Querying a Protection Rule
Function
This API is used to query a protection rule.
Calling Method
For details, see Calling APIs.
URI
GET /v1/{project_id}/acl-rules
Parameter |
Mandatory |
Type |
Description |
---|---|---|---|
project_id |
Yes |
String |
Project ID |
Parameter |
Mandatory |
Type |
Description |
---|---|---|---|
object_id |
Yes |
String |
Protected object ID, which is used to distinguish Internet border protection from VPC border protection after a CFW instance is created. You can obtain the ID by calling the API used for querying a firewall instance. Note that the value 0 indicates the ID of a protected object on the Internet border, and the value 1 indicates the ID of a protected object on the VPC border. For details, see the API Explorer and Help Center FAQ. |
type |
No |
Integer |
Specifies the rule type. The value can be 0 (Internet rule), 1 (VPC rule), or 2 (NAT rule). Enumeration values:
|
ip |
No |
String |
IP address |
name |
No |
String |
Name |
direction |
No |
Integer |
Direction. 0: inbound; 1: outbound |
status |
No |
Integer |
Indicates the rule delivery status. 0: disabled; 1: enabled. Enumeration values:
|
action_type |
No |
Integer |
Action. 0: allow; 1: deny Enumeration values:
|
address_type |
No |
Integer |
Address type. The value can be 0 (IPv4). Enumeration values:
|
limit |
Yes |
Integer |
Number of records displayed on each page, in the range 1-1024 |
offset |
Yes |
Integer |
Offset, which specifies the start position of the record to be returned. The value must be a number no less than 0. The default value is 0. |
enterprise_project_id |
No |
String |
Enterprise project id, the id generated by the enterprise project after the user supports the enterprise project. |
fw_instance_id |
No |
String |
Firewall instance ID, which is automatically generated after a CFW instance is created. You can obtain the ID by calling the API used for querying a firewall instance. For details, see the API Explorer and Help Center FAQ.By default, if fw_instance_Id is not specified, information about the first firewall under the account is returned. If fw_instance_Id is specified, information about the firewall with this fw_instance_Id is returned.If object_Id is specified, information about the firewall with this object_Id is returned by default. If both fw_instance_Id and object_Id are specified, the specified object_Id must belong to the specified firewall. |
tags_id |
No |
String |
tags id |
source |
No |
String |
source address |
destination |
No |
String |
destination address |
service |
No |
String |
service port |
application |
No |
String |
application |
Request Parameters
Parameter |
Mandatory |
Type |
Description |
---|---|---|---|
X-Auth-Token |
Yes |
String |
User token. It can be obtained by calling the IAM API used to obtain a user token. The value of X-Subject-Token in the response header is a token. |
Response Parameters
Status code: 200
Parameter |
Type |
Description |
---|---|---|
data |
data object |
data |
Parameter |
Type |
Description |
---|---|---|
offset |
Integer |
Offset, which specifies the start position of the record to be returned. The value must be a number no less than 0. The default value is 0. |
limit |
Integer |
Number of records displayed on each page, in the range 1-1024 |
total |
Integer |
Total number of queried records |
object_id |
String |
Protected object ID, which is used to distinguish Internet border protection from VPC border protection after a CFW instance is created. You can obtain the ID by calling the API used for querying a firewall instance. Note that the value 0 indicates the ID of a protected object on the Internet border, and the value 1 indicates the ID of a protected object on the VPC border. For details, see the API Explorer and Help Center FAQ. |
records |
Array of records objects |
records |
Parameter |
Type |
Description |
---|---|---|
rule_id |
String |
Rule ID |
address_type |
Integer |
Address type. The value can be 0 (IPv4) or 1 (IPv6). |
name |
String |
Rule name |
direction |
Integer |
Direction: 0 means outside to inside, 1 means inside to outside, direction value is required when rule type is internet or nat. Enumeration values:
|
action_type |
Integer |
Action. 0: allow; 1: deny |
status |
Integer |
Rule delivery status. 0: disabled; 1: enabled. |
description |
String |
Description |
long_connect_time |
Long |
Persistent connection duration |
long_connect_enable |
Integer |
Persistent connection support |
long_connect_time_hour |
Long |
Persistent connection duration (hour) |
long_connect_time_minute |
Long |
Persistent connection duration (hour) |
long_connect_time_second |
Long |
Persistent connection duration (hour) |
source |
RuleAddressDtoForResponse object |
Source address transmission object |
destination |
RuleAddressDtoForResponse object |
destination |
service |
RuleServiceDtoForResponse object |
service |
type |
Integer |
Rule type. The value can be 0 (Internet rule), 1 (VPC rule), or 2 (NAT rule). Enumeration values:
|
created_date |
String |
Created time |
last_open_time |
String |
Last open time |
tag |
TagsVO object |
tag |
Parameter |
Type |
Description |
---|---|---|
type |
Integer |
Source type. 0: manual input; 1: associated IP address group; 2: domain name; 3: region; 4: domain set 5: multi object, 6: domain set dns, 7: domain url profile |
address_type |
