e.error_code)
        print(e.error_msg)
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
package main

import (
	"fmt"
	"github.com/huaweicloud/huaweicloud-sdk-go-v3/core/auth/basic"
    cfw "github.com/huaweicloud/huaweicloud-sdk-go-v3/services/cfw/v1"
	"github.com/huaweicloud/huaweicloud-sdk-go-v3/services/cfw/v1/model"
    region "github.com/huaweicloud/huaweicloud-sdk-go-v3/services/cfw/v1/region"
)

func main() {
    // The AK and SK used for authentication are hard-coded or stored in plaintext, which has great security risks. It is recommended that the AK and SK be stored in ciphertext in configuration files or environment variables and decrypted during use to ensure security.
    // In this example, AK and SK are stored in environment variables for authentication. Before running this example, set environment variables CLOUD_SDK_AK and CLOUD_SDK_SK in the local environment
    ak := os.Getenv("CLOUD_SDK_AK")
    sk := os.Getenv("CLOUD_SDK_SK")
    projectId := "{project_id}"

    auth := basic.NewCredentialsBuilder().
        WithAk(ak).
        WithSk(sk).
        WithProjectId(projectId).
        Build()

    client := cfw.NewCfwClient(
        cfw.CfwClientBuilder().
            WithRegion(region.ValueOf("<YOUR REGION>")).
            WithCredential(auth).
            Build())

    request := &model.ShowCustomerIpsInfoRequest{}
	request.IpsCfwId = "{ips_cfw_id}"
	response, err := client.ShowCustomerIpsInfo(request)
	if err == nil {
        fmt.Printf("%+v\n", response)
    } else {
        fmt.Println(err)
    }
}

For SDK sample code of more programming languages, see the Sample Code tab in API Explorer. SDK sample code can be automatically generated.

Status Codes

Status Code

Description

200

OK

400

Bad Request

Error Codes

See Error Codes.