This API is used to create an ACL rule.
+POST /v1/{project_id}/acl-rule
+ +Parameter + |
+Mandatory + |
+Type + |
+Description + |
+
|---|---|---|---|
project_id + |
+Yes + |
+String + |
+Project ID, which can be obtained by calling an API or from the console. For details, see Obtaining a Project ID. + |
+
Parameter + |
+Mandatory + |
+Type + |
+Description + |
+
|---|---|---|---|
enterprise_project_id + |
+No + |
+String + |
+Enterprise project ID, which is the ID of a project planned based on organizations. You can obtain the enterprise project ID by referring to Obtaining an Enterprise Project ID. If the enterprise project function is not enabled, the value is 0. + |
+
fw_instance_id + |
+No + |
+String + |
+Firewall ID, which can be obtained by referring to Obtaining a Firewall ID. + |
+
Parameter + |
+Mandatory + |
+Type + |
+Description + |
+
|---|---|---|---|
X-Auth-Token + |
+Yes + |
+String + |
+User token. You can obtain the token by referring to Obtaining a User Token. + |
+
Content-Type + |
+Yes + |
+String + |
+Content type. It can only be set to application/json. + |
+
Parameter + |
+Mandatory + |
+Type + |
+Description + |
+
|---|---|---|---|
object_id + |
+Yes + |
+String + |
+Protected object ID, which is used to distinguish between Internet border protection and VPC border protection after a cloud firewall is created. You can obtain the ID by calling the API for querying firewall instances. In the return value, find the ID in data.records.protect_objects.object_id (The period [.] is used to separate different levels of objects). If the value of type is 0, the protected object ID belongs to the Internet border. If the value of type is 1, the protected object ID belongs to the VPC border. You can obtain the value of type from data.records.protect_objects.type (The period [.] is used to separate different levels of objects). + |
+
type + |
+Yes + |
+Integer + |
+Rule type: 0 (Internet border rule), 1 (inter-VPC rule), or 2 (NAT rule). When type is set to 0, the source and destination addresses of the rule must be EIPs or domain names of the public network. For an inter-VPC rule, the source and destination addresses must be private IP addresses. For a NAT rule, the source address must be a private IP address, and the destination address must be an EIP or domain name of the public network. + |
+
rules + |
+Yes + |
+Array of rules objects + |
+Rule list in a rule addition request. + |
+
Parameter + |
+Mandatory + |
+Type + |
+Description + |
+
|---|---|---|---|
name + |
+Yes + |
+String + |
+Rule name. + |
+
sequence + |
+Yes + |
+OrderRuleAclDto object + |
+Request body for changing the rule sequence. + |
+
address_type + |
+Yes + |
+Integer + |
+Address type: 0 (IPv4), 1 (IPv6). + |
+
action_type + |
+Yes + |
+Integer + |
+Rule action: 0 (permit), 1 (deny). + |
+
status + |
+Yes + |
+Integer + |
+Rule status: 0 (disabled), 1 (enabled). + |
+
applications + |
+No + |
+Array of strings + |
+Rule application list. Rule application type: HTTP, HTTPS, TLS1, DNS, SSH, MYSQL, SMTP, RDP, RDPS, VNC, POP3, IMAP4, SMTPS, POP3S, FTPS, ANY, or BGP. + |
+
applicationsJsonString + |
+No + |
+String + |
+JSON string converted from the applications field in the application list. + |
+
long_connect_time + |
+No + |
+Long + |
+Persistent connection duration. + |
+
long_connect_time_hour + |
+No + |
+Long + |
+Persistent connection duration (hour). + |
+
long_connect_time_minute + |
+No + |
+Long + |
+Persistent connection duration (minute). + |
+
long_connect_time_second + |
+No + |
+Long + |
+Persistent connection duration (second). + |
+
long_connect_enable + |
+Yes + |
+Integer + |
+Whether to support persistent connections: 0 (no), 1 (yes). + |
+
description + |
+No + |
+String + |
+Description. + |
+
direction + |
+No + |
+Integer + |
+Direction: 0 (inbound) or 1 (outbound). This parameter is mandatory when type is set to 0 (Internet rule) or 2 (NAT rule). + |
+
source + |
+Yes + |
+RuleAddressDtoForRequest object + |
+Source address Data Transport Object. + |
+
destination + |
+Yes + |
+RuleAddressDtoForRequest object + |
+Destination address Data Transport Object. + |
+
service + |
+Yes + |
+RuleServiceDto object + |
+Service object. + |
+
tag + |
+No + |
+TagsVO object + |
+Tag object attached to a rule. + |
+
Parameter + |
+Mandatory + |
+Type + |
+Description + |
+
|---|---|---|---|
dest_rule_id + |
+No + |
+String + |
+ID of the target rule. The added rule is placed after this rule. This parameter cannot be left blank when the added rule is not pinned on top, and can be left blank when the added rule is pinned on top. The rule ID can be obtained by calling the API for querying protection rules. Find the value in data.records.rule_id (The period [.] is used to separate different levels of objects). + |
+
top + |
+No + |
+Integer + |
+Whether to pin on top: 0 (no), 1 (yes). + |
+
bottom + |
+No + |
+Integer + |
+Whether to pin to bottom: 0 (no), 1 (yes). + |
+
Parameter + |
+Mandatory + |
+Type + |
+Description + |
+
|---|---|---|---|
type + |
+Yes + |
+Integer + |
+Address type: 0 (manual input), 1 (associated IP address group), 2 (domain name), 3 (geographical location), 4 (domain name group) 5 (multiple objects), 6 (domain name group - network), 7 (domain name group - application). + |
+
address_type + |
+No + |
+Integer + |
+Address type: 0 (IPv4), 1 (IPv6). If type is 0, the input cannot be left blank. + |
+
address + |
+No + |
+String + |
+IP address information. It cannot be left blank if type is set to 0. + |
+
address_set_id + |
+No + |
+String + |
+ID of an associated IP address group. This parameter cannot be left blank when type is set to 1. You can obtain the value by calling the API for querying the address group list. Find the value in data.records.set_id (The period [.] is used to separate different levels of objects). + |
+
address_set_name + |
+No + |
+String + |
+Name of an associated IP address group. This parameter cannot be left blank when type is set to 1. You can obtain the value by calling the API for querying the address group list. Find the value in data.records.name (The period [.] is used to separate different levels of objects). + |
+
domain_address_name + |
+No + |
+String + |
+Name of a domain name address. This parameter is valid when type is set to 2 (domain name) or 7 (application domain name group). + |
+
region_list_json + |
+No + |
+String + |
+JSON value of the rule region list. + |
+
region_list + |
+No + |
+Array of IpRegionDto objects + |
+Rule region list. + |
+
domain_set_id + |
+No + |
+String + |
+Domain group ID. The value cannot be left blank when type is set to 4 (domain name group) or 7 (domain name group - application). Its value can be obtained by calling the API for querying the domain name group list. Find the value in data.records.set_id (The period [.] is used to separate different levels of objects). + |
+
domain_set_name + |
+No + |
+String + |
+Domain group name. The value cannot be left blank when type is set to 4 (domain name group) or 7 (domain name group - application). Its value can be obtained by calling the API for querying the domain name group list. Find the value in data.records.name (The period [.] is used to separate different levels of objects). + |
+
ip_address + |
+No + |
+Array of strings + |
+IP address list. This parameter cannot be left blank when type is set to 5 (multiple objects). + |
+
address_set_type + |
+No + |
+Integer + |
+Address group type. It cannot be left blank when type is set to 1 (associated IP address group). It value can be 0 (user-defined address group), 1 (WAF back-to-source IP address group), 2 (DDoS back-to-source IP address group), or 3 (NAT64 address group). + |
+
predefined_group + |
+No + |
+Array of strings + |
+Pre-defined address group ID list. This parameter cannot be left blank when type is set to 5 (multiple objects). Its value can be obtained by calling the API for querying the address group list. Find the value in data.records.set_id (The period [.] is used to separate different levels of objects). In the search criteria, query_address_set_type must be set to 1 (predefined address group). + |
+
address_group + |
+No + |
+Array of strings + |
+Address group ID list. This parameter cannot be left blank when type is set to 5 (multiple objects). Its value can be obtained by calling the API for querying the address group list. Find the value in data.records.set_id (The period [.] is used to separate different levels of objects). In the search criteria, query_address_set_type must be set to 0 (user-defined address group). + |
+
Parameter + |
+Mandatory + |
+Type + |
+Description + |
+
|---|---|---|---|
region_id + |
+No + |
+String + |
+Region ID. You can obtain the ID by referring to Obtaining Information About Account, IAM User, Group, Project, Region, and Agency. + |
+
region_type + |
+No + |
+Integer + |
+Region type: 0 (country), 1 (province), and 2 (continent). It can be obtained from the region information table. + |
+
Parameter + |
+Mandatory + |
+Type + |
+Description + |
+
|---|---|---|---|
type + |
+Yes + |
+Integer + |
+Service input type: 0 (manual), 1 (automatic). + |
+
protocol + |
+No + |
+Integer + |
+Protocol type: 6 (TCP), 17 (UDP), 1 (ICMP), 58 (ICMPv6), or -1 (any). It cannot be left blank when type is set to 0 (manual). + |
+
protocols + |
+No + |
+Array of integers + |
+Protocol list. Protocol type: 6 (TCP), 17 (UDP), 1 (ICMP), 58 (ICMPv6), or -1 (any). It cannot be left blank when type is set to 0 (manual). + |
+
source_port + |
+No + |
+String + |
+Source port. + |
+
dest_port + |
+No + |
+String + |
+Destination port. + |
+
service_set_id + |
+No + |
+String + |
+Service group ID. This parameter cannot be left blank when type is set to 1 (associated IP address group). Its value can be obtained by calling the API for querying the service group list. Find the value in data.records.set_id (The period [.] is used to separate different levels of objects). + |
+
service_set_name + |
+No + |
+String + |
+Service group name. This parameter cannot be left blank when type is set to 1 (associated IP address group). Its value can be obtained by calling the API for querying the service group list. Find the value in data.records.name (The period [.] is used to separate different levels of objects). + |
+
custom_service + |
+No + |
+Array of ServiceItem objects + |
+Custom service. + |
+
predefined_group + |
+No + |
+Array of strings + |
+Predefined service group ID list. The service group ID can be obtained by calling the API for querying the service group list. Find the value in data.records.set_id (The period [.] is used to separate different levels of objects). In the search criteria, query_service_set_type must be set to 1 (predefined service group). + |
+
service_group + |
+No + |
+Array of strings + |
+Service group ID list. The service group ID can be obtained by calling the API for querying the service group list. Find the value in data.records.set_id (The period [.] is used to separate different levels of objects). In the search criteria, query_service_set_type must be set to 0 (user-defined service group). + |
+
service_group_names + |
+No + |
+Array of ServiceGroupVO objects + |
+Service group name list. + |
+
service_set_type + |
+No + |
+Integer + |
+Service group type: 0 (user-defined service group), 1 (common web service), 2 (common remote login and ping), or 3 (common database). + |
+
Parameter + |
+Mandatory + |
+Type + |
+Description + |
+
|---|---|---|---|
protocol + |
+No + |
+Integer + |
+Protocol type: 6 (TCP), 17 (UDP), 1 (ICMP), 58 (ICMPv6), or -1 (any). It cannot be left blank when RuleServiceDto.type is set to 0 (manual). + |
+
source_port + |
+No + |
+String + |
+Source port. + |
+
dest_port + |
+No + |
+String + |
+Destination port. + |
+
description + |
+No + |
+String + |
+Service member description. + |
+
name + |
+No + |
+String + |
+Service member name. + |
+
Parameter + |
+Mandatory + |
+Type + |
+Description + |
+
|---|---|---|---|
name + |
+No + |
+String + |
+Service group name. + |
+
protocols + |
+No + |
+Array of integers + |
+Protocol list. Protocol type: 6 (TCP), 17 (UDP), 1 (ICMP), 58 (ICMPv6), or -1 (any). + |
+
service_set_type + |
+No + |
+Integer + |
+Service group type: 0 (user-defined service group), 1 (predefined service group). + |
+
set_id + |
+No + |
+String + |
+Service group ID, which can be obtained by calling the API for querying the service group list. Find the value in data.records.set_id (The period [.] is used to separate different levels of objects). + |
+
Status code: 200
+ +Parameter + |
+Type + |
+Description + |
+
|---|---|---|
data + |
+RuleIdList object + |
+Data of the return value for creating a rule. + |
+
Parameter + |
+Type + |
+Description + |
+
|---|---|---|
rules + |
+Array of RuleId objects + |
+Rule ID list. + |
+
Parameter + |
+Type + |
+Description + |
+
|---|---|---|
id + |
+String + |
+Rule ID. + |
+
name + |
+String + |
+Rule name. + |
+
Status code: 400
+ +Parameter + |
+Type + |
+Description + |
+
|---|---|---|
error_code + |
+String + |
+Error code. + |
+
error_msg + |
+String + |
+Error description. + |
+
The following example shows how to add an IPv4 inbound rule. The rule name is Test rule, the source is the IP address 1.1.1.1, the destination is the IP address 2.2.2.2, the service type is service, the protocol type is TCP, the source port is 0, and the destination port is 0. Persistent connections are not supported. The action is to allow. The status is enabled.
+https://{Endpoint}/v1/9d80d070b6d44942af73c9c3d38e0429/acl-rule
+
+{
+ "object_id" : "ae42418e-f077-41a0-9d3b-5b2f5ad9102b",
+ "rules" : [ {
+ "name" : "Test rule.",
+ "status" : 1,
+ "action_type" : 0,
+ "description" : "",
+ "source" : {
+ "type" : 0,
+ "address" : "1.1.1.1"
+ },
+ "destination" : {
+ "type" : 0,
+ "address" : "2.2.2.2"
+ },
+ "service" : {
+ "type" : 0,
+ "protocol" : 6,
+ "source_port" : "0",
+ "dest_port" : "0"
+ },
+ "address_type" : 0,
+ "tag" : {
+ "tag_key" : "",
+ "tag_value" : ""
+ },
+ "long_connect_enable" : 0,
+ "direction" : 0,
+ "sequence" : {
+ "top" : 1,
+ "dest_rule_id" : null
+ }
+ } ],
+ "type" : 0
+}
+Status code: 200
+Response to the request for creating an ACL rule.
+{
+ "data" : {
+ "rules" : [ {
+ "id" : "0475c516-0e41-4caf-990b-0c504eebd73f",
+ "name" : "testName"
+ } ]
+ }
+}
+Status code: 400
+Bad Request
+{
+ "error_code" : "CFW.00900016",
+ "error_msg" : "Import is in progress. Please wait until it is complete."
+}
+Status Code + |
+Description + |
+
|---|---|
200 + |
+Response to the request for creating an ACL rule. + |
+
400 + |
+Bad Request + |
+
401 + |
+Unauthorized + |
+
403 + |
+Forbidden + |
+
404 + |
+Not Found + |
+
500 + |
+Internal Server Error + |
+
See Error Codes.
+This API is used to add a member to an address group.
+POST /v1/{project_id}/address-items
+ +Parameter + |
+Mandatory + |
+Type + |
+Description + |
+
|---|---|---|---|
project_id + |
+Yes + |
+String + |
+Project ID, which can be obtained by calling an API or from the console. For details, see Obtaining a Project ID. + |
+
Parameter + |
+Mandatory + |
+Type + |
+Description + |
+
|---|---|---|---|
enterprise_project_id + |
+No + |
+String + |
+Enterprise project ID, which is the ID of a project planned based on organizations. You can obtain the enterprise project ID by referring to Obtaining an Enterprise Project ID. If the enterprise project function is not enabled, the value is 0. + |
+
fw_instance_id + |
+No + |
+String + |
+Firewall ID, which can be obtained by referring to Obtaining a Firewall ID. + |
+
Parameter + |
+Mandatory + |
+Type + |
+Description + |
+
|---|---|---|---|
X-Auth-Token + |
+Yes + |
+String + |
+User token. You can obtain the token by referring to Obtaining a User Token. + |
+
Content-Type + |
+Yes + |
+String + |
+Content type. It can only be set to application/json. + |
+
Parameter + |
+Mandatory + |
+Type + |
+Description + |
+
|---|---|---|---|
set_id + |
+No + |
+String + |
+Address group ID, which can be obtained by calling the API for querying the address group list. Find the value in data.records.set_id (The period [.] is used to separate different levels of objects). + |
+
address_items + |
+No + |
+Array of address_items objects + |
+Address group member list. + |
+
Status code: 200
+ +Parameter + |
+Type + |
+Description + |
+
|---|---|---|
data + |
+AddressItems object + |
+Data returned after an address group member is added. + |
+
Parameter + |
+Type + |
+Description + |
+
|---|---|---|
items + |
+Array of AddressItemIdWithoutName objects + |
+List of address group member IDs. + |
+
covered_ip + |
+Array of CoveredIPVO objects + |
+List of covered IP addresses. + |
+
Parameter + |
+Type + |
+Description + |
+
|---|---|---|
id + |
+String + |
+ID of an address group member. + |
+
Parameter + |
+Type + |
+Description + |
+
|---|---|---|
ip + |
+String + |
+IP address + |
+
covered_Ip + |
+String + |
+Cover an IP address. + |
+
Status code: 400
+ +Parameter + |
+Type + |
+Description + |
+
|---|---|---|
error_code + |
+String + |
+Error code. + |
+
error_msg + |
+String + |
+Error description. + |
+
Add an address group member whose IP address is 2.2.2.2 and name is ceshi to the group whose set_id is 8773c082-2a6c-4529-939a-edc28ef1a67c in project 9d80d070b6d44942af73c9c3d38e0429.
+https://{Endpoint}/v1/9d80d070b6d44942af73c9c3d38e0429/address-items
+
+{
+ "set_id" : "8773c082-2a6c-4529-939a-edc28ef1a67c",
+ "address_items" : [ {
+ "description" : "",
+ "address" : "2.2.2.2"
+ } ]
+}
+Status code: 200
+Return value for adding an address group member.
+{
+ "data" : {
+ "covered_ip" : [ ],
+ "items" : [ {
+ "id" : "65cb47fc-e666-4af4-8c2c-1fbd2f4b1eae"
+ } ]
+ }
+}
+Status code: 400
+Bad Request
+{
+ "error_code" : "CFW.00200001",
+ "error_msg" : "Empty parameter."
+}
+Status Code + |
+Description + |
+
|---|---|
200 + |
+Return value for adding an address group member. + |
+
400 + |
+Bad Request + |
+
401 + |
+Unauthorized + |
+
403 + |
+Forbidden + |
+
404 + |
+Not Found + |
+
500 + |
+Internal Server Error + |
+
See Error Codes.
+This API is used to add an address group.
+POST /v1/{project_id}/address-set
+ +Parameter + |
+Mandatory + |
+Type + |
+Description + |
+
|---|---|---|---|
project_id + |
+Yes + |
+String + |
+Project ID, which can be obtained by calling an API or from the console. For details, see Obtaining a Project ID. + |
+
Parameter + |
+Mandatory + |
+Type + |
+Description + |
+
|---|---|---|---|
enterprise_project_id + |
+No + |
+String + |
+Enterprise project ID, which is the ID of a project planned based on organizations. You can obtain the enterprise project ID by referring to Obtaining an Enterprise Project ID. If the enterprise project function is not enabled, the value is 0. + |
+
fw_instance_id + |
+No + |
+String + |
+Firewall ID, which can be obtained by referring to Obtaining a Firewall ID. + |
+
Parameter + |
+Mandatory + |
+Type + |
+Description + |
+
|---|---|---|---|
X-Auth-Token + |
+Yes + |
+String + |
+User token. You can obtain the token by referring to Obtaining a User Token. + |
+
Content-Type + |
+Yes + |
+String + |
+Content type. It can only be set to application/json. + |
+
Parameter + |
+Mandatory + |
+Type + |
+Description + |
+
|---|---|---|---|
object_id + |
+Yes + |
+String + |
+Protected object ID, which is used to distinguish between Internet border protection and VPC border protection after a cloud firewall is created. You can obtain the ID by calling the API for querying firewall instances. In the return value, find the ID in data.records.protect_objects.object_id (The period [.] is used to separate different levels of objects). If the value of type is 0, the protected object ID belongs to the Internet border. If the value of type is 1, the protected object ID belongs to the VPC border. You can obtain the value of type from data.records.protect_objects.type (The period [.] is used to separate different levels of objects). + |
+
name + |
+Yes + |
+String + |
+IP address group name. + |
+
description + |
+No + |
+String + |
+Address group description. + |
+
address_type + |
+No + |
+Integer + |
+Address type: 0 (IPv4), 1 (IPv6). + |
+
Status code: 200
+ +Parameter + |
+Type + |
+Description + |
+
|---|---|---|
data + |
+AddressSetId object + |
+Data returned after an address group is added. + |
+
Parameter + |
+Type + |
+Description + |
+
|---|---|---|
id + |
+String + |
+Address group ID. + |
+
name + |
+String + |
+IP address group name. + |
+
Status code: 400
+ +Parameter + |
+Type + |
+Description + |
+
|---|---|---|
error_code + |
+String + |
+Error code. + |
+
error_msg + |
+String + |
+Error description. + |
+
Add an IPv4 address group whose project ID is 14181c1245cf4fd786824efe1e2b9388, protected object ID is 1530de8a-522d-4771-9067-9fa4e2f53b48, and name is ceshi.
+https://{Endpoint}/v1/14181c1245cf4fd786824efe1e2b9388/address-set
+
+{
+ "object_id" : "1530de8a-522d-4771-9067-9fa4e2f53b48",
+ "name" : "ceshi",
+ "description" : "",
+ "address_type" : 0
+}
+Status code: 200
+Return value for adding an address group.
+{
+ "data" : {
+ "id" : "9dffcd62-23bf-4456-83fa-80fa0fee47db",
+ "name" : "name"
+ }
+}
+Status code: 400
+Bad Request
+{
+ "error_code" : "CFW.00900020",
+ "error_msg" : "The number of address groups exceeds the upper limit."
+}
+Status Code + |
+Description + |
+
|---|---|
200 + |
+Return value for adding an address group. + |
+
400 + |
+Bad Request + |
+
401 + |
+Unauthorized + |
+
403 + |
+Forbidden + |
+
404 + |
+Not Found + |
+
500 + |
+Internal Server Error + |
+
See Error Codes.
+This API is used to create a blacklist or whitelist rule.
+POST /v1/{project_id}/black-white-list
+ +Parameter + |
+Mandatory + |
+Type + |
+Description + |
+
|---|---|---|---|
project_id + |
+Yes + |
+String + |
+Project ID, which can be obtained by calling an API or from the console. For details, see Obtaining a Project ID. + |
+
Parameter + |
+Mandatory + |
+Type + |
+Description + |
+
|---|---|---|---|
enterprise_project_id + |
+No + |
+String + |
+Enterprise project ID, which is the ID of a project planned based on organizations. You can obtain the enterprise project ID by referring to Obtaining an Enterprise Project ID. If the enterprise project function is not enabled, the value is 0. + |
+
fw_instance_id + |
+No + |
+String + |
+Firewall ID, which can be obtained by referring to Obtaining a Firewall ID. + |
+
Parameter + |
+Mandatory + |
+Type + |
+Description + |
+
|---|---|---|---|
X-Auth-Token + |
+Yes + |
+String + |
+User token. You can obtain the token by referring to Obtaining a User Token. + |
+
Content-Type + |
+Yes + |
+String + |
+Content type. It can only be set to application/json. + |
+
Parameter + |
+Mandatory + |
+Type + |
+Description + |
+
|---|---|---|---|
object_id + |
+Yes + |
+String + |
+Protected object ID, which is used to distinguish between Internet border protection and VPC border protection after a cloud firewall is created. You can obtain the ID by calling the API for querying firewall instances. In the return value, find the ID in data.records.protect_objects.object_id (The period [.] is used to separate different levels of objects). If the value of type is 0, the protected object ID belongs to the Internet border. If the value of type is 1, the protected object ID belongs to the VPC border. You can obtain the value of type from data.records.protect_objects.type (The period [.] is used to separate different levels of objects). + |
+
list_type + |
+Yes + |
+Integer + |
+Blacklist/Whitelist type: 4 (blacklist), 5 (whitelist). + |
+
direction + |
+Yes + |
+Integer + |
+Address direction: 0 (source), 1 (destination). + |
+
address_type + |
+Yes + |
+Integer + |
+IP address type: 0 (IPv4), 1 (IPv6). + |
+
address + |
+Yes + |
+String + |
+IP address + |
+
protocol + |
+Yes + |
+Integer + |
+Protocol type: 6 (TCP), 17 (UDP), 1 (ICMP), 58 (ICMPv6), or -1 (any). It cannot be left blank when type is set to 0 (manual), and can be left blank when type is set to 1 (automatic). + |
+
port + |
+Yes + |
+String + |
+Destination port. + |
+
description + |
+No + |
+String + |
+Description. + |
+
Status code: 200
+ +Parameter + |
+Type + |
+Description + |
+
|---|---|---|
data + |
+BlackWhiteListId object + |
+Response to the request for adding a blacklist/whitelist item. + |
+
Parameter + |
+Type + |
+Description + |
+
|---|---|---|
id + |
+String + |
+Blacklist/Whitelist ID. + |
+
name + |
+String + |
+Blacklist/Whitelist name. + |
+
Status code: 400
+ +Parameter + |
+Type + |
+Description + |
+
|---|---|---|
error_code + |
+String + |
+Error code. + |
+
error_msg + |
+String + |
+Error description. + |
+
Add an IPv4 whitelist to object cfebd347-b655-4b84-b938-3c54317599b2 of project 9d80d070b6d44942af73c9c3d38e0429. Direction: source address; IP address: 1.1.1.1; protocol type: TCP; port number: 1.
+https://{Endpoint}/v1/9d80d070b6d44942af73c9c3d38e0429/black-white-list
+
+{
+ "object_id" : "cfebd347-b655-4b84-b938-3c54317599b2",
+ "list_type" : 5,
+ "direction" : 0,
+ "address" : "1.1.1.1",
+ "protocol" : 6,
+ "port" : "1",
+ "address_type" : 0
+}
+Status code: 200
+Response to the request for adding a blacklist or whitelist rule.
+{
+ "data" : {
+ "id" : "6e91797b-05bd-4c69-9454-6af905178729",
+ "name" : "10.10.1.3"
+ }
+}
+Status code: 400
+Bad Request
+{
+ "error_code" : "CFW.0020016",
+ "error_msg" : "Incorrect instance status."
+}
+Status Code + |
+Description + |
+
|---|---|
200 + |
+Response to the request for adding a blacklist or whitelist rule. + |
+
400 + |
+Bad Request + |
+
401 + |
+Unauthorized + |
+
403 + |
+Forbidden + |
+
404 + |
+Not Found + |
+
500 + |
+Internal Server Error + |
+
See Error Codes.
+This API is used to add a domain name group.
+POST /v1/{project_id}/domain-set
+ +Parameter + |
+Mandatory + |
+Type + |
+Description + |
+
|---|---|---|---|
project_id + |
+Yes + |
+String + |
+Project ID, which can be obtained by calling an API or from the console. For details, see Obtaining a Project ID. + |
+
Parameter + |
+Mandatory + |
+Type + |
+Description + |
+
|---|---|---|---|
enterprise_project_id + |
+No + |
+String + |
+Enterprise project ID, which is the ID of a project planned based on organizations. You can obtain the enterprise project ID by referring to Obtaining an Enterprise Project ID. If the enterprise project function is not enabled, the value is 0. + |
+
Parameter + |
+Mandatory + |
+Type + |
+Description + |
+
|---|---|---|---|
X-Auth-Token + |
+Yes + |
+String + |
+User token. You can obtain the token by referring to Obtaining a User Token. + |
+
Content-Type + |
+Yes + |
+String + |
+Content type. It can only be set to application/json. + |
+
Parameter + |
+Mandatory + |
+Type + |
+Description + |
+
|---|---|---|---|
fw_instance_id + |
+Yes + |
+String + |
+Firewall ID, which can be obtained by referring to Obtaining a Firewall ID. + |
+
object_id + |
+Yes + |
+String + |
+Protected object ID, which is used to distinguish between Internet border protection and VPC border protection after a cloud firewall is created. You can obtain the ID by calling the API for querying firewall instances. In the return value, find the ID in data.records.protect_objects.object_id (The period [.] is used to separate different levels of objects). If the value of type is 0, the protected object ID belongs to the Internet border. If the value of type is 1, the protected object ID belongs to the VPC border. You can obtain the value of type from data.records.protect_objects.type (The period [.] is used to separate different levels of objects). + |
+
name + |
+Yes + |
+String + |
+Domain name group name. + |
+
description + |
+No + |
+String + |
+Domain name group description. + |
+
domain_names + |
+Yes + |
+Array of DomainSetInfoDto objects + |
+Domain name information list. + |
+
domain_set_type + |
+No + |
+Integer + |
+Domain name group typ: 0 (application domain name group), 1 (network domain name group). + |
+
Status code: 200
+ +Parameter + |
+Type + |
+Description + |
+
|---|---|---|
data + |
+DomainSetResponseData object + |
+Returned data for adding a domain name group. + |
+
Add an application domain name group whose name is test, domain name is www.aaa.com, and protected object ID is fde07429-2e02-45c0-a85f-4f1cacea24d2 to the firewall 546af3f8-88e9-47f2-a205-2346d7090925 in project 9d80d070b6d44942af73c9c3d38e0429.
+https://{Endpoint}/v1/9d80d070b6d44942af73c9c3d38e0429/domain-set?fw_instance_id=546af3f8-88e9-47f2-a205-2346d7090925&enterprise_project_id=default
+
+{
+ "name" : "test",
+ "description" : "",
+ "domain_names" : [ {
+ "domain_name" : "www.aaa.com",
+ "description" : ""
+ } ],
+ "fw_instance_id" : "546af3f8-88e9-47f2-a205-2346d7090925",
+ "object_id" : "fde07429-2e02-45c0-a85f-4f1cacea24d2"
+}
+Status code: 200
+Return value for adding a domain name group.
+{
+ "data" : {
+ "id" : "e43db369-a863-45ed-8850-58d6b571b1ab",
+ "name" : "test"
+ }
+}
+Status Code + |
+Description + |
+
|---|---|
200 + |
+Return value for adding a domain name group. + |
+
See Error Codes.
+This API is used to add a domain name list.
+POST /v1/{project_id}/domain-set/domains/{set_id}
+ +Parameter + |
+Mandatory + |
+Type + |
+Description + |
+
|---|---|---|---|
project_id + |
+Yes + |
+String + |
+Project ID, which can be obtained by calling an API or from the console. For details, see Obtaining a Project ID. + |
+
set_id + |
+Yes + |
+String + |
+Domain name group ID, which can be obtained by calling the API for querying the domain name group list. Find the value in data.records.set_id (The period [.] is used to separate different levels of objects). + |
+
Parameter + |
+Mandatory + |
+Type + |
+Description + |
+
|---|---|---|---|
enterprise_project_id + |
+No + |
+String + |
+Enterprise project ID, which is the ID of a project planned based on organizations. You can obtain the enterprise project ID by referring to Obtaining an Enterprise Project ID. If the enterprise project function is not enabled, the value is 0. + |
+
fw_instance_id + |
+No + |
+String + |
+Firewall ID, which can be obtained by referring to Obtaining a Firewall ID. + |
+
Parameter + |
+Mandatory + |
+Type + |
+Description + |
+
|---|---|---|---|
X-Auth-Token + |
+Yes + |
+String + |
+User token. You can obtain the token by referring to Obtaining a User Token. + |
+
Content-Type + |
+Yes + |
+String + |
+Content type. It can only be set to application/json. + |
+
Parameter + |
+Mandatory + |
+Type + |
+Description + |
+
|---|---|---|---|
fw_instance_id + |
+Yes + |
+String + |
+Firewall instance ID, which is automatically generated after a CFW instance is created. You can obtain the ID by calling the API for querying a firewall instance. + |
+
object_id + |
+Yes + |
+String + |
+Protected object ID, which is used to distinguish between Internet border protection and VPC border protection after a cloud firewall is created. You can obtain the ID by calling the API for querying firewall instances. In the return value, find the ID in data.records.protect_objects.object_id (The period [.] is used to separate different levels of objects). If the value of type is 0, the protected object ID belongs to the Internet border. If the value of type is 1, the protected object ID belongs to the VPC border. You can obtain the value of type from data.records.protect_objects.type (The period [.] is used to separate different levels of objects). + |
+
domain_names + |
+Yes + |
+Array of DomainSetInfoDto objects + |
+Domain name list. + |
+
Status code: 200
+ +Parameter + |
+Type + |
+Description + |
+
|---|---|---|
data + |
+DomainSetResponseData object + |
+Return data of a domain name group. + |
+
Add domain names www.bnm.com and www.vbc.com to the domain name group of project 14181c1245cf4fd786824efe1e2b9388. The firewall ID is 546af3f8-88e9-47f2-a205-2346d7090925, protected object ID is ae42418e-f077-41a0-9d3b-5b2f5ad9102b, and domain name group ID is 78719348-6d79-477e-acec-676a29842ab2.
+https://{Endpoint}v1/14181c1245cf4fd786824efe1e2b9388/domain-set/domains/78719348-6d79-477e-acec-676a29842ab2?fw_instance_id=546af3f8-88e9-47f2-a205-2346d7090925&enterprise_project_id=default
+
+{
+ "domain_names" : [ {
+ "description" : "",
+ "domain_name" : "www.bnm.com"
+ }, {
+ "description" : "",
+ "domain_name" : "www.vbc.com"
+ } ],
+ "fw_instance_id" : "546af3f8-88e9-47f2-a205-2346d7090925",
+ "object_id" : "ae42418e-f077-41a0-9d3b-5b2f5ad9102b"
+}
+Status code: 200
+Return value for adding a domain names.
+{
+ "data" : {
+ "id" : "78719348-6d79-477e-acec-676a29842ab2",
+ "name" : "test26"
+ }
+}
+Status Code + |
+Description + |
+
|---|---|
200 + |
+Return value for adding a domain names. + |
+
See Error Codes.
+This API is used to add log configurations.
+POST /v1/{project_id}/cfw/logs/configuration
+ +Parameter + |
+Mandatory + |
+Type + |
+Description + |
+
|---|---|---|---|
project_id + |
+Yes + |
+String + |
+Project ID, which can be obtained by calling an API or from the console. For details, see Obtaining a Project ID. + |
+
Parameter + |
+Mandatory + |
+Type + |
+Description + |
+
|---|---|---|---|
fw_instance_id + |
+Yes + |
+String + |
+Firewall ID, which can be obtained by referring to Obtaining a Firewall ID. + |
+
enterprise_project_id + |
+No + |
+String + |
+Enterprise project ID, which is the ID of a project planned based on organizations. You can obtain the enterprise project ID by referring to Obtaining an Enterprise Project ID. If the enterprise project function is not enabled, the value is 0. + |
+
Parameter + |
+Mandatory + |
+Type + |
+Description + |
+
|---|---|---|---|
X-Auth-Token + |
+Yes + |
+String + |
+User token. You can obtain the token by referring to Obtaining a User Token. + |
+
Content-Type + |
+Yes + |
+String + |
+Content type. It can only be set to application/json. + |
+
Parameter + |
+Mandatory + |
+Type + |
+Description + |
+
|---|---|---|---|
fw_instance_id + |
+Yes + |
+String + |
+Firewall ID, which can be obtained by referring to Obtaining a Firewall ID. + |
+
lts_enable + |
+Yes + |
+Integer + |
+Whether to enable LTS: 1 (yes), 0 (no). + |
+
lts_log_group_id + |
+Yes + |
+String + |
+Log Tank Service (LTS) log group ID, which can be obtained by calling the API for querying all the log groups of an account in LTS. Find the value in log_groups.log_group_id (The period [.] is used to separate different levels of objects). + |
+
lts_attack_log_stream_id + |
+No + |
+String + |
+Attack log stream ID, which can be obtained by calling the API for querying all the log streams in a specified log group in LTS. Find the value in log_streams.log_stream_id (The period [.] is used to separate different levels of objects). + |
+
lts_attack_log_stream_enable + |
+No + |
+Integer + |
+Whether to enable the attack log stream: 1 (yes), 0 (no). + |
+
lts_access_log_stream_id + |
+No + |
+String + |
+Access control log stream ID, which can be obtained by calling the API for querying all the log streams in a specified log group in LTS. Find the value in log_streams.log_stream_id (The period [.] is used to separate different levels of objects). + |
+
lts_access_log_stream_enable + |
+No + |
+Integer + |
+Whether to enable the access control stream: 1 (yes), 0 (no). + |
+
lts_flow_log_stream_id + |
+No + |
+String + |
+Traffic log ID, which can be obtained by calling the API for querying all the log streams in a specified log group in LTS. Find the value in log_streams.log_stream_id (The period [.] is used to separate different levels of objects). + |
+
lts_flow_log_stream_enable + |
+No + |
+Integer + |
+Whether to enable the traffic log function: 1 (yes), 0 (no). + |
+
Status code: 200
+ +Parameter + |
+Type + |
+Description + |
+
|---|---|---|
data + |
+String + |
+Return value for adding log configurations. The value is the firewall ID. + |
+
Add log stream configurations for firewall 4d6c860a-0338-49e8-ac64-fcaeb4182ba5 in project 408972e72dcd4c1a9b033e955802a36b. The LTS group ID is 20282428-a8f9-4e75-8246-165e64cf8ba8. The access control log stream, traffic log stream, attack log stream, and LTS are disabled.
+https://{Endpoint}/v1/408972e72dcd4c1a9b033e955802a36b/cfw/logs/configuration?fw_instance_id=4d6c860a-0338-49e8-ac64-fcaeb4182ba5&enterprise_project_id=default
+
+{
+ "fw_instance_id" : "4d6c860a-0338-49e8-ac64-fcaeb4182ba5",
+ "lts_enable" : 0,
+ "lts_log_group_id" : "20282428-a8f9-4e75-8246-165e64cf8ba8",
+ "lts_attack_log_stream_enable" : 0,
+ "lts_access_log_stream_enable" : 0,
+ "lts_flow_log_stream_enable" : 0
+}
+Status code: 200
+Return value for adding log configurations.
+{
+ "data" : "4d6c860a-0338-49e8-ac64-fcaeb4182ba5"
+}
+Status Code + |
+Description + |
+
|---|---|
200 + |
+Return value for adding log configurations. + |
+
See Error Codes.
+This API is used to add service group members in batches.
+POST /v1/{project_id}/service-items
+ +Parameter + |
+Mandatory + |
+Type + |
+Description + |
+
|---|---|---|---|
project_id + |
+Yes + |
+String + |
+Project ID, which can be obtained by calling an API or from the console. For details, see Obtaining a Project ID. + |
+
Parameter + |
+Mandatory + |
+Type + |
+Description + |
+
|---|---|---|---|
enterprise_project_id + |
+No + |
+String + |
+Enterprise project ID, which is the ID of a project planned based on organizations. You can obtain the enterprise project ID by referring to Obtaining an Enterprise Project ID. If the enterprise project function is not enabled, the value is 0. + |
+
fw_instance_id + |
+No + |
+String + |
+Firewall ID, which can be obtained by referring to Obtaining a Firewall ID. + |
+
Parameter + |
+Mandatory + |
+Type + |
+Description + |
+
|---|---|---|---|
X-Auth-Token + |
+Yes + |
+String + |
+User token. You can obtain the token by referring to Obtaining a User Token. + |
+
Content-Type + |
+Yes + |
+String + |
+Content type. It can only be set to application/json. + |
+
Parameter + |
+Mandatory + |
+Type + |
+Description + |
+
|---|---|---|---|
set_id + |
+Yes + |
+String + |
+Service group ID, which can be obtained by calling the API for querying the service group list. Find the value in data.records.set_id (The period [.] is used to separate different levels of objects). + |
+
service_items + |
+Yes + |
+Array of service_items objects + |
+Service group member list. + |
+
Parameter + |
+Mandatory + |
+Type + |
+Description + |
+
|---|---|---|---|
protocol + |
+Yes + |
+Integer + |
+Protocol type: 6 (TCP), 17 (UDP), 1 (ICMP), 58 (ICMPv6), or -1 (any). It cannot be left blank when type is set to 0 (manual), and can be left blank when type is set to 1 (automatic). + |
+
source_port + |
+Yes + |
+String + |
+Source port. + |
+
dest_port + |
+Yes + |
+String + |
+Destination port. + |
+
description + |
+No + |
+String + |
+Service member description. + |
+
Status code: 200
+ +Parameter + |
+Type + |
+Description + |
+
|---|---|---|
data + |
+ServiceItemIds object + |
+Data returned for creating a service group member. + |
+
Parameter + |
+Type + |
+Description + |
+
|---|---|---|
items + |
+Array of items objects + |
+List of service group member IDs. + |
+
Parameter + |
+Type + |
+Description + |
+
|---|---|---|
id + |
+String + |
+Service group member ID. + |
+
Status code: 400
+ +Parameter + |
+Type + |
+Description + |
+
|---|---|---|
error_code + |
+String + |
+Error code. + |
+
error_msg + |
+String + |
+Error description. + |
+
Add a service group member named ceshi to project 9d80d070b6d44942af73c9c3d38e0429. The description is Add a service group member.
+https://{Endpoint}/v1/9d80d070b6d44942af73c9c3d38e0429/service-items
+
+{
+ "set_id" : "7cdebed3-af07-494e-a3c2-b88bb8d58b57",
+ "service_items" : [ {
+ "description" : "Add members to a service group.",
+ "dest_port" : "1",
+ "source_port" : "1",
+ "protocol" : 6
+ } ]
+}
+Status code: 200
+Return value for adding service group members.
+{
+ "data" : {
+ "items" : [ {
+ "id" : "cc41c4af-86e8-4ed2-80ad-87d399aeaed0"
+ } ]
+ }
+}
+Status code: 400
+Bad Request
+{
+ "error_code" : "CFW.00200001",
+ "error_msg" : "Empty parameter."
+}
+Status Code + |
+Description + |
+
|---|---|
200 + |
+Return value for adding service group members. + |
+
400 + |
+Bad Request + |
+
401 + |
+Unauthorized + |
+
403 + |
+Forbidden + |
+
404 + |
+Not Found + |
+
500 + |
+Internal Server Error + |
+
See Error Codes.
+This API is used to create a service group.
+POST /v1/{project_id}/service-set
+ +Parameter + |
+Mandatory + |
+Type + |
+Description + |
+
|---|---|---|---|
project_id + |
+Yes + |
+String + |
+Project ID, which can be obtained by calling an API or from the console. For details, see Obtaining a Project ID. + |
+
Parameter + |
+Mandatory + |
+Type + |
+Description + |
+
|---|---|---|---|
enterprise_project_id + |
+No + |
+String + |
+Enterprise project ID, which is the ID of a project planned based on organizations. You can obtain the enterprise project ID by referring to Obtaining an Enterprise Project ID. If the enterprise project function is not enabled, the value is 0. + |
+
fw_instance_id + |
+No + |
+String + |
+Firewall ID, which can be obtained by referring to Obtaining a Firewall ID. + |
+
Parameter + |
+Mandatory + |
+Type + |
+Description + |
+
|---|---|---|---|
X-Auth-Token + |
+Yes + |
+String + |
+User token. You can obtain the token by referring to Obtaining a User Token. + |
+
Content-Type + |
+Yes + |
+String + |
+Content type. It can only be set to application/json. + |
+
Parameter + |
+Mandatory + |
+Type + |
+Description + |
+
|---|---|---|---|
object_id + |
+Yes + |
+String + |
+Protected object ID, which is used to distinguish between Internet border protection and VPC border protection after a cloud firewall is created. You can obtain the ID by calling the API for querying firewall instances. In the return value, find the ID in data.records.protect_objects.object_id (The period [.] is used to separate different levels of objects). If the value of type is 0, the protected object ID belongs to the Internet border. If the value of type is 1, the protected object ID belongs to the VPC border. You can obtain the value of type from data.records.protect_objects.type (The period [.] is used to separate different levels of objects). + |
+
name + |
+Yes + |
+String + |
+Service group name. + |
+
description + |
+No + |
+String + |
+Service group description. + |
+
Status code: 200
+ +Parameter + |
+Type + |
+Description + |
+
|---|---|---|
data + |
+ServiceSetId object + |
+Data returned for creating a service group. + |
+
Parameter + |
+Type + |
+Description + |
+
|---|---|---|
id + |
+String + |
+Service group ID. + |
+
name + |
+String + |
+Service group name. + |
+
Status code: 400
+ +Parameter + |
+Type + |
+Description + |
+
|---|---|---|
error_code + |
+String + |
+Error code. + |
+
error_msg + |
+String + |
+Error description. + |
+
Add a service group whose project ID is 9d80d070b6d44942af73c9c3d38e0429, protected object is cfebd347-b655-4b84-b938-3c54317599b2, and name is ceshi.
+https://{Endpoint}/v1/9d80d070b6d44942af73c9c3d38e0429/service-set
+
+{
+ "object_id" : "cfebd347-b655-4b84-b938-3c54317599b2",
+ "name" : "ceshi",
+ "description" : ""
+}
+Status code: 200
+Return value for creating a service group.
+{
+ "data" : {
+ "id" : "221cfdca-3abf-4c30-ab0d-516a03c70866"
+ }
+}
+Status code: 400
+Bad Request
+{
+ "error_code" : "CFW.00200024",
+ "error_msg" : "Exceeded the upper limit."
+}
+Status Code + |
+Description + |
+
|---|---|
200 + |
+Return value for creating a service group. + |
+
400 + |
+Bad Request + |
+
401 + |
+Unauthorized + |
+
403 + |
+Forbidden + |
+
404 + |
+Not Found + |
+
500 + |
+Internal Server Error + |
+
See Error Codes.
+This API is used to delete ACL rules in batches.
+DELETE /v1/{project_id}/acl-rule
+ +Parameter + |
+Mandatory + |
+Type + |
+Description + |
+
|---|---|---|---|
project_id + |
+Yes + |
+String + |
+Project ID, which can be obtained by calling an API or from the console. For details, see Obtaining a Project ID. + |
+
Parameter + |
+Mandatory + |
+Type + |
+Description + |
+
|---|---|---|---|
enterprise_project_id + |
+No + |
+String + |
+Enterprise project ID, which is the ID of a project planned based on organizations. You can obtain the enterprise project ID by referring to Obtaining an Enterprise Project ID. If the enterprise project function is not enabled, the value is 0. + |
+
fw_instance_id + |
+No + |
+String + |
+Firewall ID, which can be obtained by referring to Obtaining a Firewall ID. + |
+
Parameter + |
+Mandatory + |
+Type + |
+Description + |
+
|---|---|---|---|
X-Auth-Token + |
+Yes + |
+String + |
+User token. You can obtain the token by referring to Obtaining a User Token. + |
+
Content-Type + |
+Yes + |
+String + |
+Content type. It can only be set to application/json. + |
+
Parameter + |
+Mandatory + |
+Type + |
+Description + |
+
|---|---|---|---|
object_id + |
+Yes + |
+String + |
+Protected object ID, which is used to distinguish between Internet border protection and VPC border protection after a cloud firewall is created. You can obtain the ID by calling the API for querying firewall instances. In the return value, find the ID in data.records.protect_objects.object_id (The period [.] is used to separate different levels of objects). If the value of type is 0, the protected object ID belongs to the Internet border. If the value of type is 1, the protected object ID belongs to the VPC border. You can obtain the value of type from data.records.protect_objects.type (The period [.] is used to separate different levels of objects). + |
+
rule_ids + |
+Yes + |
+Array of strings + |
+Rule ID list, which is the ID list transferred when rules are deleted in batches. Rule IDs can be obtained by calling the API for querying protection rules. Find the value in data.records.rule_id (The period [.] is used to separate different levels of objects). + |
+
Status code: 200
+ +Parameter + |
+Type + |
+Description + |
+
|---|---|---|
data + |
++ | +Returned data for deleting ACL rules in batches. + |
+
Parameter + |
+Type + |
+Description + |
+
|---|---|---|
responseDatas + |
+Array of BatchDeleteRuleInfo objects + |
+Data returned when rules are deleted in batches. + |
+
Delete rules 0475c516-0e41-4caf-990b-0c504eebd73f and 8662868e-fe7e-4dfc-bfb1-ca4d73081ca6 from the protected object ae42418e-f077-41a0-9d3b-5b2f5ad9102b whose project ID is 9d80d070b6d44942af73c9c3d38e0429.
+https://{Endpoint}/v1/9d80d070b6d44942af73c9c3d38e0429/acl-rule
+
+{
+ "rule_ids" : [ "0475c516-0e41-4caf-990b-0c504eebd73f", "8662868e-fe7e-4dfc-bfb1-ca4d73081ca6" ],
+ "object_id" : "ae42418e-f077-41a0-9d3b-5b2f5ad9102b"
+}
+Status code: 200
+Return value for deleting rules in batches.
+{
+ "data" : {
+ "responseDatas" : [ {
+ "name" : "test",
+ "id" : "0475c516-0e41-4caf-990b-0c504eebd73f"
+ }, {
+ "name" : "test2",
+ "id" : "8662868e-fe7e-4dfc-bfb1-ca4d73081ca6"
+ } ]
+ }
+}
+Status Code + |
+Description + |
+
|---|---|
200 + |
+Return value for deleting rules in batches. + |
+
See Error Codes.
+This API is used to delete address group members in batches.
+DELETE /v1/{project_id}/address-items
+ +Parameter + |
+Mandatory + |
+Type + |
+Description + |
+
|---|---|---|---|
project_id + |
+Yes + |
+String + |
+Project ID, which can be obtained by calling an API or from the console. For details, see Obtaining a Project ID. + |
+
Parameter + |
+Mandatory + |
+Type + |
+Description + |
+
|---|---|---|---|
enterprise_project_id + |
+No + |
+String + |
+Enterprise project ID, which is the ID of a project planned based on organizations. You can obtain the enterprise project ID by referring to Obtaining an Enterprise Project ID. If the enterprise project function is not enabled, the value is 0. + |
+
fw_instance_id + |
+No + |
+String + |
+Firewall ID, which can be obtained by referring to Obtaining a Firewall ID. + |
+
Parameter + |
+Mandatory + |
+Type + |
+Description + |
+
|---|---|---|---|
X-Auth-Token + |
+Yes + |
+String + |
+User token. You can obtain the token by referring to Obtaining a User Token. + |
+
Content-Type + |
+Yes + |
+String + |
+Content type. It can only be set to application/json. + |
+
Parameter + |
+Mandatory + |
+Type + |
+Description + |
+
|---|---|---|---|
set_id + |
+Yes + |
+String + |
+Address group ID, which can be obtained by calling the API for querying the address group list. Find the value in data.records.set_id (The period [.] is used to separate different levels of objects). + |
+
address_item_ids + |
+Yes + |
+Array of strings + |
+List of address group member IDs. Address group member IDs can be obtained by calling the API for querying address group members. Find the value in data.records.item_id (The period [.] is used to separate different levels of objects). + |
+
Status code: 200
+ +Parameter + |
+Type + |
+Description + |
+
|---|---|---|
data + |
+Array of strings + |
+ID list of the address group members to be deleted in batches. + |
+
Delete address group member d072ad2e-033c-40a9-b0b5-751f9c2943a6 from address group e4884376-7efb-40e7-b98b-13668d6f8b85 in project 9d80d070b6d44942af73c9c3d38e0429.
+https://{Endpoint}/v1/9d80d070b6d44942af73c9c3d38e0429/address-items?fw_instance_id=7a004e79-0b8b-4679-ab20-267f3946e8ba&enterprise_project_id=default
+
+{
+ "set_id" : "e4884376-7efb-40e7-b98b-13668d6f8b85",
+ "address_item_ids" : [ "d072ad2e-033c-40a9-b0b5-751f9c2943a6" ]
+}
+Status code: 200
+Return value for deleting address group members in batches.
+{
+ "data" : [ "d072ad2e-033c-40a9-b0b5-751f9c2943a6" ]
+}
+Status Code + |
+Description + |
+
|---|---|
200 + |
+Return value for deleting address group members in batches. + |
+
See Error Codes.
+This API is used to delete service group members in batches.
+DELETE /v1/{project_id}/service-items
+ +Parameter + |
+Mandatory + |
+Type + |
+Description + |
+
|---|---|---|---|
project_id + |
+Yes + |
+String + |
+Project ID, which can be obtained by calling an API or from the console. For details, see Obtaining a Project ID. + |
+
Parameter + |
+Mandatory + |
+Type + |
+Description + |
+
|---|---|---|---|
enterprise_project_id + |
+No + |
+String + |
+Enterprise project ID, which is the ID of a project planned based on organizations. You can obtain the enterprise project ID by referring to Obtaining an Enterprise Project ID. If the enterprise project function is not enabled, the value is 0. + |
+
fw_instance_id + |
+No + |
+String + |
+Firewall ID, which can be obtained by referring to Obtaining a Firewall ID. + |
+
Parameter + |
+Mandatory + |
+Type + |
+Description + |
+
|---|---|---|---|
X-Auth-Token + |
+Yes + |
+String + |
+User token. You can obtain the token by referring to Obtaining a User Token. + |
+
Content-Type + |
+Yes + |
+String + |
+Content type. It can only be set to application/json. + |
+
Parameter + |
+Mandatory + |
+Type + |
+Description + |
+
|---|---|---|---|
set_id + |
+Yes + |
+String + |
+Service group ID, which can be obtained by calling the API for querying the service group list. Find the value in data.records.set_id (The period [.] is used to separate different levels of objects). + |
+
service_item_ids + |
+Yes + |
+Array of strings + |
+List of service group member IDs. Service group member IDs can be obtained by calling the API for querying the service group member list. Find the value in data.records.item_id (The period [.] is used to separate different levels of objects). + |
+
Status code: 200
+ +Parameter + |
+Type + |
+Description + |
+
|---|---|---|
data + |
+Array of strings + |
+ID list of the service group members to be deleted in batches. + |
+
Status code: 400
+ +Parameter + |
+Type + |
+Description + |
+
|---|---|---|
error_code + |
+String + |
+Error code. + |
+
error_msg + |
+String + |
+Error description. + |
+
Delete service group member f837f7ae-22c9-449d-a99c-4be24533e243 from service group 688faf62-20fc-4ca6-b9f9-6fbc518df5ae in project 9d80d070b6d44942af73c9c3d38e0429.
+https://{Endpoint}/v1/9d80d070b6d44942af73c9c3d38e0429/service-items?fw_instance_id=7a004e79-0b8b-4679-ab20-267f3946e8ba&enterprise_project_id=default
+
+{
+ "set_id" : "688faf62-20fc-4ca6-b9f9-6fbc518df5ae",
+ "service_item_ids" : [ "f837f7ae-22c9-449d-a99c-4be24533e243" ]
+}
+Status code: 200
+Return value for deleting service group members in batches.
+{
+ "data" : [ "f837f7ae-22c9-449d-a99c-4be24533e243" ]
+}
+Status code: 400
+Bad Request
+{
+ "error_code" : "CFW.00200005",
+ "error_msg" : "Object not found."
+}
+Status Code + |
+Description + |
+
|---|---|
200 + |
+Return value for deleting service group members in batches. + |
+
400 + |
+Bad Request + |
+
See Error Codes.
+This API is used to update rule actions in batches.
+PUT /v1/{project_id}/acl-rule/action
+ +Parameter + |
+Mandatory + |
+Type + |
+Description + |
+
|---|---|---|---|
project_id + |
+Yes + |
+String + |
+Project ID, which can be obtained by calling an API or from the console. For details, see Obtaining a Project ID. + |
+
Parameter + |
+Mandatory + |
+Type + |
+Description + |
+
|---|---|---|---|
enterprise_project_id + |
+No + |
+String + |
+Enterprise project ID, which is the ID of a project planned based on organizations. You can obtain the enterprise project ID by referring to Obtaining an Enterprise Project ID. If the enterprise project function is not enabled, the value is 0. + |
+
fw_instance_id + |
+No + |
+String + |
+Firewall ID, which can be obtained by referring to Obtaining a Firewall ID. + |
+
Parameter + |
+Mandatory + |
+Type + |
+Description + |
+
|---|---|---|---|
X-Auth-Token + |
+Yes + |
+String + |
+User token. You can obtain the token by referring to Obtaining a User Token. + |
+
Content-Type + |
+Yes + |
+String + |
+Content type. It can only be set to application/json. + |
+
Parameter + |
+Mandatory + |
+Type + |
+Description + |
+
|---|---|---|---|
object_id + |
+Yes + |
+String + |
+Protected object ID, which is used to distinguish between Internet border protection and VPC border protection after a cloud firewall is created. You can obtain the ID by calling the API for querying firewall instances. In the return value, find the ID in data.records.protect_objects.object_id (The period [.] is used to separate different levels of objects). If the value of type is 0, the protected object ID belongs to the Internet border. If the value of type is 1, the protected object ID belongs to the VPC border. You can obtain the value of type from data.records.protect_objects.type (The period [.] is used to separate different levels of objects). + |
+
action + |
+Yes + |
+String + |
+Rule action: enable (permit), disable (deny). + |
+
rule_ids + |
+Yes + |
+Array of strings + |
+List of rule IDs. You can obtain the rule IDs by calling the API for querying protection rules. Find the value in data.records.rule_id (The period [.] is used to separate different levels of objects). + |
+
Status code: 200
+ +Parameter + |
+Type + |
+Description + |
+
|---|---|---|
data + |
+Array of strings + |
+IDs of ACL rules to be updated in batches. The value is the rule IDs transferred from the request body. + |
+
Update the statuses of rules 4e12d889-c1d3-491b-8470-3d1b3dadc1fd and f798a6a8-c4c5-42b4-838c-c922c9908cb4 of firewall 546af3f8-88e9-47f2-a205-2346d7090925 in project 14181c1245cf4fd786824efe1e2b9388 to enabled.
+https://{Endpoint}/v1/14181c1245cf4fd786824efe1e2b9388/acl-rule/action?fw_instance_id=546af3f8-88e9-47f2-a205-2346d7090925&enterprise_project_id=default
+
+{
+ "action" : "enable",
+ "rule_ids" : [ "4e12d889-c1d3-491b-8470-3d1b3dadc1fd", "f798a6a8-c4c5-42b4-838c-c922c9908cb4" ],
+ "object_id" : "ae42418e-f077-41a0-9d3b-5b2f5ad9102b"
+}
+Status code: 200
+Returned value for batch ACL rule update.
+{
+ "data" : [ "4e12d889-c1d3-491b-8470-3d1b3dadc1fd", "f798a6a8-c4c5-42b4-838c-c922c9908cb4" ]
+}
+Status Code + |
+Description + |
+
|---|---|
200 + |
+Returned value for batch ACL rule update. + |
+
See Error Codes.
+This API is used to enable or disable east-west protection.
+POST /v1/{project_id}/firewall/east-west/protect
+ +Parameter + |
+Mandatory + |
+Type + |
+Description + |
+
|---|---|---|---|
project_id + |
+Yes + |
+String + |
+Project ID, which can be obtained by calling an API or from the console. For details, see Obtaining a Project ID. + |
+
Parameter + |
+Mandatory + |
+Type + |
+Description + |
+
|---|---|---|---|
enterprise_project_id + |
+No + |
+String + |
+Enterprise project ID, which is the ID of a project planned based on organizations. You can obtain the enterprise project ID by referring to Obtaining an Enterprise Project ID. If the enterprise project function is not enabled, the value is 0. + |
+
fw_instance_id + |
+No + |
+String + |
+Firewall ID, which can be obtained by referring to Obtaining a Firewall ID. + |
+
Parameter + |
+Mandatory + |
+Type + |
+Description + |
+
|---|---|---|---|
X-Auth-Token + |
+Yes + |
+String + |
+User token. You can obtain the token by referring to Obtaining a User Token. + |
+
Content-Type + |
+Yes + |
+String + |
+Content type. It can only be set to application/json. + |
+
Parameter + |
+Mandatory + |
+Type + |
+Description + |
+
|---|---|---|---|
object_id + |
+Yes + |
+String + |
+Protected object ID, which is used to distinguish between Internet border protection and VPC border protection after a cloud firewall is created. You can obtain the ID by calling the API for querying firewall instances. In the return value, find the ID in data.records.protect_objects.object_id (The period [.] is used to separate different levels of objects). If the value of type is 0, the protected object ID belongs to the Internet border. If the value of type is 1, the protected object ID belongs to the VPC border. Here, a protected object ID whose type is 1 is used. You can obtain the value of type from data.records.protect_objects.type (The period [.] is used to separate different levels of objects). + |
+
status + |
+Yes + |
+Integer + |
+Protection status: 0 (enabled), 1 (disabled). + |
+
Status code: 200
+ +Parameter + |
+Type + |
+Description + |
+
|---|---|---|
data + |
++ | +Data returned for modifying east-west protection. + |
+
Parameter + |
+Type + |
+Description + |
+
|---|---|---|
id + |
+String + |
+East-west protected object ID, which can be obtained by calling the API for querying a firewall instance. In the return value, find the ID in data.records.protect_objects.object_id (The period [.] is used to separate different levels of objects). Note that type indicates the protected object type. 0 indicates the ID of a protected object at the Internet border, 1 indicates the ID of a protected object at the VPC border. Here, a protected object ID whose type is 1 is used. You can obtain the value of type from data.records.protect_objects.type (The period [.] is used to separate different levels of objects). + |
+
Status code: 400
+ +Parameter + |
+Type + |
+Description + |
+
|---|---|---|
error_code + |
+String + |
+Error code. + |
+
error_msg + |
+String + |
+Error description. + |
+
In the project with the ID 09bb24e6fe80d23d2fa2c010b53b418c, enable east-west firewall protection for the object with the ID 74820b38-1cc0-4f0b-8cce-32490fa840a3.
+https://{Endpoint}/v1/09bb24e6fe80d23d2fa2c010b53b418c/firewall/east-west/protect
+
+{
+ "object_id" : "74820b38-1cc0-4f0b-8cce-32490fa840a3",
+ "status" : 1
+}
+Status code: 200
+Response body for updating the east-west protection status.
+{
+ "data" : {
+ "id" : "5c539816-7a94-4833-9df0-944b362f0797"
+ }
+}
+Status code: 400
+Bad Request
+{
+ "error_code" : "CFW.00200005",
+ "error_msg" : "Object not found."
+}
+Status Code + |
+Description + |
+
|---|---|
200 + |
+Response body for updating the east-west protection status. + |
+
400 + |
+Bad Request + |
+
401 + |
+Unauthorized + |
+
403 + |
+Forbidden + |
+
404 + |
+Not Found + |
+
500 + |
+Internal Server Error + |
+
See Error Codes.
+This API is used to enable or disable EIP protection. After a customer purchases an EIP, the customer needs to call ListEips to synchronize EIPs asset before enabling EIP protection for the first time. The sync field should be set to 1.
+POST /v1/{project_id}/eip/protect
+ +Parameter + |
+Mandatory + |
+Type + |
+Description + |
+
|---|---|---|---|
project_id + |
+Yes + |
+String + |
+Project ID, which can be obtained by calling an API or from the console. For details, see Obtaining a Project ID. + |
+
Parameter + |
+Mandatory + |
+Type + |
+Description + |
+
|---|---|---|---|
enterprise_project_id + |
+No + |
+String + |
+Enterprise project ID, which is the ID of a project planned based on organizations. You can obtain the enterprise project ID by referring to Obtaining an Enterprise Project ID. If the enterprise project function is not enabled, the value is 0. + |
+
fw_instance_id + |
+No + |
+String + |
+Firewall ID, which can be obtained by referring to Obtaining a Firewall ID. + |
+
Parameter + |
+Mandatory + |
+Type + |
+Description + |
+
|---|---|---|---|
X-Auth-Token + |
+Yes + |
+String + |
+User token. You can obtain the token by referring to Obtaining a User Token. + |
+
Content-Type + |
+Yes + |
+String + |
+Content type. It can only be set to application/json. + |
+
Parameter + |
+Mandatory + |
+Type + |
+Description + |
+
|---|---|---|---|
object_id + |
+Yes + |
+String + |
+Protected object ID, which is used to distinguish between Internet border protection and VPC border protection after a cloud firewall is created. You can obtain the ID by calling the API for querying firewall instances. In the return value, find the ID in data.records.protect_objects.object_id (The period [.] is used to separate different levels of objects). If the value of type is 0, the protected object ID belongs to the Internet border. If the value of type is 1, the protected object ID belongs to the VPC border. Here, a protected object ID whose type is 0 is used. You can obtain the value of type from data.records.protect_objects.type (The period [.] is used to separate different levels of objects). + |
+
status + |
+Yes + |
+Integer + |
+Status that an EIP will be changed to: 0 (protected), 1 (unprotected). + |
+
ip_infos + |
+Yes + |
+Array of ip_infos objects + |
+List of EIPs whose protection status is changed. + |
+
Parameter + |
+Mandatory + |
+Type + |
+Description + |
+
|---|---|---|---|
id + |
+No + |
+String + |
+EIP ID, which can be obtained by calling the API for querying the EIP list. Find the value in data.records.id (The period [.] is used to separate different levels of objects). + |
+
public_ip + |
+No + |
+String + |
+EIP IPv4 address, which can be obtained by calling the API for querying the EIP list. Find the value in data.records.public_ip (The period [.] is used to separate different levels of objects). + |
+
public_ipv6 + |
+No + |
+String + |
+EIP IPv6 address, which can be obtained by calling the API for querying the EIP list. Find the value in data.records.public_ipv6 (The period [.] is used to separate different levels of objects). + |
+
Status code: 200
+ +Parameter + |
+Type + |
+Description + |
+
|---|---|---|
data + |
+EIPSwitchStatusVO object + |
+Data returned for changing the EIP protection status. + |
+
Parameter + |
+Type + |
+Description + |
+
|---|---|---|
object_id + |
+String + |
+Protected object ID, which is used to distinguish between Internet border protection and VPC border protection after a cloud firewall is created. You can obtain the ID by calling the API for querying firewall instances. In the return value, find the ID in data.records.protect_objects.object_id (The period [.] is used to separate different levels of objects). If the value of type is 0, the protected object ID belongs to the Internet border. If the value of type is 1, the protected object ID belongs to the VPC border. Here, a protected object ID whose type is 0 is used. You can obtain the value of type from data.records.protect_objects.type (The period [.] is used to separate different levels of objects). + |
+
fail_eip_id_list + |
+Array of strings + |
+List of EIP protection statuses that fail to be modified. The status can be successful or fail. + |
+
fail_eip_list + |
+Array of FailedEipInfo objects + |
+List of failures to modify the EIP protection status. + |
+
id + |
+String + |
+Firewall ID, which can be obtained by referring to Obtaining a Firewall ID. + |
+
Parameter + |
+Type + |
+Description + |
+
|---|---|---|
id + |
+String + |
+ID of an EIP whose status fails to be changed. + |
+
error_message + |
+String + |
+Error code of a status change failure. + |
+
Status code: 400
+ +Parameter + |
+Type + |
+Description + |
+
|---|---|---|
error_code + |
+String + |
+Error code. + |
+
error_msg + |
+String + |
+Error description. + |
+
https://{Endpoint}/v1/857ddec2-55f2-4503-a93a-fe70021b743c/eip/protect
+
+{
+ "object_id" : "6d3db4fd-fd58-4d8e-914b-ef91aa268f62",
+ "status" : 0,
+ "ip_infos" : [ {
+ "id" : "4a589be0-b40a-4694-94ff-c0710af9a0a2",
+ "public_ip" : "1.2.3.4"
+ } ]
+}
+/v1/857ddec2-55f2-4503-a93a-fe70021b743c/eip/protect
+
+{
+ "object_id" : "6d3db4fd-fd58-4d8e-914b-ef91aa268f62",
+ "status" : 1,
+ "ip_infos" : [ {
+ "id" : "4a589be0-b40a-4694-94ff-c0710af9a0a2",
+ "public_ip" : "1.2.3.4"
+ } ]
+}
+Status code: 200
+Return value for enabling or disabling EIP protection.
+{
+ "data": {
+ "fail_eip_id_list": [],
+ "fail_eip_list": [],
+ "object_id": "ae42418e-f077-41a0-9d3b-5b2f5ad9102b",
+ "id": "b0a2dacc-3886-4805-838e-281653d3cd1f"
+ }
+Status Code + |
+Description + |
+
|---|---|
200 + |
+Return value for enabling or disabling EIP protection. + |
+
400 + |
+Bad Request + |
+
401 + |
+Unauthorized + |
+
403 + |
+Forbidden + |
+
404 + |
+Not Found + |
+
500 + |
+Internal Server Error + |
+
See Error Codes.
+This API is used to change the protection mode.
+POST /v1/{project_id}/ips/protect
+ +Parameter + |
+Mandatory + |
+Type + |
+Description + |
+
|---|---|---|---|
project_id + |
+Yes + |
+String + |
+Project ID, which can be obtained by calling an API or from the console. For details, see Obtaining a Project ID. + |
+
Parameter + |
+Mandatory + |
+Type + |
+Description + |
+
|---|---|---|---|
enterprise_project_id + |
+No + |
+String + |
+Enterprise project ID, which is the ID of a project planned based on organizations. You can obtain the enterprise project ID by referring to Obtaining an Enterprise Project ID. If the enterprise project function is not enabled, the value is 0. + |
+
fw_instance_id + |
+No + |
+String + |
+Firewall ID, which can be obtained by referring to Obtaining a Firewall ID. + |
+
Parameter + |
+Mandatory + |
+Type + |
+Description + |
+
|---|---|---|---|
X-Auth-Token + |
+Yes + |
+String + |
+User token. You can obtain the token by referring to Obtaining a User Token. + |
+
Content-Type + |
+Yes + |
+String + |
+Content type. It can only be set to application/json. + |
+
Parameter + |
+Mandatory + |
+Type + |
+Description + |
+
|---|---|---|---|
object_id + |
+Yes + |
+String + |
+Protected object ID, which is used to distinguish Internet border protection from VPC border protection after a CFW instance is created. You can obtain the ID by calling the API for querying a firewall instance. Note that the value 0 indicates the ID of a protected object on the Internet border, and the value 1 indicates the ID of a protected object on the VPC border. + |
+
mode + |
+Yes + |
+Integer + |
+IPS protection mode: 0 (observation mode), 1 (strict mode), 2 (medium mode), or 3 (loose mode). + |
+
Status code: 200
+ +Parameter + |
+Type + |
+Description + |
+
|---|---|---|
data + |
+data object + |
+Response body. + |
+
Status code: 400
+ +Parameter + |
+Type + |
+Description + |
+
|---|---|---|
error_code + |
+String + |
+Error code. + |
+
error_msg + |
+String + |
+Error description. + |
+
Set the protection mode to Interception mode - strict for the protected object whose ID is cfebd347-b655-4b84-b938-3c54317599b2 in the project 9d80d070b6d44942af73c9c3d38e0429.
+https://{Endpoint}/v1/9d80d070b6d44942af73c9c3d38e0429/ips/protect
+
+{
+ "object_id" : "cfebd347-b655-4b84-b938-3c54317599b2",
+ "mode" : 1
+}
+Status code: 200
+Request body for modifying the IPS protection mode.
+{
+ "data" : {
+ "id" : "cfebd347-b655-4b84-b938-3c54317599b2"
+ }
+}
+Status code: 400
+Bad Request
+{
+ "error_code" : "CFW.0020016",
+ "error_msg" : "Incorrect instance status."
+}
+Status Code + |
+Description + |
+
|---|---|
200 + |
+Request body for modifying the IPS protection mode. + |
+
400 + |
+Bad Request + |
+
401 + |
+Unauthorized + |
+
403 + |
+Forbidden + |
+
404 + |
+Not Found + |
+
500 + |
+Internal Server Error + |
+
See Error Codes.
+This API is used to enable or disable the feature.
+POST /v1/{project_id}/ips/switch
+ +Parameter + |
+Mandatory + |
+Type + |
+Description + |
+
|---|---|---|---|
project_id + |
+Yes + |
+String + |
+Project ID, which can be obtained by calling an API or from the console. For details, see Obtaining a Project ID. + |
+
Parameter + |
+Mandatory + |
+Type + |
+Description + |
+
|---|---|---|---|
enterprise_project_id + |
+No + |
+String + |
+Enterprise project ID, which is the ID of a project planned based on organizations. You can obtain the enterprise project ID by referring to Obtaining an Enterprise Project ID. If the enterprise project function is not enabled, the value is 0. + |
+
fw_instance_id + |
+No + |
+String + |
+Firewall ID, which can be obtained by referring to Obtaining a Firewall ID. + |
+
Parameter + |
+Mandatory + |
+Type + |
+Description + |
+
|---|---|---|---|
X-Auth-Token + |
+Yes + |
+String + |
+User token. You can obtain the token by referring to Obtaining a User Token. + |
+
Content-Type + |
+Yes + |
+String + |
+Content type. It can only be set to application/json. + |
+
Parameter + |
+Mandatory + |
+Type + |
+Description + |
+
|---|---|---|---|
object_id + |
+Yes + |
+String + |
+Protected object ID, which is used to distinguish between Internet border protection and VPC border protection after a cloud firewall is created. You can obtain the ID by calling the API for querying firewall instances. In the return value, find the ID in data.records.protect_objects.object_id (The period [.] is used to separate different levels of objects). If the value of type is 0, the protected object ID belongs to the Internet border. If the value of type is 1, the protected object ID belongs to the VPC border. Here, a protected object ID whose type is 0 is used. You can obtain the value of type from data.records.protect_objects.type (The period [.] is used to separate different levels of objects). + |
+
ips_type + |
+Yes + |
+Integer + |
+Patch type. Its value can only be 2 (virtual patch). + |
+
status + |
+Yes + |
+Integer + |
+IPS feature status: 0 (disabled), 1 (enabled). + |
+
Status code: 200
+ +Parameter + |
+Type + |
+Description + |
+
|---|---|---|
data + |
+data object + |
+Response body. + |
+
Enable or disable the basic patch and virtual patch of the engine on the user side. The following example shows how to enable the basic patch function for protected object 1530de8a-522d-4771-9067-9fa4e2f53b48 whose project ID is 14181c1245cf4fd786824efe1e2b9388.
+https://{Endpoint}/v1/14181c1245cf4fd786824efe1e2b9388/ips/switch?fw_instance_id=546af3f8-88e9-47f2-a205-2346d7090925&enterprise_project_id=default
+
+{
+ "ips_type" : 1,
+ "object_id" : "1530de8a-522d-4771-9067-9fa4e2f53b48",
+ "status" : 1
+}
+Status code: 200
+Return value for changing the IPS feature status.
+{
+ "data" : {
+ "id" : "1530de8a-522d-4771-9067-9fa4e2f53b48"
+ }
+}
+Status Code + |
+Description + |
+
|---|---|
200 + |
+Return value for changing the IPS feature status. + |
+
401 + |
+Unauthorized + |
+
403 + |
+Forbidden + |
+
404 + |
+Not Found + |
+
500 + |
+Internal Server Error + |
+
See Error Codes.
+This API is used to create an east-west firewall.
+POST /v1/{project_id}/firewall/east-west
+ +Parameter + |
+Mandatory + |
+Type + |
+Description + |
+
|---|---|---|---|
project_id + |
+Yes + |
+String + |
+Project ID, which can be obtained by calling an API or from the console. For details, see Obtaining a Project ID. + |
+
Parameter + |
+Mandatory + |
+Type + |
+Description + |
+
|---|---|---|---|
enterprise_project_id + |
+No + |
+String + |
+Enterprise project ID, which is the ID of a project planned based on organizations. You can obtain the enterprise project ID by referring to Obtaining an Enterprise Project ID. If the enterprise project function is not enabled, the value is 0. + |
+
fw_instance_id + |
+Yes + |
+String + |
+Firewall ID, which can be obtained by referring to Obtaining a Firewall ID. + |
+
Parameter + |
+Mandatory + |
+Type + |
+Description + |
+
|---|---|---|---|
X-Auth-Token + |
+Yes + |
+String + |
+User token. You can obtain the token by referring to Obtaining a User Token. + |
+
Content-Type + |
+Yes + |
+String + |
+Content type. It can only be set to application/json. + |
+
Parameter + |
+Mandatory + |
+Type + |
+Description + |
+
|---|---|---|---|
er_id + |
+Yes + |
+String + |
+ID of the associated enterprise router in the outbound direction, which can be obtained by calling the API for querying the enterprise router list of the Enterprise Router service. Find the enterprise router ID in instances.id (The period [.] is used to separate different levels of objects). + |
+
inspection_vpc_id + |
+No + |
+String + |
+Traffic diversion VPC ID. + |
+
er_associated_subnet + |
+No + |
+AssociatedSubnet object + |
+Subnet associated with an enterprise router. + |
+
firewall_associated_subnets + |
+No + |
+Array of AssociatedSubnet objects + |
+List of subnets associated with a firewall. + |
+
Status code: 200
+ +Parameter + |
+Type + |
+Description + |
+
|---|---|---|
data + |
+CreateEWFirewallResp object + |
+Return value for creating an east-west firewall. + |
+
Parameter + |
+Type + |
+Description + |
+
|---|---|---|
id + |
+String + |
+East-west protection ID, corresponding to the object_id field. + |
+
er + |
+ER object + |
+Enterprise router information. + |
+
inspertion_vpc + |
++ | +Information about the traffic diversion VPC. + |
+
Parameter + |
+Type + |
+Description + |
+
|---|---|---|
er_id + |
+String + |
+Enterprise router ID, which is referenced when east-west protection is created. + |
+
er_attach_id + |
+String + |
+Connection ID of an enterprise router. This connection is used to connect the firewall and the enterprise router. This field can be used to obtain the connection details on the connection management page after querying a specified enterprise router by its ID on the Enterprise Router page. + |
+
Under firewall 55b26ab5-e4b0-40e8-941c-a1778fe2a500 in project 09bb24e6f280d23d0f9fc0104b901480, create a firewall in enterprise router mode. The enterprise router ID is 0eb296a4-aa9b-493e-b58a-ce993a16edfc, the traffic diversion VPC is 0eb296a4-aa9b-493e-b58a-ce993a16edfd, the subnets associated with the firewall are fw-subnet and cfw-subnet, and the subnet associated with the enterprise router is er-subnet.
+https://{Endpoint}/v1/09bb24e6f280d23d0f9fc0104b901480/firewall/east-west?fw_instance_id=55b26ab5-e4b0-40e8-941c-a1778fe2a500&enterprise_project_id=default
+
+{
+ "er_associated_subnet" : {
+ "cidr" : "192.168.2.0/24",
+ "name" : "er-subnet",
+ "vpc_id" : "0eb296a4-aa9b-493e-b58a-ce993a16edfd"
+ },
+ "er_id" : "0eb296a4-aa9b-493e-b58a-ce993a16edfc",
+ "firewall_associated_subnets" : [ {
+ "cidr" : "192.168.1.0/24",
+ "name" : "fw-subnet",
+ "vpc_id" : "0eb296a4-aa9b-493e-b58a-ce993a16edfd"
+ }, {
+ "cidr" : "192.168.3.0/24",
+ "name" : "cfw-subnet",
+ "vpc_id" : "0eb296a4-aa9b-493e-b58a-ce993a16edfd"
+ } ],
+ "inspection_vpc_id" : "0eb296a4-aa9b-493e-b58a-ce993a16edfd"
+}
+Status code: 200
+Return value for creating an east-west firewall.
+{
+ "data" : {
+ "id" : "acc86ca7-818b-4c3d-8a9a-3915a2b21651",
+ "er" : {
+ "er_id" : "f0f5275a-40aa-4d1e-ac78-2550f7818d43",
+ "er_attach_id" : "bd62ddd3-5e20-482b-aefa-9e2940e2b1a9"
+ },
+ "inspertion_vpc" : {
+ "vpc_id" : "00672633-0466-4c35-99ef-5e3f5c813a4b",
+ "subnet_ids" : [ "294682a0-1e85-45f5-92c8-e52bee09c204", "a86277bb-35d5-4442-bc0b-2e9d4e6a9080", "95829240-14e0-47e6-b9e7-2ac228e7b00f" ]
+ }
+ }
+}
+Status Code + |
+Description + |
+
|---|---|
200 + |
+Return value for creating an east-west firewall. + |
+
See Error Codes.
+This API is used to create a firewall.
+POST /v2/{project_id}/firewall
+ +Parameter + |
+Mandatory + |
+Type + |
+Description + |
+
|---|---|---|---|
project_id + |
+Yes + |
+String + |
+Project ID, which can be obtained by calling an API or from the console. For details, see Obtaining a Project ID. + |
+
Parameter + |
+Mandatory + |
+Type + |
+Description + |
+
|---|---|---|---|
X-Auth-Token + |
+Yes + |
+String + |
+User token. You can obtain the token by referring to Obtaining a User Token. + |
+
X-Client-Token + |
+No + |
+String + |
+Identifier that ensures idempotency of client requests. +It is a 32-bit UUID and is generated by the client. The value must be unique. + |
+
Content-Type + |
+Yes + |
+String + |
+Content type. It can only be set to application/json. + |
+
Parameter + |
+Mandatory + |
+Type + |
+Description + |
+
|---|---|---|---|
name + |
+Yes + |
+String + |
+Firewall name. + |
+
enterprise_project_id + |
+No + |
+String + |
+Enterprise project ID, which is the ID of a project planned based on organizations. You can obtain the enterprise project ID by referring to Obtaining an Enterprise Project ID. If the enterprise project function is not enabled, the value is 0. + |
+
tags + |
+No + |
+Array of tags objects + |
+List of service resource tags. After tags are added to firewall resources, you can query resources and combine CDRs by key and value. + |
+
flavor + |
+Yes + |
+flavor object + |
+Firewall specifications. + |
+
charge_info + |
+Yes + |
+charge_info object + |
+Billing type, which can be yearly/monthly or pay-per-use (default setting). + |
+
Parameter + |
+Mandatory + |
+Type + |
+Description + |
+
|---|---|---|---|
key + |
+No + |
+String + |
+Resource tag key. + |
+
value + |
+No + |
+String + |
+Resource tag value. + |
+
Status code: 200
+ +Parameter + |
+Type + |
+Description + |
+
|---|---|---|
job_id + |
+String + |
+Instance creation task ID. This parameter is returned only when pay-per-use instances are created. + |
+
order_id + |
+String + |
+Order ID. This parameter is returned only when yearly/monthly instances are created. + |
+
data + |
+CreateFirewallReq object + |
+Request body for creating a firewall. + |
+
Parameter + |
+Type + |
+Description + |
+
|---|---|---|
name + |
+String + |
+Firewall name. + |
+
enterprise_project_id + |
+String + |
+Enterprise project ID, which is the ID of a project planned based on organizations. You can obtain the enterprise project ID by referring to Obtaining an Enterprise Project ID. If the enterprise project function is not enabled, the value is 0. + |
+
tags + |
+Array of tags objects + |
+List of service resource tags. After tags are added to firewall resources, you can query resources and combine CDRs by key and value. + |
+
flavor + |
+flavor object + |
+Firewall specifications. + |
+
charge_info + |
+charge_info object + |
+Billing type, which can be yearly/monthly or pay-per-use (default setting). + |
+
Parameter + |
+Type + |
+Description + |
+
|---|---|---|
key + |
+String + |
+Resource tag key. + |
+
value + |
+String + |
+Resource tag value. + |
+
Parameter + |
+Type + |
+Description + |
+
|---|---|---|
version + |
+String + |
+Firewall edition. Only the professional edition is supported. + |
+
Parameter + |
+Type + |
+Description + |
+
|---|---|---|
charge_mode + |
+String + |
+Billing mode. The value can only be postPaid, indicating pay-per-use billing. + |
+
Status code: 400
+ +Parameter + |
+Type + |
+Description + |
+
|---|---|---|
error_code + |
+String + |
+Error code. + |
+
error_msg + |
+String + |
+Error description. + |
+
The customer whose project ID is 124147da-5b08-471a-93d2-bc82acc290c6 subscribes to the standard firewall. The firewall name is CFW-Test, the enterprise project ID is 0, the resource tag is a key-value pair, the key is TagKey, the value is TagValue, the added number of protected EIPs is 2000, the added protection bandwidth is 5000 Mbit/s, and the added number of protected VPCs is 100. The yearly/monthly billing mode is used. Auto-renewal and auto-payment are enabled. The usage duration is one month.
+https://{Endpoint}/v2/124147da-5b08-471a-93d2-bc82acc290c6/firewall
+
+{
+ "name" : "CFW-TEST",
+ "enterprise_project_id" : "0",
+ "tags" : [ {
+ "key" : "TagKey",
+ "value" : "TagVal"
+ } ],
+ "flavor" : {
+ "version" : "standard",
+ "extend_eip_count" : 2000,
+ "extend_bandwidth" : 5000,
+ "extend_vpc_count" : 100
+ },
+ "charge_info" : {
+ "charge_mode" : "prePaid",
+ "period_type" : "month",
+ "period_num" : 1,
+ "is_auto_renew" : true,
+ "is_auto_pay" : true
+ }
+}
+Status code: 200
+Information returned when the firewall is purchased successfully.
+{
+ "data" : {
+ "charge_info" : {
+ "charge_mode" : "prePaid",
+ "is_auto_pay" : true,
+ "is_auto_renew" : true,
+ "period_num" : 1,
+ "period_type" : "month"
+ },
+ "enterprise_project_id" : "0",
+ "flavor" : {
+ "extend_bandwidth" : 5000,
+ "extend_eip_count" : 2000,
+ "extend_vpc_count" : 100,
+ "version" : "Standard"
+ },
+ "name" : "CFW-TEST",
+ "tags" : [ {
+ "key" : "TagKey",
+ "value" : "TagVal"
+ } ]
+ },
+ "job_id" : "CS2403271050ZEM0L"
+}
+Status code: 400
+Returned error information.
+{
+ "error_code" : "CFW.00100001",
+ "error_msg" : "System busy. Try again later."
+}
+Status Code + |
+Description + |
+
|---|---|
200 + |
+Information returned when the firewall is purchased successfully. + |
+
400 + |
+Returned error information. + |
+
See Error Codes.
+This API is used to create a tag.
+POST /v2/{project_id}/cfw-cfw/{fw_instance_id}/tags/create
+ +Parameter + |
+Mandatory + |
+Type + |
+Description + |
+
|---|---|---|---|
project_id + |
+Yes + |
+String + |
+Project ID, which can be obtained by calling an API or from the console. For details, see Obtaining a Project ID. + |
+
fw_instance_id + |
+Yes + |
+String + |
+Firewall ID, which can be obtained by referring to Obtaining a Firewall ID. + |
+
Parameter + |
+Mandatory + |
+Type + |
+Description + |
+
|---|---|---|---|
X-Auth-Token + |
+Yes + |
+String + |
+User token. You can obtain the token by referring to Obtaining a User Token. + |
+
Content-Type + |
+Yes + |
+String + |
+Content type. It can only be set to application/json. + |
+
Parameter + |
+Mandatory + |
+Type + |
+Description + |
+
|---|---|---|---|
tags + |
+No + |
+Array of CreateTag objects + |
+Create a firewall tag list. + |
+
Status code: 200
+ +Parameter + |
+Type + |
+Description + |
+
|---|---|---|
- + |
+String + |
++ |
Add a tag whose key is keytest and value is valuetest to firewall 5e7eba7f-5de4-4ce9-8f60-11330dfc6565 in project 0b2179bbe180d3762fb0c01a2d5725c7.
+https://{Endpoint}/v2/0b2179bbe180d3762fb0c01a2d5725c7/cfw-cfw/5e7eba7f-5de4-4ce9-8f60-11330dfc6565/tags/create
+
+{
+ "tags" : [ {
+ "key" : "keytest",
+ "value" : "valuetest"
+ } ]
+}
+None
+Status Code + |
+Description + |
+
|---|---|
200 + |
+OK + |
+
See Error Codes.
+This API is used to delete an ACL rule.
+DELETE /v1/{project_id}/acl-rule/{acl_rule_id}
+ +Parameter + |
+Mandatory + |
+Type + |
+Description + |
+
|---|---|---|---|
project_id + |
+Yes + |
+String + |
+Project ID, which can be obtained by calling an API or from the console. For details, see Obtaining a Project ID. + |
+
acl_rule_id + |
+Yes + |
+String + |
+Rule ID, which can be obtained by calling the API for querying protection rules. Find the value in data.records.rule_id (The period [.] is used to separate different levels of objects). + |
+
Parameter + |
+Mandatory + |
+Type + |
+Description + |
+
|---|---|---|---|
enterprise_project_id + |
+No + |
+String + |
+Enterprise project ID, which is the ID of a project planned based on organizations. You can obtain the enterprise project ID by referring to Obtaining an Enterprise Project ID. If the enterprise project function is not enabled, the value is 0. + |
+
fw_instance_id + |
+No + |
+String + |
+Firewall ID, which can be obtained by referring to Obtaining a Firewall ID. + |
+
Parameter + |
+Mandatory + |
+Type + |
+Description + |
+
|---|---|---|---|
X-Auth-Token + |
+Yes + |
+String + |
+User token. You can obtain the token by referring to Obtaining a User Token. + |
+
Content-Type + |
+Yes + |
+String + |
+Content type. It can only be set to application/json. + |
+
Status code: 200
+ +Parameter + |
+Type + |
+Description + |
+
|---|---|---|
data + |
+RuleId object + |
+Rule ID. + |
+
Parameter + |
+Type + |
+Description + |
+
|---|---|---|
id + |
+String + |
+Rule ID. + |
+
name + |
+String + |
+Rule name. + |
+
Status code: 400
+ +Parameter + |
+Type + |
+Description + |
+
|---|---|---|
error_code + |
+String + |
+Error code. + |
+
error_msg + |
+String + |
+Error description. + |
+
Delete the rule ceaa0407-b9c8-4dfd-9eca-b6ead2dfd031 from project 9d80d070b6d44942af73c9c3d38e0429.
+https://{Endpoint}/v1/9d80d070b6d44942af73c9c3d38e0429/acl-rule/ceaa0407-b9c8-4dfd-9eca-b6ead2dfd031
+Status code: 200
+Data returned for rule deletion.
+{
+ "data" : {
+ "id" : "ceaa0407-b9c8-4dfd-9eca-b6ead2dfd031",
+ "name" : "name"
+ }
+}
+Status code: 400
+Bad Request
+{
+ "error_code" : "CFW.00900016",
+ "error_msg" : "Import is in progress. Please wait until it is complete."
+}
+Status Code + |
+Description + |
+
|---|---|
200 + |
+Data returned for rule deletion. + |
+
400 + |
+Bad Request + |
+
401 + |
+Unauthorized + |
+
403 + |
+Forbidden + |
+
404 + |
+Not Found + |
+
500 + |
+Internal Server Error + |
+
See Error Codes.
+This API is used to delete the number of rule hits.
+DELETE /v1/{project_id}/acl-rule/count
+ +Parameter + |
+Mandatory + |
+Type + |
+Description + |
+
|---|---|---|---|
project_id + |
+Yes + |
+String + |
+Project ID, which can be obtained by calling an API or from the console. For details, see Obtaining a Project ID. + |
+
Parameter + |
+Mandatory + |
+Type + |
+Description + |
+
|---|---|---|---|
enterprise_project_id + |
+No + |
+String + |
+Enterprise project ID, which is the ID of a project planned based on organizations. You can obtain the enterprise project ID by referring to Obtaining an Enterprise Project ID. If the enterprise project function is not enabled, the value is 0. + |
+
fw_instance_id + |
+No + |
+String + |
+Firewall ID, which can be obtained by referring to Obtaining a Firewall ID. + |
+
Parameter + |
+Mandatory + |
+Type + |
+Description + |
+
|---|---|---|---|
X-Auth-Token + |
+Yes + |
+String + |
+User token. You can obtain the token by referring to Obtaining a User Token. + |
+
Content-Type + |
+Yes + |
+String + |
+Content type. It can only be set to application/json. + |
+
Parameter + |
+Mandatory + |
+Type + |
+Description + |
+
|---|---|---|---|
rule_ids + |
+Yes + |
+Array of strings + |
+List of rules deleted during rule hit deletion. Rule IDs can be obtained by calling the API for querying protection rules. Find the value in data.records.rule_id (The period [.] is used to separate different levels of objects). + |
+
Status code: 200
+ +Parameter + |
+Type + |
+Description + |
+
|---|---|---|
- + |
+String + |
++ |
Status code: 400
+ +Parameter + |
+Type + |
+Description + |
+
|---|---|---|
error_code + |
+String + |
+Error code. + |
+
error_msg + |
+String + |
+Error description. + |
+
Clear the hits of ACL rule 59ff6bd9-0a76-41ec-9650-380086069965 whose project ID is 0b2179bbe180d3762fb0c01a2d5725c7.
+https://{Endpoint}/v1/0b2179bbe180d3762fb0c01a2d5725c7/acl-rule/count
+
+{
+ "rule_ids" : [ "59ff6bd9-0a76-41ec-9650-380086069965" ]
+}
+Status code: 200
+OK
+{ }
+Status code: 400
+Bad Request
+{
+ "error_code" : "CFW.00400006",
+ "error_msg" : "Error occurred when deleting the rule hit count."
+}
+Status Code + |
+Description + |
+
|---|---|
200 + |
+OK + |
+
400 + |
+Bad Request + |
+
401 + |
+Unauthorized + |
+
403 + |
+Forbidden + |
+
404 + |
+Not Found + |
+
500 + |
+Internal Server Error + |
+
See Error Codes.
+This API is used to delete a member from an address group.
+DELETE /v1/{project_id}/address-items/{item_id}
+ +Parameter + |
+Mandatory + |
+Type + |
+Description + |
+
|---|---|---|---|
item_id + |
+Yes + |
+String + |
+Address group member ID, which can be obtained by calling the API for querying address group members. Find the value in data.records.item_id (The period [.] is used to separate different levels of objects). + |
+
project_id + |
+Yes + |
+String + |
+Project ID, which can be obtained by calling an API or from the console. For details, see Obtaining a Project ID. + |
+
Parameter + |
+Mandatory + |
+Type + |
+Description + |
+
|---|---|---|---|
enterprise_project_id + |
+No + |
+String + |
+Enterprise project ID, which is the ID of a project planned based on organizations. You can obtain the enterprise project ID by referring to Obtaining an Enterprise Project ID. If the enterprise project function is not enabled, the value is 0. + |
+
fw_instance_id + |
+No + |
+String + |
+Firewall ID, which can be obtained by referring to Obtaining a Firewall ID. + |
+
Parameter + |
+Mandatory + |
+Type + |
+Description + |
+
|---|---|---|---|
X-Auth-Token + |
+Yes + |
+String + |
+User token. You can obtain the token by referring to Obtaining a User Token. + |
+
Content-Type + |
+Yes + |
+String + |
+Content type. It can only be set to application/json. + |
+
Status code: 200
+ +Parameter + |
+Type + |
+Description + |
+
|---|---|---|
data + |
+Array of AddressItemId objects + |
+Delete an address group member ID. + |
+
Parameter + |
+Type + |
+Description + |
+
|---|---|---|
id + |
+String + |
+ID of an address group member. + |
+
name + |
+String + |
+Name of an address group member. + |
+
Status code: 400
+ +Parameter + |
+Type + |
+Description + |
+
|---|---|---|
error_code + |
+String + |
+Error code. + |
+
error_msg + |
+String + |
+Error description. + |
+
Delete address group member 65cb47fc-e666-4af4-8c2c-1fbd2f4b1eae from project 9d80d070b6d44942af73c9c3d38e0429.
+https://{Endpoint}/v1/9d80d070b6d44942af73c9c3d38e0429/address-items/65cb47fc-e666-4af4-8c2c-1fbd2f4b1eae
+Status code: 200
+Return value for deleting an address group member.
+{
+ "data" : {
+ "id" : "65cb47fc-e666-4af4-8c2c-1fbd2f4b1eae",
+ "name" : "test"
+ }
+}
+Status code: 400
+Bad Request
+{
+ "error_code" : "CFW.0020016",
+ "error_msg" : "Incorrect instance status."
+}
+Status Code + |
+Description + |
+
|---|---|
200 + |
+Return value for deleting an address group member. + |
+
400 + |
+Bad Request + |
+
401 + |
+Unauthorized + |
+
403 + |
+Forbidden + |
+
404 + |
+Not Found + |
+
500 + |
+Internal Server Error + |
+
See Error Codes.
+This API is used to delete an address group.
+DELETE /v1/{project_id}/address-sets/{set_id}
+ +Parameter + |
+Mandatory + |
+Type + |
+Description + |
+
|---|---|---|---|
project_id + |
+Yes + |
+String + |
+Project ID, which can be obtained by calling an API or from the console. For details, see Obtaining a Project ID. + |
+
set_id + |
+Yes + |
+String + |
+Address group ID, which can be obtained by calling the API for querying the address group list. Find the value in data.records.set_id (The period [.] is used to separate different levels of objects). + |
+
Parameter + |
+Mandatory + |
+Type + |
+Description + |
+
|---|---|---|---|
enterprise_project_id + |
+No + |
+String + |
+Enterprise project ID, which is the ID of a project planned based on organizations. You can obtain the enterprise project ID by referring to Obtaining an Enterprise Project ID. If the enterprise project function is not enabled, the value is 0. + |
+
fw_instance_id + |
+No + |
+String + |
+Firewall ID, which can be obtained by referring to Obtaining a Firewall ID. + |
+
Parameter + |
+Mandatory + |
+Type + |
+Description + |
+
|---|---|---|---|
X-Auth-Token + |
+Yes + |
+String + |
+User token. You can obtain the token by referring to Obtaining a User Token. + |
+
Content-Type + |
+Yes + |
+String + |
+Content type. It can only be set to application/json. + |
+
Status code: 200
+ +Parameter + |
+Type + |
+Description + |
+
|---|---|---|
data + |
+AddressSetId object + |
+Data returned after an address group is deleted. + |
+
Parameter + |
+Type + |
+Description + |
+
|---|---|---|
id + |
+String + |
+Address group ID. + |
+
name + |
+String + |
+IP address group name. + |
+
Status code: 400
+ +Parameter + |
+Type + |
+Description + |
+
|---|---|---|
error_code + |
+String + |
+Error code. + |
+
error_msg + |
+String + |
+Error description. + |
+
Delete address group cf18f0b1-0ce7-4eb8-83b6-4b33c8448e16 from project 9d80d070b6d44942af73c9c3d38e0429.
+https://{Endpoint}/v1/9d80d070b6d44942af73c9c3d38e0429/address-sets/cf18f0b1-0ce7-4eb8-83b6-4b33c8448e16
+Status code: 200
+Return value for deleting an address group.
+{
+ "data" : {
+ "id" : "cf18f0b1-0ce7-4eb8-83b6-4b33c8448e16",
+ "name" : "test"
+ }
+}
+Status code: 400
+Bad Request
+{
+ "error_code" : "CFW.00200004",
+ "error_msg" : "Failed to delete the resource because it is being referenced."
+}
+Status Code + |
+Description + |
+
|---|---|
200 + |
+Return value for deleting an address group. + |
+
400 + |
+Bad Request + |
+
401 + |
+Unauthorized + |
+
403 + |
+Forbidden + |
+
404 + |
+Not Found + |
+
500 + |
+Internal Server Error + |
+
See Error Codes.
+This API is used to delete a blacklist or whitelist rule.
+DELETE /v1/{project_id}/black-white-list/{list_id}
+ +Parameter + |
+Mandatory + |
+Type + |
+Description + |
+
|---|---|---|---|
project_id + |
+Yes + |
+String + |
+Project ID, which can be obtained by calling an API or from the console. For details, see Obtaining a Project ID. + |
+
list_id + |
+Yes + |
+String + |
+Blacklist or whitelist ID, which can be obtained through the API for querying the blacklist or whitelist. Find the value in data.records.list_id (The period [.] is used to separate different levels of objects). + |
+
Parameter + |
+Mandatory + |
+Type + |
+Description + |
+
|---|---|---|---|
enterprise_project_id + |
+No + |
+String + |
+Enterprise project ID, which is the ID of a project planned based on organizations. You can obtain the enterprise project ID by referring to Obtaining an Enterprise Project ID. If the enterprise project function is not enabled, the value is 0. + |
+
fw_instance_id + |
+No + |
+String + |
+Firewall ID, which can be obtained by referring to Obtaining a Firewall ID. + |
+
Parameter + |
+Mandatory + |
+Type + |
+Description + |
+
|---|---|---|---|
X-Auth-Token + |
+Yes + |
+String + |
+User token. You can obtain the token by referring to Obtaining a User Token. + |
+
Content-Type + |
+Yes + |
+String + |
+Content type. It can only be set to application/json. + |
+
Status code: 200
+ +Parameter + |
+Type + |
+Description + |
+
|---|---|---|
data + |
+BlackWhiteListId object + |
+Response to the request for deleting a blacklist/whitelist item. + |
+
Parameter + |
+Type + |
+Description + |
+
|---|---|---|
id + |
+String + |
+Blacklist/Whitelist ID. + |
+
name + |
+String + |
+Blacklist/Whitelist name. + |
+
Status code: 400
+ +Parameter + |
+Type + |
+Description + |
+
|---|---|---|
error_code + |
+String + |
+Error code. + |
+
error_msg + |
+String + |
+Error description. + |
+
Delete the blacklist or whitelist whose ID is 2eee3fe8-0b9b-49ac-8e7f-eaafa321e99a from the project 9d80d070b6d44942af73c9c3d38e0429.
+https://{Endpoint}/v1/9d80d070b6d44942af73c9c3d38e0429/black-white-list/2eee3fe8-0b9b-49ac-8e7f-eaafa321e99a
+Status code: 200
+Blacklist/Whitelist deletion response.
+{
+ "data" : {
+ "id" : "2eee3fe8-0b9b-49ac-8e7f-eaafa321e99a"
+ }
+}
+Status code: 400
+Bad Request
+{
+ "error_code" : "CFW.00200005",
+ "error_msg" : "Object not found."
+}
+Status Code + |
+Description + |
+
|---|---|
200 + |
+Blacklist/Whitelist deletion response. + |
+
400 + |
+Bad Request + |
+
401 + |
+Unauthorized + |
+
403 + |
+Forbidden + |
+
404 + |
+Not Found + |
+
500 + |
+Internal Server Error + |
+
See Error Codes.
+This API is used to delete a domain name group.
+DELETE /v1/{project_id}/domain-set/{set_id}
+ +Parameter + |
+Mandatory + |
+Type + |
+Description + |
+
|---|---|---|---|
project_id + |
+Yes + |
+String + |
+Project ID, which can be obtained by calling an API or from the console. For details, see Obtaining a Project ID. + |
+
set_id + |
+Yes + |
+String + |
+Domain name group ID, which can be obtained by calling the API for querying the domain name group list. Find the value in data.records.set_id (The period [.] is used to separate different levels of objects). + |
+
Parameter + |
+Mandatory + |
+Type + |
+Description + |
+
|---|---|---|---|
enterprise_project_id + |
+No + |
+String + |
+Enterprise project ID, which is the ID of a project planned based on organizations. You can obtain the enterprise project ID by referring to Obtaining an Enterprise Project ID. If the enterprise project function is not enabled, the value is 0. + |
+
fw_instance_id + |
+Yes + |
+String + |
+Firewall ID, which can be obtained by referring to Obtaining a Firewall ID. + |
+
Parameter + |
+Mandatory + |
+Type + |
+Description + |
+
|---|---|---|---|
X-Auth-Token + |
+Yes + |
+String + |
+User token. You can obtain the token by referring to Obtaining a User Token. + |
+
Content-Type + |
+Yes + |
+String + |
+Content type. It can only be set to application/json. + |
+
Status code: 200
+ +Parameter + |
+Type + |
+Description + |
+
|---|---|---|
data + |
+DomainSetResponseData object + |
+Returned data for deleting a domain name group. + |
+
Delete domain name group 89bce6a4-9b59-4d7a-b5f9-cac5ac16d88a from firewall 7a004e79-0b8b-4679-ab20-267f3946e8ba in project 9d80d070b6d44942af73c9c3d38e0429.
+https://{Endpoint}/v1/9d80d070b6d44942af73c9c3d38e0429/domain-set/89bce6a4-9b59-4d7a-b5f9-cac5ac16d88a?fw_instance_id=7a004e79-0b8b-4679-ab20-267f3946e8ba&enterprise_project_id=default
+Status code: 200
+Return value for deleting a domain name group.
+{
+ "data" : {
+ "id" : "89bce6a4-9b59-4d7a-b5f9-cac5ac16d88a",
+ "name" : "test"
+ }
+}
+Status Code + |
+Description + |
+
|---|---|
200 + |
+Return value for deleting a domain name group. + |
+
See Error Codes.
+This API is used to delete a domain name list.
+DELETE /v1/{project_id}/domain-set/domains/{set_id}
+ +Parameter + |
+Mandatory + |
+Type + |
+Description + |
+
|---|---|---|---|
project_id + |
+Yes + |
+String + |
+Project ID, which can be obtained by calling an API or from the console. For details, see Obtaining a Project ID. + |
+
set_id + |
+Yes + |
+String + |
+Domain name group ID, which can be obtained by calling the API for querying the domain name group list. Find the value in data.records.set_id (The period [.] is used to separate different levels of objects). + |
+
Parameter + |
+Mandatory + |
+Type + |
+Description + |
+
|---|---|---|---|
enterprise_project_id + |
+No + |
+String + |
+Enterprise project ID, which is the ID of a project planned based on organizations. You can obtain the enterprise project ID by referring to Obtaining an Enterprise Project ID. If the enterprise project function is not enabled, the value is 0. + |
+
fw_instance_id + |
+No + |
+String + |
+Firewall ID, which can be obtained by referring to Obtaining a Firewall ID. + |
+
Parameter + |
+Mandatory + |
+Type + |
+Description + |
+
|---|---|---|---|
X-Auth-Token + |
+Yes + |
+String + |
+User token. You can obtain the token by referring to Obtaining a User Token. + |
+
Content-Type + |
+Yes + |
+String + |
+Content type. It can only be set to application/json. + |
+
Parameter + |
+Mandatory + |
+Type + |
+Description + |
+
|---|---|---|---|
object_id + |
+Yes + |
+String + |
+Protected object ID, which is used to distinguish between Internet border protection and VPC border protection after a cloud firewall is created. You can obtain the ID by calling the API for querying firewall instances. In the return value, find the ID in data.records.protect_objects.object_id (The period [.] is used to separate different levels of objects). If the value of type is 0, the protected object ID belongs to the Internet border. If the value of type is 1, the protected object ID belongs to the VPC border. You can obtain the value of type from data.records.protect_objects.type (The period [.] is used to separate different levels of objects). + |
+
domain_address_ids + |
+Yes + |
+Array of strings + |
+Domain name ID list. Domain name IDs can be obtained by calling the API for querying the domain name list under a domain name group. Find the value in data.records.domain_address_id (The period [.] is used to separate different levels of objects). + |
+
Status code: 200
+ +Parameter + |
+Type + |
+Description + |
+
|---|---|---|
data + |
+DomainSetResponseData object + |
+Returned data for deleting a domain name list. + |
+
In project 14181c1245cf4fd786824efe1e2b9388, delete domain names from domain name group 78719348-6d79-477e-acec-676a29842ab2. The firewall ID is 546af3f8-88e9-47f2-a205-2346d7090925, the protected object ID is ae42418e-f077-41a0-9d3b-5b2f5ad9102b, the domain name group ID is 78719348-6d79-477e-acec-676a29842ab2, and the domain list is "b9c23ad8-16d2-4f14-894f-29250c5d27e5", "c36f9462-467b-4303-9734-f9abc38ddb95".
+https://{Endpoint}/v1/14181c1245cf4fd786824efe1e2b9388/domain-set/domains/78719348-6d79-477e-acec-676a29842ab2?fw_instance_id=546af3f8-88e9-47f2-a205-2346d7090925&enterprise_project_id=default
+
+{
+ "domain_address_ids" : [ "b9c23ad8-16d2-4f14-894f-29250c5d27e5", "c36f9462-467b-4303-9734-f9abc38ddb95" ],
+ "object_id" : "ae42418e-f077-41a0-9d3b-5b2f5ad9102b"
+}
+Status code: 200
+Return value for deleting a domain name list.
+{
+ "data" : {
+ "id" : "78719348-6d79-477e-acec-676a29842ab2",
+ "name" : "test26"
+ }
+}
+Status Code + |
+Description + |
+
|---|---|
200 + |
+Return value for deleting a domain name list. + |
+
See Error Codes.
+This API is used to delete a firewall. It takes effect only for pay-per-use firewalls.
+DELETE /v2/{project_id}/firewall/{resource_id}
+ +Parameter + |
+Mandatory + |
+Type + |
+Description + |
+
|---|---|---|---|
project_id + |
+Yes + |
+String + |
+Project ID, which can be obtained by calling an API or from the console. For details, see Obtaining a Project ID. + |
+
resource_id + |
+Yes + |
+String + |
+Firewall ID, which can be obtained by referring to Obtaining a Firewall ID. + |
+
Parameter + |
+Mandatory + |
+Type + |
+Description + |
+
|---|---|---|---|
X-Auth-Token + |
+Yes + |
+String + |
+User token. You can obtain the token by referring to Obtaining a User Token. + |
+
Content-Type + |
+Yes + |
+String + |
+Content type. It can only be set to application/json. + |
+
Status code: 200
+ +Parameter + |
+Type + |
+Description + |
+
|---|---|---|
data + |
+String + |
+ID of a firewall deletion task. + |
+
Delete the pay-per-use firewall 08065281-860a-4c98-aeb5-82cf65c44c46 from project 06217ebc876e427a80a2c05d51264ab1.
+https://{Endpoint}/v2/06217ebc876e427a80a2c05d51264ab1/firewall/08065281-860a-4c98-aeb5-82cf65c44c46
+Status code: 200
+Return value for deleting a firewall.
+{
+ "data" : "56884cd0-cf3c-4cb7-bbeb-59d8722a2671"
+}
+Status Code + |
+Description + |
+
|---|---|
200 + |
+Return value for deleting a firewall. + |
+
See Error Codes.
+This API is used to delete a member from a service group.
+DELETE /v1/{project_id}/service-items/{item_id}
+ +Parameter + |
+Mandatory + |
+Type + |
+Description + |
+
|---|---|---|---|
project_id + |
+Yes + |
+String + |
+Project ID, which can be obtained by calling an API or from the console. For details, see Obtaining a Project ID. + |
+
item_id + |
+Yes + |
+String + |
+Service group member ID, which can be obtained by calling the API for querying the service group member list. Find the value in data.records.item_id (The period [.] is used to separate different levels of objects). + |
+
Parameter + |
+Mandatory + |
+Type + |
+Description + |
+
|---|---|---|---|
enterprise_project_id + |
+No + |
+String + |
+Enterprise project ID, which is the ID of a project planned based on organizations. You can obtain the enterprise project ID by referring to Obtaining an Enterprise Project ID. If the enterprise project function is not enabled, the value is 0. + |
+
fw_instance_id + |
+No + |
+String + |
+Firewall ID, which can be obtained by referring to Obtaining a Firewall ID. + |
+
Parameter + |
+Mandatory + |
+Type + |
+Description + |
+
|---|---|---|---|
X-Auth-Token + |
+Yes + |
+String + |
+User token. You can obtain the token by referring to Obtaining a User Token. + |
+
Content-Type + |
+Yes + |
+String + |
+Content type. It can only be set to application/json. + |
+
Status code: 200
+ +Parameter + |
+Type + |
+Description + |
+
|---|---|---|
data + |
++ | +Delete service group member data. + |
+
Parameter + |
+Type + |
+Description + |
+
|---|---|---|
id + |
+String + |
+Service group member ID. + |
+
name + |
+String + |
+Service group member name. + |
+
Status code: 400
+ +Parameter + |
+Type + |
+Description + |
+
|---|---|---|
error_code + |
+String + |
+Error code. + |
+
error_msg + |
+String + |
+Error description. + |
+
Delete the service group member whose ID is 6b37ed55-1e21-46a5-a7dc-a59ef418d359 from project 9d80d070b6d44942af73c9c3d38e0429.
+https://{Endpoint}/v1/9d80d070b6d44942af73c9c3d38e0429/service-items/6b37ed55-1e21-46a5-a7dc-a59ef418d359
+Status code: 200
+Information returned for service group member deletion.
+{
+ "data" : {
+ "id" : "26f562c4-fe11-43d0-9654-f54298d5b12e",
+ "name" : "0|1"
+ }
+}
+Status code: 400
+Bad Request
+{
+ "error_code" : "CFW.0020016",
+ "error_msg" : "Incorrect instance status."
+}
+Status Code + |
+Description + |
+
|---|---|
200 + |
+Information returned for service group member deletion. + |
+
400 + |
+Bad Request + |
+
401 + |
+Unauthorized + |
+
403 + |
+Forbidden + |
+
404 + |
+Not Found + |
+
500 + |
+Internal Server Error + |
+
See Error Codes.
+This API is used to delete a service group.
+DELETE /v1/{project_id}/service-sets/{set_id}
+ +Parameter + |
+Mandatory + |
+Type + |
+Description + |
+
|---|---|---|---|
project_id + |
+Yes + |
+String + |
+Project ID, which can be obtained by calling an API or from the console. For details, see Obtaining a Project ID. + |
+
set_id + |
+Yes + |
+String + |
+Service group ID, which can be obtained by calling the API for querying the service group list. Find the value in data.records.set_id (The period [.] is used to separate different levels of objects). + |
+
Parameter + |
+Mandatory + |
+Type + |
+Description + |
+
|---|---|---|---|
enterprise_project_id + |
+No + |
+String + |
+Enterprise project ID, which is the ID of a project planned based on organizations. You can obtain the enterprise project ID by referring to Obtaining an Enterprise Project ID. If the enterprise project function is not enabled, the value is 0. + |
+
fw_instance_id + |
+No + |
+String + |
+Firewall ID, which can be obtained by referring to Obtaining a Firewall ID. + |
+
Parameter + |
+Mandatory + |
+Type + |
+Description + |
+
|---|---|---|---|
X-Auth-Token + |
+Yes + |
+String + |
+User token. You can obtain the token by referring to Obtaining a User Token. + |
+
Content-Type + |
+Yes + |
+String + |
+Content type. It can only be set to application/json. + |
+
Status code: 200
+ +Parameter + |
+Type + |
+Description + |
+
|---|---|---|
data + |
+ServiceSetId object + |
+Data returned for deleting a service group. + |
+
Parameter + |
+Type + |
+Description + |
+
|---|---|---|
id + |
+String + |
+Service group ID. + |
+
name + |
+String + |
+Service group name. + |
+
Status code: 400
+ +Parameter + |
+Type + |
+Description + |
+
|---|---|---|
error_code + |
+String + |
+Error code. + |
+
error_msg + |
+String + |
+Error description. + |
+
Delete service group 221cfdca-3abf-4c30-ab0d-516a03c70866 in project 9d80d070b6d44942af73c9c3d38e0429.
+https://{Endpoint}/v1/9d80d070b6d44942af73c9c3d38e0429/service-sets/221cfdca-3abf-4c30-ab0d-516a03c70866
+Status code: 200
+Return value for deleting a service group.
+{
+ "data" : {
+ "id" : "221cfdca-3abf-4c30-ab0d-516a03c70866",
+ "name" : "test"
+ }
+}
+Status code: 400
+Bad Request
+{
+ "error_code" : "CFW.00200004",
+ "error_msg" : "Failed to delete the resource because it is being referenced."
+}
+Status Code + |
+Description + |
+
|---|---|
200 + |
+Return value for deleting a service group. + |
+
400 + |
+Bad Request + |
+
401 + |
+Unauthorized + |
+
403 + |
+Forbidden + |
+
404 + |
+Not Found + |
+
500 + |
+Internal Server Error + |
+
See Error Codes.
+This API is used to delete a tag.
+DELETE /v2/{project_id}/cfw-cfw/{fw_instance_id}/tags/delete
+ +Parameter + |
+Mandatory + |
+Type + |
+Description + |
+
|---|---|---|---|
project_id + |
+Yes + |
+String + |
+Project ID, which can be obtained by calling an API or from the console. For details, see Obtaining a Project ID. + |
+
fw_instance_id + |
+Yes + |
+String + |
+Firewall ID, which can be obtained by referring to Obtaining a Firewall ID. + |
+
Parameter + |
+Mandatory + |
+Type + |
+Description + |
+
|---|---|---|---|
X-Auth-Token + |
+Yes + |
+String + |
+User token. You can obtain the token by referring to Obtaining a User Token. + |
+
Content-Type + |
+Yes + |
+String + |
+Content type. It can only be set to application/json. + |
+
Parameter + |
+Mandatory + |
+Type + |
+Description + |
+
|---|---|---|---|
tags + |
+No + |
+Array of ResourceTag objects + |
+Firewall tag list. + |
+
Status code: 200
+ +Parameter + |
+Type + |
+Description + |
+
|---|---|---|
- + |
+String + |
++ |
Delete a tag from firewall 5e7eba7f-5de4-4ce9-8f60-11330dfc6565 in project 0b2179bbe180d3762fb0c01a2d5725c7. The tag key is keytest and the tag value is valuetest.
+https://{Endpoint}/v2/408972e72dcd4c1a9b033e955802a36b/cfw-cfw/5e7eba7f-5de4-4ce9-8f60-11330dfc6565/tags/delete
+
+{
+ "tags" : [ {
+ "key" : "keytest",
+ "value" : "valuetest"
+ } ]
+}
+None
+Status Code + |
+Description + |
+
|---|---|
200 + |
+OK + |
+
See Error Codes.
+Module + |
+Status Code + |
+Error Code + |
+Message + |
+Description + |
+Measure + |
+
|---|---|---|---|---|---|
Common module + |
+400 + |
+CFW.00109004 + |
+HTTP request error + |
+HTTP request error + |
+Try again later or contact technical support. + |
+
400 + |
+CFW.00300001 + |
+Failed to query the database. + |
+Failed to query the database. + |
+Contact technical support. + |
+|
400 + |
+CFW.00400008 + |
+The protected object does not exist. + |
+The protected object does not exist. + |
+Contact technical support. + |
+|
400 + |
+CFW.00800001 + |
+An exception occurred when querying ETCD. + |
+An exception occurred when querying ETCD. + |
+Contact technical support. + |
+|
400 + |
+CFW.00800002 + |
+An exception occurred when querying ETCD. + |
+An exception occurred when querying ETCD. + |
+Contact technical support. + |
+|
400 + |
+CFW.00800003 + |
+An exception occurred when querying ETCD. + |
+An exception occurred when querying ETCD. + |
+Contact technical support. + |
+|
400 + |
+CFW.01100008 + |
+Configurations cannot be delivered during cluster scale-out. + |
+Configurations cannot be delivered during cluster scale-out. + |
+Contact technical support. + |
+|
DNS resolution + |
+400 + |
+CFW.00200005 + |
+The domain name group in the request does not exist. + |
+The domain name group in the request does not exist. + |
+Check whether the domain name group carried in the request exists. + |
+
Deleting a domain name + |
+400 + |
+CFW.00200005 + |
+The domain name group in the request does not exist. + |
+The domain name group in the request does not exist. + |
+Check whether the domain name group carried in the request exists. + |
+
Deleting a domain name group + |
+400 + |
+CFW.00200004 + |
+The domain name group to be deleted is referenced. + |
+The domain name group to be deleted is referenced. + |
+Delete the rules that reference the domain name group and then delete the domain name group. + |
+
400 + |
+CFW.00200005 + |
+The domain name group in the request does not exist. + |
+The domain name group in the request does not exist. + |
+Check whether the domain name group carried in the request exists. + |
+|
Updating a domain group + |
+400 + |
+CFW.00200005 + |
+The domain name group in the request does not exist. + |
+The domain name group in the request does not exist. + |
+Check whether the domain name group carried in the request exists. + |
+
Querying access control logs + |
+400 + |
+CFW.00500002 + |
+Invalid interval + |
+Invalid interval + |
+Contact technical support. + |
+
Querying attack logs + |
+400 + |
+CFW.00500002 + |
+Invalid interval + |
+Invalid interval + |
+Contact technical support. + |
+
400 + |
+CFW.00500004 + |
+The page jump spacing is too large. + |
+The page jump spacing is too large. + |
+Contact technical support. + |
+|
Querying traffic logs + |
+400 + |
+CFW.00500002 + |
+Invalid interval + |
+Invalid interval + |
+Contact technical support. + |
+
Querying the protected EIP list + |
+400 + |
+CFW.00200030 + |
+Incorrect address type + |
+Incorrect address type + |
+Contact technical support. + |
+
400 + |
+CFW.00200016 + |
+Incorrect instance status + |
+Incorrect instance status + |
+Contact technical support. + |
+|
Querying the rule list + |
+400 + |
+CFW.00200030 + |
+Incorrect address type + |
+Incorrect address type + |
+Contact technical support. + |
+
Adding an ACL rule + |
+400 + |
+CFW.00200001 + |
+The rule direction cannot be empty. + |
+The rule direction cannot be empty. + |
+Check whether the rule direction in the request parameter is empty. + |
+
400 + |
+CFW.00200005 + |
+The address group ID in the request does not exist. + |
+The address group ID in the request does not exist. + |
+Check whether the address group ID carried in the request exists. + |
+|
400 + |
+CFW.00200005 + |
+The service group ID in the request does not exist. + |
+The service group ID in the request does not exist. + |
+Check whether the service group ID in the request exists. + |
+|
400 + |
+CFW.00200005 + |
+The domain name group in the request does not exist. + |
+The domain name group in the request does not exist. + |
+Check whether the domain name group carried in the request exists. + |
+|
400 + |
+CFW.00200007 + |
+The rule name carried in the request is the same as a rule name in the database. + |
+The rule name carried in the request is the same as a rule name in the database. + |
+Delete duplicate rules from the request. + |
+|
400 + |
+CFW.00200020 + |
+Up to 20 ACL rules can be added. + |
+Up to 20 ACL rules can be added. + |
+Reduce the number of ACL rules to be added. + |
+|
400 + |
+CFW.00200025 + |
+The time limit of persistent connection is exceeded. + |
+The time limit of persistent connection is exceeded. + |
+Ensure that the duration of the persistent connection is in the range from 1 second to 1000 days. + |
+|
400 + |
+CFW.00200026 + |
+The number of persistent connection rules reaches the upper limit. + |
+The number of persistent connection rules reaches the upper limit. + |
+Delete unnecessary persistent connection rules. + |
+|
400 + |
+CFW.00200028 + |
+Inconsistent address types + |
+Inconsistent address types + |
+Ensure the address types are the same. + |
+|
400 + |
+CFW.00200032 + |
+The engine does not support IPv6. + |
+The engine does not support IPv6. + |
+Contact technical support. + |
+|
400 + |
+CFW.00400007 + |
+The types of the added rules are inconsistent. + |
+The types of the added rules are inconsistent. + |
+Ensure the types of the added rules are the same. + |
+|
400 + |
+CFW.00400010 + |
+The protocol is not supported by the persistent connection. + |
+The protocol is not supported by the persistent connection. + |
+Ensure the protocol is TCP or UDP. + |
+|
Updating an ACL rule + |
+400 + |
+CFW.00200005 + |
+The address group ID in the request does not exist. + |
+The address group ID in the request does not exist. + |
+Check whether the address group ID carried in the request is correct. + |
+
400 + |
+CFW.00200005 + |
+The service group ID in the request does not exist. + |
+The service group ID in the request does not exist. + |
+Check whether the service group ID carried in the request is correct. + |
+|
400 + |
+CFW.00200005 + |
+The domain name group in the request does not exist. + |
+The domain name group in the request does not exist. + |
+Check whether the domain name group carried in the request is correct. + |
+|
400 + |
+CFW.00200007 + |
+The rule name carried in the request is the same as a rule name in the database. + |
+The rule name carried in the request is the same as a rule name in the database. + |
+Delete duplicate rules from the request. + |
+|
400 + |
+CFW.00200025 + |
+The time limit of persistent connection is exceeded. + |
+The time limit of persistent connection is exceeded. + |
+Ensure that the duration of the persistent connection is in the range from 1 second to 1000 days. + |
+|
400 + |
+CFW.00200026 + |
+The number of persistent connection rules reaches the upper limit. + |
+The number of persistent connection rules reaches the upper limit. + |
+Delete unnecessary persistent connection rules. + |
+|
400 + |
+CFW.00200028 + |
+Inconsistent address types + |
+Inconsistent address types + |
+Ensure the address types are the same. + |
+|
400 + |
+CFW.00400010 + |
+The protocol is not supported by the persistent connection. + |
+The protocol is not supported by the persistent connection. + |
+Ensure the protocol is TCP or UDP. + |
+|
Modifying the priority of an ACL rule + |
+400 + |
+CFW.00400002 + |
+No operation is required. + |
+No operation is required. + |
+Contact technical support. + |
+
Deleting the rule hit count + |
+400 + |
+CFW.00400006 + |
+An error occurred when the rule hit count is deleted. + |
+An error occurred when the rule hit count is deleted. + |
+Check whether the parameter value is valid. + |
+
Creating an east-west CFW instance + |
+400 + |
+CFW.00700001 + |
+The associated ER does not exist. + |
+The associated ER does not exist. + |
+The associated ER does not exist. + |
+
400 + |
+CFW.00700002 + |
+The associated VPC does not exist. + |
+The associated VPC does not exist. + |
+Check whether the VPC exists. + |
+|
400 + |
+CFW.00700003 + |
+The network segments of the associated subnets conflict. + |
+The network segments of the associated subnets conflict. + |
+Ensure the subnet to be created does not overlap with the subnet CIDR block in the existing VPC. + |
+|
400 + |
+CFW.00700004 + |
+Failed to create the subnet. + |
+Failed to create the subnet. + |
+Contact technical support. + |
+|
400 + |
+CFW.00700007 + |
+ER failed to create a VPC connection + |
+ER failed to create a VPC connection + |
+Contact technical support. + |
+|
400 + |
+CFW.00700012 + |
+Failed to modify the route. + |
+Failed to modify the route. + |
+Contact technical support. + |
+|
400 + |
+CFW.00700015 + |
+Failed to query VPC quotas. + |
+Failed to query VPC quotas. + |
+Contact technical support. + |
+|
400 + |
+CFW.00700016 + |
+Insufficient route table quota for the VPC. + |
+Insufficient route table quota for the VPC. + |
+Delete the existing route table in the VPC. + |
+|
Changing the east-west protection status + |
+400 + |
+CFW.00200016 + |
+Incorrect instance status + |
+Incorrect instance status + |
+Contact technical support. + |
+
Creating a firewall + |
+400 + |
+CFW.00600003 + |
+The available specifications are empty. + |
+The available specifications are empty. + |
+Contact technical support. + |
+
Deleting a firewall + |
+400 + |
+CFW.00200016 + |
+Incorrect instance status + |
+Incorrect instance status + |
+Contact technical support. + |
+
Adding an address group + |
+400 + |
+CFW.00200001 + |
+The address group name is empty. + |
+The address group name is empty. + |
+Check whether the address group name in the request is empty. + |
+
400 + |
+CFW.00200007 + |
+The address group name carried in the request is the same as an address group name in the database. + |
+The address group name carried in the request is the same as an address group name in the database. + |
+Delete duplicate address group names from the request. + |
+|
400 + |
+CFW.00200032 + |
+The engine does not support IPv6. + |
+The engine does not support IPv6. + |
+Contact technical support. + |
+|
400 + |
+CFW.00900020 + |
+The number of address groups exceeds the upper limit. + |
+The number of address groups exceeds the upper limit. + |
+Delete some address groups. + |
+|
Adding an address group member list + |
+400 + |
+CFW.00200001 + |
+The address group member list is empty. + |
+The address group member list is empty. + |
+Check whether the address group member list in the request is empty. + |
+
Obtaining the address group list + |
+400 + |
+CFW.00200030 + |
+Incorrect address type + |
+Incorrect address type + |
+Contact technical support. + |
+
Updating an address group + |
+400 + |
+CFW.00200005 + |
+The address group in the request does not exist. + |
+The address group in the request does not exist. + |
+Check whether the address group carried in the request exists. + |
+
400 + |
+CFW.00200007 + |
+The address group name carried in the request is the same as an address group name in the database. + |
+The address group name carried in the request is the same as an address group name in the database. + |
+Delete duplicate address group names from the request. + |
+|
400 + |
+CFW.00200016 + |
+Incorrect instance status + |
+Incorrect instance status + |
+Contact technical support. + |
+|
Deleting an address group + |
+400 + |
+CFW.00200004 + |
+The address group to be deleted is being referenced. + |
+The address group to be deleted is being referenced. + |
+Delete the rules that reference the address group and then delete the address group. + |
+
400 + |
+CFW.00200005 + |
+The address group in the request does not exist. + |
+The address group in the request does not exist. + |
+Check whether the address group carried in the request exists. + |
+|
Updating members in an address group + |
+400 + |
+CFW.00400004 + |
+The member already exists. + |
+The member already exists. + |
+Delete unnecessary address group members. + |
+
Adding a service group + |
+400 + |
+CFW.00200007 + |
+The service group name carried in the request is the same as a service group name in the database. + |
+The service group name carried in the request is the same as a service group name in the database. + |
+Delete duplicate service group names from the request. + |
+
400 + |
+CFW.00200024 + |
+The number of added service groups exceeds the upper limit. + |
+The number of added service groups exceeds the upper limit. + |
+Remove unnecessary service groups and try again. + |
+|
Adding a member to a service group + |
+400 + |
+CFW.00400004 + |
+The member already exists. + |
+The member already exists. + |
+Delete unnecessary service group members. + |
+
400 + |
+CFW.00900030 + |
+The total number of services reaches the upper limit. + |
+The total number of services reaches the upper limit. + |
+Delete unnecessary service group members. + |
+|
Updating a service group + |
+400 + |
+CFW.00200005 + |
+The service group in the request does not exist. + |
+The service group in the request does not exist. + |
+Check whether the service group in the request exists. + |
+
400 + |
+CFW.00200007 + |
+The address group name carried in the request is the same as an address group name in the database. + |
+The address group name carried in the request is the same as an address group name in the database. + |
+Delete duplicate service group names from the request. + |
+|
Deleting a service group + |
+400 + |
+CFW.00200004 + |
+The service group to be deleted is being referenced. + |
+The service group to be deleted is being referenced. + |
+Delete the rules that reference the service group and then delete the address group. + |
+
400 + |
+CFW.00200005 + |
+The service group in the request does not exist. + |
+The service group in the request does not exist. + |
+Check whether the service group in the request exists. + |
+|
Updating a member in a service group + |
+400 + |
+CFW.00400004 + |
+The member already exists. + |
+The member already exists. + |
+Delete unnecessary service group members. + |
+
Configuring the blacklist or whitelist + |
+400 + |
+CFW.00200022 + |
+It is not allowed to configuring all IP address segments in the blacklist and whitelist. + |
+It is not allowed to configuring all IP address segments in the blacklist and whitelist. + |
+Set specific IP address segments in the blacklist and whitelist. + |
+
400 + |
+CFW.00200016 + |
+Incorrect instance status + |
+Incorrect instance status + |
+Contact technical support. + |
+|
400 + |
+CFW.00200032 + |
+The engine does not support IPv6. + |
+The engine does not support IPv6. + |
+Contact technical support. + |
+|
400 + |
+CFW.00400011 + |
+Duplicate blacklist and whitelist information. + |
+Duplicate blacklist and whitelist information. + |
+Ensure unique blacklist and whitelist items are added. + |
+|
400 + |
+CFW.00400012 + |
+East-west protection does not support IPv6, and the private IP address blacklist and whitelist cannot be delivered. + |
+East-west protection does not support IPv6, and the private IP address blacklist and whitelist cannot be delivered. + |
+Add east-west protection. + |
+|
400 + |
+CFW.00400013 + |
+The number of records in the blacklist and whitelist has reached the upper limit (2000). + |
+The number of records in the blacklist and whitelist has reached the upper limit (2000). + |
+Delete unnecessary blacklist or whitelist items. + |
+|
Updating the blacklist or whitelist + |
+400 + |
+CFW.00200005 + |
+The blacklist or whitelist item carried in the request does not exist. + |
+The blacklist or whitelist item carried in the request does not exist. + |
+Check whether the blacklist and whitelist items carried in the request exist. + |
+
400 + |
+CFW.00200005 + |
+The blacklist or whitelist item carried in the request does not exist. + |
+The blacklist or whitelist item carried in the request does not exist. + |
+Check whether the blacklist and whitelist items carried in the request exist. + |
+|
400 + |
+CFW.00200022 + |
+It is not allowed to configuring all IP address segments in the blacklist and whitelist. + |
+It is not allowed to configuring all IP address segments in the blacklist and whitelist. + |
+Set specific IP address segments in the blacklist and whitelist. + |
+|
400 + |
+CFW.00200032 + |
+The engine does not support IPv6. + |
+The engine does not support IPv6. + |
+Contact technical support. + |
+|
400 + |
+CFW.00200036 + |
+The CIDR block cannot be changed to a private network segment. + |
+The CIDR block cannot be changed to a private network segment. + |
+Contact technical support. + |
+|
400 + |
+CFW.00200016 + |
+Incorrect instance status + |
+Incorrect instance status + |
+Contact technical support. + |
+|
400 + |
+CFW.00400011 + |
+Duplicate blacklist and whitelist information. + |
+Duplicate blacklist and whitelist information. + |
+Ensure unique blacklist and whitelist items are added. + |
+|
400 + |
+CFW.00200028 + |
+Inconsistent address types + |
+Inconsistent address types + |
+Ensure the address types are the same. + |
+|
Removing a blacklisted or whitelisted item + |
+400 + |
+CFW.00200005 + |
+The blacklist or whitelist item carried in the request does not exist. + |
+The blacklist or whitelist item carried in the request does not exist. + |
+Check whether the blacklist and whitelist items carried in the request exist. + |
+
User-defined IPS rules + |
+400 + |
+CFW.00200016 + |
+Incorrect instance status + |
+Incorrect instance status + |
+Contact technical support. + |
+
Changing the IPS switch status + |
+400 + |
+CFW.00200023 + |
+Failed to call the background API for modifying the IPS switch status. + |
+Failed to call the background API for modifying the IPS switch status. + |
+Try again later or contact technical support. + |
+
400 + |
+CFW.00200110 + |
+Basic defense cannot be operated. + |
+Basic defense cannot be operated. + |
+Contact technical support. + |
+|
Changing the EIP protection mode + |
+400 + |
+CFW.00200016 + |
+Incorrect instance status + |
+Incorrect instance status + |
+Contact technical support. + |
+
This API is used to query access control logs.
+GET /v1/{project_id}/cfw/logs/access-control
+ +Parameter + |
+Mandatory + |
+Type + |
+Description + |
+
|---|---|---|---|
project_id + |
+Yes + |
+String + |
+Project ID, which can be obtained by calling an API or from the console. For details, see Obtaining a Project ID. + |
+
Parameter + |
+Mandatory + |
+Type + |
+Description + |
+
|---|---|---|---|
fw_instance_id + |
+Yes + |
+String + |
+Firewall ID, which can be obtained by referring to Obtaining a Firewall ID. + |
+
rule_id + |
+No + |
+String + |
+Rule ID, which can be obtained by calling the API for querying protection rules. Find the value in data.records.rule_id (The period [.] is used to separate different levels of objects). + |
+
start_time + |
+Yes + |
+Long + |
+Start time, in milliseconds. The value is a timestamp, for example, 1718936272648. + |
+
end_time + |
+Yes + |
+Long + |
+End time, in milliseconds. The value is a timestamp, for example, 1718936272648. + |
+
src_ip + |
+No + |
+String + |
+Source IP address. + |
+
src_port + |
+No + |
+Integer + |
+Source port. + |
+
dst_ip + |
+No + |
+String + |
+Destination IP address. + |
+
dst_port + |
+No + |
+Integer + |
+Destination port. + |
+
protocol + |
+No + |
+String + |
+Protocol type. Its value can be TCP, UDP, ICMP, or ICMPv6. + |
+
app + |
+No + |
+String + |
+Rule application type. Its value can be HTTP, HTTPS, TLS1, DNS, SSH, MYSQL, SMTP, RDP, RDPS, VNC, POP3, IMAP4, SMTPS, POP3S, FTPS, ANY, or BGP. + |
+
log_id + |
+No + |
+String + |
+Document ID. For the first page, its value is null. For other pages, its value can be the log_id of the last record in the last query. + |
+
next_date + |
+No + |
+Integer + |
+Next date. For the first page, its value is null. For other pages, its value can be the start_time of the last record in the last query. + |
+
offset + |
+No + |
+Integer + |
+Offset, which specifies the start position of the record to be returned. The value must be a number greater than 0. For the first page, its value is null. For other pages, its value is not null. + |
+
limit + |
+Yes + |
+Integer + |
+Number of records displayed on each page. The value ranges from 1 to 1024. + |
+
log_type + |
+No + |
+String + |
+Log type. Its value can be internet, vpc, or nat. + |
+
enterprise_project_id + |
+No + |
+String + |
+Enterprise project ID, which is the ID of a project planned based on organizations. You can obtain the enterprise project ID by referring to Obtaining an Enterprise Project ID. If the enterprise project function is not enabled, the value is 0. + |
+
dst_host + |
+No + |
+String + |
+Destination host. + |
+
rule_name + |
+No + |
+String + |
+Rule name. + |
+
action + |
+No + |
+String + |
+Action. Its value can be permit or deny. + |
+
src_region_name + |
+No + |
+String + |
+Source region name. + |
+
dst_region_name + |
+No + |
+String + |
+Destination region name. + |
+
src_province_name + |
+No + |
+String + |
+Source province name. + |
+
dst_province_name + |
+No + |
+String + |
+Destination province name. + |
+
src_city_name + |
+No + |
+String + |
+Source city name. + |
+
dst_city_name + |
+No + |
+String + |
+Destination city name. + |
+
Parameter + |
+Mandatory + |
+Type + |
+Description + |
+
|---|---|---|---|
X-Auth-Token + |
+Yes + |
+String + |
+User token. You can obtain the token by referring to Obtaining a User Token. + |
+
Content-Type + |
+Yes + |
+String + |
+Content type. It can only be set to application/json. + |
+
Status code: 200
+ +Parameter + |
+Type + |
+Description + |
+
|---|---|---|
data + |
+data object + |
+Returned data for querying access control logs. + |
+
Parameter + |
+Type + |
+Description + |
+
|---|---|---|
total + |
+Integer + |
+Query the total number of access control logs. + |
+
limit + |
+Integer + |
+Number of records displayed on each page. The value ranges from 1 to 1024. + |
+
records + |
+Array of records objects + |
+Query access control logs. + |
+
Parameter + |
+Type + |
+Description + |
+
|---|---|---|
action + |
+String + |
+Action: 0 (allow), 1 (deny). + |
+
rule_name + |
+String + |
+Rule name. + |
+
rule_id + |
+String + |
+Rule ID. + |
+
hit_time + |
+Long + |
+Hit time, in milliseconds. The value is a timestamp, for example, 1718936272648. + |
+
src_region_id + |
+String + |
+Source region ID. + |
+
src_region_name + |
+String + |
+Source region name. + |
+
dst_region_id + |
+String + |
+Destination region ID. + |
+
dst_region_name + |
+String + |
+Destination region name. + |
+
log_id + |
+String + |
+Document ID. + |
+
src_ip + |
+String + |
+Source IP address. + |
+
src_port + |
+Integer + |
+Source port. + |
+
dst_ip + |
+String + |
+Destination IP address. + |
+
dst_port + |
+Integer + |
+Destination port. + |
+
protocol + |
+String + |
+Protocol type: 6 (TCP), 17 (UDP), 1 (ICMP), 58 (ICMPv6), or -1 (any). It cannot be left blank when type is set to 0 (manual), and can be left blank when type is set to 1 (automatic). + |
+
app + |
+String + |
+Rule application type. Its value can be HTTP, HTTPS, TLS1, DNS, SSH, MYSQL, SMTP, RDP, RDPS, VNC, POP3, IMAP4, SMTPS, POP3S, FTPS, ANY, or BGP. + |
+
dst_host + |
+String + |
+Destination host. + |
+
src_province_id + |
+String + |
+Source province ID. + |
+
src_province_name + |
+String + |
+Source province name. + |
+
src_city_id + |
+String + |
+Source city ID. + |
+
src_city_name + |
+String + |
+Source city name. + |
+
dst_province_id + |
+String + |
+Destination province ID. + |
+
dst_province_name + |
+String + |
+Destination province name. + |
+
dst_city_id + |
+String + |
+Destination city ID. + |
+
dst_city_name + |
+String + |
+Destination city name. + |
+
Status code: 400
+ +Parameter + |
+Type + |
+Description + |
+
|---|---|---|
error_code + |
+String + |
+Error code. + |
+
error_msg + |
+String + |
+Error description. + |
+
Query the records whose initial position is 0 on the first page of the firewall with the ID 2af58b7c-893c-4453-a984-bdd9b1bd6318 in the project 9d80d070b6d44942af73c9c3d38e0429. The query time range is 1664159069544 to 1664162669544.
+https://{Endpoint}/v1/9d80d070b6d44942af73c9c3d38e0429/cfw/logs/access-control?fw_instance_id=2af58b7c-893c-4453-a984-bdd9b1bd6318&start_time=1664159069544&end_time=1664162669544&limit=10
+Status code: 200
+Return value for querying access control logs.
+{
+ "data" : {
+ "limit" : 10,
+ "records" : [ {
+ "action" : "deny",
+ "app" : "PING",
+ "dst_ip" : "100.85.216.211",
+ "dst_port" : 59,
+ "hit_time" : 1664164255000,
+ "log_id" : "46032",
+ "protocol" : "ICMP: ECHO_REQUEST",
+ "rule_id" : "c755be1c-4b92-4ae7-a15e-c2d02b152538",
+ "rule_name" : "eip_ipv4_w_n_default_deny",
+ "src_ip" : "100.95.148.49",
+ "src_port" : 24954,
+ "src_province_id" : "source province id",
+ "src_province_name" : "source province name",
+ "src_city_id" : "source city id",
+ "src_city_name" : "source city name",
+ "dst_province_id" : "dst province id",
+ "dst_province_name" : "dst province name",
+ "dst_city_id" : "dst city id",
+ "dst_city_name" : "dst city name"
+ } ],
+ "total" : 1
+ }
+}
+Status code: 400
+Bad Request
+{
+ "error_code" : "CFW.00500002",
+ "error_msg" : "Invalid interval."
+}
+Status Code + |
+Description + |
+
|---|---|
200 + |
+Return value for querying access control logs. + |
+
400 + |
+Bad Request + |
+
401 + |
+Unauthorized + |
+
403 + |
+Forbidden + |
+
404 + |
+Not Found + |
+
500 + |
+Internal Server Error + |
+
See Error Codes.
+This API is used to obtain the number of rule hits.
+POST /v1/{project_id}/acl-rule/count
+ +Parameter + |
+Mandatory + |
+Type + |
+Description + |
+
|---|---|---|---|
project_id + |
+Yes + |
+String + |
+Project ID, which can be obtained by calling an API or from the console. For details, see Obtaining a Project ID. + |
+
Parameter + |
+Mandatory + |
+Type + |
+Description + |
+
|---|---|---|---|
enterprise_project_id + |
+No + |
+String + |
+Enterprise project ID, which is the ID of a project planned based on organizations. You can obtain the enterprise project ID by referring to Obtaining an Enterprise Project ID. If the enterprise project function is not enabled, the value is 0. + |
+
fw_instance_id + |
+No + |
+String + |
+Firewall ID, which can be obtained by referring to Obtaining a Firewall ID. + |
+
Parameter + |
+Mandatory + |
+Type + |
+Description + |
+
|---|---|---|---|
X-Auth-Token + |
+Yes + |
+String + |
+User token. You can obtain the token by referring to Obtaining a User Token. + |
+
Content-Type + |
+Yes + |
+String + |
+Content type. It can only be set to application/json. + |
+
Parameter + |
+Mandatory + |
+Type + |
+Description + |
+
|---|---|---|---|
rule_ids + |
+Yes + |
+Array of strings + |
+List of rule IDs. You can obtain the rule IDs by calling the API for querying protection rules. Find the value in data.records.rule_id (The period [.] is used to separate different levels of objects). + |
+
Status code: 200
+ +Parameter + |
+Type + |
+Description + |
+
|---|---|---|
data + |
+RuleHitCountRecords object + |
+Response to the request for obtaining the number of rule hits. + |
+
Parameter + |
+Type + |
+Description + |
+
|---|---|---|
limit + |
+Integer + |
+Number of records displayed on each page. The value ranges from 1 to 1024. + |
+
offset + |
+Integer + |
+Offset, which specifies the start position of the record to be returned. The value must be a number no less than 0. The default value is 0. + |
+
total + |
+Integer + |
+Obtain the total number of rule hits. + |
+
records + |
+Array of RuleHitCountObject objects + |
+List of rule hits. + |
+
Query the hits of ACL rule 59ff6bd9-0a76-41ec-9650-380086069965 whose project ID is 0b2179bbe180d3762fb0c01a2d5725c7.
+https://{Endpoint}/v1/0b2179bbe180d3762fb0c01a2d5725c7/acl-rule/count
+
+{
+ "rule_ids" : [ "59ff6bd9-0a76-41ec-9650-380086069965" ]
+}
+Status code: 200
+Response to the request for obtaining the number of rule hits.
+{
+ "data" : {
+ "limit" : 1,
+ "offset" : 1,
+ "records" : [ {
+ "rule_hit_count" : 0,
+ "rule_id" : "59ff6bd9-0a76-41ec-9650-380086069965"
+ } ],
+ "total" : 1
+ }
+}
+Status Code + |
+Description + |
+
|---|---|
200 + |
+Response to the request for obtaining the number of rule hits. + |
+
401 + |
+Unauthorized + |
+
403 + |
+Forbidden + |
+
404 + |
+Not Found + |
+
500 + |
+Internal Server Error + |
+
See Error Codes.
+This API is used to query a protection rule.
+GET /v1/{project_id}/acl-rules
+ +Parameter + |
+Mandatory + |
+Type + |
+Description + |
+
|---|---|---|---|
project_id + |
+Yes + |
+String + |
+Project ID. + |
+
Parameter + |
+Mandatory + |
+Type + |
+Description + |
+
|---|---|---|---|
object_id + |
+Yes + |
+String + |
+Protected object ID, which is used to distinguish between Internet border protection and VPC border protection after a cloud firewall is created. You can obtain the ID by calling the API for querying firewall instances. In the return value, find the ID in data.records.protect_objects.object_id (The period [.] is used to separate different levels of objects). If the value of type is 0, the protected object ID belongs to the Internet border. If the value of type is 1, the protected object ID belongs to the VPC border. You can obtain the value of type from data.records.protect_objects.type (The period [.] is used to separate different levels of objects). + |
+
type + |
+No + |
+Integer + |
+Rule type: 0 (Internet rule), 1 (VPC rule), or 2 (NAT rule). + |
+
ip + |
+No + |
+String + |
+IP address + |
+
name + |
+No + |
+String + |
+Rule name. + |
+
direction + |
+No + |
+Integer + |
+Direction: 0 (inbound), 1 (outbound). + |
+
status + |
+No + |
+Integer + |
+Rule delivery status: 0 (disabled), 1 (enabled). + |
+
action_type + |
+No + |
+Integer + |
+Action: 0 (allow), 1 (deny). + |
+
address_type + |
+No + |
+Integer + |
+Address type: 0 (IPv4), 1 (IPv6). + |
+
limit + |
+Yes + |
+Integer + |
+Number of records displayed on each page. The value ranges from 1 to 1024. + |
+
offset + |
+Yes + |
+Integer + |
+Offset, which specifies the start position of the record to be returned. The value must be a number no less than 0. The default value is 0. + |
+
enterprise_project_id + |
+No + |
+String + |
+Enterprise project ID, which is the ID of a project planned based on organizations. You can obtain the enterprise project ID by referring to Obtaining an Enterprise Project ID. If the enterprise project function is not enabled, the value is 0. + |
+
fw_instance_id + |
+No + |
+String + |
+Firewall ID, which can be obtained by referring to Obtaining a Firewall ID. + |
+
tags_id + |
+No + |
+String + |
+Rule tag ID, which is generated when a rule is created. + |
+
source + |
+No + |
+String + |
+Source IP address. + |
+
destination + |
+No + |
+String + |
+Destination IP address. + |
+
service + |
+No + |
+String + |
+Service port. + |
+
application + |
+No + |
+String + |
+Rule application type. Its value can be HTTP, HTTPS, TLS1, DNS, SSH, MYSQL, SMTP, RDP, RDPS, VNC, POP3, IMAP4, SMTPS, POP3S, FTPS, ANY, or BGP. + |
+
Parameter + |
+Mandatory + |
+Type + |
+Description + |
+
|---|---|---|---|
X-Auth-Token + |
+Yes + |
+String + |
+User token. It can be obtained by calling the IAM API used to obtain a user token. The value of X-Subject-Token in the response header is a token. + |
+
Content-Type + |
+Yes + |
+String + |
+Content type. It can only be set to application/json. + |
+
Status code: 200
+ +Parameter + |
+Type + |
+Description + |
+
|---|---|---|
data + |
+data object + |
+Return value for querying the rule list. + |
+
Parameter + |
+Type + |
+Description + |
+
|---|---|---|
offset + |
+Integer + |
+Offset, which specifies the start position of the record to be returned. The value must be a number no less than 0. The default value is 0. + |
+
limit + |
+Integer + |
+Number of records displayed on each page. The value ranges from 1 to 1024. + |
+
total + |
+Integer + |
+Query the total number of rules in the rule list. + |
+
object_id + |
+String + |
+Protected object ID, which is used to distinguish Internet border protection from VPC border protection after a CFW instance is created. You can obtain the ID by calling the API for querying a firewall instance. Note that the value 0 indicates the ID of a protected object on the Internet border, and the value 1 indicates the ID of a protected object on the VPC border. + |
+
records + |
+Array of records objects + |
+Query the rule list. + |
+
Parameter + |
+Type + |
+Description + |
+
|---|---|---|
rule_id + |
+String + |
+Rule ID. + |
+
address_type + |
+Integer + |
+Address type: 0 (IPv4), 1 (IPv6). + |
+
name + |
+String + |
+Rule name. + |
+
direction + |
+Integer + |
+Rule direction: 0 (inbound), 1 (outbound). + |
+
action_type + |
+Integer + |
+Action: 0 (allow), 1 (deny). + |
+
status + |
+Integer + |
+Rule delivery status: 0 (disabled), 1 (enabled). + |
+
description + |
+String + |
+Description. + |
+
long_connect_time + |
+Long + |
+Persistent connection duration. + |
+
long_connect_enable + |
+Integer + |
+Persistent connection support. + |
+
long_connect_time_hour + |
+Long + |
+Persistent connection duration (hour). + |
+
long_connect_time_minute + |
+Long + |
+Persistent connection duration (minute). + |
+
long_connect_time_second + |
+Long + |
+Persistent connection duration (second). + |
+
source + |
+RuleAddressDtoForResponse object + |
+Source address object. + |
+
destination + |
+RuleAddressDtoForResponse object + |
+Destination address object. + |
+
service + |
+RuleServiceDtoForResponse object + |
+Service object. + |
+
type + |
+Integer + |
+Rule type: 0 (Internet rule), 1 (VPC rule), or 2 (NAT rule). + |
+
created_date + |
+String + |
+Rule creation time, for example, 2024-08-12 08:40:00. + |
+
last_open_time + |
+String + |
+Last time when the rule was enabled, for example, 2024-08-12 08:40:00. + |
+
tag + |
+TagsVO object + |
+Tag object attached to a rule. + |
+
Parameter + |
+Type + |
+Description + |
+
|---|---|---|
type + |
+Integer + |
+Address type: 0 (manual input), 1 (associated IP address group), 2 (domain name), 3 (geographical location), 4 (domain name group) 5 (multiple objects), 6 (domain name group - network), 7 (domain name group - application). + |
+
address_type + |
+Integer + |
+Address type: 0 (IPv4), 1 (IPv6). If type is 0, the input cannot be left blank. + |
+
address + |
+String + |
+IP address information. + |
+
address_set_id + |
+String + |
+ID of an associated IP address group. + |
+
address_set_name + |
+String + |
+IP address group name. + |
+
domain_address_name + |
+String + |
+Name of a domain name address. + |
+
region_list_json + |
+String + |
+JSON value of the rule region list. + |
+
region_list + |
+Array of IpRegionDto objects + |
+Rule region list. + |
+
domain_set_id + |
+String + |
+Domain name group ID + |
+
domain_set_name + |
+String + |
+Domain name group name. + |
+
ip_address + |
+Array of strings + |
+IP address list. + |
+
address_group + |
+Array of strings + |
+Address group ID list. + |
+
address_group_names + |
+Array of AddressGroupVO objects + |
+Address group name list. + |
+
address_set_type + |
+Integer + |
+Address group type: 0 (user-defined address group), 1 (WAF back-to-source IP address group), 2 (DDoS back-to-source IP address group), or 3 (NAT64 address group). + |
+
Parameter + |
+Type + |
+Description + |
+
|---|---|---|
region_id + |
+String + |
+Region ID. You can obtain the ID by referring to Obtaining Information About Account, IAM User, Group, Project, Region, and Agency. + |
+
region_type + |
+Integer + |
+Region type: 0 (country), 1 (province), and 2 (continent). It can be obtained from the region information table. + |
+
Parameter + |
+Type + |
+Description + |
+
|---|---|---|
address_set_type + |
+Integer + |
+Address group type: 0 (user-defined address group), 1 (WAF back-to-source IP address group), 2 (DDoS back-to-source IP address group), or 3 (NAT64 address group). + |
+
name + |
+String + |
+Name of an associated IP address group, which can be obtained by calling the API for querying the address group list. Find the value in data.records.name (The period [.] is used to separate different levels of objects). + |
+
set_id + |
+String + |
+ID of an associated IP address group, which can be obtained by calling the API for querying the address group list. Find the value in data.records.set_id (The period [.] is used to separate different levels of objects). + |
+
Parameter + |
+Type + |
+Description + |
+
|---|---|---|
type + |
+Integer + |
+Service input type: 0 (manual), 1 (automatic). + |
+
protocol + |
+Integer + |
+Protocol type: 6 (TCP), 17 (UDP), 1 (ICMP), 58 (ICMPv6), or -1 (any). It cannot be left blank when type is set to 0 (manual), and can be left blank when type is set to 1 (automatic). + |
+
protocols + |
+Array of integers + |
+Protocol list. Protocol type: 6 (TCP), 17 (UDP), 1 (ICMP), 58 (ICMPv6), or -1 (any). It cannot be left blank when type is set to 0 (manual), and can be left blank when type is set to 1 (automatic). + |
+
source_port + |
+String + |
+Source port. + |
+
dest_port + |
+String + |
+Destination port. + |
+
service_set_id + |
+String + |
+Service group ID. + |
+
service_set_name + |
+String + |
+Service group name. + |
+
custom_service + |
+Array of ServiceItem objects + |
+Custom service. + |
+
service_group + |
+Array of strings + |
+Service group ID list. + |
+
service_group_names + |
+Array of ServiceGroupVO objects + |
+Service group name list. + |
+
service_set_type + |
+Integer + |
+Service group type: 0 (user-defined service group), 1 (common web service), 2 (common remote login and ping), or 3 (common database). + |
+
Parameter + |
+Type + |
+Description + |
+
|---|---|---|
protocol + |
+Integer + |
+Protocol type: 6 (TCP), 17 (UDP), 1 (ICMP), 58 (ICMPv6), or -1 (any). It cannot be left blank when RuleServiceDto.type is set to 0 (manual). + |
+
source_port + |
+String + |
+Source port. + |
+
dest_port + |
+String + |
+Destination port. + |
+
description + |
+String + |
+Service member description. + |
+
name + |
+String + |
+Service member name. + |
+
Parameter + |
+Type + |
+Description + |
+
|---|---|---|
name + |
+String + |
+Service group name. + |
+
protocols + |
+Array of integers + |
+Protocol list. Protocol type: 6 (TCP), 17 (UDP), 1 (ICMP), 58 (ICMPv6), or -1 (any). + |
+
service_set_type + |
+Integer + |
+Service group type: 0 (user-defined service group), 1 (predefined service group). + |
+
set_id + |
+String + |
+Service group ID, which can be obtained by calling the API for querying the service group list. Find the value in data.records.set_id (The period [.] is used to separate different levels of objects). + |
+
Parameter + |
+Type + |
+Description + |
+
|---|---|---|
tag_id + |
+String + |
+Rule ID. + |
+
tag_key + |
+String + |
+Rule tag key. + |
+
tag_value + |
+String + |
+Rule tag value. + |
+
Status code: 400
+ +Parameter + |
+Type + |
+Description + |
+
|---|---|---|
error_code + |
+String + |
+Error code. + |
+
error_msg + |
+String + |
+Error description. + |
+
Query data on the first page of the protected object e12bd2cd-ebfc-4af7-ad6f-ebe6da398029 whose project ID is 9d80d070b6d44942af73c9c3d38e0429, with limit set to 10.
+Example URL: https://{Endpoint}/v1/9d80d070b6d44942af73c9c3d38e0429/acl-rules?object_id=e12bd2cd-ebfc-4af7-ad6f-ebe6da398029&limit=10&offset=0
+Status code: 200
+Return value for querying the rule list.
+{
+ "data" : {
+ "limit" : 10,
+ "object_id" : "cfebd347-b655-4b84-b938-3c54317599b2",
+ "offset" : 0,
+ "records" : [ {
+ "action_type" : 0,
+ "address_type" : 0,
+ "destination" : {
+ "address" : "0.0.0.0/0",
+ "address_type" : 0,
+ "type" : 0
+ },
+ "direction" : 1,
+ "long_connect_enable" : 0,
+ "created_date" : "2024-02-27 04:01:17",
+ "last_open_time" : "2024-02-27 04:01:17",
+ "description" : "description",
+ "name" : "eip_ipv4_n_w_allow",
+ "rule_id" : "ffe9af47-d893-483b-86e3-ee5242e8cb15",
+ "service" : {
+ "dest_port" : "0",
+ "protocol" : -1,
+ "source_port" : "0",
+ "type" : 0
+ },
+ "source" : {
+ "address_set_id" : "48bfb09b-6f3a-4371-8ddb-05d5d7148bcc",
+ "address_set_name" : "ip_group",
+ "address_type" : 0,
+ "type" : 1
+ },
+ "status" : 1,
+ "type" : "0"
+ } ],
+ "total" : 1
+ }
+}
+Status code: 400
+Bad Request
+{
+ "error_code" : "CFW.0020016",
+ "error_msg" : "Incorrect instance status."
+}
+Status Code + |
+Description + |
+
|---|---|
200 + |
+Return value for querying the rule list. + |
+
400 + |
+Bad Request + |
+
401 + |
+Unauthorized + |
+
403 + |
+Forbidden + |
+
404 + |
+Not Found + |
+
500 + |
+Internal Server Error + |
+
See Error Codes.
+This API is used to query members in an address group.
+GET /v1/{project_id}/address-items
+ +Parameter + |
+Mandatory + |
+Type + |
+Description + |
+
|---|---|---|---|
project_id + |
+Yes + |
+String + |
+Project ID, which can be obtained by calling an API or from the console. For details, see Obtaining a Project ID. + |
+
Parameter + |
+Mandatory + |
+Type + |
+Description + |
+
|---|---|---|---|
set_id + |
+Yes + |
+String + |
+Address group ID, which can be obtained by calling the API for querying the address group list. Find the value in data.records.set_id (The period [.] is used to separate different levels of objects). + |
+
key_word + |
+No + |
+String + |
+Keyword, including the name or part of the description of an address group member. + |
+
limit + |
+Yes + |
+Integer + |
+Number of records displayed on each page. The value ranges from 1 to 1024. + |
+
offset + |
+Yes + |
+Integer + |
+Offset, which specifies the start position of the record to be returned. The value must be a number no less than 0. The default value is 0. + |
+
address + |
+No + |
+String + |
+IP address + |
+
enterprise_project_id + |
+No + |
+String + |
+Enterprise project ID, which is the ID of a project planned based on organizations. You can obtain the enterprise project ID by referring to Obtaining an Enterprise Project ID. If the enterprise project function is not enabled, the value is 0. + |
+
fw_instance_id + |
+No + |
+String + |
+Firewall ID, which can be obtained by referring to Obtaining a Firewall ID. + |
+
query_address_set_type + |
+No + |
+Integer + |
+Type of the address group to be queried: 0 (user-defined address group), 1 (predefined address group). + |
+
Parameter + |
+Mandatory + |
+Type + |
+Description + |
+
|---|---|---|---|
X-Auth-Token + |
+Yes + |
+String + |
+User token. You can obtain the token by referring to Obtaining a User Token. + |
+
Content-Type + |
+Yes + |
+String + |
+Content type. It can only be set to application/json. + |
+
Status code: 200
+ +Parameter + |
+Type + |
+Description + |
+
|---|---|---|
data + |
+data object + |
+Returned data for querying address group members. + |
+
Parameter + |
+Type + |
+Description + |
+
|---|---|---|
offset + |
+Integer + |
+Offset, which specifies the start position of the record to be returned. The value must be a number no less than 0. The default value is 0. + |
+
limit + |
+Integer + |
+Number of records displayed on each page. The value ranges from 1 to 1024. + |
+
total + |
+Integer + |
+Total number of address group members. + |
+
set_id + |
+String + |
+Address group ID. + |
+
records + |
+Array of records objects + |
+List of address group member records. + |
+
Parameter + |
+Type + |
+Description + |
+
|---|---|---|
item_id + |
+String + |
+ID of an address group member. + |
+
name + |
+String + |
+Name of an address group member. + |
+
description + |
+String + |
+Description. + |
+
address_type + |
+Integer + |
+Address type: 0 (IPv4), 1 (IPv6). + |
+
address + |
+String + |
+Address information. + |
+
Status code: 400
+ +Parameter + |
+Type + |
+Description + |
+
|---|---|---|
error_code + |
+String + |
+Error code. + |
+
error_msg + |
+String + |
+Error description. + |
+
Query members in the address group 8773c082-2a6c-4529-939a-edc28ef1a67c in project 9d80d070b6d44942af73c9c3d38e0429.
+https://{Endpoint}/v1/9d80d070b6d44942af73c9c3d38e0429/address-items?set_id=8773c082-2a6c-4529-939a-edc28ef1a67c&limit=10&offset=0
+Status code: 200
+Return value for querying address group members.
+{
+ "data" : {
+ "limit" : 10,
+ "offset" : 0,
+ "records" : [ {
+ "address" : "1.1.1.1",
+ "address_type" : 0,
+ "description" : "",
+ "item_id" : "294fab71-34bf-4858-a380-8f7530e1c816"
+ } ],
+ "set_id" : "8773c082-2a6c-4529-939a-edc28ef1a67c",
+ "total" : 1
+ }
+}
+Status code: 400
+Bad Request
+{
+ "error_code" : "CFW.00200005",
+ "error_msg" : "Object not found."
+}
+Status Code + |
+Description + |
+
|---|---|
200 + |
+Return value for querying address group members. + |
+
400 + |
+Bad Request + |
+
401 + |
+Unauthorized + |
+
403 + |
+Forbidden + |
+
404 + |
+Not Found + |
+
500 + |
+Internal Server Error + |
+
See Error Codes.
+This API is used to query address group details.
+GET /v1/{project_id}/address-sets/{set_id}
+ +Parameter + |
+Mandatory + |
+Type + |
+Description + |
+
|---|---|---|---|
project_id + |
+Yes + |
+String + |
+Project ID, which can be obtained by calling an API or from the console. For details, see Obtaining a Project ID. + |
+
set_id + |
+Yes + |
+String + |
+Address group ID, which can be obtained by calling the API for querying the address group list. Find the value in data.records.set_id (The period [.] is used to separate different levels of objects). + |
+
Parameter + |
+Mandatory + |
+Type + |
+Description + |
+
|---|---|---|---|
enterprise_project_id + |
+No + |
+String + |
+Enterprise project ID, which is the ID of a project planned based on organizations. You can obtain the enterprise project ID by referring to Obtaining an Enterprise Project ID. If the enterprise project function is not enabled, the value is 0. + |
+
fw_instance_id + |
+No + |
+String + |
+Firewall ID, which can be obtained by referring to Obtaining a Firewall ID. + |
+
query_address_set_type + |
+No + |
+Integer + |
+Type of the address group to be queried: 0 (user-defined address group), 1 (predefined address group). + |
+
Parameter + |
+Mandatory + |
+Type + |
+Description + |
+
|---|---|---|---|
X-Auth-Token + |
+Yes + |
+String + |
+User token. You can obtain the token by referring to Obtaining a User Token. + |
+
Content-Type + |
+Yes + |
+String + |
+Content type. It can only be set to application/json. + |
+
Status code: 200
+ +Parameter + |
+Type + |
+Description + |
+
|---|---|---|
data + |
+data object + |
+Query address group details. + |
+
Parameter + |
+Type + |
+Description + |
+
|---|---|---|
id + |
+String + |
+Address group ID. + |
+
name + |
+String + |
+IP address group name. + |
+
description + |
+String + |
+Address group description. + |
+
address_set_type + |
+Integer + |
+Address group type: 0 (user-defined address group), 1 (WAF back-to-source IP address group), 2 (DDoS back-to-source IP address group), or 3 (NAT64 address group). + |
+
address_type + |
+Integer + |
+Address type: 0 (IPv4), 1 (IPv6). + |
+
Status code: 400
+ +Parameter + |
+Type + |
+Description + |
+
|---|---|---|
error_code + |
+String + |
+Error code. + |
+
error_msg + |
+String + |
+Error description. + |
+
Query details about the address group cf18f0b1-0ce7-4eb8-83b6-4b33c8448e16 in project 9d80d070b6d44942af73c9c3d38e0429.
+https://{Endpoint}/v1/9d80d070b6d44942af73c9c3d38e0429/address-sets/cf18f0b1-0ce7-4eb8-83b6-4b33c8448e16
+Status code: 200
+Response body for querying address group details.
+{
+ "data" : {
+ "address_set_type" : 0,
+ "address_type" : 0,
+ "description" : "",
+ "id" : "cf18f0b1-0ce7-4eb8-83b6-4b33c8448e16",
+ "name" : "ABC"
+ }
+}
+Status code: 400
+Bad Request
+{
+ "error_code" : "CFW.00200005",
+ "error_msg" : "Object not found."
+}
+Status Code + |
+Description + |
+
|---|---|
200 + |
+Response body for querying address group details. + |
+
400 + |
+Bad Request + |
+
401 + |
+Unauthorized + |
+
403 + |
+Forbidden + |
+
404 + |
+Not Found + |
+
500 + |
+Internal Server Error + |
+
See Error Codes.
+This API is used to query the address group list.
+GET /v1/{project_id}/address-sets
+ +Parameter + |
+Mandatory + |
+Type + |
+Description + |
+
|---|---|---|---|
project_id + |
+Yes + |
+String + |
+Project ID, which can be obtained by calling an API or from the console. For details, see Obtaining a Project ID. + |
+
Parameter + |
+Mandatory + |
+Type + |
+Description + |
+
|---|---|---|---|
object_id + |
+Yes + |
+String + |
+Protected object ID, which is used to distinguish between Internet border protection and VPC border protection after a cloud firewall is created. You can obtain the ID by calling the API for querying firewall instances. In the return value, find the ID in data.records.protect_objects.object_id (The period [.] is used to separate different levels of objects). If the value of type is 0, the protected object ID belongs to the Internet border. If the value of type is 1, the protected object ID belongs to the VPC border. You can obtain the value of type from data.records.protect_objects.type (The period [.] is used to separate different levels of objects). + |
+
key_word + |
+No + |
+String + |
+Keyword, including the name or part of the description of an address group. + |
+
limit + |
+Yes + |
+Integer + |
+Number of records displayed on each page. The value ranges from 1 to 1024. + |
+
offset + |
+Yes + |
+Integer + |
+Offset, which specifies the start position of the record to be returned. The value must be a number no less than 0. The default value is 0. + |
+
address + |
+No + |
+String + |
+IP address + |
+
address_type + |
+No + |
+Integer + |
+Address type: 0 (IPv4), 1 (IPv6). + |
+
enterprise_project_id + |
+No + |
+String + |
+Enterprise project ID, which is the ID of a project planned based on organizations. You can obtain the enterprise project ID by referring to Obtaining an Enterprise Project ID. If the enterprise project function is not enabled, the value is 0. + |
+
fw_instance_id + |
+No + |
+String + |
+Firewall ID, which can be obtained by referring to Obtaining a Firewall ID. + |
+
query_address_set_type + |
+No + |
+Integer + |
+Type of the address group to be queried: 0 (user-defined address group), 1 (predefined address group). This parameter takes effect only if address_set_type is not 0 and query_address_set_type is 1. + |
+
address_set_type + |
+No + |
+Integer + |
+Address group type: 0 (user-defined address group), 1 (WAF back-to-source IP address group), 2 (DDoS back-to-source IP address group), or 3 (NAT64 address group). + |
+
Parameter + |
+Mandatory + |
+Type + |
+Description + |
+
|---|---|---|---|
X-Auth-Token + |
+Yes + |
+String + |
+User token. You can obtain the token by referring to Obtaining a User Token. + |
+
Content-Type + |
+Yes + |
+String + |
+Content type. It can only be set to application/json. + |
+
Status code: 200
+ +Parameter + |
+Type + |
+Description + |
+
|---|---|---|
data + |
+data object + |
+Returned data for querying the address group list. + |
+
Parameter + |
+Type + |
+Description + |
+
|---|---|---|
offset + |
+Integer + |
+Offset, which specifies the start position of the record to be returned. The value must be a number no less than 0. The default value is 0. + |
+
limit + |
+Integer + |
+Number of records displayed on each page. The value ranges from 1 to 1024. + |
+
total + |
+Integer + |
+Total number of address groups. + |
+
records + |
+Array of records objects + |
+IP address group list. + |
+
Parameter + |
+Type + |
+Description + |
+
|---|---|---|
set_id + |
+String + |
+Address group ID. + |
+
ref_count + |
+Integer + |
+Number of times an address group is referenced by rules. + |
+
description + |
+String + |
+Description. + |
+
address_type + |
+Integer + |
+Address type: 0 (IPv4), 1 (IPv6). + |
+
object_id + |
+String + |
+Protected object ID, which is used to distinguish between Internet border protection and VPC border protection after a cloud firewall is created. You can obtain the ID by calling the API for querying firewall instances. In the return value, find the ID in data.records.protect_objects.object_id (The period [.] is used to separate different levels of objects). If the value of type is 0, the protected object ID belongs to the Internet border. If the value of type is 1, the protected object ID belongs to the VPC border. You can obtain the value of type from data.records.protect_objects.type (The period [.] is used to separate different levels of objects). + |
+
address_set_type + |
+Integer + |
+Address group type: 0 (user-defined address group), 1 (WAF back-to-source IP address group), 2 (DDoS back-to-source IP address group), or 3 (NAT64 address group). + |
+
Status code: 400
+ +Parameter + |
+Type + |
+Description + |
+
|---|---|---|
error_code + |
+String + |
+Error code. + |
+
error_msg + |
+String + |
+Error description. + |
+
Query the IP address groups on the first page of the protected object 8a41d6a5-f215-428a-a76c-dc923b5d599a in project 5c69cf330cda42369cbd726ee1bc5e76.
+https://{Endpoint}/v1/5c69cf330cda42369cbd726ee1bc5e76/address-sets?object_id=8a41d6a5-f215-428a-a76c-dc923b5d599a&limit=10&offset=0
+Status code: 200
+Return value for querying the address group list.
+{
+ "data" : {
+ "limit" : 10,
+ "offset" : 0,
+ "records" : [ {
+ "address_set_type" : 0,
+ "object_id" : "cf18f0b1-0ce7-4eb8-83b6-4b33c8448e16",
+ "address_type" : 0,
+ "description" : "",
+ "name" : "test",
+ "ref_count" : 0,
+ "set_id" : "50da1eff-e58d-4380-b899-a78f94137d3b"
+ } ],
+ "total" : 1
+ }
+}
+Status code: 400
+Bad Request
+{
+ "error_code" : "CFW.0020016",
+ "error_msg" : "Incorrect instance status."
+}
+Status Code + |
+Description + |
+
|---|---|
200 + |
+Return value for querying the address group list. + |
+
400 + |
+Bad Request + |
+
401 + |
+Unauthorized + |
+
403 + |
+Forbidden + |
+
404 + |
+Not Found + |
+
500 + |
+Internal Server Error + |
+
See Error Codes.
+This API is used to query attack logs.
+GET /v1/{project_id}/cfw/logs/attack
+ +Parameter + |
+Mandatory + |
+Type + |
+Description + |
+
|---|---|---|---|
project_id + |
+Yes + |
+String + |
+Project ID, which can be obtained by calling an API or from the console. For details, see Obtaining a Project ID. + |
+
Parameter + |
+Mandatory + |
+Type + |
+Description + |
+
|---|---|---|---|
start_time + |
+Yes + |
+Long + |
+Start time, in milliseconds. The value is a timestamp, for example, 1718936272648. + |
+
end_time + |
+Yes + |
+Long + |
+End time, in milliseconds. The value is a timestamp, for example, 1718936272648. + |
+
src_ip + |
+No + |
+String + |
+Source IP address. + |
+
src_port + |
+No + |
+Integer + |
+Source port. + |
+
dst_ip + |
+No + |
+String + |
+Destination IP address. + |
+
dst_port + |
+No + |
+Integer + |
+Destination port. + |
+
protocol + |
+No + |
+String + |
+Protocol type. Its value can be TCP, UDP, ICMP, or ICMPv6. + |
+
app + |
+No + |
+String + |
+Rule application type. Its value can be HTTP, HTTPS, TLS1, DNS, SSH, MYSQL, SMTP, RDP, RDPS, VNC, POP3, IMAP4, SMTPS, POP3S, FTPS, ANY, or BGP. + |
+
log_id + |
+No + |
+String + |
+Document ID. For the first page, its value is null. For other pages, its value can be the log_id of the last record in the last query. + |
+
next_date + |
+No + |
+Long + |
+Next date. For the first page, its value is null. For other pages, its value can be the event_time of the last record in the last query. + |
+
offset + |
+No + |
+Integer + |
+Offset, which specifies the start position of the record to be returned. The value must be a number greater than 0. For the first page, its value is null. For other pages, its value is not null. + |
+
limit + |
+Yes + |
+Integer + |
+Number of records displayed on each page. The value ranges from 1 to 1024. + |
+
fw_instance_id + |
+Yes + |
+String + |
+Firewall ID, which can be obtained by referring to Obtaining a Firewall ID. + |
+
action + |
+No + |
+String + |
+Action. Its value can be permit or deny. + |
+
direction + |
+No + |
+String + |
+Direction. Its value can be in2out or out2in. + |
+
attack_type + |
+No + |
+String + |
+Intrusion event type. + |
+
attack_rule + |
+No + |
+String + |
+Intrusion event rule. + |
+
level + |
+No + |
+String + |
+Threat level. Its value can be CRITICAL, HIGH, MEDIUM, or LOW. + |
+
enterprise_project_id + |
+No + |
+String + |
+Enterprise project ID, which is the ID of a project planned based on organizations. You can obtain the enterprise project ID by referring to Obtaining an Enterprise Project ID. If the enterprise project function is not enabled, the value is 0. + |
+
dst_host + |
+No + |
+String + |
+Destination host. + |
+
log_type + |
+No + |
+String + |
+Log type. Its value can be internet, vpc, or nat. + |
+
attack_rule_id + |
+No + |
+String + |
+Intrusion event ID. + |
+
src_region_name + |
+No + |
+String + |
+Source region name. + |
+
dst_region_name + |
+No + |
+String + |
+Destination region name. + |
+
src_province_name + |
+No + |
+String + |
+Source province name. + |
+
dst_province_name + |
+No + |
+String + |
+Destination province name. + |
+
src_city_name + |
+No + |
+String + |
+Source city name. + |
+
dst_city_name + |
+No + |
+String + |
+Destination city name. + |
+
Parameter + |
+Mandatory + |
+Type + |
+Description + |
+
|---|---|---|---|
X-Auth-Token + |
+Yes + |
+String + |
+User token. You can obtain the token by referring to Obtaining a User Token. + |
+
Content-Type + |
+Yes + |
+String + |
+Content type. It can only be set to application/json. + |
+
Status code: 200
+ +Parameter + |
+Type + |
+Description + |
+
|---|---|---|
data + |
+data object + |
+Return value for querying attack logs. + |
+
Parameter + |
+Type + |
+Description + |
+
|---|---|---|
total + |
+Integer + |
+Total number of returned attack data records. + |
+
limit + |
+Integer + |
+Number of records displayed on each page. The value ranges from 1 to 1024. + |
+
records + |
+Array of records objects + |
+Attack log list. + |
+
Parameter + |
+Type + |
+Description + |
+
|---|---|---|
direction + |
+String + |
+Direction. Its value can be in2out or out2in. + |
+
action + |
+String + |
+Action. Its value can be permit or deny. + |
+
event_time + |
+Long + |
+Event time, in milliseconds. The value is a timestamp, for example, 1718936272648. + |
+
attack_type + |
+String + |
+Attack type. + |
+
attack_rule + |
+String + |
+Attack rule. + |
+
level + |
+String + |
+Threat level. Its value can be CRITICAL, HIGH, MEDIUM, or LOW. + |
+
source + |
+String + |
+Source. + |
+
packet_length + |
+Long + |
+Packet length. + |
+
attack_rule_id + |
+String + |
+Attack rule ID. + |
+
hit_time + |
+Long + |
+Hit time, in milliseconds. The value is a timestamp, for example, 1718936272648. + |
+
log_id + |
+String + |
+Log ID. + |
+
src_ip + |
+String + |
+Source IP address. + |
+
src_port + |
+Integer + |
+Source port. + |
+
dst_ip + |
+String + |
+Destination IP address. + |
+
dst_port + |
+Integer + |
+Destination port. + |
+
protocol + |
+String + |
+Protocol type. Its value can be TCP, UDP, ICMP, or ICMPv6. + |
+
packet + |
+String + |
+Attack log packet. + |
+
app + |
+String + |
+Rule application type. Its value can be HTTP, HTTPS, TLS1, DNS, SSH, MYSQL, SMTP, RDP, RDPS, VNC, POP3, IMAP4, SMTPS, POP3S, FTPS, ANY, or BGP. + |
+
packetMessages + |
+Array of PacketMessage objects + |
+Attack packet information. + |
+
src_region_id + |
+String + |
+Source region ID. + |
+
src_region_name + |
+String + |
+Source region name. + |
+
dst_region_id + |
+String + |
+Destination region ID. + |
+
dst_region_name + |
+String + |
+Destination region name. + |
+
src_province_id + |
+String + |
+Source province ID. + |
+
src_province_name + |
+String + |
+Source province name. + |
+
src_city_id + |
+String + |
+Source city ID. + |
+
src_city_name + |
+String + |
+Source city name. + |
+
dst_province_id + |
+String + |
+Destination province ID. + |
+
dst_province_name + |
+String + |
+Destination province name. + |
+
dst_city_id + |
+String + |
+Destination city ID. + |
+
dst_city_name + |
+String + |
+Destination city name. + |
+
Parameter + |
+Type + |
+Description + |
+
|---|---|---|
hex_index + |
+String + |
+Hexadecimal index. + |
+
hexs + |
+Array of strings + |
+Hexadecimal number sequence. + |
+
utf8_String + |
+String + |
+UTF-8 string. + |
+
Status code: 400
+ +Parameter + |
+Type + |
+Description + |
+
|---|---|---|
error_code + |
+String + |
+Error code. + |
+
error_msg + |
+String + |
+Error description. + |
+
Query 10 records on the first page of the firewall with the ID 2af58b7c-893c-4453-a984-bdd9b1bd6318 in the project 9d80d070b6d44942af73c9c3d38e0429. The query time range is 1663567058000 to 1664171765000.
+https://{Endpoint}/v1/9d80d070b6d44942af73c9c3d38e0429/cfw/logs/attack?fw_instance_id=2af58b7c-893c-4453-a984-bdd9b1bd6318&start_time=1663567058000&end_time=1664171765000&limit=10
+Status code: 200
+Return value for querying attack logs.
+{
+ "data" : {
+ "limit" : 10,
+ "records" : [ {
+ "action" : "deny",
+ "app" : "HTTP",
+ "attack_rule" : "Tool Nmap Web Server Probe Detected",
+ "attack_rule_id" : "336154",
+ "attack_type" : "Web Attack",
+ "direction" : "out2in",
+ "dst_ip" : "100.95.148.49",
+ "dst_port" : 8080,
+ "event_time" : 1664146216000,
+ "level" : "MEDIUM",
+ "log_id" : "15591",
+ "packet" : "+hZUZMhV+hY/AaHMCABFKABpXPNAADAGof1kVe6QZF+UMcTQH5B0wdaz888+uoAYAOVyNQAAAQEICjrmikVb9JLCR0VUIC9uaWNlJTIwcG9ydHMlMkMvVHJpJTZFaXR5LnR4dCUyZWJhayBIVFRQLzEuMA0KDQo=",
+ "packetMessages" : [ {
+ "hex_index" : "00000000",
+ "hexs" : [ "fa", "16", "54", "64", "c8", "55", "fa", "16", "3f", "01", "a1", "cc", "08", "00", "45", "28" ],
+ "utf8_String" : ".\u0016Td.U.\u0016?.....E("
+ }, {
+ "hex_index" : "00000010",
+ "hexs" : [ "00", "69", "5c", "f3", "40", "00", "30", "06", "a1", "fd", "64", "55", "ee", "90", "64", "5f" ],
+ "utf8_String" : ".i\\.@.0...dU.d_"
+ }, {
+ "hex_index" : "00000020",
+ "hexs" : [ "94", "31", "c4", "d0", "1f", "90", "74", "c1", "d6", "b3", "f3", "cf", "3e", "ba", "80", "18" ],
+ "utf8_String" : ".1..?.t.Ö³..>..."
+ }, {
+ "hex_index" : "00000030",
+ "hexs" : [ "00", "e5", "72", "35", "00", "00", "01", "01", "08", "0a", "3a", "e6", "8a", "45", "5b", "f4" ],
+ "utf8_String" : "..r5......:.E[."
+ }, {
+ "hex_index" : "00000040",
+ "hexs" : [ "92", "c2", "47", "45", "54", "20", "2f", "6e", "69", "63", "65", "25", "32", "30", "70", "6f" ],
+ "utf8_String" : "..GET /nice%20po"
+ }, {
+ "hex_index" : "00000050",
+ "hexs" : [ "72", "74", "73", "25", "32", "43", "2f", "54", "72", "69", "25", "36", "45", "69", "74", "79" ],
+ "utf8_String" : "rts%2C/Tri%6Eity"
+ }, {
+ "hex_index" : "00000060",
+ "hexs" : [ "2e", "74", "78", "74", "25", "32", "65", "62", "61", "6b", "20", "48", "54", "54", "50", "2f" ],
+ "utf8_String" : ".txt%2ebak HTTP/"
+ }, {
+ "hex_index" : "00000070",
+ "hexs" : [ "31", "2e", "30", "0d", "0a", "0d", "0a" ],
+ "utf8_String" : "1.0\r.\r."
+ } ],
+ "packet_length" : 119,
+ "protocol" : "TCP",
+ "source" : "0",
+ "src_ip" : "100.85.238.144",
+ "src_port" : 50384,
+ "src_province_id" : "source province id",
+ "src_province_name" : "source province name",
+ "src_city_id" : "source city id",
+ "src_city_name" : "source city name",
+ "dst_province_id" : "dst province id",
+ "dst_province_name" : "dst province name",
+ "dst_city_id" : "dst city id",
+ "dst_city_name" : "dst city name"
+ } ],
+ "total" : 1
+ }
+}
+Status code: 400
+Bad Request
+{
+ "error_code" : "00500002",
+ "error_msg" : "Invalid interval."
+}
+Status Code + |
+Description + |
+
|---|---|
200 + |
+Return value for querying attack logs. + |
+
400 + |
+Bad Request + |
+
401 + |
+Unauthorized + |
+
403 + |
+Forbidden + |
+
404 + |
+Not Found + |
+
500 + |
+Internal Server Error + |
+
See Error Codes.
+This API is used to query a blacklist or whitelist.
+GET /v1/{project_id}/black-white-lists
+ +Parameter + |
+Mandatory + |
+Type + |
+Description + |
+
|---|---|---|---|
project_id + |
+Yes + |
+String + |
+Project ID, which can be obtained by calling an API or from the console. For details, see Obtaining a Project ID. + |
+
Parameter + |
+Mandatory + |
+Type + |
+Description + |
+
|---|---|---|---|
object_id + |
+Yes + |
+String + |
+Protected object ID, which is used to distinguish between Internet border protection and VPC border protection after a cloud firewall is created. You can obtain the ID by calling the API for querying firewall instances. In the return value, find the ID in data.records.protect_objects.object_id (The period [.] is used to separate different levels of objects). If the value of type is 0, the protected object ID belongs to the Internet border. If the value of type is 1, the protected object ID belongs to the VPC border. You can obtain the value of type from data.records.protect_objects.type (The period [.] is used to separate different levels of objects). + |
+
list_type + |
+Yes + |
+Integer + |
+Blacklist/Whitelist type: 4 (blacklist), 5 (whitelist). + |
+
address_type + |
+No + |
+Integer + |
+IP address type: 0 (IPv4), 1 (IPv6). + |
+
address + |
+No + |
+String + |
+IP address + |
+
port + |
+No + |
+String + |
+Port + |
+
limit + |
+Yes + |
+Integer + |
+Number of records displayed on each page. The value ranges from 1 to 1024. + |
+
offset + |
+Yes + |
+Integer + |
+Offset, which specifies the start position of the record to be returned. The value must be a number no less than 0. The default value is 0. + |
+
enterprise_project_id + |
+No + |
+String + |
+Enterprise project ID, which is the ID of a project planned based on organizations. You can obtain the enterprise project ID by referring to Obtaining an Enterprise Project ID. If the enterprise project function is not enabled, the value is 0. + |
+
fw_instance_id + |
+No + |
+String + |
+Firewall ID, which can be obtained by referring to Obtaining a Firewall ID. + |
+
Parameter + |
+Mandatory + |
+Type + |
+Description + |
+
|---|---|---|---|
X-Auth-Token + |
+Yes + |
+String + |
+User token. You can obtain the token by referring to Obtaining a User Token. + |
+
Content-Type + |
+Yes + |
+String + |
+Content type. It can only be set to application/json. + |
+
Status code: 200
+ +Parameter + |
+Type + |
+Description + |
+
|---|---|---|
data + |
+data object + |
+Return value for querying the blacklist/whitelist. + |
+
Parameter + |
+Type + |
+Description + |
+
|---|---|---|
offset + |
+Integer + |
+Offset, which specifies the start position of the record to be returned. The value must be a number no less than 0. The default value is 0. + |
+
limit + |
+Integer + |
+Number of records displayed on each page. The value ranges from 1 to 1024. + |
+
total + |
+Integer + |
+Query the total number of blacklist/whitelist records. + |
+
records + |
+Array of records objects + |
+Blacklist/Whitelist. + |
+
Parameter + |
+Type + |
+Description + |
+
|---|---|---|
list_id + |
+String + |
+Blacklist/Whitelist ID. + |
+
direction + |
+Integer + |
+Direction of a blacklist/whitelist address: 0 (source address), 1 (destination address). + |
+
address_type + |
+Integer + |
+IP address type: 0 (IPv4), 1 (IPv6). + |
+
address + |
+String + |
+IP address + |
+
protocol + |
+Integer + |
+Protocol type: 6 (TCP), 17 (UDP), 1 (ICMP), 58 (ICMPv6), or -1 (any). It cannot be left blank when type is set to 0 (manual), and can be left blank when type is set to 1 (automatic). + |
+
port + |
+String + |
+Port + |
+
description + |
+String + |
+Description. + |
+
Status code: 400
+ +Parameter + |
+Type + |
+Description + |
+
|---|---|---|
error_code + |
+String + |
+Error code. + |
+
error_msg + |
+String + |
+Error description. + |
+
Query five whitelist records on the first page of object cfebd347-b655-4b84-b938-3c54317599b2 in project 9d80d070b6d44942af73c9c3d38e0429.
+https://{Endpoint}/v1/9d80d070b6d44942af73c9c3d38e0429/black-white-lists?object_id=cfebd347-b655-4b84-b938-3c54317599b2&limit=10&offset=0&list_type=5
+Status code: 200
+Return value of a blacklist or whitelist query.
+{
+ "data" : {
+ "limit" : 10,
+ "offset" : 0,
+ "records" : [ {
+ "address" : "1.1.1.1",
+ "address_type" : 0,
+ "description" : "",
+ "direction" : 0,
+ "list_id" : "1310d401-daf5-44f2-8276-f79e1643984d",
+ "protocol" : 6
+ } ],
+ "total" : 1
+ }
+}
+Status code: 400
+Bad Request
+{
+ "error_code" : "CFW.0020016",
+ "error_msg" : "Incorrect instance status."
+}
+Status Code + |
+Description + |
+
|---|---|
200 + |
+Return value of a blacklist or whitelist query. + |
+
400 + |
+Bad Request + |
+
401 + |
+Unauthorized + |
+
403 + |
+Forbidden + |
+
404 + |
+Not Found + |
+
500 + |
+Internal Server Error + |
+
See Error Codes.
+This API is used to query the DNS server list.
+GET /v1/{project_id}/dns/servers
+ +Parameter + |
+Mandatory + |
+Type + |
+Description + |
+
|---|---|---|---|
project_id + |
+Yes + |
+String + |
+Project ID, which can be obtained by calling an API or from the console. For details, see Obtaining a Project ID. + |
+
Parameter + |
+Mandatory + |
+Type + |
+Description + |
+
|---|---|---|---|
limit + |
+No + |
+Integer + |
+Number of records displayed on each page. The value ranges from 1 to 1024. + |
+
offset + |
+No + |
+Integer + |
+Offset, which specifies the start position of the record to be returned. The value must be a number no less than 0. The default value is 0. + |
+
fw_instance_id + |
+No + |
+String + |
+Firewall ID, which can be obtained by referring to Obtaining a Firewall ID. + |
+
enterprise_project_id + |
+No + |
+String + |
+Enterprise project ID, which is the ID of a project planned based on organizations. You can obtain the enterprise project ID by referring to Obtaining an Enterprise Project ID. If the enterprise project function is not enabled, the value is 0. + |
+
Parameter + |
+Mandatory + |
+Type + |
+Description + |
+
|---|---|---|---|
X-Auth-Token + |
+Yes + |
+String + |
+User token. You can obtain the token by referring to Obtaining a User Token. + |
+
Content-Type + |
+Yes + |
+String + |
+Content type. It can only be set to application/json. + |
+
Status code: 200
+ +Parameter + |
+Type + |
+Description + |
+
|---|---|---|
data + |
+Array of DnsServersResponseDTO objects + |
+DNS server list. + |
+
total + |
+Integer + |
+Total number of DNS servers. + |
+
Parameter + |
+Type + |
+Description + |
+
|---|---|---|
id + |
+Integer + |
+Domain name server ID. + |
+
is_applied + |
+Integer + |
+Whether the DNS server is applied: 0 (no), 1 (yes). + |
+
is_customized + |
+Integer + |
+Whether the DNS server is user-defined: 0 (no), 1 (yes). + |
+
server_ip + |
+String + |
+DNS server IP address. + |
+
health_check_domain_name + |
+String + |
+Health check domain name. + |
+
Obtain the DNS server list of project 2349ba469daf4b7daf268bb0261d18b0.
+https://{Endpoint}/v1/2349ba469daf4b7daf268bb0261d18b0/dns/servers?fw_instance_id=80e0f2df-24fd-49c2-8398-11f9a0299b3e
+Status code: 200
+Response to the request for obtaining DNS servers.
+{
+ "data" : [ {
+ "health_check_domain_name" : "sslstatic.xiaoyusan.com",
+ "id" : 20165,
+ "is_applied" : 0,
+ "is_customized" : 1,
+ "server_ip" : "0.0.0.0"
+ }, {
+ "health_check_domain_name" : "sslstatic.xiaoyusan.com",
+ "id" : 14190,
+ "is_applied" : 1,
+ "is_customized" : 0,
+ "server_ip" : "100.79.1.240"
+ } ],
+ "total" : 2
+}
+Status Code + |
+Description + |
+
|---|---|
200 + |
+Response to the request for obtaining DNS servers. + |
+
401 + |
+Unauthorized + |
+
403 + |
+Forbidden + |
+
404 + |
+Not Found + |
+
500 + |
+Internal Server Error + |
+
See Error Codes.
+This API is used to check the validity of a domain name.
+GET /v1/{project_id}/domain/parse/{domain_name}
+ +Parameter + |
+Mandatory + |
+Type + |
+Description + |
+
|---|---|---|---|
project_id + |
+Yes + |
+String + |
+Project ID, which can be obtained by calling an API or from the console. For details, see Obtaining a Project ID. + |
+
domain_name + |
+Yes + |
+String + |
+Domain name, for example, www.test.com. + |
+
Parameter + |
+Mandatory + |
+Type + |
+Description + |
+
|---|---|---|---|
enterprise_project_id + |
+No + |
+String + |
+Enterprise project ID, which is the ID of a project planned based on organizations. You can obtain the enterprise project ID by referring to Obtaining an Enterprise Project ID. If the enterprise project function is not enabled, the value is 0. + |
+
fw_instance_id + |
+No + |
+String + |
+Firewall ID, which can be obtained by referring to Obtaining a Firewall ID. + |
+
address_type + |
+No + |
+Integer + |
+Address type: 0 (IPv4), 1 (IPv6). + |
+
Parameter + |
+Mandatory + |
+Type + |
+Description + |
+
|---|---|---|---|
X-Auth-Token + |
+Yes + |
+String + |
+User token. You can obtain the token by referring to Obtaining a User Token. + |
+
Content-Type + |
+Yes + |
+String + |
+Content type. It can only be set to application/json. + |
+
Status code: 200
+ +Parameter + |
+Type + |
+Description + |
+
|---|---|---|
data + |
+Array of strings + |
+IP address list for domain name resolution. + |
+
Status code: 400
+ +Parameter + |
+Type + |
+Description + |
+
|---|---|---|
error_code + |
+String + |
+Error code. + |
+
error_msg + |
+String + |
+Error description. + |
+
Check whether the domain name ceshi.com of project 5c69cf330cda42369cbd726ee1bc5e76 is valid.
+https://{Endpoint}/v1/5c69cf330cda42369cbd726ee1bc5e76/domain/parse/ceshi.com
+Status code: 200
+Return value for querying domain name validity.
+{
+ "data" : [ "192.168.88.85", "192.168.88.50", "192.168.88.22", "192.168.88.87", "192.168.88.86", "192.168.5.1", "192.168.88.88", "192.168.88.90", "192.168.88.83", "192.168.88.84" ]
+}
+Status code: 400
+Bad Request
+{
+ "error_code" : "CFW.00109004",
+ "error_msg" : "HTTP request error."
+}
+Status Code + |
+Description + |
+
|---|---|
200 + |
+Return value for querying domain name validity. + |
+
400 + |
+Bad Request + |
+
401 + |
+Unauthorized + |
+
403 + |
+Forbidden + |
+
404 + |
+Not Found + |
+
500 + |
+Internal Server Error + |
+
See Error Codes.
+This API is used to query the domain name group list.
+GET /v1/{project_id}/domain-sets
+ +Parameter + |
+Mandatory + |
+Type + |
+Description + |
+
|---|---|---|---|
project_id + |
+Yes + |
+String + |
+Project ID, which can be obtained by calling an API or from the console. For details, see Obtaining a Project ID. + |
+
Parameter + |
+Mandatory + |
+Type + |
+Description + |
+
|---|---|---|---|
enterprise_project_id + |
+No + |
+String + |
+Enterprise project ID, which is the ID of a project planned based on organizations. You can obtain the enterprise project ID by referring to Obtaining an Enterprise Project ID. If the enterprise project function is not enabled, the value is 0. + |
+
fw_instance_id + |
+Yes + |
+String + |
+Firewall ID, which can be obtained by referring to Obtaining a Firewall ID. + |
+
limit + |
+Yes + |
+Integer + |
+Number of records displayed on each page. The value ranges from 1 to 1024. + |
+
offset + |
+Yes + |
+Integer + |
+Offset, which specifies the start position of the record to be returned. The value must be a number no less than 0. The default value is 0. + |
+
object_id + |
+Yes + |
+String + |
+Protected object ID, which is used to distinguish between Internet border protection and VPC border protection after a cloud firewall is created. You can obtain the ID by calling the API for querying firewall instances. In the return value, find the ID in data.records.protect_objects.object_id (The period [.] is used to separate different levels of objects). If the value of type is 0, the protected object ID belongs to the Internet border. If the value of type is 1, the protected object ID belongs to the VPC border. You can obtain the value of type from data.records.protect_objects.type (The period [.] is used to separate different levels of objects). + |
+
key_word + |
+No + |
+String + |
+Keyword, which can be the domain name group name or description. + |
+
domain_set_type + |
+No + |
+Integer + |
+Domain name group typ: 0 (application domain name group), 1 (network domain name group). + |
+
config_status + |
+No + |
+Integer + |
+Configuration status: -1 (unconfigured), 0 (configuration failed), 1 (configuration succeeded), 2 (configuring), 3 (normal), or 4 (abnormal). + |
+
Parameter + |
+Mandatory + |
+Type + |
+Description + |
+
|---|---|---|---|
X-Auth-Token + |
+Yes + |
+String + |
+User token. You can obtain the token by referring to Obtaining a User Token. + |
+
Content-Type + |
+Yes + |
+String + |
+Content type. It can only be set to application/json. + |
+
Status code: 200
+ +Parameter + |
+Type + |
+Description + |
+
|---|---|---|
data + |
+ListDomainsetsResponseData object + |
+Returned data for querying the domain name group list. + |
+
Parameter + |
+Type + |
+Description + |
+
|---|---|---|
limit + |
+Integer + |
+Number of records displayed on each page. The value ranges from 1 to 1024. + |
+
offset + |
+Integer + |
+Offset, which specifies the start position of the record to be returned. The value must be a number no less than 0. The default value is 0. + |
+
total + |
+Integer + |
+Total number of domain name groups. + |
+
records + |
+Array of DomainSetVo objects + |
+Domain name group list. + |
+
Parameter + |
+Type + |
+Description + |
+
|---|---|---|
set_id + |
+String + |
+Domain name group ID. + |
+
name + |
+String + |
+Domain name group name. + |
+
description + |
+String + |
+Domain name group description. + |
+
ref_count + |
+Integer + |
+Number of times a domain name group is referenced by rules. + |
+
domain_set_type + |
+Integer + |
+Domain name group typ: 0 (application domain name group), 1 (network domain name group). + |
+
config_status + |
+Integer + |
+Configuration status: -1 (unconfigured), 0 (configuration failed), 1 (configuration succeeded), 2 (configuring), 3 (normal), or 4 (abnormal). + |
+
rules + |
+Array of UseRuleVO objects + |
+Used rule ID list. + |
+
Query the domain name group list of firewall 546af3f8-88e9-47f2-a205-2346d7090925 in project 9d80d070b6d44942af73c9c3d38e0429. The protected object ID is ae42418e-f077-41a0-9d3b-5b2f5ad9102b.
+https://{Endpoint}/v1/9d80d070b6d44942af73c9c3d38e0429/domain-sets?fw_instance_id=546af3f8-88e9-47f2-a205-2346d7090925&enterprise_project_id=default&limit=50&offset=0&object_id=ae42418e-f077-41a0-9d3b-5b2f5ad9102b
+Status code: 200
+Return value for querying the domain name group list.
+{
+ "data" : {
+ "limit" : 50,
+ "offset" : 0,
+ "records" : [ {
+ "config_status" : 3,
+ "description" : "",
+ "domain_set_type" : 0,
+ "name" : "ccdd",
+ "ref_count" : 0,
+ "rules" : [ ],
+ "set_id" : "e43db369-a863-45ed-8850-58d6b571b1ab"
+ } ],
+ "total" : 1
+ }
+}
+Status Code + |
+Description + |
+
|---|---|
200 + |
+Return value for querying the domain name group list. + |
+
See Error Codes.
+This API is used to obtain the list of domain names in a domain name group.
+GET /v1/{project_id}/domain-set/domains/{domain_set_id}
+ +Parameter + |
+Mandatory + |
+Type + |
+Description + |
+
|---|---|---|---|
project_id + |
+Yes + |
+String + |
+Project ID, which can be obtained by calling an API or from the console. For details, see Obtaining a Project ID. + |
+
domain_set_id + |
+Yes + |
+String + |
+Domain name group ID, which can be obtained by calling the API for querying the domain name group list. Find the value in data.records.set_id (The period [.] is used to separate different levels of objects). + |
+
Parameter + |
+Mandatory + |
+Type + |
+Description + |
+
|---|---|---|---|
enterprise_project_id + |
+No + |
+String + |
+Enterprise project ID, which is the ID of a project planned based on organizations. You can obtain the enterprise project ID by referring to Obtaining an Enterprise Project ID. If the enterprise project function is not enabled, the value is 0. + |
+
fw_instance_id + |
+Yes + |
+String + |
+Firewall ID, which can be obtained by referring to Obtaining a Firewall ID. + |
+
limit + |
+Yes + |
+Integer + |
+Number of records displayed on each page. The value ranges from 1 to 1024. + |
+
offset + |
+Yes + |
+Integer + |
+Offset, which specifies the start position of the record to be returned. The value must be a number no less than 0. The default value is 0. + |
+
domain_name + |
+No + |
+String + |
+Domain name, for example, www.test.com. + |
+
object_Id + |
+No + |
+String + |
+Protected object ID, which is used to distinguish between Internet border protection and VPC border protection after a cloud firewall is created. You can obtain the ID by calling the API for querying firewall instances. In the return value, find the ID in data.records.protect_objects.object_id (The period [.] is used to separate different levels of objects). If the value of type is 0, the protected object ID belongs to the Internet border. If the value of type is 1, the protected object ID belongs to the VPC border. You can obtain the value of type from data.records.protect_objects.type (The period [.] is used to separate different levels of objects). + |
+
Parameter + |
+Mandatory + |
+Type + |
+Description + |
+
|---|---|---|---|
X-Auth-Token + |
+Yes + |
+String + |
+User token. You can obtain the token by referring to Obtaining a User Token. + |
+
Content-Type + |
+Yes + |
+String + |
+Content type. It can only be set to application/json. + |
+
Status code: 200
+ +Parameter + |
+Type + |
+Description + |
+
|---|---|---|
data + |
+ListDomainResponseData object + |
+Returned data for querying the domain name list. + |
+
Parameter + |
+Type + |
+Description + |
+
|---|---|---|
limit + |
+Integer + |
+Number of records displayed on each page. The value ranges from 1 to 1024. + |
+
offset + |
+Integer + |
+Offset, which specifies the start position of the record to be returned. The value must be a number no less than 0. The default value is 0. + |
+
project_id + |
+String + |
+Project ID. + |
+
records + |
+Array of DomainInfo objects + |
+Domain name information list. + |
+
set_id + |
+String + |
+Domain name group ID. + |
+
total + |
+Integer + |
+Total number of domain names. + |
+
Query the domain name list of project 14181c1245cf4fd786824efe1e2b9388. The domain name group ID is 78719348-6d79-477e-acec-676a29842ab2, and the firewall ID is 546af3f8-88e9-47f2-a205-2346d7090925.