Integer |
Source type. 0: IPv4; 1: IPv6 |
address |
String |
Source IP address. The value cannot be empty for the manual type, and cannot be empty for the automatic or domain type. |
address_set_id |
String |
ID of the associated IP address group. The value cannot be empty for the automatic type or for the manual or domain type. |
address_set_name |
String |
IP address group name |
domain_address_name |
String |
Name of the domain name address. This parameter cannot be left empty for the domain name type, and is empty for the manual or automatic type. |
region_list_json |
String |
JSON value of the rule region list. |
region_list |
Array of IpRegionDto objects |
Region list of a rule |
domain_set_id |
String |
domain set id |
domain_set_name |
String |
domain set name |
ip_address |
Array of strings |
IP address list |
address_group |
Array of strings |
address group |
address_group_names |
Array of AddressGroupVO objects |
Address set list |
address_set_type |
Integer |
Address set type, 0 indicates a custom define address set, 1 indicates a WAF return-to-source IP address set, 2 indicates a DDoS return-to-source IP address set, and 3 indicates a NAT64 translation address set. |
Parameter |
Type |
Description |
---|---|---|
region_id |
String |
region id |
description_cn |
String |
cn description |
description_en |
String |
en description |
region_type |
Integer |
Region type, 0 means country, 1 means province, 2 means continent |
Parameter |
Type |
Description |
---|---|---|
address_set_type |
Integer |
Address set type, 0 indicates a custom define address set, 1 indicates a WAF return-to-source IP address set, 2 indicates a DDoS return-to-source IP address set, and 3 indicates a NAT64 translation address set. |
name |
String |
name |
set_id |
String |
address set id |
Parameter |
Type |
Description |
---|---|---|
type |
Integer |
Service input type. The value 0 indicates manual input, and the value 1 indicates automatic input. |
protocol |
Integer |
Protocol type. The value 6 indicates TCP, 17 indicates UDP, 1 indicates ICMP, 58 indicates ICMPv6, and -1 indicates any protocol. Regarding the addition type, a null value indicates it is automatically added. |
protocols |
Array of integers |
Protocols |
source_port |
String |
Source port |
dest_port |
String |
Destination port |
service_set_id |
String |
Service group ID. This parameter is left blank for the manual type and cannot be left blank for the automatic type. |
service_set_name |
String |
Service group name |
custom_service |
Array of ServiceItem objects |
custom service |
service_group |
Array of strings |
Service group list |
service_group_names |
Array of ServiceGroupVO objects |
Service group name list |
service_set_type |
Integer |
Service set type, 0 indicates a custom service set, 1 indicates a predefined service set, 2 indicates commonly used remote login and PING, 3 indicates commonly used databases |
Parameter |
Type |
Description |
---|---|---|
protocol |
Integer |
Protocol type. The value 6 indicates TCP, 17 indicates UDP, 1 indicates ICMP, 58 indicates ICMPv6, and -1 indicates any protocol. Regarding the addition type, a null value indicates it is automatically added. |
source_port |
String |
source port |
dest_port |
String |
destination port |
description |
String |
description |
name |
String |
name |
Parameter |
Type |
Description |
---|---|---|
name |
String |
service group name |
protocols |
Array of integers |
protocols |
service_set_type |
Integer |
Query service set type, 0 means custom define service set, 1 means predefine service set. |
set_id |
String |
service set id |
Parameter |
Type |
Description |
---|---|---|
tag_id |
String |
tag id |
tag_key |
String |
tag key |
tag_value |
String |
tag value |
Status code: 400
Parameter |
Type |
Description |
---|---|---|
error_code |
String |
Error code Minimum: 8 Maximum: 36 |
error_msg |
String |
Description Minimum: 2 Maximum: 512 |
Example Requests
Query the data whose project ID is 9d80d070b6d44942af73c9c3d38e0429, project ID is e12bd2cd-ebfc-4af7-ad6f-ebe6da398029, and size is 10.
https://{Endpoint}/cfw/v1/9d80d070b6d44942af73c9c3d38e0429/acl-rules?object_id=e12bd2cd-ebfc-4af7-ad6f-ebe6da398029&limit=10&offset=0
Example Responses
Status code: 200
OK
{ "data" : { "limit" : 10, "object_id" : "cfebd347-b655-4b84-b938-3c54317599b2", "offset" : 0, "records" : [ { "action_type" : 0, "address_type" : 0, "destination" : { "address" : "0.0.0.0/0", "address_type" : 0, "type" : 0 }, "direction" : 1, "long_connect_enable" : 0, "created_date" : "2024-02-27 04:01:17", "last_open_time" : "2024-02-27 04:01:17", "description" : "description", "name" : "eip_ipv4_n_w_allow", "rule_id" : "ffe9af47-d893-483b-86e3-ee5242e8cb15", "service" : { "dest_port" : "0", "protocol" : -1, "source_port" : "0", "type" : 0 }, "source" : { "address_set_id" : "48bfb09b-6f3a-4371-8ddb-05d5d7148bcc", "address_set_name" : "ip_group", "address_type" : 0, "type" : 1 }, "status" : 1, "type" : "0" } ], "total" : 1 } }
Status code: 400
Bad Request
{ "error_code" : "CFW.0020016", "error_msg" : "instance status error" }
Status Codes
Status Code |
Description |
---|---|
200 |
OK |
400 |
Bad Request |
401 |
Unauthorized |
403 |
Forbidden |
404 |
Not Found |
500 |
Internal Server Error |
Error Codes
See Error Codes.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot