Updated on 2024-12-05 GMT+08:00

Querying a Protection Rule

Function

This API is used to query a protection rule.

Calling Method

For details, see Calling APIs.

URI

GET /v1/{project_id}/acl-rules

Table 1 Path Parameters

Parameter

Mandatory

Type

Description

project_id

Yes

String

Project ID

Table 2 Query Parameters

Parameter

Mandatory

Type

Description

object_id

Yes

String

Protected object ID, which is used to distinguish Internet border protection from VPC border protection after a CFW instance is created. You can obtain the ID by calling the API used for querying a firewall instance. Note that the value 0 indicates the ID of a protected object on the Internet border, and the value 1 indicates the ID of a protected object on the VPC border. For details, see the API Explorer and Help Center FAQ.

type

No

Integer

Specifies the rule type. The value can be 0 (Internet rule), 1 (VPC rule), or 2 (NAT rule).

Enumeration values:

  • 0
  • 1
  • 2

ip

No

String

IP address

name

No

String

Name

direction

No

Integer

Direction. 0: inbound; 1: outbound

status

No

Integer

Indicates the rule delivery status. 0: disabled; 1: enabled.

Enumeration values:

  • 0
  • 1

action_type

No

Integer

Action. 0: allow; 1: deny

Enumeration values:

  • 0
  • 1

address_type

No

Integer

Address type. The value can be 0 (IPv4).

Enumeration values:

  • 0
  • 1
  • 2

limit

Yes

Integer

Number of records displayed on each page, in the range 1-1024

offset

Yes

Integer

Offset, which specifies the start position of the record to be returned. The value must be a number no less than 0. The default value is 0.

enterprise_project_id

No

String

Enterprise project id, the id generated by the enterprise project after the user supports the enterprise project.

fw_instance_id

No

String

Firewall instance ID, which is automatically generated after a CFW instance is created. You can obtain the ID by calling the API used for querying a firewall instance. For details, see the API Explorer and Help Center FAQ.By default, if fw_instance_Id is not specified, information about the first firewall under the account is returned. If fw_instance_Id is specified, information about the firewall with this fw_instance_Id is returned.If object_Id is specified, information about the firewall with this object_Id is returned by default. If both fw_instance_Id and object_Id are specified, the specified object_Id must belong to the specified firewall.

tags_id

No

String

tags id

source

No

String

source address

destination

No

String

destination address

service

No

String

service port

application

No

String

application

Request Parameters

Table 3 Request header parameters

Parameter

Mandatory

Type

Description

X-Auth-Token

Yes

String

User token. It can be obtained by calling the IAM API used to obtain a user token. The value of X-Subject-Token in the response header is a token.

Response Parameters

Status code: 200

Table 4 Response body parameters

Parameter

Type

Description

data

data object

data

Table 5 data

Parameter

Type

Description

offset

Integer

Offset, which specifies the start position of the record to be returned. The value must be a number no less than 0. The default value is 0.

limit

Integer

Number of records displayed on each page, in the range 1-1024

total

Integer

Total number of queried records

object_id

String

Protected object ID, which is used to distinguish Internet border protection from VPC border protection after a CFW instance is created. You can obtain the ID by calling the API used for querying a firewall instance. Note that the value 0 indicates the ID of a protected object on the Internet border, and the value 1 indicates the ID of a protected object on the VPC border. For details, see the API Explorer and Help Center FAQ.

records

Array of records objects

records

Table 6 records

Parameter

Type

Description

rule_id

String

Rule ID

address_type

Integer

Address type. The value can be 0 (IPv4) or 1 (IPv6).

name

String

Rule name

direction

Integer

Direction: 0 means outside to inside, 1 means inside to outside, direction value is required when rule type is internet or nat.

Enumeration values:

  • 0
  • 1

action_type

Integer

Action. 0: allow; 1: deny

status

Integer

Rule delivery status. 0: disabled; 1: enabled.

description

String

Description

long_connect_time

Long

Persistent connection duration

long_connect_enable

Integer

Persistent connection support

long_connect_time_hour

Long

Persistent connection duration (hour)

long_connect_time_minute

Long

Persistent connection duration (hour)

long_connect_time_second

Long

Persistent connection duration (hour)

source

RuleAddressDtoForResponse object

Source address transmission object

destination

RuleAddressDtoForResponse object

destination

service

RuleServiceDtoForResponse object

service

type

Integer

Rule type. The value can be 0 (Internet rule), 1 (VPC rule), or 2 (NAT rule).

Enumeration values:

  • 0
  • 1
  • 2

created_date

String

Created time

last_open_time

String

Last open time

tag

TagsVO object

tag

Table 7 RuleAddressDtoForResponse

Parameter

Type

Description

type

Integer

Source type. 0: manual input; 1: associated IP address group; 2: domain name; 3: region; 4: domain set 5: multi object, 6: domain set dns, 7: domain url profile

address_type

Integer

Source type. 0: IPv4; 1: IPv6

address

String

Source IP address. The value cannot be empty for the manual type, and cannot be empty for the automatic or domain type.

address_set_id

String

ID of the associated IP address group. The value cannot be empty for the automatic type or for the manual or domain type.

address_set_name

String

IP address group name

domain_address_name

String

Name of the domain name address. This parameter cannot be left empty for the domain name type, and is empty for the manual or automatic type.

region_list_json

String

JSON value of the rule region list.

region_list

Array of IpRegionDto objects

Region list of a rule

domain_set_id

String

domain set id

domain_set_name

String

domain set name

ip_address

Array of strings

IP address list

address_group

Array of strings

address group

address_group_names

Array of AddressGroupVO objects

Address set list

address_set_type

Integer

Address set type, 0 indicates a custom define address set, 1 indicates a WAF return-to-source IP address set, 2 indicates a DDoS return-to-source IP address set, and 3 indicates a NAT64 translation address set.

Table 8 IpRegionDto

Parameter

Type

Description

region_id

String

region id

description_cn

String

cn description

description_en

String

en description

region_type

Integer

Region type, 0 means country, 1 means province, 2 means continent

Table 9 AddressGroupVO

Parameter

Type

Description

address_set_type

Integer

Address set type, 0 indicates a custom define address set, 1 indicates a WAF return-to-source IP address set, 2 indicates a DDoS return-to-source IP address set, and 3 indicates a NAT64 translation address set.

name

String

name

set_id

String

address set id

Table 10 RuleServiceDtoForResponse

Parameter

Type

Description

type

Integer

Service input type. The value 0 indicates manual input, and the value 1 indicates automatic input.

protocol

Integer

Protocol type. The value 6 indicates TCP, 17 indicates UDP, 1 indicates ICMP, 58 indicates ICMPv6, and -1 indicates any protocol. Regarding the addition type, a null value indicates it is automatically added.

protocols

Array of integers

Protocols

source_port

String

Source port

dest_port

String

Destination port

service_set_id

String

Service group ID. This parameter is left blank for the manual type and cannot be left blank for the automatic type.

service_set_name

String

Service group name

custom_service

Array of ServiceItem objects

custom service

service_group

Array of strings

Service group list

service_group_names

Array of ServiceGroupVO objects

Service group name list

service_set_type

Integer

Service set type, 0 indicates a custom service set, 1 indicates a predefined service set, 2 indicates commonly used remote login and PING, 3 indicates commonly used databases

Table 11 ServiceItem

Parameter

Type

Description

protocol

Integer

Protocol type. The value 6 indicates TCP, 17 indicates UDP, 1 indicates ICMP, 58 indicates ICMPv6, and -1 indicates any protocol. Regarding the addition type, a null value indicates it is automatically added.

source_port

String

source port

dest_port

String

destination port

description

String

description

name

String

name

Table 12 ServiceGroupVO

Parameter

Type

Description

name

String

service group name

protocols

Array of integers

protocols

service_set_type

Integer

Query service set type, 0 means custom define service set, 1 means predefine service set.

set_id

String

service set id

Table 13 TagsVO

Parameter

Type

Description

tag_id

String

tag id

tag_key

String

tag key

tag_value

String

tag value

Status code: 400

Table 14 Response body parameters

Parameter

Type

Description

error_code

String

Error code

Minimum: 8

Maximum: 36

error_msg

String

Description

Minimum: 2

Maximum: 512

Example Requests

Query the data whose project ID is 9d80d070b6d44942af73c9c3d38e0429, project ID is e12bd2cd-ebfc-4af7-ad6f-ebe6da398029, and size is 10.

https://{Endpoint}/cfw/v1/9d80d070b6d44942af73c9c3d38e0429/acl-rules?object_id=e12bd2cd-ebfc-4af7-ad6f-ebe6da398029&limit=10&offset=0

Example Responses

Status code: 200

OK

{
  "data" : {
    "limit" : 10,
    "object_id" : "cfebd347-b655-4b84-b938-3c54317599b2",
    "offset" : 0,
    "records" : [ {
      "action_type" : 0,
      "address_type" : 0,
      "destination" : {
        "address" : "0.0.0.0/0",
        "address_type" : 0,
        "type" : 0
      },
      "direction" : 1,
      "long_connect_enable" : 0,
      "created_date" : "2024-02-27 04:01:17",
      "last_open_time" : "2024-02-27 04:01:17",
      "description" : "description",
      "name" : "eip_ipv4_n_w_allow",
      "rule_id" : "ffe9af47-d893-483b-86e3-ee5242e8cb15",
      "service" : {
        "dest_port" : "0",
        "protocol" : -1,
        "source_port" : "0",
        "type" : 0
      },
      "source" : {
        "address_set_id" : "48bfb09b-6f3a-4371-8ddb-05d5d7148bcc",
        "address_set_name" : "ip_group",
        "address_type" : 0,
        "type" : 1
      },
      "status" : 1,
      "type" : "0"
    } ],
    "total" : 1
  }
}

Status code: 400

Bad Request

{
  "error_code" : "CFW.0020016",
  "error_msg" : "instance status error"
}

Status Codes

Status Code

Description

200

OK

400

Bad Request

401

Unauthorized

403

Forbidden

404

Not Found

500

Internal Server Error

Error Codes

See Error Codes.