+https://{Endpoint}/v1/14181c1245cf4fd786824efe1e2b9388/domain-set/domains/78719348-6d79-477e-acec-676a29842ab2?fw_instance_id=546af3f8-88e9-47f2-a205-2346d7090925&enterprise_project_id=default&limit=200&offset=0
+Status code: 200
+Return value for querying the domain name list.
+{
+ "data" : {
+ "limit" : 200,
+ "offset" : 0,
+ "project_id" : "14181c1245cf4fd786824efe1e2b9388",
+ "records" : [ {
+ "description" : "",
+ "domain_address_id" : "6718279e-9761-4623-a48d-b16957b19e1b",
+ "domain_name" : "www.test.com"
+ } ],
+ "set_id" : "78719348-6d79-477e-acec-676a29842ab2",
+ "total" : 1
+ }
+}
+Status Code + |
+Description + |
+
|---|---|
200 + |
+Return value for querying the domain name list. + |
+
See Error Codes.
+This API is used to obtain east-west firewall information.
+GET /v1/{project_id}/firewall/east-west
+ +Parameter + |
+Mandatory + |
+Type + |
+Description + |
+
|---|---|---|---|
project_id + |
+Yes + |
+String + |
+Project ID, which can be obtained by calling an API or from the console. For details, see Obtaining a Project ID. + |
+
Parameter + |
+Mandatory + |
+Type + |
+Description + |
+
|---|---|---|---|
limit + |
+Yes + |
+Integer + |
+Number of records displayed on each page. The value ranges from 1 to 1024. + |
+
offset + |
+Yes + |
+Integer + |
+Offset, which specifies the start position of the record to be returned. The value must be a number no less than 0. The default value is 0. + |
+
enterprise_project_id + |
+No + |
+String + |
+Enterprise project ID, which is the ID of a project planned based on organizations. You can obtain the enterprise project ID by referring to Obtaining an Enterprise Project ID. If the enterprise project function is not enabled, the value is 0. + |
+
fw_instance_id + |
+Yes + |
+String + |
+Firewall ID, which can be obtained by referring to Obtaining a Firewall ID. + |
+
Parameter + |
+Mandatory + |
+Type + |
+Description + |
+
|---|---|---|---|
X-Auth-Token + |
+Yes + |
+String + |
+User token. You can obtain the token by referring to Obtaining a User Token. + |
+
Content-Type + |
+Yes + |
+String + |
+Content type. It can only be set to application/json. + |
+
Status code: 200
+ +Parameter + |
+Type + |
+Description + |
+
|---|---|---|
data + |
++ | +Returned data for obtaining the east-west firewall list. + |
+
Parameter + |
+Type + |
+Description + |
+
|---|---|---|
object_id + |
+String + |
+Protected object ID, which is used to distinguish between Internet border protection and VPC border protection after a cloud firewall is created. You can obtain the ID by calling the API for querying firewall instances. In the return value, find the ID in data.records.protect_objects.object_id (The period [.] is used to separate different levels of objects). If the value of type is 0, the protected object ID belongs to the Internet border. If the value of type is 1, the protected object ID belongs to the VPC border. Here, a protected object ID whose type is 1 is used. You can obtain the value of type from data.records.protect_objects.type (The period [.] is used to separate different levels of objects). + |
+
project_id + |
+String + |
+Project ID, which can be obtained by calling an API or from the console. For details, see Obtaining a Project ID. + |
+
status + |
+Integer + |
+Protection status: 0 (enabled), 1 (disabled). + |
+
er_associated_subnet + |
+SubnetInfo object + |
+Information about the subnet associated with an enterprise router. + |
+
firewall_associated_subnets + |
+Array of SubnetInfo objects + |
+Information about the subnet associated with a cloud firewall. + |
+
er + |
+ErInstance object + |
+Information about the associated enterprise router in the outbound direction. + |
+
inspection_vpc + |
+VpcDetail object + |
+Information about the traffic diversion VPC. + |
+
protect_infos + |
+Array of EwProtectResourceInfo objects + |
+East-west protected resource information. + |
+
total + |
+Integer + |
+Total number of protected VPCs. + |
+
offset + |
+Integer + |
+Offset, which specifies the start position of the record to be returned. The value must be a number no less than 0. The default value is 0. + |
+
limit + |
+Integer + |
+Number of records displayed on each page. The value ranges from 1 to 1024. + |
+
mode + |
+String + |
+Protection mode. Its value is er. + |
+
Parameter + |
+Type + |
+Description + |
+
|---|---|---|
availability_zone + |
+String + |
+ID of the AZ where a subnet is located, which is obtained from an endpoint. + |
+
cidr + |
+String + |
+Available IP address ranges for subnets in a VPC. +Value ranges: +10.0.0.0/8-24 +172.16.0.0/12-24 +192.168.0.0/16-24 +If cidr is not specified, it is left blank by default. +The value must be in CIDR format, for example, 192.168.0.0/16. + |
+
name + |
+String + |
+Subnet name. + |
+
id + |
+String + |
+Subnet ID. + |
+
gateway_ip + |
+String + |
+Subnet gateway. The value is the IP address in the subnet CIDR block cidr. + |
+
vpc_id + |
+String + |
+UUID generated when a VPC is created. + |
+
ipv6_enable + |
+Boolean + |
+Whether IPv6 is supported: true (yes), false (no). + |
+
Parameter + |
+Type + |
+Description + |
+
|---|---|---|
id + |
+String + |
+Enterprise router ID, which is generated when an enterprise router is created. + |
+
name + |
+String + |
+Enterprise router name. + |
+
state + |
+String + |
+Enterprise router status: pending, available, modifying, deleting, or failed. + |
+
enterprise_project_id + |
+String + |
+Enterprise project ID, which is the ID of a project planned based on organizations. You can obtain the enterprise project ID by referring to Obtaining an Enterprise Project ID. If the enterprise project function is not enabled, the value is 0. + |
+
project_id + |
+String + |
+Project ID, which can be obtained by calling an API or from the console. For details, see Obtaining a Project ID. + |
+
enable_ipv6 + |
+String + |
+Whether to enable IPv6: true (yes), false (no). + |
+
attachment_id + |
+String + |
+Connection ID of an enterprise router. This connection is used to connect the firewall and the enterprise router. This field can be used to obtain the connection details on the connection management page after querying a specified enterprise router by its ID on the Enterprise Router page. + |
+
Parameter + |
+Type + |
+Description + |
+
|---|---|---|
id + |
+String + |
+Random UUID generated when a traffic diversion VPC is created. + |
+
name + |
+String + |
+Traffic diversion VPC name. + |
+
cidr + |
+String + |
+Available subnet ranges in a VPC. Value ranges: 10.0.0.0/8-24; 172.16.0.0/12-24; and 192.168.0.0/16-24. If cidr is not specified, it is left blank by default. Constraint: The value must be in CIDR format, for example, 192.168.0.0/16. + |
+
Parameter + |
+Type + |
+Description + |
+
|---|---|---|
protected_resource_type + |
+Integer + |
+Protected resource type: 0 (VPC), 1 (VGW), 2 (VPN), or 3 (peering). + |
+
protected_resource_name + |
+String + |
+Protected resource name. + |
+
protected_resource_id + |
+String + |
+Protected resource ID. + |
+
protected_resource_nat_name + |
+String + |
+Name of the NAT gateway to be protected. The professional edition supports NAT rules. + |
+
protected_resource_nat_id + |
+String + |
+ID of the NAT gateway to be protected. The professional edition supports NAT rules. + |
+
protected_resource_project_id + |
+String + |
+Tenant ID of a protected resource. The firewall supports cross-account protection. + |
+
protected_resource_mode + |
+String + |
+Protected resource mode. Its value is er. + |
+
status + |
+Integer + |
+Protection status of a protected resource: 0 (associated), 1 (not associated). + |
+
Status code: 500
+ +Parameter + |
+Type + |
+Description + |
+
|---|---|---|
error_code + |
+String + |
+Error code. + |
+
error_msg + |
+String + |
+Error description. + |
+
Obtain information about the east-west firewall 80e0f2df-24fd-49c2-8398-11f9a0299b3e whose project ID is 09bb24e6f280d23d0f9fc0104b901480.
+https://{Endpoint}/v1/09bb24e6f280d23d0f9fc0104b901480/firewall/east-west?limit=10&offset=0&fw_instance_id=80e0f2df-24fd-49c2-8398-11f9a0299b3e
+Status code: 200
+Response to the request for querying east-west firewall information.
+{
+ "data" : {
+ "er" : {
+ "id" : "9635a8c7-6274-4e23-836c-7f3061894fd7",
+ "name" : "er-cfw-test",
+ "project_id" : "97f6e66273e54d9d9c7085f5867d3763",
+ "attachment_id" : "1e3de6a0-19f7-49d1-a22d-4b1f673d3fdc"
+ },
+ "inspection_vpc" : {
+ "cidr" : "192.168.0.0/16",
+ "id" : "7e8236be-b92d-4288-8731-9333f2327881",
+ "name" : "inspection-vpc"
+ },
+ "limit" : 50,
+ "mode" : "er",
+ "object_id" : "8fe69c3a-14fc-4704-af85-d03e7db8a7d6",
+ "offset" : 0,
+ "project_id" : "97f6e66273e54d9d9c7085f5867d3763",
+ "protect_infos" : [ {
+ "protected_resource_id" : "0cdd4aca-58d7-4a3f-bb8a-d63cc759ab14",
+ "protected_resource_mode" : "er",
+ "protected_resource_name" : "vpc-cfw-ecs-test2",
+ "protected_resource_project_id" : "97f6e66273e54d9d9c7085f5867d3763",
+ "protected_resource_type" : 0,
+ "status" : 0
+ }, {
+ "protected_resource_id" : "e789e945-f488-44ec-a174-06928ef51b2a",
+ "protected_resource_mode" : "er",
+ "protected_resource_name" : "vpc-cfw-ecs-test1",
+ "protected_resource_project_id" : "97f6e66273e54d9d9c7085f5867d3763",
+ "protected_resource_type" : 0,
+ "status" : 0
+ }, {
+ "protected_resource_id" : "00562b6a-a2df-4fff-94cf-653ca303a7c9",
+ "protected_resource_mode" : "er",
+ "protected_resource_name" : "network-squad-TB",
+ "protected_resource_project_id" : "97f6e66273e54d9d9c7085f5867d3763",
+ "protected_resource_type" : 0,
+ "status" : 1
+ }, {
+ "protected_resource_id" : "1bac94ce-c3dc-4973-811e-64efad48c754",
+ "protected_resource_mode" : "er",
+ "protected_resource_name" : "rf_teststack_vpc",
+ "protected_resource_project_id" : "97f6e66273e54d9d9c7085f5867d3763",
+ "protected_resource_type" : 0,
+ "status" : 1
+ } ],
+ "status" : 0,
+ "total" : 2
+ }
+}
+Status Code + |
+Description + |
+
|---|---|
200 + |
+Response to the request for querying east-west firewall information. + |
+
400 + |
+Bad Request + |
+
401 + |
+Unauthorized + |
+
403 + |
+Forbidden + |
+
404 + |
+Not Found + |
+
500 + |
+Internal Server Error + |
+
See Error Codes.
+This API is used to query the number of EIPs.
+GET /v1/{project_id}/eip-count/{object_id}
+ +Parameter + |
+Mandatory + |
+Type + |
+Description + |
+
|---|---|---|---|
project_id + |
+Yes + |
+String + |
+Project ID, which can be obtained by calling an API or from the console. For details, see Obtaining a Project ID. + |
+
object_id + |
+Yes + |
+String + |
+Protected object ID, which is used to distinguish between Internet border protection and VPC border protection after a cloud firewall is created. You can obtain the ID by calling the API for querying firewall instances. In the return value, find the ID in data.records.protect_objects.object_id (The period [.] is used to separate different levels of objects). If the value of type is 0, the protected object ID belongs to the Internet border. If the value of type is 1, the protected object ID belongs to the VPC border. Here, a protected object ID whose type is 0 is used. You can obtain the value of type from data.records.protect_objects.type (The period [.] is used to separate different levels of objects). + |
+
Parameter + |
+Mandatory + |
+Type + |
+Description + |
+
|---|---|---|---|
enterprise_project_id + |
+No + |
+String + |
+Enterprise project ID, which is the ID of a project planned based on organizations. You can obtain the enterprise project ID by referring to Obtaining an Enterprise Project ID. If the enterprise project function is not enabled, the value is 0. + |
+
fw_instance_id + |
+No + |
+String + |
+Firewall ID, which can be obtained by referring to Obtaining a Firewall ID. + |
+
Parameter + |
+Mandatory + |
+Type + |
+Description + |
+
|---|---|---|---|
X-Auth-Token + |
+Yes + |
+String + |
+User token. You can obtain the token by referring to Obtaining a User Token. + |
+
Content-Type + |
+Yes + |
+String + |
+Content type. It can only be set to application/json. + |
+
Status code: 200
+ +Parameter + |
+Type + |
+Description + |
+
|---|---|---|
data + |
+EipCountRespData object + |
+EIP count. + |
+
Parameter + |
+Type + |
+Description + |
+
|---|---|---|
eip_total + |
+Integer + |
+Total number of EIPs. + |
+
eip_protected + |
+Integer + |
+Total number of EIPs protected by all firewalls under the account. + |
+
eip_protected_self + |
+Integer + |
+Number of EIPs protected by the current firewall. + |
+
Status code: 400
+ +Parameter + |
+Type + |
+Description + |
+
|---|---|---|
error_code + |
+String + |
+Error code. + |
+
error_msg + |
+String + |
+Error description. + |
+
Query the number of EIPs whose project ID is 9d80d070b6d44942af73c9c3d38e0429 and protected object ID is cfebd347-b655-4b84-b938-3c54317599b2.
+https://{Endpoint}/v1/9d80d070b6d44942af73c9c3d38e0429/eip-count/cfebd347-b655-4b84-b938-3c54317599b2
+Status code: 200
+OK
+{
+ "data" : {
+ "eip_protected" : 1,
+ "eip_protected_self" : 4,
+ "eip_total" : 5,
+ "object_id" : ""
+ }
+}
+Status code: 400
+Bad Request
+{
+ "error_code" : "CFW.00200005",
+ "error_msg" : "Object not found."
+}
+Status Code + |
+Description + |
+
|---|---|
200 + |
+OK + |
+
400 + |
+Bad Request + |
+
401 + |
+Unauthorized + |
+
403 + |
+Forbidden + |
+
404 + |
+Not Found + |
+
500 + |
+Internal Server Error + |
+
See Error Codes.
+This API is used to query the EIP list.
+GET /v1/{project_id}/eips/protect
+ +Parameter + |
+Mandatory + |
+Type + |
+Description + |
+
|---|---|---|---|
project_id + |
+Yes + |
+String + |
+Project ID, which can be obtained by calling an API or from the console. For details, see Obtaining a Project ID. + |
+
Parameter + |
+Mandatory + |
+Type + |
+Description + |
+
|---|---|---|---|
object_id + |
+Yes + |
+String + |
+Protected object ID, which is used to distinguish between Internet border protection and VPC border protection after a cloud firewall is created. You can obtain the ID by calling the API for querying firewall instances. In the return value, find the ID in data.records.protect_objects.object_id (The period [.] is used to separate different levels of objects). If the value of type is 0, the protected object ID belongs to the Internet border. If the value of type is 1, the protected object ID belongs to the VPC border. Here, a protected object ID whose type is 0 is used. You can obtain the value of type from data.records.protect_objects.type (The period [.] is used to separate different levels of objects). + |
+
key_word + |
+No + |
+String + |
+Keyword for querying the protected EIP list. You can set an EIP ID or an EIP. + |
+
status + |
+No + |
+String + |
+Protection status: null (all), 0 (enabled), or 1 (disabled). + |
+
sync + |
+No + |
+Integer + |
+Whether to synchronize tenant EIP data: 0 (no), 1 (yes) + |
+
limit + |
+Yes + |
+Integer + |
+Number of records displayed on each page. The value ranges from 1 to 1024. + |
+
offset + |
+Yes + |
+Integer + |
+Offset, which specifies the start position of the record to be returned. The value must be a number no less than 0. The default value is 0. + |
+
enterprise_project_id + |
+No + |
+String + |
+Enterprise project ID, which is the ID of a project planned based on organizations. You can obtain the enterprise project ID by referring to Obtaining an Enterprise Project ID. If the enterprise project function is not enabled, the value is 0. + |
+
device_key + |
+No + |
+String + |
+Device keyword, which is the name or ID of the asset bound to an EIP. + |
+
address_type + |
+No + |
+Integer + |
+Address type: 0 (IPv4), 1 (IPv6). + |
+
fw_instance_id + |
+No + |
+String + |
+Firewall ID, which can be obtained by referring to Obtaining a Firewall ID. + |
+
fw_key_word + |
+No + |
+String + |
+Firewall keyword, which can be queried based on the firewall ID or name. For details, see Obtaining a Firewall ID. + |
+
eps_id + |
+No + |
+String + |
+Enterprise project ID of the EIP, which can be obtained by referring to Obtaining an Enterprise Project ID. If the enterprise project function is not enabled, the value is 0. + |
+
tags + |
+No + |
+String + |
+You can obtain the tag list by querying it on the EIP console. + |
+
Parameter + |
+Mandatory + |
+Type + |
+Description + |
+
|---|---|---|---|
X-Auth-Token + |
+Yes + |
+String + |
+User token. You can obtain the token by referring to Obtaining a User Token. + |
+
Content-Type + |
+Yes + |
+String + |
+Content type. It can only be set to application/json. + |
+
Status code: 200
+ +Parameter + |
+Type + |
+Description + |
+
|---|---|---|
data + |
+EipResponseData object + |
+Returned data for querying an EIP. + |
+
Parameter + |
+Type + |
+Description + |
+
|---|---|---|
limit + |
+Integer + |
+Number of records displayed on each page. The value ranges from 1 to 1024. + |
+
offset + |
+Integer + |
+Offset, which specifies the start position of the record to be returned. The value must be a number no less than 0. The default value is 0. + |
+
total + |
+Integer + |
+Query the total number of EIPs. + |
+
records + |
+Array of EipResource objects + |
+EIP resource record. + |
+
Parameter + |
+Type + |
+Description + |
+
|---|---|---|
id + |
+String + |
+EIP ID. + |
+
public_ip + |
+String + |
+EIP. + |
+
status + |
+Integer + |
+EIP protection status: 0 (protected), 1 (unprotected). + |
+
public_ipv6 + |
+String + |
+EIP (IPv6). + |
+
enterprise_project_id + |
+String + |
+Enterprise project ID of the account that the EIP belongs to. + |
+
device_id + |
+String + |
+ID of the device (such as ECS and NAT) bound to the EIP. + |
+
device_name + |
+String + |
+Name of the device (such as ECS and NAT) bound to the EIP + |
+
device_owner + |
+String + |
+Owner of the device (such as ECS and NAT) bound to the EIP. + |
+
associate_instance_type + |
+String + |
+Type of the associated instance: NATGW, ELB, or PORT. + |
+
fw_instance_name + |
+String + |
+Firewall name. + |
+
fw_instance_id + |
+String + |
+Firewall instance ID, which is automatically generated after a CFW instance is created. You can obtain the ID by calling the API for querying a firewall instance. + |
+
fw_enterprise_project_id + |
+String + |
+Enterprise project ID of the firewall bound to the EIP. + |
+
object_id + |
+String + |
+Protected object ID, which is used to distinguish between Internet border protection and VPC border protection after a cloud firewall is created. You can obtain the ID by calling the API for querying firewall instances. In the return value, find the ID in data.records.protect_objects.object_id (The period [.] is used to separate different levels of objects). If the value of type is 0, the protected object ID belongs to the Internet border. If the value of type is 1, the protected object ID belongs to the VPC border. Here, a protected object ID whose type is 0 is used. You can obtain the value of type from data.records.protect_objects.type (The period [.] is used to separate different levels of objects). + |
+
tags + |
+String + |
+Tag list. + |
+
domain_id + |
+String + |
+ID of the user that an EIP belongs to. You can obtain the ID by referring to Obtaining Information About Account, IAM User, Group, Project, Region, and Agency. + |
+
fw_domain_id + |
+String + |
+User that a firewall belongs to. You can obtain it by referring to Obtaining Information About Account, IAM User, Group, Project, Region, and Agency. + |
+
Status code: 400
+ +Parameter + |
+Type + |
+Description + |
+
|---|---|---|
error_code + |
+String + |
+Error code. + |
+
error_msg + |
+String + |
+Error description. + |
+
Query the existing data, without updating it through synchronization, on the first page of protected object cfebd347-b655-4b84-b938-3c54317599b2 in project 9d80d070b6d44942af73c9c3d38e0429.
+https://{Endpoint}/v1/9d80d070b6d44942af73c9c3d38e0429/eips/protect?object_id=cfebd347-b655-4b84-b938-3c54317599b2&limit=10&offset=0&sync=0
+Status code: 200
+Return value for querying EIP data.
+{
+ "data" : {
+ "limit" : 200,
+ "offset" : 0,
+ "records" : [ {
+ "associate_instance_type" : "PORT",
+ "device_id" : "c87579ab-c76a-4afd-83ce-62e0f531f13e",
+ "device_name" : "test",
+ "device_owner" : "compute:test",
+ "domain_id" : "7d07807209524a4280266db9df63c4fa",
+ "enterprise_project_id" : "0",
+ "fw_domain_id" : "7d07807209524a4280266db9df63c4fa",
+ "fw_enterprise_project_id" : "default",
+ "fw_instance_id" : "546af3f8-88e9-47f2-a205-2346d7090925",
+ "fw_instance_name" : "test",
+ "id" : "465b34fe-e017-4831-a21c-9c6c753bb1f2",
+ "object_id" : "ae42418e-f077-41a0-9d3b-5b2f5ad9102b",
+ "public_ip" : "100.85.223.15",
+ "status" : 0,
+ "tags" : "combined_order_id=CBRCS23040615138M2KW912"
+ } ],
+ "total" : 1
+ }
+}
+Status code: 400
+Bad Request
+{
+ "error_code" : "CFW.00109004",
+ "error_msg" : "HTTP request error."
+}
+Status Code + |
+Description + |
+
|---|---|
200 + |
+Return value for querying EIP data. + |
+
400 + |
+Bad Request + |
+
401 + |
+Unauthorized + |
+
403 + |
+Forbidden + |
+
404 + |
+Not Found + |
+
500 + |
+Internal Server Error + |
+
See Error Codes.
+This API is used to query firewall instance details.
+GET /v1/{project_id}/firewall/exist
+ +Parameter + |
+Mandatory + |
+Type + |
+Description + |
+
|---|---|---|---|
project_id + |
+Yes + |
+String + |
+Project ID, which can be obtained by calling an API or from the console. For details, see Obtaining a Project ID. + |
+
Parameter + |
+Mandatory + |
+Type + |
+Description + |
+
|---|---|---|---|
offset + |
+Yes + |
+Integer + |
+Offset, which specifies the start position of the record to be returned. The value must be a number no less than 0. The default value is 0. + |
+
limit + |
+Yes + |
+Integer + |
+Number of records displayed on each page. The value ranges from 1 to 1024. + |
+
service_type + |
+Yes + |
+Integer + |
+Service type. Currently, only 0 (Internet protection) is supported. + |
+
enterprise_project_id + |
+No + |
+String + |
+Enterprise project ID, which is the ID of a project planned based on organizations. You can obtain the enterprise project ID by referring to Obtaining an Enterprise Project ID. If the enterprise project function is not enabled, the value is 0. + |
+
fw_instance_id + |
+No + |
+String + |
+Firewall instance ID, which is automatically generated by the system after a CFW is created. You can call the API for querying firewall instances. By default, if this parameter is left blank, information about the first firewall under the account is returned. If this parameter is specified, information about the corresponding firewall is returned. + |
+
name + |
+No + |
+String + |
+Firewall name. + |
+
Parameter + |
+Mandatory + |
+Type + |
+Description + |
+
|---|---|---|---|
X-Auth-Token + |
+Yes + |
+String + |
+User token. You can obtain the token by referring to Obtaining a User Token. + |
+
Content-Type + |
+Yes + |
+String + |
+Content type. It can only be set to application/json. + |
+
Status code: 200
+ +Parameter + |
+Type + |
+Description + |
+
|---|---|---|
data + |
+GetFirewallInstanceData object + |
+Query firewall instance data. + |
+
Parameter + |
+Type + |
+Description + |
+
|---|---|---|
limit + |
+Integer + |
+Number of records displayed on each page. The value ranges from 1 to 1024. + |
+
offset + |
+Integer + |
+Offset, which specifies the start position of the record to be returned. The value must be a number no less than 0. The default value is 0. + |
+
total + |
+Integer + |
+Total number of firewalls. + |
+
records + |
+Array of GetFirewallInstanceResponseRecord objects + |
+Query the firewall instance list. + |
+
Parameter + |
+Type + |
+Description + |
+
|---|---|---|
fw_instance_id + |
+String + |
+Firewall instance ID, which is automatically generated by the system after a CFW instance is created. You can call the API for querying firewall instances. By default, if fw_instance_Id is left blank, information about the first firewall under the account is returned. If fw_instance_Id is specified, the information about the firewall corresponding to fw_instance_Id is returned. + |
+
name + |
+String + |
+Firewall name. + |
+
ha_type + |
+Integer + |
+Cluster type: 0 (active/standby), 1 (cluster). In active/standby mode, there are four nodes. Two active nodes form a cluster, and the other two are the standby of the active nodes. In cluster mode, only two nodes are started to form a cluster. + |
+
charge_mode + |
+Integer + |
+Billing mode: 0 (yearly/monthly), 1 (pay-per-use). + |
+
service_type + |
+Integer + |
+Firewall protection type. Currently, its value can only be 0 (Internet protection). + |
+
engine_type + |
+Integer + |
+Engine type. Its value can only be 1 (Hillstone engine). + |
+
flavor + |
+Flavor object + |
+Firewall specifications. + |
+
protect_objects + |
+Array of ProtectObjectVO objects + |
+Protected object list. + |
+
status + |
+Integer + |
+Firewall status: -1 (waiting for payment), 0 (creating), 1 (deleting), 2 (running), 3 (upgrading), 4 (deleted), 5 (frozen), 6 (creation failed), 7 (deletion failed), 8 (freezing failed), or 9 (being stored), 10 (storage failed), or 11 (upgrade failed). + |
+
is_old_firewall_instance + |
+Boolean + |
+Whether an engine old: true (yes), false (no). + |
+
is_available_obs + |
+Boolean + |
+Whether OBS is supported: true (yes), false (no). + |
+
is_support_threat_tags + |
+Boolean + |
+Whether threat intelligence tags are supported: true (yes), false (no). + |
+
support_ipv6 + |
+Boolean + |
+Whether IPv6 is supported: true (yes), false (no). + |
+
feature_toggle + |
+Map<String,Boolean> + |
+Whether a feature is enabled: true (yes), false (no). + |
+
resources + |
+Array of FirewallInstanceResource objects + |
+Firewall resource list. + |
+
fw_instance_name + |
+String + |
+Firewall name. + |
+
enterprise_project_id + |
+String + |
+Enterprise project ID, which is the ID of a project planned based on organizations. You can obtain the enterprise project ID by referring to Obtaining an Enterprise Project ID. If the enterprise project function is not enabled, the value is 0. + |
+
resource_id + |
+String + |
+Firewall resource ID, which is the same as fw_instance_id. + |
+
support_url_filtering + |
+Boolean + |
+Whether website filtering is supported: true (yes), false (no). + |
+
tags + |
+String + |
+Tag list, which is a JSON string converted from the tag key value map, for example, "{"key":"value"}". + |
+
Parameter + |
+Type + |
+Description + |
+
|---|---|---|
version + |
+Integer + |
+Firewall version. Its value can only be 1 (professional edition). + |
+
eip_count + |
+Integer + |
+Number of EIPs. + |
+
vpc_count + |
+Integer + |
+Number of VPCs. + |
+
bandwidth + |
+Integer + |
+Bandwidth, in Mbit/s. + |
+
log_storage + |
+Integer + |
+Log storage, in bytes. + |
+
default_bandwidth + |
+Integer + |
+Default firewall bandwidth, in Mbit/s. The value is 10 for the standard edition, 50 for the professional edition, and 200 for the pay-per-use professional edition. + |
+
default_eip_count + |
+Integer + |
+Default number of EIPs. The value is 20 for the standard edition, 50 for the professional edition, and 1,000 for the pay-per-use professional edition. + |
+
default_log_storage + |
+Integer + |
+Default log storage, in bytes. The default value is 0. + |
+
default_vpc_count + |
+Integer + |
+Default number of VPCs. The value is 0 for the standard edition, 2 for the professional edition, and 5 for the pay-per-use professional edition. + |
+
Parameter + |
+Type + |
+Description + |
+
|---|---|---|
object_id + |
+String + |
+Protected object ID. It is used to distinguish Internet border protection from VPC border protection after a CFW instance is created. + |
+
object_name + |
+String + |
+Protected object name. + |
+
type + |
+Integer + |
+Project type: 0 (north-south), 1 (east-west). + |
+
Parameter + |
+Type + |
+Description + |
+
|---|---|---|
resource_id + |
+String + |
+Resource ID. It can be the firewall ID, bandwidth ID, EIP ID, VPC ID, or the ID returned after CBC callback. + |
+
cloud_service_type + |
+String + |
+Service type, which is used by CBC. The value is otc.service.type.cfw. + |
+
resource_type + |
+String + |
+Resource type.Enumeration values:- otc.resource.type.cfw (cloud firewall)- otc.resource.type.cfw.exp.eip (EIP)- otc.resource.type.cfw.exp.bandwidth (bandwidth)- otc.resource.type.cfw.exp (VPC) + |
+
resource_spec_code + |
+String + |
+Inventory unit code: cfw.standard (firewall standard edition), cfw.professional (firewall professional edition), cfw.expack.eip.standard (EIP standard edition), cfw.expack.eip.professional (EIP professional edition), cfw.expack.bandwidth.standard (bandwidth basic edition), cfw.expack.bandwidth.professional (bandwidth professional edition), or cfw.expack.vpc.professional (VPC professional edition). + |
+
resource_size + |
+Integer + |
+Resource quantity. + |
+
resource_size_measure_id + |
+Integer + |
+Resource unit. + |
+
Query the firewall list of project 9d80d070b6d44942af73c9c3d38e0429.
+https://{Endpoint}/v1/9d80d070b6d44942af73c9c3d38e0429/firewall/exist?service_type=0&offset=0&limit=10
+Status code: 200
+Response to the request for obtaining an existing firewall instance.
+{
+ "data": {
+ "limit": 10,
+ "offset": 0,
+ "records": [
+ {
+ "charge_mode": 0,
+ "engine_type": 1,
+ "enterprise_project_id": "default",
+ "feature_toggle": {
+ "is_support_anti_virus": true,
+ "is_support_application": true,
+ "is_support_tcp_proxy": false,
+ "is_support_url_profile": true,
+ "is_support_threat_tags": true,
+ "is_support_flow_associated_host": false,
+ "is_support_predefined": true,
+ "isSupportSession": false,
+ "is_support_acl_region_config": true,
+ "is_support_ips": true,
+ "is_support_ew_create_er_tenant_inspection_mode": false,
+ "ips_rule_list": true,
+ "long_connect": true,
+ "is_support_ew_create_vpc_peering_inspection_mode": true,
+ "alarm_config": true,
+ "is_not_support_resource_reduction": false,
+ "acl_multi_object": true,
+ "is_support_advanced_ips_rule": true,
+ "is_support_multi_account": false,
+ "is_support_capture": true,
+ "is_support_ew_create_er_bearer_inspection_mode": true
+ },
+ "flavor": {
+ "bandwidth": 60,
+ "eip_count": 51,
+ "log_storage": 0,
+ "version": 1,
+ "vpc_count": 8,
+ "default_eip_count": 20,
+ "default_vpc_count": 0,
+ "default_bandwidth": 10,
+ "default_log_storage": 0
+ },
+ "tags": "{\"key1234\":\"1234\",\"key122\":\"2222\"}",
+ "fw_instance_id": "546af3f8-88e9-47f2-a205-2346d7090925",
+ "fw_instance_name": "test",
+ "ha_type": 1,
+ "is_available_obs": false,
+ "is_old_firewall_instance": false,
+ "is_support_threat_tags": false,
+ "name": "1680054140516",
+ "protect_objects": [
+ {
+ "object_id": "ae42418e-f077-41a0-9d3b-5b2f5ad9102b",
+ "object_name": "1680054141674",
+ "type": 0
+ },
+ {
+ "object_id": "be83d202-df0b-498d-a96e-41589dc85c86",
+ "object_name": "ew-1680070626042",
+ "type": 1
+ }
+ ],
+ "resource_id": "546af3f8-88e9-47f2-a205-2346d7090925",
+ "resources": [
+ {
+ "cloud_service_type": "hws.service.type.cfw",
+ "resource_id": "546af3f8-88e9-47f2-a205-2346d7090925",
+ "resource_spec_code": "cfw.professional",
+ "resource_type": "hws.resource.type.cfw"
+ },
+ {
+ "cloud_service_type": "hws.service.type.cfw",
+ "resource_id": "0acdd5c7-1178-4bea-b5b6-bd55dc5e2669",
+ "resource_size": 5,
+ "resource_size_measure_id": 14,
+ "resource_spec_code": "cfw.expack.vpc.professional",
+ "resource_type": "hws.resource.type.cfw.exp.vpc"
+ },
+ {
+ "cloud_service_type": "hws.service.type.cfw",
+ "resource_id": "4002620c-916a-49c7-8042-cbe02fc17e61",
+ "resource_size": 5,
+ "resource_size_measure_id": 36,
+ "resource_spec_code": "cfw.expack.bandwidth.professional",
+ "resource_type": "hws.resource.type.cfw.exp.bandwidth"
+ },
+ {
+ "cloud_service_type": "hws.service.type.cfw",
+ "resource_id": "0235c7db-0baa-4c82-8db2-7b8d5108bd86",
+ "resource_size": 2,
+ "resource_size_measure_id": 14,
+ "resource_spec_code": "cfw.expack.eip.professional",
+ "resource_type": "hws.resource.type.cfw.exp.eip"
+ },
+ {
+ "cloud_service_type": "hws.service.type.cfw",
+ "resource_id": "079ade46-18cd-4917-b7bb-00d402931097",
+ "resource_size": 6,
+ "resource_size_measure_id": 14,
+ "resource_spec_code": "cfw.expack.vpc.professional",
+ "resource_type": "hws.resource.type.cfw.exp.vpc"
+ },
+ {
+ "cloud_service_type": "hws.service.type.cfw",
+ "resource_id": "dd078faa-abfd-4e63-b681-1a93489955b9",
+ "resource_size": 1,
+ "resource_size_measure_id": 14,
+ "resource_spec_code": "cfw.expack.eip.professional",
+ "resource_type": "hws.resource.type.cfw.exp.eip"
+ },
+ {
+ "cloud_service_type": "hws.service.type.cfw",
+ "resource_id": "4d78d523-745d-4d54-a9ca-e6d25e555bde",
+ "resource_size": 10,
+ "resource_size_measure_id": 36,
+ "resource_spec_code": "cfw.expack.bandwidth.professional",
+ "resource_type": "hws.resource.type.cfw.exp.bandwidth"
+ }
+ ],
+ "service_type": 0,
+ "status": 2,
+ "support_ipv6": true,
+ "support_url_filtering": true
+ }
+ ],
+ "total": 1
+ }
+}
+Status Code + |
+Description + |
+
|---|---|
200 + |
+Response to the request for obtaining an existing firewall instance. + |
+
401 + |
+Unauthorized + |
+
403 + |
+Forbidden + |
+
404 + |
+Not Found + |
+
500 + |
+Internal Server Error + |
+
See Error Codes.
+This API is used to query a firewall list.
+POST /v1/{project_id}/firewalls/list
+ +Parameter + |
+Mandatory + |
+Type + |
+Description + |
+
|---|---|---|---|
project_id + |
+Yes + |
+String + |
+Project ID, which can be obtained by calling an API or from the console. For details, see Obtaining a Project ID. + |
+
Parameter + |
+Mandatory + |
+Type + |
+Description + |
+
|---|---|---|---|
enterprise_project_id + |
+No + |
+String + |
+Enterprise project ID, which is the ID of a project planned based on organizations. You can obtain the enterprise project ID by referring to Obtaining an Enterprise Project ID. If the enterprise project function is not enabled, the value is 0. + |
+
Parameter + |
+Mandatory + |
+Type + |
+Description + |
+
|---|---|---|---|
X-Auth-Token + |
+Yes + |
+String + |
+User token. You can obtain the token by referring to Obtaining a User Token. + |
+
Content-Type + |
+Yes + |
+String + |
+Content type. It can only be set to application/json. + |
+
Parameter + |
+Mandatory + |
+Type + |
+Description + |
+
|---|---|---|---|
enterprise_project_id + |
+No + |
+String + |
+Enterprise project ID, which is the ID of a project planned based on organizations. You can obtain the enterprise project ID by referring to Obtaining an Enterprise Project ID. If the enterprise project function is not enabled, the value is 0. + |
+
key_word + |
+No + |
+String + |
+Query keyword, which can be a firewall ID or part of a firewall name. You can obtain the firewall ID by referring to Obtaining a Firewall ID. + |
+
tags + |
+No + |
+Array of TagInfo objects + |
+Tag list, which can be obtained by calling the API for querying tags. The return value is the tag list. + |
+
limit + |
+Yes + |
+Integer + |
+Number of records displayed on each page. The value ranges from 1 to 1024. + |
+
offset + |
+Yes + |
+Integer + |
+Offset, which specifies the start position of the record to be returned. The value must be a number no less than 0. The default value is 0. + |
+
Status code: 200
+ +Parameter + |
+Type + |
+Description + |
+
|---|---|---|
user_support_eps + |
+Boolean + |
+Whether enterprise projects are supported: true (yes), false (no). + |
+
has_ndr + |
+Boolean + |
+Whether NDR exists: true (yes), false (no). NDR is the original out-of-path firewall and is no longer sold. + |
+
is_support_postpaid + |
+Boolean + |
+Whether pay-per-use purchase is supported: true (yes), false (no). + |
+
is_support_basic_version + |
+Boolean + |
+Whether the basic edition is supported: true (yes), false (no). + |
+
is_support_buy_professional + |
+Boolean + |
+Whether the professional edition can be purchased: true (yes), false (no). + |
+
data + |
++ | +Data returned for querying the firewall list. + |
+
Parameter + |
+Type + |
+Description + |
+
|---|---|---|
limit + |
+Integer + |
+Number of records displayed on each page. The value ranges from 1 to 1024. + |
+
offset + |
+Integer + |
+Offset, which specifies the start position of the record to be returned. The value must be a number no less than 0. The default value is 0. + |
+
project_id + |
+String + |
+Tenant project ID + |
+
total + |
+Integer + |
+Total number of firewalls. + |
+
records + |
+Array of FirewallInstanceVO objects + |
+Query the firewall list. + |
+
Parameter + |
+Type + |
+Description + |
+
|---|---|---|
fw_instance_id + |
+String + |
+Firewall instance ID, which is automatically generated by the system after a CFW instance is created. + |
+
resource_id + |
+String + |
+Resource ID, which is the same as the firewall instance ID fw_instance_id. + |
+
name + |
+String + |
+Firewall creation timestamp. + |
+
fw_instance_name + |
+String + |
+Firewall name. + |
+
enterprise_project_id + |
+String + |
+Enterprise project ID, which is generated after the enterprise project is supported for a user. + |
+
ha_type + |
+Integer + |
+Cluster type: 0 (active/standby), 1 (cluster). In active/standby mode, there are four nodes. Two active nodes form a cluster, and the other two are the standby of the active nodes. In cluster mode, only two nodes are started to form a cluster. + |
+
charge_mode + |
+Integer + |
+Billing mode: 0 (yearly/monthly), 1 (pay-per-use). + |
+
service_type + |
+Integer + |
+Firewall protection type. Currently, its value can only be 0 (Internet protection). + |
+
engine_type + |
+Integer + |
+Engine type: 0 (self-developed engine), 1 (Hillstone engine), or 3 (TOPSEC engine). + |
+
flavor + |
+Flavor object + |
+Firewall specifications. + |
+
status + |
+Integer + |
+Firewall status: -1 (waiting for payment), 0 (creating), 1 (deleting), 2 (running), 3 (upgrading), 4 (deleted), 5 (frozen), 6 (creation failed), 7 (deletion failed), 8 (freezing failed), or 9 (being stored), 10 (storage failed), or 11 (upgrade failed). + |
+
tags + |
+String + |
+Tag list, which is a JSON string converted from the tag key value map, for example, "{"key":"value"}". + |
+
Parameter + |
+Type + |
+Description + |
+
|---|---|---|
version + |
+Integer + |
+Firewall version. Its value can only be 1 (professional edition). + |
+
eip_count + |
+Integer + |
+Number of EIPs. + |
+
vpc_count + |
+Integer + |
+Number of VPCs. + |
+
bandwidth + |
+Integer + |
+Bandwidth, in Mbit/s. + |
+
log_storage + |
+Integer + |
+Log storage, in bytes. + |
+
default_bandwidth + |
+Integer + |
+Default firewall bandwidth, in Mbit/s. The value is 10 for the standard edition, 50 for the professional edition, and 200 for the pay-per-use professional edition. + |
+
default_eip_count + |
+Integer + |
+Default number of EIPs. The value is 20 for the standard edition, 50 for the professional edition, and 1,000 for the pay-per-use professional edition. + |
+
default_log_storage + |
+Integer + |
+Default log storage, in bytes. The default value is 0. + |
+
default_vpc_count + |
+Integer + |
+Default number of VPCs. The value is 0 for the standard edition, 2 for the professional edition, and 5 for the pay-per-use professional edition. + |
+
Query the firewall list on the first page of the enterprise project whose ID is all_granted_eps and project ID is 14181c1245cf4fd786824efe1e2b9388.
+https://{Endpoint}/v1/14181c1245cf4fd786824efe1e2b9388/firewalls/list?enterprise_project_id=all_granted_eps
+
+{
+ "limit" : 10,
+ "offset" : 0
+}
+Status code: 200
+Return value for querying the firewall list.
+{
+ "data" : {
+ "limit" : 1,
+ "offset" : 0,
+ "project_id" : "14181c1245cf4fd786824efe1e2b9388",
+ "records" : [ {
+ "fw_instance_id" : "ebf891cd-2163-48a0-9963-6309f99dd3c4",
+ "resource_id" : "ebf891cd-2163-48a0-9963-6309f99dd3c4",
+ "name" : "1709176078374",
+ "fw_instance_name" : "test",
+ "enterprise_project_id" : "default",
+ "tags" : "{\"key_test3\":\"value_test3\"}",
+ "ha_type" : 0,
+ "charge_mode" : 0,
+ "service_type" : 0,
+ "engine_type" : 1,
+ "flavor" : {
+ "version" : 1,
+ "eip_count" : 50,
+ "vpc_count" : 6,
+ "bandwidth" : 50,
+ "log_storage" : 0,
+ "default_eip_count" : 50,
+ "default_vpc_count" : 2,
+ "default_bandwidth" : 50,
+ "default_log_storage" : 0
+ },
+ "status" : 2
+ } ],
+ "total" : 18
+ },
+ "has_ndr" : false,
+ "is_support_basic_version" : true,
+ "is_support_buy_professional" : false,
+ "is_support_postpaid" : true,
+ "user_support_eps" : false
+}
+Status Code + |
+Description + |
+
|---|---|
200 + |
+Return value for querying the firewall list. + |
+
See Error Codes.
+This API is used to query flow logs.
+GET /v1/{project_id}/cfw/logs/flow
+ +Parameter + |
+Mandatory + |
+Type + |
+Description + |
+
|---|---|---|---|
project_id + |
+Yes + |
+String + |
+Project ID, which can be obtained by calling an API or from the console. For details, see Obtaining a Project ID. + |
+
Parameter + |
+Mandatory + |
+Type + |
+Description + |
+
|---|---|---|---|
fw_instance_id + |
+Yes + |
+String + |
+Firewall ID, which can be obtained by referring to Obtaining a Firewall ID. + |
+
direction + |
+No + |
+String + |
+Direction. Its value can be in2out or out2in. + |
+
log_type + |
+No + |
+String + |
+Log type. Its value can be internet, vpc, or nat. + |
+
start_time + |
+Yes + |
+Long + |
+Start time, in milliseconds. The value is a timestamp, for example, 1718936272648. + |
+
end_time + |
+Yes + |
+Long + |
+End time, in milliseconds. The value is a timestamp, for example, 1718936272648. + |
+
src_ip + |
+No + |
+String + |
+Source IP address. + |
+
src_port + |
+No + |
+Integer + |
+Source port. + |
+
dst_ip + |
+No + |
+String + |
+Destination IP address. + |
+
dst_port + |
+No + |
+Integer + |
+Destination port. + |
+
protocol + |
+No + |
+String + |
+Protocol type. Its value can be TCP, UDP, ICMP, or ICMPv6. + |
+
app + |
+No + |
+String + |
+Rule application type. Its value can be HTTP, HTTPS, TLS1, DNS, SSH, MYSQL, SMTP, RDP, RDPS, VNC, POP3, IMAP4, SMTPS, POP3S, FTPS, ANY, or BGP. + |
+
log_id + |
+No + |
+String + |
+Document ID. For the first page, its value is null. For other pages, its value can be the log_id of the last record in the last query. + |
+
next_date + |
+No + |
+Long + |
+Next date. For the first page, its value is null. For other pages, its value can be the start_time of the last record in the last query. + |
+
offset + |
+No + |
+Integer + |
+Offset, which specifies the start position of the record to be returned. The value must be a number greater than 0. For the first page, its value is null. For other pages, its value is not null. + |
+
limit + |
+Yes + |
+Integer + |
+Number of records displayed on each page. The value ranges from 1 to 1024. + |
+
enterprise_project_id + |
+No + |
+String + |
+Enterprise project ID, which is the ID of a project planned based on organizations. You can obtain the enterprise project ID by referring to Obtaining an Enterprise Project ID. If the enterprise project function is not enabled, the value is 0. + |
+
dst_host + |
+No + |
+String + |
+Destination host. + |
+
src_region_name + |
+No + |
+String + |
+Source region name. + |
+
dst_region_name + |
+No + |
+String + |
+Destination region name. + |
+
src_province_name + |
+No + |
+String + |
+Source province name. + |
+
dst_province_name + |
+No + |
+String + |
+Destination province name. + |
+
src_city_name + |
+No + |
+String + |
+Source city name. + |
+
dst_city_name + |
+No + |
+String + |
+Destination city name. + |
+
Parameter + |
+Mandatory + |
+Type + |
+Description + |
+
|---|---|---|---|
X-Auth-Token + |
+Yes + |
+String + |
+User token. You can obtain the token by referring to Obtaining a User Token. + |
+
Content-Type + |
+Yes + |
+String + |
+Content type. It can only be set to application/json. + |
+
Status code: 200
+ +Parameter + |
+Type + |
+Description + |
+
|---|---|---|
data + |
+data object + |
+Return value for querying flow logs. + |
+
Parameter + |
+Type + |
+Description + |
+
|---|---|---|
total + |
+Integer + |
+Total number of returned records for querying flow logs. + |
+
limit + |
+Integer + |
+Number of records displayed on each page. The value ranges from 1 to 1024. + |
+
records + |
+Array of records objects + |
+Record. + |
+
Parameter + |
+Type + |
+Description + |
+
|---|---|---|
bytes + |
+Double + |
+Byte. + |
+
direction + |
+String + |
+Direction: in2out (outbound) or out2in (inbound). + |
+
packets + |
+Integer + |
+Number of packets. + |
+
start_time + |
+Long + |
+Start time, in milliseconds. The value is a timestamp, for example, 1718936272648. + |
+
end_time + |
+Long + |
+End time, in milliseconds. The value is a timestamp, for example, 1718936272648. + |
+
log_id + |
+String + |
+Document ID. + |
+
src_ip + |
+String + |
+Source IP address. + |
+
src_port + |
+Integer + |
+Source port. + |
+
dst_ip + |
+String + |
+Destination IP address. + |
+
app + |
+String + |
+Rule application type. Its value can be HTTP, HTTPS, TLS1, DNS, SSH, MYSQL, SMTP, RDP, RDPS, VNC, POP3, IMAP4, SMTPS, POP3S, FTPS, ANY, or BGP. + |
+
dst_port + |
+Integer + |
+Destination port. + |
+
protocol + |
+String + |
+Protocol type: 6 (TCP), 17 (UDP), 1 (ICMP), 58 (ICMPv6), or -1 (any). It cannot be left blank when type is set to 0 (manual), and can be left blank when type is set to 1 (automatic). + |
+
dst_host + |
+String + |
+Destination host. + |
+
dst_region_id + |
+String + |
+Destination region ID. + |
+
dst_region_name + |
+String + |
+Destination region name. + |
+
src_region_id + |
+String + |
+Source region ID. + |
+
src_region_name + |
+String + |
+Source region name. + |
+
dst_province_id + |
+String + |
+Destination province ID. + |
+
dst_province_name + |
+String + |
+Destination province name. + |
+
dst_city_id + |
+String + |
+Destination city ID. + |
+
dst_city_name + |
+String + |
+Destination city name. + |
+
src_province_id + |
+String + |
+Source province ID. + |
+
src_province_name + |
+String + |
+Source province name. + |
+
src_city_id + |
+String + |
+Source city ID. + |
+
src_city_name + |
+String + |
+Source city name. + |
+
Status code: 400
+ +Parameter + |
+Type + |
+Description + |
+
|---|---|---|
error_code + |
+String + |
+Error code. + |
+
error_msg + |
+String + |
+Error description. + |
+
Query the flow logs on the first page of the firewall with the ID 2af58b7c-893c-4453-a984-bdd9b1bd6318 in the project 9d80d070b6d44942af73c9c3d38e0429. The query time range is 1663555012000 to 1664159798000.
+https://{Endpoint}/v1/9d80d070b6d44942af73c9c3d38e0429/cfw/logs/flow?fw_instance_id=2af58b7c-893c-4453-a984-bdd9b1bd6318&start_time=1663555012000&end_time=1664159798000&limit=10
+Status code: 200
+Value returned for flow log query.
+{
+ "data" : {
+ "limit" : 10,
+ "records" : [ {
+ "app" : "SSH",
+ "bytes" : 34.5,
+ "direction" : "out2in",
+ "dst_ip" : "100.95.148.49",
+ "dst_port" : 22,
+ "end_time" : 1664155493000,
+ "log_id" : "76354",
+ "packets" : 25,
+ "protocol" : "TCP",
+ "src_ip" : "100.93.27.17",
+ "src_port" : 49634,
+ "start_time" : 1664155428000,
+ "src_province_id" : "source province id",
+ "src_province_name" : "source province name",
+ "src_city_id" : "source city id",
+ "src_city_name" : "source city name",
+ "dst_province_id" : "dst province id",
+ "dst_province_name" : "dst province name",
+ "dst_city_id" : "dst city id",
+ "dst_city_name" : "dst city name"
+ } ],
+ "total" : 1
+ }
+}
+Status code: 400
+Bad Request
+{
+ "error_code" : "CFW.00500002",
+ "error_msg" : "Invalid interval."
+}
+Status Code + |
+Description + |
+
|---|---|
200 + |
+Value returned for flow log query. + |
+
400 + |
+Bad Request + |
+
401 + |
+Unauthorized + |
+
403 + |
+Forbidden + |
+
404 + |
+Not Found + |
+
500 + |
+Internal Server Error + |
+
See Error Codes.
+This API is used to query a protection mode.
+GET /v1/{project_id}/ips/protect
+ +Parameter + |
+Mandatory + |
+Type + |
+Description + |
+
|---|---|---|---|
project_id + |
+Yes + |
+String + |
+Project ID, which can be obtained by calling an API or from the console. For details, see Obtaining a Project ID. + |
+
Parameter + |
+Mandatory + |
+Type + |
+Description + |
+
|---|---|---|---|
object_id + |
+Yes + |
+String + |
+Protected object ID, which is used to distinguish between Internet border protection and VPC border protection after a cloud firewall is created. You can obtain the ID by calling the API for querying firewall instances. In the return value, find the ID in data.records.protect_objects.object_id (The period [.] is used to separate different levels of objects). If the value of type is 0, the protected object ID belongs to the Internet border. If the value of type is 1, the protected object ID belongs to the VPC border. Here, a protected object ID whose type is 0 is used. You can obtain the value of type from data.records.protect_objects.type (The period [.] is used to separate different levels of objects). + |
+
enterprise_project_id + |
+No + |
+String + |
+Enterprise project ID, which is the ID of a project planned based on organizations. You can obtain the enterprise project ID by referring to Obtaining an Enterprise Project ID. If the enterprise project function is not enabled, the value is 0. + |
+
fw_instance_id + |
+No + |
+String + |
+Firewall ID, which can be obtained by referring to Obtaining a Firewall ID. + |
+
Parameter + |
+Mandatory + |
+Type + |
+Description + |
+
|---|---|---|---|
X-Auth-Token + |
+Yes + |
+String + |
+User token. You can obtain the token by referring to Obtaining a User Token. + |
+
Content-Type + |
+Yes + |
+String + |
+Content type. It can only be set to application/json. + |
+
Status code: 200
+ +Parameter + |
+Type + |
+Description + |
+
|---|---|---|
data + |
+IpsProtectModeObject object + |
+Returned value for querying the IPS protection mode. + |
+
Parameter + |
+Type + |
+Description + |
+
|---|---|---|
id + |
+String + |
+IPS protection mode ID. The value is the ID of the protected object, which can be obtained by calling the API for querying a firewall instance. In the return value, find the ID in data.records.protect_objects.object_id (The period [.] is used to separate different levels of objects). + |
+
mode + |
+Integer + |
+IPS protection mode: 0 (observation mode), 1 (strict mode), 2 (medium mode), or 3 (loose mode). + |
+
Status code: 400
+ +Parameter + |
+Type + |
+Description + |
+
|---|---|---|
error_code + |
+String + |
+Error code. + |
+
error_msg + |
+String + |
+Error description. + |
+
Query the IPS protection mode of project 9d80d070b6d44942af73c9c3d38e0429.
+https://{Endpoint}/v1/9d80d070b6d44942af73c9c3d38e0429/ips/protect?fw_instance_id=546af3f8-88e9-47f2-a205-2346d7090925&enterprise_project_id=default&object_id=cfebd347-b655-4b84-b938-3c54317599b2
+Status code: 200
+Return value for a protection mode query
+{
+ "data" : {
+ "id" : "d5b75aba-dfca-40e4-99dd-ed56578e8e48",
+ "mode" : 0
+ }
+}
+Status code: 400
+Bad Request
+{
+ "error_code" : "CFW.0020016",
+ "error_msg" : "Incorrect instance status."
+}
+Status Code + |
+Description + |
+
|---|---|
200 + |
+Return value for a protection mode query + |
+
400 + |
+Bad Request + |
+
401 + |
+Unauthorized + |
+
403 + |
+Forbidden + |
+
404 + |
+Not Found + |
+
500 + |
+Internal Server Error + |
+
See Error Codes.
+This API is used to query the status of the IPS feature.
+GET /v1/{project_id}/ips/switch
+ +Parameter + |
+Mandatory + |
+Type + |
+Description + |
+
|---|---|---|---|
project_id + |
+Yes + |
+String + |
+Project ID, which can be obtained by calling an API or from the console. For details, see Obtaining a Project ID. + |
+
Parameter + |
+Mandatory + |
+Type + |
+Description + |
+
|---|---|---|---|
object_id + |
+Yes + |
+String + |
+Protected object ID, which is used to distinguish between Internet border protection and VPC border protection after a cloud firewall is created. You can obtain the ID by calling the API for querying firewall instances. In the return value, find the ID in data.records.protect_objects.object_id (The period [.] is used to separate different levels of objects). If the value of type is 0, the protected object ID belongs to the Internet border. If the value of type is 1, the protected object ID belongs to the VPC border. Here, a protected object ID whose type is 0 is used. You can obtain the value of type from data.records.protect_objects.type (The period [.] is used to separate different levels of objects). + |
+
enterprise_project_id + |
+No + |
+String + |
+Enterprise project ID, which is the ID of a project planned based on organizations. You can obtain the enterprise project ID by referring to Obtaining an Enterprise Project ID. If the enterprise project function is not enabled, the value is 0. + |
+
fw_instance_id + |
+No + |
+String + |
+Firewall ID, which can be obtained by referring to Obtaining a Firewall ID. + |
+
Parameter + |
+Mandatory + |
+Type + |
+Description + |
+
|---|---|---|---|
X-Auth-Token + |
+Yes + |
+String + |
+User token. You can obtain the token by referring to Obtaining a User Token. + |
+
Content-Type + |
+Yes + |
+String + |
+Content type. It can only be set to application/json. + |
+
Status code: 200
+ +Parameter + |
+Type + |
+Description + |
+
|---|---|---|
data + |
+IpsSwitchResponseDTO object + |
+Returned value for querying the IPS switch. + |
+
Parameter + |
+Type + |
+Description + |
+
|---|---|---|
id + |
+String + |
+IPS switch ID. The value is the ID of the protected object at the Internet border, which can be obtained by calling the API for querying a firewall instance. In the return value, find the ID in data.records.protect_objects.object_id (The period [.] is used to separate different levels of objects). + |
+
basic_defense_status + |
+Integer + |
+Basic defense status: 0 (disabled), 1 (enabled). + |
+
virtual_patches_status + |
+Integer + |
+Virtual patch status: 0 (disabled), 1 (enabled). + |
+
Query the patch status of the current user based on the user ID 14181c1245cf4fd786824efe1e2b9388 and load the virtual patch status on the intrusion prevention page.
+https://{Endpoint}/v1/14181c1245cf4fd786824efe1e2b9388/ips/switch?fw_instance_id=546af3f8-88e9-47f2-a205-2346d7090925&enterprise_project_id=default&object_id=cfebd347-b655-4b84-b938-3c54317599b2
+Status code: 200
+Return value for querying the IPS switch.
+{
+ "data" : {
+ "basic_defense_status" : 1,
+ "id" : "cefe80aa-83e4-4308-99aa-f9b6c816de00",
+ "virtual_patches_status" : 0
+ }
+}
+Status Code + |
+Description + |
+
|---|---|
200 + |
+Return value for querying the IPS switch. + |
+
401 + |
+Unauthorized + |
+
403 + |
+Forbidden + |
+
404 + |
+Not Found + |
+
500 + |
+Internal Server Error + |
+
See Error Codes.
+This API is used to obtain the status of a CFW task.
+GET /v3/{project_id}/jobs/{job_id}
+ +Parameter + |
+Mandatory + |
+Type + |
+Description + |
+
|---|---|---|---|
project_id + |
+Yes + |
+String + |
+Project ID, which can be obtained by calling an API or from the console. For details, see Obtaining a Project ID. + |
+
job_id + |
+Yes + |
+String + |
+Task ID returned when a pay-per-use firewall is created. You can obtain the task ID by calling the API for creating a firewall. Its value is obtained from job_id in the return value. + |
+
Parameter + |
+Mandatory + |
+Type + |
+Description + |
+
|---|---|---|---|
X-Auth-Token + |
+Yes + |
+String + |
+User token. You can obtain the token by referring to Obtaining a User Token. + |
+
Content-Type + |
+Yes + |
+String + |
+Content type. It can only be set to application/json. + |
+
Status code: 200
+ +Parameter + |
+Type + |
+Description + |
+
|---|---|---|
data + |
++ | +Data returned for creating a pay-per-use firewall. + |
+
Parameter + |
+Type + |
+Description + |
+
|---|---|---|
id + |
+String + |
+ID of the task for creating a pay-per-use firewall. + |
+
status + |
+String + |
+Task execution status, which indicates whether a firewall is successfully created. +Enumeration values: +
|
+
begin_time + |
+String + |
+Creation time in the "yyyy-mm-ddThh:mm:ssZ" format. +T is the separator between the calendar and the hourly notation of time. Z indicates the time zone offset. For example, in the Beijing time zone, the time zone offset is shown as +0800. + |
+
end_time + |
+String + |
+End time in the "yyyy-mm-ddThh:mm:ssZ" format. +T is the separator between the calendar and the hourly notation of time. Z indicates the time zone offset. For example, in the Beijing time zone, the time zone offset is shown as +0800. + |
+
Obtain information about the f588ce71-e26c-400d-8981-f854355f6849 task for creating a pay-per-use firewall in project 09bb24e6fe80d23d2fa2c010b53b418c.
+https://{Endpoint}/v3/09bb24e6fe80d23d2fa2c010b53b418c/jobs/f588ce71-e26c-400d-8981-f854355f6849
+Status code: 200
+Return value of the API for obtaining the information about a pay-per-use firewall creation task.
+{
+ "data" : {
+ "begin_time" : 1641370501000,
+ "end_time" : 1641370515000,
+ "id" : "f588ce71-e26c-400d-8981-f854355f6849",
+ "status" : "Success"
+ }
+}
+Status Code + |
+Description + |
+
|---|---|
200 + |
+Return value of the API for obtaining the information about a pay-per-use firewall creation task. + |
+
See Error Codes.
+This API is used to obtain log configurations.
+GET /v1/{project_id}/cfw/logs/configuration
+ +Parameter + |
+Mandatory + |
+Type + |
+Description + |
+
|---|---|---|---|
project_id + |
+Yes + |
+String + |
+Project ID, which can be obtained by calling an API or from the console. For details, see Obtaining a Project ID. + |
+
Parameter + |
+Mandatory + |
+Type + |
+Description + |
+
|---|---|---|---|
fw_instance_id + |
+Yes + |
+String + |
+Firewall ID, which can be obtained by referring to Obtaining a Firewall ID. + |
+
enterprise_project_id + |
+No + |
+String + |
+Enterprise project ID, which is the ID of a project planned based on organizations. You can obtain the enterprise project ID by referring to Obtaining an Enterprise Project ID. If the enterprise project function is not enabled, the value is 0. + |
+
Parameter + |
+Mandatory + |
+Type + |
+Description + |
+
|---|---|---|---|
X-Auth-Token + |
+Yes + |
+String + |
+User token. You can obtain the token by referring to Obtaining a User Token. + |
+
Content-Type + |
+Yes + |
+String + |
+Content type. It can only be set to application/json. + |
+
Status code: 200
+ +Parameter + |
+Type + |
+Description + |
+
|---|---|---|
data + |
+LogConfigDto object + |
+Log configurations. + |
+
Parameter + |
+Type + |
+Description + |
+
|---|---|---|
fw_instance_id + |
+String + |
+Firewall ID, which can be obtained by referring to Obtaining a Firewall ID. + |
+
lts_enable + |
+Integer + |
+Whether to enable LTS: 1 (yes), 0 (no). + |
+
lts_log_group_id + |
+String + |
+Log Tank Service (LTS) log group ID, which can be obtained by calling the API for querying all the log groups of an account in LTS. Find the value in log_groups.log_group_id (The period [.] is used to separate different levels of objects). + |
+
lts_attack_log_stream_id + |
+String + |
+Attack log stream ID, which can be obtained by calling the API for querying all the log streams in a specified log group in LTS. Find the value in log_streams.log_stream_id (The period [.] is used to separate different levels of objects). + |
+
lts_attack_log_stream_enable + |
+Integer + |
+Whether to enable the attack log stream: 1 (yes), 0 (no). + |
+
lts_access_log_stream_id + |
+String + |
+Access control log stream ID, which can be obtained by calling the API for querying all the log streams in a specified log group in LTS. Find the value in log_streams.log_stream_id (The period [.] is used to separate different levels of objects). + |
+
lts_access_log_stream_enable + |
+Integer + |
+Whether to enable the access control stream: 1 (yes), 0 (no). + |
+
lts_flow_log_stream_id + |
+String + |
+Traffic log ID, which can be obtained by calling the API for querying all the log streams in a specified log group in LTS. Find the value in log_streams.log_stream_id (The period [.] is used to separate different levels of objects). + |
+
lts_flow_log_stream_enable + |
+Integer + |
+Whether to enable the traffic log function: 1 (yes), 0 (no). + |
+
Query the log configuration of the firewall 4e113415-7811-4bb3-bf5e-eb835953f7d4 in project 408972e72dcd4c1a9b033e955802a36b.
+https://{Endpoint}/v1/408972e72dcd4c1a9b033e955802a36b/cfw/logs/configuration?fw_instance_id=4e113415-7811-4bb3-bf5e-eb835953f7d4&enterprise_project_id=default
+Status code: 200
+Return value for querying log configurations.
+{
+ "data" : {
+ "fw_instance_id" : "4df2bcd1-6299-4fba-8e71-8d50ea807090",
+ "lts_access_log_stream_enable" : 0,
+ "lts_attack_log_stream_enable" : 0,
+ "lts_enable" : 0,
+ "lts_flow_log_stream_enable" : 0,
+ "lts_log_group_id" : "d783ce42-7f56-4c2d-9a96-b1043d016f5a"
+ }
+}
+Status Code + |
+Description + |
+
|---|---|
200 + |
+Return value for querying log configurations. + |
+
See Error Codes.
+This API is used to query information about protected VPCs.
+GET /v1/{project_id}/vpcs/protection
+ +Parameter + |
+Mandatory + |
+Type + |
+Description + |
+
|---|---|---|---|
project_id + |
+Yes + |
+String + |
+Project ID, which can be obtained by calling an API or from the console. For details, see Obtaining a Project ID. + |
+
Parameter + |
+Mandatory + |
+Type + |
+Description + |
+
|---|---|---|---|
object_id + |
+Yes + |
+String + |
+Protected object ID, which is used to distinguish between Internet border protection and VPC border protection after a cloud firewall is created. You can obtain the ID by calling the API for querying firewall instances. In the return value, find the ID in data.records.protect_objects.object_id (The period [.] is used to separate different levels of objects). If the value of type is 0, the protected object ID belongs to the Internet border. If the value of type is 1, the protected object ID belongs to the VPC border. Here, a protected object ID whose type is 1 is used. You can obtain the value of type from data.records.protect_objects.type (The period [.] is used to separate different levels of objects). + |
+
enterprise_project_id + |
+No + |
+String + |
+Enterprise project ID, which is the ID of a project planned based on organizations. You can obtain the enterprise project ID by referring to Obtaining an Enterprise Project ID. If the enterprise project function is not enabled, the value is 0. + |
+
fw_instance_id + |
+No + |
+String + |
+Firewall ID, which can be obtained by referring to Obtaining a Firewall ID. + |
+
Parameter + |
+Mandatory + |
+Type + |
+Description + |
+
|---|---|---|---|
X-Auth-Token + |
+Yes + |
+String + |
+User token. You can obtain the token by referring to Obtaining a User Token. + |
+
Content-Type + |
+Yes + |
+String + |
+Content type. It can only be set to application/json. + |
+
Status code: 200
+ +Parameter + |
+Type + |
+Description + |
+
|---|---|---|
data + |
+VPCProtectsVo object + |
+Return value for querying protected VPCs. + |
+
Parameter + |
+Type + |
+Description + |
+
|---|---|---|
total + |
+Integer + |
+Total number of protected VPCs. + |
+
self_total + |
+Integer + |
+The firewall can protect VPCs across accounts. self_total indicates the total number of protected VPCs in the current project. + |
+
other_total + |
+Integer + |
+The east-west firewall protection can protect VPCs across accounts. other_total indicates the number of protected VPCs in other projects. + |
+
protect_vpcs + |
+Array of VpcAttachmentDetail objects + |
+The east-west firewall protection can protect VPCs across accounts. protect_vpcs indicates the list of all protected VPCs. + |
+
self_protect_vpcs + |
+Array of VpcAttachmentDetail objects + |
+The east-west firewall protection can protect VPCs across accounts. self_protect_vpcs indicates the list of protected VPCs in the current project. + |
+
other_protect_vpcs + |
+Array of VpcAttachmentDetail objects + |
+The east-west firewall protection can protect VPCs across accounts. other_protect_vpcs indicates the list of protected VPCs of other projects. + |
+
total_assets + |
+Integer + |
+Total number of VPC assets of a tenant. + |
+
Parameter + |
+Type + |
+Description + |
+
|---|---|---|
vpc_id + |
+String + |
+ID of a protected VPC added for east-west protection. + |
+
Status code: 500
+ +Parameter + |
+Type + |
+Description + |
+
|---|---|---|
error_code + |
+String + |
+Error code. + |
+
error_msg + |
+String + |
+Error description. + |
+
Query the east-west firewall protection information about the projected object with the ID 8839526e-b804-4a15-a082-a2c797dce633 in project 0b2179bbe180d3762fb0c01a2d5725c7.
+https://{Endpoint}/v1/0b2179bbe180d3762fb0c01a2d5725c7/vpcs/protection?object_id=8839526e-b804-4a15-a082-a2c797dce633
+Status code: 200
+Return value of east-west protection query.
+{
+ "data" : {
+ "other_protect_vpcs" : [ ],
+ "other_total" : 0,
+ "protect_vpcs" : [ ],
+ "self_protect_vpcs" : [ ],
+ "self_total" : 0,
+ "total" : 0,
+ "total_assets" : 5
+ }
+}
+Status code: 400
+Bad Request
+{
+ "error_code" : "CFW.00109004",
+ "error_msg" : "HTTP request error."
+}
+Status Code + |
+Description + |
+
|---|---|
200 + |
+Return value of east-west protection query. + |
+
400 + |
+Bad Request + |
+
401 + |
+Unauthorized + |
+
403 + |
+Forbidden + |
+
404 + |
+Not Found + |
+
500 + |
+Internal Server Error + |
+
See Error Codes.
+This API is used to query rule tags.
+GET /v2/{project_id}/cfw-acl/tags
+ +Parameter + |
+Mandatory + |
+Type + |
+Description + |
+
|---|---|---|---|
project_id + |
+Yes + |
+String + |
+Project ID, which can be obtained by calling an API or from the console. For details, see Obtaining a Project ID. + |
+
Parameter + |
+Mandatory + |
+Type + |
+Description + |
+
|---|---|---|---|
enterprise_project_id + |
+No + |
+String + |
+Enterprise project ID, which is the ID of a project planned based on organizations. You can obtain the enterprise project ID by referring to Obtaining an Enterprise Project ID. If the enterprise project function is not enabled, the value is 0. + |
+
fw_instance_id + |
+Yes + |
+String + |
+Firewall ID, which can be obtained by referring to Obtaining a Firewall ID. + |
+
offset + |
+Yes + |
+Integer + |
+Offset, which specifies the start position of the record to be returned. The value must be a number no less than 0. The default value is 0. + |
+
limit + |
+Yes + |
+Integer + |
+Number of records displayed on each page. The value ranges from 1 to 1024. + |
+
Parameter + |
+Mandatory + |
+Type + |
+Description + |
+
|---|---|---|---|
X-Auth-Token + |
+Yes + |
+String + |
+User token. You can obtain the token by referring to Obtaining a User Token. + |
+
Content-Type + |
+Yes + |
+String + |
+Content type. It can only be set to application/json. + |
+
Status code: 200
+ +Parameter + |
+Type + |
+Description + |
+
|---|---|---|
data + |
+HttpGetAclTagResponseData object + |
+Obtain rule tag data. + |
+
Parameter + |
+Type + |
+Description + |
+
|---|---|---|
offset + |
+Integer + |
+Offset, which specifies the start position of the record to be returned. The value must be a number no less than 0. The default value is 0. + |
+
limit + |
+Integer + |
+Number of records displayed on each page. The value ranges from 1 to 1024. + |
+
total + |
+Integer + |
+Total number of rule tags. + |
+
records + |
+Array of TagsVO objects + |
+Rule tag list. + |
+
Query the existing ACL tags of the firewall 546af3f8-88e9-47f2-a205-2346d7090925 in project 14181c1245cf4fd786824efe1e2b9388.
+https://{Endpoint}/v2/14181c1245cf4fd786824efe1e2b9388/cfw-acl/tags?limit=1000&offset=0&fw_instance_id=546af3f8-88e9-47f2-a205-2346d7090925&enterprise_project_id=default
+Status code: 200
+Return value for querying rule tags.
+{
+ "data" : {
+ "limit" : 1000,
+ "offset" : 0,
+ "records" : [ {
+ "tag_id" : "98fdf013-e7ad-4581-9c71-6de04c76a18f",
+ "tag_key" : "1",
+ "tag_value" : "1"
+ }, {
+ "tag_id" : "36e6fbfe-7fcd-48be-872b-4f6074e1e4e8",
+ "tag_key" : "1",
+ "tag_value" : "2"
+ }, {
+ "tag_id" : "0bf41046-6587-42f2-8399-a6864022b504",
+ "tag_key" : "Test",
+ "tag_value" : "Test"
+ } ],
+ "total" : 3
+ }
+}
+Status Code + |
+Description + |
+
|---|---|
200 + |
+Return value for querying rule tags. + |
+
See Error Codes.
+This API is used to query the service group member list.
+GET /v1/{project_id}/service-items
+ +Parameter + |
+Mandatory + |
+Type + |
+Description + |
+
|---|---|---|---|
project_id + |
+Yes + |
+String + |
+Project ID, which can be obtained by calling an API or from the console. For details, see Obtaining a Project ID. + |
+
Parameter + |
+Mandatory + |
+Type + |
+Description + |
+
|---|---|---|---|
set_id + |
+Yes + |
+String + |
+Service group ID, which can be obtained by calling the API for querying the service group list. Find the value in data.records.set_id (The period [.] is used to separate different levels of objects). + |
+
key_word + |
+No + |
+String + |
+Query field, which can be a service group member name or a part of the service group member description. + |
+
limit + |
+Yes + |
+Integer + |
+Number of records displayed on each page. The value ranges from 1 to 1024. + |
+
offset + |
+Yes + |
+Integer + |
+Offset, which specifies the start position of the record to be returned. The value must be a number no less than 0. The default value is 0. + |
+
enterprise_project_id + |
+No + |
+String + |
+Enterprise project ID, which is the ID of a project planned based on organizations. You can obtain the enterprise project ID by referring to Obtaining an Enterprise Project ID. If the enterprise project function is not enabled, the value is 0. + |
+
fw_instance_id + |
+No + |
+String + |
+Firewall ID, which can be obtained by referring to Obtaining a Firewall ID. + |
+
query_service_set_type + |
+No + |
+Integer + |
+Type of the service group to be queried: 0 (user-defined service group), 1 (predefined service group). This parameter is valid only if set_id is the ID of a predefined service group. + |
+
Parameter + |
+Mandatory + |
+Type + |
+Description + |
+
|---|---|---|---|
X-Auth-Token + |
+Yes + |
+String + |
+User token. You can obtain the token by referring to Obtaining a User Token. + |
+
Content-Type + |
+Yes + |
+String + |
+Content type. It can only be set to application/json. + |
+
Status code: 200
+ +Parameter + |
+Type + |
+Description + |
+
|---|---|---|
data + |
+data object + |
+Service group member list. + |
+
Parameter + |
+Type + |
+Description + |
+
|---|---|---|
offset + |
+Integer + |
+Offset, which specifies the start position of the record to be returned. The value must be a number no less than 0. The default value is 0. + |
+
limit + |
+Integer + |
+Number of records displayed on each page. The value ranges from 1 to 1024. + |
+
total + |
+Integer + |
+Total number of service group members. + |
+
set_id + |
+String + |
+Service group ID. + |
+
records + |
+Array of records objects + |
+Record. + |
+
Parameter + |
+Type + |
+Description + |
+
|---|---|---|
item_id + |
+String + |
+Service member ID. + |
+
protocol + |
+Integer + |
+Protocol type: 6 (TCP), 17 (UDP), 1 (ICMP), 58 (ICMPv6), or -1 (any). It cannot be left blank when type is set to 0 (manual), and can be left blank when type is set to 1 (automatic). + |
+
source_port + |
+String + |
+Source port. + |
+
dest_port + |
+String + |
+Destination port. + |
+
description + |
+String + |
+Service member description. + |
+
Status code: 400
+ +Parameter + |
+Type + |
+Description + |
+
|---|---|---|
error_code + |
+String + |
+Error code. + |
+
error_msg + |
+String + |
+Error description. + |
+
Status code: 401
+ +Parameter + |
+Type + |
+Description + |
+
|---|---|---|
- + |
+String + |
++ |
Status code: 403
+ +Parameter + |
+Type + |
+Description + |
+
|---|---|---|
- + |
+String + |
++ |
Status code: 404
+ +Parameter + |
+Type + |
+Description + |
+
|---|---|---|
- + |
+String + |
++ |
Status code: 500
+ +Parameter + |
+Type + |
+Description + |
+
|---|---|---|
- + |
+String + |
++ |
Query the members of service group 7cdebed3-af07-494e-a3c2-b88bb8d58b57 in project 9d80d070b6d44942af73c9c3d38e0429.
+https://{Endpoint}/v1/9d80d070b6d44942af73c9c3d38e0429/service-items?set_id=7cdebed3-af07-494e-a3c2-b88bb8d58b57&limit=10&offset=0
+Status code: 200
+Return value of the service group member list.
+{
+ "data" : {
+ "limit" : 10,
+ "offset" : 0,
+ "records" : [ {
+ "dest_port" : "0",
+ "item_id" : "805b711d-c558-41e3-aab1-a4b8c3f1f90b",
+ "description" : "",
+ "protocol" : 1,
+ "source_port" : "0"
+ } ],
+ "set_id" : "7cdebed3-af07-494e-a3c2-b88bb8d58b57",
+ "total" : 1
+ }
+}
+Status code: 400
+Bad Request
+{
+ "error_code" : "CFW.00200005",
+ "error_msg" : "Object not found."
+}
+Status Code + |
+Description + |
+
|---|---|
200 + |
+Return value of the service group member list. + |
+
400 + |
+Bad Request + |
+
401 + |
+Unauthorized + |
+
403 + |
+Forbidden + |
+
404 + |
+Not Found + |
+
500 + |
+Internal Server Error + |
+
See Error Codes.
+This API is used to query details about a service group.
+GET /v1/{project_id}/service-sets/{set_id}
+ +Parameter + |
+Mandatory + |
+Type + |
+Description + |
+
|---|---|---|---|
project_id + |
+Yes + |
+String + |
+Project ID, which can be obtained by calling an API or from the console. For details, see Obtaining a Project ID. + |
+
set_id + |
+Yes + |
+String + |
+Service group ID, which can be obtained by calling the API for querying the service group list. Find the value in data.records.set_id (The period [.] is used to separate different levels of objects). + |
+
Parameter + |
+Mandatory + |
+Type + |
+Description + |
+
|---|---|---|---|
enterprise_project_id + |
+No + |
+String + |
+Enterprise project ID, which is the ID of a project planned based on organizations. You can obtain the enterprise project ID by referring to Obtaining an Enterprise Project ID. If the enterprise project function is not enabled, the value is 0. + |
+
fw_instance_id + |
+No + |
+String + |
+Firewall ID, which can be obtained by referring to Obtaining a Firewall ID. + |
+
query_service_set_type + |
+No + |
+Integer + |
+Type of the service group to be queried: 0 (user-defined service group), 1 (predefined service group). + |
+
Parameter + |
+Mandatory + |
+Type + |
+Description + |
+
|---|---|---|---|
X-Auth-Token + |
+Yes + |
+String + |
+User token. You can obtain the token by referring to Obtaining a User Token. + |
+
Content-Type + |
+Yes + |
+String + |
+Content type. It can only be set to application/json. + |
+
Status code: 200
+ +Parameter + |
+Type + |
+Description + |
+
|---|---|---|
data + |
+ServiceSetDetailResponseDto object + |
+Service group details. + |
+
Parameter + |
+Type + |
+Description + |
+
|---|---|---|
id + |
+String + |
+Service group ID. + |
+
name + |
+String + |
+Service group name. + |
+
description + |
+String + |
+Service group description. + |
+
service_set_type + |
+Integer + |
+Service group type: 0 (user-defined service group), 1 (common web service), 2 (common remote login and ping), or 3 (common database). + |
+
Status code: 400
+ +Parameter + |
+Type + |
+Description + |
+
|---|---|---|
error_code + |
+String + |
+Error code. + |
+
error_msg + |
+String + |
+Error description. + |
+
Query details about service group 221cfdca-3abf-4c30-ab0d-516a03c70866 in project 9d80d070b6d44942af73c9c3d38e0429.
+https://{Endpoint}/v1/9d80d070b6d44942af73c9c3d38e0429/service-sets/221cfdca-3abf-4c30-ab0d-516a03c70866
+Status code: 200
+Return value for querying service group details.
+{
+ "data" : {
+ "service_set_type" : 0,
+ "id" : "221cfdca-3abf-4c30-ab0d-516a03c70866",
+ "name" : "ceshi2"
+ }
+}
+Status code: 400
+Bad Request
+{
+ "error_code" : "CFW.00200005",
+ "error_msg" : "Object not found."
+}
+Status Code + |
+Description + |
+
|---|---|
200 + |
+Return value for querying service group details. + |
+
400 + |
+Bad Request + |
+
401 + |
+Unauthorized + |
+
403 + |
+Forbidden + |
+
404 + |
+Not Found + |
+
500 + |
+Internal Server Error + |
+
See Error Codes.
+This API is used to obtain the service group list.
+GET /v1/{project_id}/service-sets
+ +Parameter + |
+Mandatory + |
+Type + |
+Description + |
+
|---|---|---|---|
project_id + |
+Yes + |
+String + |
+Project ID, which can be obtained by calling an API or from the console. For details, see Obtaining a Project ID. + |
+
Parameter + |
+Mandatory + |
+Type + |
+Description + |
+
|---|---|---|---|
object_id + |
+Yes + |
+String + |
+Protected object ID, which is used to distinguish between Internet border protection and VPC border protection after a cloud firewall is created. You can obtain the ID by calling the API for querying firewall instances. In the return value, find the ID in data.records.protect_objects.object_id (The period [.] is used to separate different levels of objects). If the value of type is 0, the protected object ID belongs to the Internet border. If the value of type is 1, the protected object ID belongs to the VPC border. You can obtain the value of type from data.records.protect_objects.type (The period [.] is used to separate different levels of objects). + |
+
key_word + |
+No + |
+String + |
+Keyword, which can be the service group name or part of the service group description. + |
+
limit + |
+Yes + |
+Integer + |
+Number of query records on each page. The value ranges from 1 to 1024. + |
+
offset + |
+Yes + |
+Integer + |
+Offset, which specifies the start position of the record to be returned. The value must be a number no less than 0. The default value is 0. + |
+
enterprise_project_id + |
+No + |
+String + |
+Enterprise project ID, which is the ID of a project planned based on organizations. You can obtain the enterprise project ID by referring to Obtaining an Enterprise Project ID. If the enterprise project function is not enabled, the value is 0. + |
+
fw_instance_id + |
+No + |
+String + |
+Firewall ID, which can be obtained by referring to Obtaining a Firewall ID. + |
+
query_service_set_type + |
+No + |
+Integer + |
+Type of the service group to be queried: 0 (user-defined service group), 1 (predefined service group). + |
+
Parameter + |
+Mandatory + |
+Type + |
+Description + |
+
|---|---|---|---|
X-Auth-Token + |
+Yes + |
+String + |
+User token. You can obtain the token by referring to Obtaining a User Token. + |
+
Content-Type + |
+Yes + |
+String + |
+Content type. It can only be set to application/json. + |
+
Status code: 200
+ +Parameter + |
+Type + |
+Description + |
+
|---|---|---|
data + |
+ServiceSetRecords object + |
+Query the service group list. + |
+
Parameter + |
+Type + |
+Description + |
+
|---|---|---|
offset + |
+Integer + |
+Offset, which specifies the start position of the record to be returned. The value must be a number no less than 0. The default value is 0. + |
+
limit + |
+Integer + |
+Number of records displayed on each page. The value ranges from 1 to 1024. + |
+
total + |
+Integer + |
+Query the total number of service groups. + |
+
records + |
+Array of ServiceSet objects + |
+Service group list. + |
+
Parameter + |
+Type + |
+Description + |
+
|---|---|---|
set_id + |
+String + |
+Service group ID. + |
+
name + |
+String + |
+Service group name. + |
+
description + |
+String + |
+Service group description. + |
+
service_set_type + |
+Integer + |
+Service group type: 0 (user-defined service group), 1 (common web service), 2 (common remote login and ping), or 3 (common database). + |
+
ref_count + |
+Integer + |
+Number of times a service group is referenced by rules. + |
+
project_id + |
+String + |
+Project ID. + |
+
protocols + |
+Array of integers + |
+Protocol list. Protocol type: 6 (TCP), 17 (UDP), 1 (ICMP), 58 (ICMPv6), or -1 (any). It cannot be left blank when type is set to 0 (manual). + |
+
Status code: 400
+ +Parameter + |
+Type + |
+Description + |
+
|---|---|---|
error_code + |
+String + |
+Error code. + |
+
error_msg + |
+String + |
+Error description. + |
+
Query the service group list on the first page of protected object a37bb4eb-c49e-4e88-bf77-944a75b0ce8a in project 2349ba469daf4b7daf268bb0261d18b0.
+https://{Endpoint}/v1/2349ba469daf4b7daf268bb0261d18b0/service-sets?object_id=a37bb4eb-c49e-4e88-bf77-944a75b0ce8a&limit=10&offset=0
+Status code: 200
+Return value for the service group list query.
+{
+ "data" : {
+ "limit" : 50,
+ "offset" : 0,
+ "records" : [ {
+ "name" : "test",
+ "project_id" : "2349ba469daf4b7daf268bb0261d18b0",
+ "protocols" : [ 6 ],
+ "ref_count" : 2,
+ "service_set_type" : 0,
+ "set_id" : "6f475bad-5d33-45d1-98f8-c79f2f308d5a"
+ } ],
+ "total" : 1
+ }
+}
+Status code: 400
+Bad Request
+{
+ "error_code" : "CFW.0020016",
+ "error_msg" : "Incorrect instance status."
+}
+Status Code + |
+Description + |
+
|---|---|
200 + |
+Return value for the service group list query. + |
+
400 + |
+Bad Request + |
+
401 + |
+Unauthorized + |
+
403 + |
+Forbidden + |
+
404 + |
+Not Found + |
+
500 + |
+Internal Server Error + |
+
See Error Codes.
+This API is used to update an ACL rule.
+PUT /v1/{project_id}/acl-rule/{acl_rule_id}
+ +Parameter + |
+Mandatory + |
+Type + |
+Description + |
+
|---|---|---|---|
project_id + |
+Yes + |
+String + |
+Project ID, which can be obtained by calling an API or from the console. For details, see Obtaining a Project ID. + |
+
acl_rule_id + |
+Yes + |
+String + |
+Rule ID, which can be obtained by calling the API for querying protection rules. Find the value in data.records.rule_id (The period [.] is used to separate different levels of objects). + |
+
Parameter + |
+Mandatory + |
+Type + |
+Description + |
+
|---|---|---|---|
enterprise_project_id + |
+No + |
+String + |
+Enterprise project ID, which is the ID of a project planned based on organizations. You can obtain the enterprise project ID by referring to Obtaining an Enterprise Project ID. If the enterprise project function is not enabled, the value is 0. + |
+
fw_instance_id + |
+No + |
+String + |
+Firewall ID, which can be obtained by referring to Obtaining a Firewall ID. + |
+
Parameter + |
+Mandatory + |
+Type + |
+Description + |
+
|---|---|---|---|
X-Auth-Token + |
+Yes + |
+String + |
+User token. You can obtain the token by referring to Obtaining a User Token. + |
+
Content-Type + |
+Yes + |
+String + |
+Content type. It can only be set to application/json. + |
+
Parameter + |
+Mandatory + |
+Type + |
+Description + |
+
|---|---|---|---|
address_type + |
+No + |
+Integer + |
+Address type: 0 (IPv4), 1 (IPv6). + |
+
name + |
+No + |
+String + |
+Rule name. + |
+
direction + |
+No + |
+Integer + |
+Direction: 0 (inbound) or 1 (outbound). This parameter is mandatory when type is set to 0 (Internet rule) or 2 (NAT rule). + |
+
action_type + |
+No + |
+Integer + |
+Rule action: 0 (permit), 1 (deny). + |
+
status + |
+No + |
+Integer + |
+Rule status: 0 (disabled), 1 (enabled). + |
+
applications + |
+No + |
+Array of strings + |
+Rule application list. Rule application type: HTTP, HTTPS, TLS1, DNS, SSH, MYSQL, SMTP, RDP, RDPS, VNC, POP3, IMAP4, SMTPS, POP3S, FTPS, ANY, or BGP. + |
+
applicationsJsonString + |
+No + |
+String + |
+JSON string converted from the applications field in the application list. + |
+
description + |
+No + |
+String + |
+Rule description. + |
+
long_connect_time_hour + |
+No + |
+Long + |
+Persistent connection duration (hour). + |
+
long_connect_time_minute + |
+No + |
+Long + |
+Persistent connection duration (minute). + |
+
long_connect_time_second + |
+No + |
+Long + |
+Persistent connection duration (second). + |
+
long_connect_time + |
+No + |
+Long + |
+Persistent connection duration. + |
+
long_connect_enable + |
+No + |
+Integer + |
+Whether to support persistent connections: 0 (no), 1 (yes). + |
+
source + |
+No + |
+RuleAddressDto object + |
+Source address Data Transport Object. + |
+
destination + |
+No + |
+RuleAddressDto object + |
+Destination address Data Transport Object. + |
+
service + |
+No + |
+RuleServiceDto object + |
+Service object. + |
+
type + |
+No + |
+Integer + |
+Rule type: 0 (Internet rule), 1 (VPC rule), or 2 (NAT rule). + |
+
tag + |
+No + |
+TagsVO object + |
+Tag object attached to a rule. + |
+
Parameter + |
+Mandatory + |
+Type + |
+Description + |
+
|---|---|---|---|
type + |
+Yes + |
+Integer + |
+Address type: 0 (manual input), 1 (associated IP address group), 2 (domain name), 3 (geographical location), 4 (domain name group) 5 (multiple objects), 6 (domain name group - network), 7 (domain name group - application). + |
+
address_type + |
+No + |
+Integer + |
+Address type: 0 (IPv4), 1 (IPv6). If type is 0, the input cannot be left blank. + |
+
address + |
+No + |
+String + |
+IP address information. It cannot be left blank if type is set to 0. + |
+
address_set_id + |
+No + |
+String + |
+ID of an associated IP address group. This parameter cannot be left blank when type is set to 1. You can obtain the value by calling the API for querying the address group list. Find the value in data.records.set_id (The period [.] is used to separate different levels of objects). + |
+
address_set_name + |
+No + |
+String + |
+Name of an associated IP address group. This parameter cannot be left blank when type is set to 1. You can obtain the value by calling the API for querying the address group list. Find the value in data.records.name (The period [.] is used to separate different levels of objects). + |
+
domain_address_name + |
+No + |
+String + |
+Name of a domain name address. This parameter is valid when type is set to 2 (domain name) or 7 (application domain name group). + |
+
region_list_json + |
+No + |
+String + |
+JSON value of the rule region list. + |
+
region_list + |
+No + |
+Array of IpRegionDto objects + |
+Rule region list. + |
+
domain_set_id + |
+No + |
+String + |
+Domain group ID. The value cannot be left blank when type is set to 4 (domain name group) or 7 (domain name group - application). Its value can be obtained by calling the API for querying the domain name group list. Find the value in data.records.set_id (The period [.] is used to separate different levels of objects). + |
+
domain_set_name + |
+No + |
+String + |
+Domain group name. The value cannot be left blank when type is set to 4 (domain name group) or 7 (domain name group - application). Its value can be obtained by calling the API for querying the domain name group list. Find the value in data.records.name (The period [.] is used to separate different levels of objects). + |
+
ip_address + |
+No + |
+Array of strings + |
+IP address list. This parameter cannot be left blank when type is set to 5 (multiple objects). + |
+
address_group + |
+No + |
+Array of strings + |
+Address group ID list. This parameter cannot be left blank when type is set to 5 (multiple objects). Its value can be obtained by calling the API for querying the address group list. Find the value in data.records.set_id (The period [.] is used to separate different levels of objects). In the search criteria, query_address_set_type must be set to 0 (user-defined address group). + |
+
address_group_names + |
+No + |
+Array of AddressGroupVO objects + |
+Address group name list. + |
+
address_set_type + |
+No + |
+Integer + |
+Address group type. It cannot be left blank when type is set to 1 (associated IP address group). It value can be 0 (user-defined address group), 1 (WAF back-to-source IP address group), 2 (DDoS back-to-source IP address group), or 3 (NAT64 address group). + |
+
predefined_group + |
+No + |
+Array of strings + |
+Pre-defined address group ID list. This parameter cannot be left blank when type is set to 5 (multiple objects). Its value can be obtained by calling the API for querying the address group list. Find the value in data.records.set_id (The period [.] is used to separate different levels of objects). In the search criteria, query_address_set_type must be set to 1 (predefined address group). + |
+
Parameter + |
+Mandatory + |
+Type + |
+Description + |
+
|---|---|---|---|
region_id + |
+No + |
+String + |
+Region ID. You can obtain the ID by referring to Obtaining Information About Account, IAM User, Group, Project, Region, and Agency. + |
+
region_type + |
+No + |
+Integer + |
+Region type: 0 (country), 1 (province), and 2 (continent). It can be obtained from the region information table. + |
+
Parameter + |
+Mandatory + |
+Type + |
+Description + |
+
|---|---|---|---|
address_set_type + |
+No + |
+Integer + |
+Address group type: 0 (user-defined address group), 1 (WAF back-to-source IP address group), 2 (DDoS back-to-source IP address group), or 3 (NAT64 address group). + |
+
name + |
+No + |
+String + |
+Name of an associated IP address group, which can be obtained by calling the API for querying the address group list. Find the value in data.records.name (The period [.] is used to separate different levels of objects). + |
+
set_id + |
+No + |
+String + |
+ID of an associated IP address group, which can be obtained by calling the API for querying the address group list. Find the value in data.records.set_id (The period [.] is used to separate different levels of objects). + |
+
Parameter + |
+Mandatory + |
+Type + |
+Description + |
+
|---|---|---|---|
type + |
+Yes + |
+Integer + |
+Service input type: 0 (manual), 1 (automatic). + |
+
protocol + |
+No + |
+Integer + |
+Protocol type: 6 (TCP), 17 (UDP), 1 (ICMP), 58 (ICMPv6), or -1 (any). It cannot be left blank when type is set to 0 (manual). + |
+
protocols + |
+No + |
+Array of integers + |
+Protocol list. Protocol type: 6 (TCP), 17 (UDP), 1 (ICMP), 58 (ICMPv6), or -1 (any). It cannot be left blank when type is set to 0 (manual). + |
+
source_port + |
+No + |
+String + |
+Source port. + |
+
dest_port + |
+No + |
+String + |
+Destination port. + |
+
service_set_id + |
+No + |
+String + |
+Service group ID. This parameter cannot be left blank when type is set to 1 (associated IP address group). Its value can be obtained by calling the API for querying the service group list. Find the value in data.records.set_id (The period [.] is used to separate different levels of objects). + |
+
service_set_name + |
+No + |
+String + |
+Service group name. This parameter cannot be left blank when type is set to 1 (associated IP address group). Its value can be obtained by calling the API for querying the service group list. Find the value in data.records.name (The period [.] is used to separate different levels of objects). + |
+
custom_service + |
+No + |
+Array of ServiceItem objects + |
+Custom service. + |
+
predefined_group + |
+No + |
+Array of strings + |
+Predefined service group ID list. The service group ID can be obtained by calling the API for querying the service group list. Find the value in data.records.set_id (The period [.] is used to separate different levels of objects). In the search criteria, query_service_set_type must be set to 1 (predefined service group). + |
+
service_group + |
+No + |
+Array of strings + |
+Service group ID list. The service group ID can be obtained by calling the API for querying the service group list. Find the value in data.records.set_id (The period [.] is used to separate different levels of objects). In the search criteria, query_service_set_type must be set to 0 (user-defined service group). + |
+
service_group_names + |
+No + |
+Array of ServiceGroupVO objects + |
+Service group name list. + |
+
service_set_type + |
+No + |
+Integer + |
+Service group type: 0 (user-defined service group), 1 (common web service), 2 (common remote login and ping), or 3 (common database). + |
+
Parameter + |
+Mandatory + |
+Type + |
+Description + |
+
|---|---|---|---|
protocol + |
+No + |
+Integer + |
+Protocol type: 6 (TCP), 17 (UDP), 1 (ICMP), 58 (ICMPv6), or -1 (any). It cannot be left blank when RuleServiceDto.type is set to 0 (manual). + |
+
source_port + |
+No + |
+String + |
+Source port. + |
+
dest_port + |
+No + |
+String + |
+Destination port. + |
+
description + |
+No + |
+String + |
+Service member description. + |
+
name + |
+No + |
+String + |
+Service member name. + |
+
Parameter + |
+Mandatory + |
+Type + |
+Description + |
+
|---|---|---|---|
name + |
+No + |
+String + |
+Service group name. + |
+
protocols + |
+No + |
+Array of integers + |
+Protocol list. Protocol type: 6 (TCP), 17 (UDP), 1 (ICMP), 58 (ICMPv6), or -1 (any). + |
+
service_set_type + |
+No + |
+Integer + |
+Service group type: 0 (user-defined service group), 1 (predefined service group). + |
+
set_id + |
+No + |
+String + |
+Service group ID, which can be obtained by calling the API for querying the service group list. Find the value in data.records.set_id (The period [.] is used to separate different levels of objects). + |
+
Status code: 200
+ +Parameter + |
+Type + |
+Description + |
+
|---|---|---|
data + |
+RuleId object + |
+Rule data. + |
+
Parameter + |
+Type + |
+Description + |
+
|---|---|---|
id + |
+String + |
+Rule ID. + |
+
name + |
+String + |
+Rule name. + |
+
Status code: 400
+ +Parameter + |
+Type + |
+Description + |
+
|---|---|---|
error_code + |
+String + |
+Error code. + |
+
error_msg + |
+String + |
+Error description. + |
+
The following example shows how to update an IPv4 inbound rule. The rule name is Test rule, the source is the IP address 1.1.1.1, the destination is the IP address 2.2.2.2, the service type is service, the protocol type is TCP, the source port is 0, and the destination port is 0. Persistent connections are not supported. The action is to allow. The status is enabled.
+https://{Endpoint}/v1/9d80d070b6d44942af73c9c3d38e0429/acl-rule/ceaa0407-b9c8-4dfd-9eca-b6ead2dfd031
+
+{
+ "name" : "Test rule.",
+ "status" : 1,
+ "action_type" : 0,
+ "description" : "",
+ "source" : {
+ "type" : 0,
+ "address" : "1.1.1.1"
+ },
+ "destination" : {
+ "type" : 0,
+ "address" : "2.2.2.2"
+ },
+ "service" : {
+ "type" : 0,
+ "protocol" : 6,
+ "source_port" : "0",
+ "dest_port" : "0"
+ },
+ "type" : 0,
+ "address_type" : 0,
+ "tag" : {
+ "tag_key" : "",
+ "tag_value" : ""
+ },
+ "long_connect_enable" : 0,
+ "direction" : 0
+}
+Status code: 200
+OK
+{
+ "data" : {
+ "id" : "ceaa0407-b9c8-4dfd-9eca-b6ead2dfd031"
+ }
+}
+Status code: 400
+Bad Request
+{
+ "error_code" : "CFW.00200005",
+ "error_msg" : "Object not found."
+}
+Status Code + |
+Description + |
+
|---|---|
200 + |
+OK + |
+
400 + |
+Bad Request + |
+
401 + |
+Unauthorized + |
+
403 + |
+Forbidden + |
+
404 + |
+Not Found + |
+
500 + |
+Internal Server Error + |
+
See Error Codes.
+This API is used to set the priority of an ACL protection rule.
+PUT /v1/{project_id}/acl-rule/order/{acl_rule_id}
+ +Parameter + |
+Mandatory + |
+Type + |
+Description + |
+
|---|---|---|---|
project_id + |
+Yes + |
+String + |
+Project ID, which can be obtained by calling an API or from the console. For details, see Obtaining a Project ID. + |
+
acl_rule_id + |
+Yes + |
+String + |
+Rule ID, which can be obtained by calling the API for querying protection rules. Find the value in data.records.rule_id (The period [.] is used to separate different levels of objects). + |
+
Parameter + |
+Mandatory + |
+Type + |
+Description + |
+
|---|---|---|---|
enterprise_project_id + |
+No + |
+String + |
+Enterprise project ID, which is the ID of a project planned based on organizations. You can obtain the enterprise project ID by referring to Obtaining an Enterprise Project ID. If the enterprise project function is not enabled, the value is 0. + |
+
fw_instance_id + |
+No + |
+String + |
+Firewall ID, which can be obtained by referring to Obtaining a Firewall ID. + |
+
Parameter + |
+Mandatory + |
+Type + |
+Description + |
+
|---|---|---|---|
X-Auth-Token + |
+Yes + |
+String + |
+User token. You can obtain the token by referring to Obtaining a User Token. + |
+
Content-Type + |
+Yes + |
+String + |
+Content type. It can only be set to application/json. + |
+
Parameter + |
+Mandatory + |
+Type + |
+Description + |
+
|---|---|---|---|
dest_rule_id + |
+No + |
+String + |
+ID of the target rule. The added rule is placed after this rule. This parameter cannot be left blank when the added rule is not pinned on top, and can be left blank when the added rule is pinned on top. The rule ID can be obtained by calling the API for querying protection rules. Find the value in data.records.rule_id (The period [.] is used to separate different levels of objects). + |
+
top + |
+No + |
+Integer + |
+Whether to pin on top: 0 (no), 1 (yes). + |
+
bottom + |
+No + |
+Integer + |
+Whether to pin to bottom: 0 (no), 1 (yes). + |
+
Status code: 200
+ +Parameter + |
+Type + |
+Description + |
+
|---|---|---|
data + |
+OrderRuleId object + |
+Rule ID. + |
+
Status code: 400
+ +Parameter + |
+Type + |
+Description + |
+
|---|---|---|
error_code + |
+String + |
+Error code. + |
+
error_msg + |
+String + |
+Error description. + |
+
In the project 9d80d070b6d44942af73c9c3d38e0429, move the rule whose ID is ffe9af47-d893-483b-86e3-ee5242e8cb15 behind the rule whose ID is 69c32dc5-f801-4294-98ee-978b51f97d35.
+https://{Endpoint}/v1/9d80d070b6d44942af73c9c3d38e0429/acl-rule/order/ffe9af47-d893-483b-86e3-ee5242e8cb15
+
+{
+ "top" : 0,
+ "dest_rule_id" : "69c32dc5-f801-4294-98ee-978b51f97d35"
+}
+Status code: 200
+Rule sorting response.
+{
+ "data" : {
+ "id" : "ffe9af47-d893-483b-86e3-ee5242e8cb15"
+ }
+}
+Status code: 400
+Bad Request
+{
+ "error_code" : "00200005",
+ "error_msg" : "Object not found."
+}
+Status Code + |
+Description + |
+
|---|---|
200 + |
+Rule sorting response. + |
+
400 + |
+Bad Request + |
+
401 + |
+Unauthorized + |
+
403 + |
+Forbidden + |
+
404 + |
+Not Found + |
+
500 + |
+Internal Server Error + |
+
See Error Codes.
+This API is used to update address group information.
+PUT /v1/{project_id}/address-sets/{set_id}
+ +Parameter + |
+Mandatory + |
+Type + |
+Description + |
+
|---|---|---|---|
project_id + |
+Yes + |
+String + |
+Project ID, which can be obtained by calling an API or from the console. For details, see Obtaining a Project ID. + |
+
set_id + |
+Yes + |
+String + |
+Address group ID, which can be obtained by calling the API for querying the address group list. Find the value in data.records.set_id (The period [.] is used to separate different levels of objects). + |
+
Parameter + |
+Mandatory + |
+Type + |
+Description + |
+
|---|---|---|---|
enterprise_project_id + |
+No + |
+String + |
+Enterprise project ID, which is the ID of a project planned based on organizations. You can obtain the enterprise project ID by referring to Obtaining an Enterprise Project ID. If the enterprise project function is not enabled, the value is 0. + |
+
fw_instance_id + |
+No + |
+String + |
+Firewall ID, which can be obtained by referring to Obtaining a Firewall ID. + |
+
Parameter + |
+Mandatory + |
+Type + |
+Description + |
+
|---|---|---|---|
X-Auth-Token + |
+Yes + |
+String + |
+User token. You can obtain the token by referring to Obtaining a User Token. + |
+
Content-Type + |
+Yes + |
+String + |
+Content type. It can only be set to application/json. + |
+
Parameter + |
+Mandatory + |
+Type + |
+Description + |
+
|---|---|---|---|
name + |
+No + |
+String + |
+IP address group name. + |
+
description + |
+No + |
+String + |
+Address group description. + |
+
Status code: 200
+ +Parameter + |
+Type + |
+Description + |
+
|---|---|---|
data + |
+UpdateAddressSetResponseData object + |
+Data returned after an address group is updated. + |
+
Parameter + |
+Type + |
+Description + |
+
|---|---|---|
id + |
+String + |
+Address group ID. + |
+
name + |
+String + |
+IP address group name. + |
+
Status code: 400
+ +Parameter + |
+Type + |
+Description + |
+
|---|---|---|
error_code + |
+String + |
+Error code. + |
+
error_msg + |
+String + |
+Error description. + |
+
Change the name of address group cf18f0b1-0ce7-4eb8-83b6-4b33c8448e16) in project 9d80d070b6d44942af73c9c3d38e0429 to ABCD.
+https://{Endpoint}/v1/9d80d070b6d44942af73c9c3d38e0429/address-sets/cf18f0b1-0ce7-4eb8-83b6-4b33c8448e16
+
+{
+ "name" : "ABCD",
+ "description" : ""
+}
+Status code: 200
+Return value for updating an address group.
+{
+ "data" : {
+ "id" : "cf18f0b1-0ce7-4eb8-83b6-4b33c8448e16"
+ }
+}
+Status code: 400
+Bad Request
+{
+ "error_code" : "CFW.00200005",
+ "error_msg" : "Object not found."
+}
+Status Code + |
+Description + |
+
|---|---|
200 + |
+Return value for updating an address group. + |
+
400 + |
+Bad Request + |
+
401 + |
+Unauthorized + |
+
403 + |
+Forbidden + |
+
404 + |
+Not Found + |
+
500 + |
+Internal Server Error + |
+
See Error Codes.
+This API is used to update a blacklist or whitelist.
+PUT /v1/{project_id}/black-white-list/{list_id}
+ +Parameter + |
+Mandatory + |
+Type + |
+Description + |
+
|---|---|---|---|
project_id + |
+Yes + |
+String + |
+Project ID, which can be obtained by calling an API or from the console. For details, see Obtaining a Project ID. + |
+
list_id + |
+Yes + |
+String + |
+Blacklist or whitelist ID, which can be obtained through the API for querying the blacklist or whitelist. Find the value in data.records.list_id (The period [.] is used to separate different levels of objects). + |
+
Parameter + |
+Mandatory + |
+Type + |
+Description + |
+
|---|---|---|---|
enterprise_project_id + |
+No + |
+String + |
+Enterprise project ID, which is the ID of a project planned based on organizations. You can obtain the enterprise project ID by referring to Obtaining an Enterprise Project ID. If the enterprise project function is not enabled, the value is 0. + |
+
fw_instance_id + |
+No + |
+String + |
+Firewall ID, which can be obtained by referring to Obtaining a Firewall ID. + |
+
Parameter + |
+Mandatory + |
+Type + |
+Description + |
+
|---|---|---|---|
X-Auth-Token + |
+Yes + |
+String + |
+User token. You can obtain the token by referring to Obtaining a User Token. + |
+
Content-Type + |
+Yes + |
+String + |
+Content type. It can only be set to application/json. + |
+
Parameter + |
+Mandatory + |
+Type + |
+Description + |
+
|---|---|---|---|
direction + |
+No + |
+Integer + |
+Address direction: 0 (source), 1 (destination). + |
+
address_type + |
+No + |
+Integer + |
+Address type: 0 (IPv4), 1 (IPv6). + |
+
address + |
+Yes + |
+String + |
+IP address + |
+
protocol + |
+No + |
+Integer + |
+Protocol type: 6 (TCP), 17 (UDP), 1 (ICMP), 58 (ICMPv6), or -1 (any). + |
+
port + |
+No + |
+String + |
+Port + |
+
description + |
+No + |
+String + |
+Description. + |
+
Status code: 200
+ +Parameter + |
+Type + |
+Description + |
+
|---|---|---|
data + |
+BlackWhiteListId object + |
+Response to the request for updating the blacklist/whitelist. + |
+
Parameter + |
+Type + |
+Description + |
+
|---|---|---|
id + |
+String + |
+Blacklist/Whitelist ID. + |
+
name + |
+String + |
+Blacklist/Whitelist name. + |
+
Status code: 400
+ +Parameter + |
+Type + |
+Description + |
+
|---|---|---|
error_code + |
+String + |
+Error code. + |
+
error_msg + |
+String + |
+Error description. + |
+
Update the whitelist of object cfebd347-b655-4b84-b938-3c54317599b2 of project 9d80d070b6d44942af73c9c3d38e0429. Direction: source address; IP address: 1.1.1.1; protocol type: TCP; port number: 1.
+https://{Endpoint}/v1/9d80d070b6d44942af73c9c3d38e0429/black-white-list/9d80d070b6d44942af73c9c3d38e042b
+
+{
+ "direction" : 0,
+ "address" : "1.1.1.1",
+ "protocol" : 6,
+ "port" : "1",
+ "address_type" : 0
+}
+Status code: 200
+Response to the request for updating a blacklist or whitelist.
+{
+ "data" : {
+ "id" : "5d37afe6-c5b4-400d-8ff3-a8d6396d7ace",
+ "name" : "10.1.1.10"
+ }
+}
+Status code: 400
+Bad Request
+{
+ "error_code" : "CFW.00200005",
+ "error_msg" : "Object not found."
+}
+Status Code + |
+Description + |
+
|---|---|
200 + |
+Response to the request for updating a blacklist or whitelist. + |
+
400 + |
+Bad Request + |
+
401 + |
+Unauthorized + |
+
403 + |
+Forbidden + |
+
404 + |
+Not Found + |
+
500 + |
+Internal Server Error + |
+
See Error Codes.
+This API is used to update the DNS server list.
+PUT /v1/{project_id}/dns/servers
+ +Parameter + |
+Mandatory + |
+Type + |
+Description + |
+
|---|---|---|---|
project_id + |
+Yes + |
+String + |
+Project ID, which can be obtained by calling an API or from the console. For details, see Obtaining a Project ID. + |
+
Parameter + |
+Mandatory + |
+Type + |
+Description + |
+
|---|---|---|---|
fw_instance_id + |
+Yes + |
+String + |
+Firewall ID, which can be obtained by referring to Obtaining a Firewall ID. + |
+
enterprise_project_id + |
+No + |
+String + |
+Enterprise project ID, which is the ID of a project planned based on organizations. You can obtain the enterprise project ID by referring to Obtaining an Enterprise Project ID. If the enterprise project function is not enabled, the value is 0. + |
+
Parameter + |
+Mandatory + |
+Type + |
+Description + |
+
|---|---|---|---|
X-Auth-Token + |
+Yes + |
+String + |
+User token. You can obtain the token by referring to Obtaining a User Token. + |
+
Content-Type + |
+Yes + |
+String + |
+Content type. It can only be set to application/json. + |
+
Parameter + |
+Mandatory + |
+Type + |
+Description + |
+
|---|---|---|---|
dns_server + |
+Yes + |
+Array of dns_server objects + |
+DNS server list. + |
+
health_check_domain_name + |
+No + |
+String + |
+Health check domain name, which can be obtained by calling the API for querying the DNS server list. Find the value in data.health_check_domain_name (The period [.] is used to separate different levels of objects). + |
+
Parameter + |
+Mandatory + |
+Type + |
+Description + |
+
|---|---|---|---|
server_ip + |
+Yes + |
+String + |
+DNS server IP address, which can be obtained by calling the API for querying the DNS server list. Find the value in data.server_ip (The period [.] is used to separate different levels of objects). + |
+
is_customized + |
+Yes + |
+Integer + |
+Whether the DNS server is user-defined: 0 (no), 1 (yes). + |
+
is_applied + |
+Yes + |
+Integer + |
+Whether to apply: 0 (no), 1 (yes). + |
+
Status code: 200
+ +Parameter + |
+Type + |
+Description + |
+
|---|---|---|
data + |
+Array of strings + |
+DNS server list. + |
+
Status code: 400
+ +Parameter + |
+Type + |
+Description + |
+
|---|---|---|
error_code + |
+String + |
+Error code. + |
+
error_msg + |
+String + |
+Error description. + |
+
Update the settings of the DNS resolver whose project ID is 2349ba469daf4b7daf268bb0261d18b0. Put the default server 8.8.8.8 in use. Stop using the non-default server 192.168.0.2.
+https://{Endpoint}/v1/2349ba469daf4b7daf268bb0261d18b0/dns/servers?fw_instance_id=80e0f2df-24fd-49c2-8398-11f9a0299b3e
+
+{
+ "dns_server" : [ {
+ "server_ip" : "8.8.8.8",
+ "is_customized" : 0,
+ "is_applied" : 1
+ }, {
+ "server_ip" : "192.168.0.2",
+ "is_customized" : 1,
+ "is_applied" : 0
+ } ]
+}
+Status code: 200
+Response to the request for updating the DNS server list.
+{
+ "data" : [ "100.95.150.83", "114.114.114.114", "223.5.5.5", "223.6.6.6", "119.29.29.29", "8.8.8.8", "100.79.1.250", "100.79.1.240" ]
+}
+Status code: 400
+Bad Request
+{
+ "error_code" : "CFW.00109003",
+ "error_msg" : "http to external service response status error"
+}
+Status Code + |
+Description + |
+
|---|---|
200 + |
+Response to the request for updating the DNS server list. + |
+
400 + |
+Bad Request + |
+
401 + |
+Unauthorized + |
+
403 + |
+Forbidden + |
+
404 + |
+Not Found + |
+
500 + |
+Internal Server Error + |
+
See Error Codes.
+This API is used to update a domain name group.
+PUT /v1/{project_id}/domain-set/{set_id}
+ +Parameter + |
+Mandatory + |
+Type + |
+Description + |
+
|---|---|---|---|
project_id + |
+Yes + |
+String + |
+Project ID, which can be obtained by calling an API or from the console. For details, see Obtaining a Project ID. + |
+
set_id + |
+Yes + |
+String + |
+Domain name group ID, which can be obtained by calling the API for querying the domain name group list. Find the value in data.records.set_id (The period [.] is used to separate different levels of objects). + |
+
Parameter + |
+Mandatory + |
+Type + |
+Description + |
+
|---|---|---|---|
enterprise_project_id + |
+No + |
+String + |
+Enterprise project ID, which is the ID of a project planned based on organizations. You can obtain the enterprise project ID by referring to Obtaining an Enterprise Project ID. If the enterprise project function is not enabled, the value is 0. + |
+
fw_instance_id + |
+Yes + |
+String + |
+Firewall instance ID, which is automatically generated after a CFW instance is created. You can obtain the ID by calling the API for querying a firewall instance. + |
+
Parameter + |
+Mandatory + |
+Type + |
+Description + |
+
|---|---|---|---|
X-Auth-Token + |
+Yes + |
+String + |
+User token. You can obtain the token by referring to Obtaining a User Token. + |
+
Content-Type + |
+Yes + |
+String + |
+Content type. It can only be set to application/json. + |
+
Parameter + |
+Mandatory + |
+Type + |
+Description + |
+
|---|---|---|---|
name + |
+Yes + |
+String + |
+Domain name group name. + |
+
description + |
+No + |
+String + |
+Domain name group description. + |
+
Status code: 200
+ +Parameter + |
+Type + |
+Description + |
+
|---|---|---|
data + |
+DomainSetResponseData object + |
+Returned data of for updating a domain name group. + |
+
Change the name of the domain name group 94da194d-24b2-4f60-919e-cf0bc76c75b3 of firewall 7a004e79-0b8b-4679-ab20-267f3946e8ba in project 9d80d070b6d44942af73c9c3d38e0429 to test.
+https://{Endpoint}/v1/9d80d070b6d44942af73c9c3d38e0429/domain-set/94da194d-24b2-4f60-919e-cf0bc76c75b3?fw_instance_id=7a004e79-0b8b-4679-ab20-267f3946e8ba&enterprise_project_id=default
+
+{
+ "name" : "test",
+ "description" : ""
+}
+Status code: 200
+Return value for updating a domain name group.
+{
+ "data" : {
+ "id" : "94da194d-24b2-4f60-919e-cf0bc76c75b3",
+ "name" : "test"
+ }
+}
+Status Code + |
+Description + |
+
|---|---|
200 + |
+Return value for updating a domain name group. + |
+
See Error Codes.
+This API is used to update log configurations.
+PUT /v1/{project_id}/cfw/logs/configuration
+ +Parameter + |
+Mandatory + |
+Type + |
+Description + |
+
|---|---|---|---|
project_id + |
+Yes + |
+String + |
+Project ID, which can be obtained by calling an API or from the console. For details, see Obtaining a Project ID. + |
+
Parameter + |
+Mandatory + |
+Type + |
+Description + |
+
|---|---|---|---|
fw_instance_id + |
+Yes + |
+String + |
+Firewall ID, which can be obtained via API by referring to Obtaining a Firewall ID. + |
+
enterprise_project_id + |
+No + |
+String + |
+Enterprise project ID, which is the ID of a project planned based on organizations. You can obtain the enterprise project ID by referring to Obtaining an Enterprise Project ID. If the enterprise project function is not enabled, the value is 0. + |
+
Parameter + |
+Mandatory + |
+Type + |
+Description + |
+
|---|---|---|---|
X-Auth-Token + |
+Yes + |
+String + |
+User token. You can obtain the token by referring to Obtaining a User Token. + |
+
Content-Type + |
+Yes + |
+String + |
+Content type. It can only be set to application/json. + |
+
Parameter + |
+Mandatory + |
+Type + |
+Description + |
+
|---|---|---|---|
fw_instance_id + |
+Yes + |
+String + |
+Firewall ID, which can be obtained by referring to Obtaining a Firewall ID. + |
+
lts_enable + |
+Yes + |
+Integer + |
+Whether to enable LTS: 1 (yes), 0 (no). + |
+
lts_log_group_id + |
+Yes + |
+String + |
+Log Tank Service (LTS) log group ID, which can be obtained by calling the API for querying all the log groups of an account in LTS. Find the value in log_groups.log_group_id (The period [.] is used to separate different levels of objects). + |
+
lts_attack_log_stream_id + |
+No + |
+String + |
+Attack log stream ID, which can be obtained by calling the API for querying all the log streams in a specified log group in LTS. Find the value in log_streams.log_stream_id (The period [.] is used to separate different levels of objects). + |
+
lts_attack_log_stream_enable + |
+No + |
+Integer + |
+Whether to enable the attack log stream: 1 (yes), 0 (no). + |
+
lts_access_log_stream_id + |
+No + |
+String + |
+Access control log stream ID, which can be obtained by calling the API for querying all the log streams in a specified log group in LTS. Find the value in log_streams.log_stream_id (The period [.] is used to separate different levels of objects). + |
+
lts_access_log_stream_enable + |
+No + |
+Integer + |
+Whether to enable the access control stream: 1 (yes), 0 (no). + |
+
lts_flow_log_stream_id + |
+No + |
+String + |
+Traffic log ID, which can be obtained by calling the API for querying all the log streams in a specified log group in LTS. Find the value in log_streams.log_stream_id (The period [.] is used to separate different levels of objects). + |
+
lts_flow_log_stream_enable + |
+No + |
+Integer + |
+Whether to enable the traffic log function: 1 (yes), 0 (no). + |
+
Status code: 200
+ +Parameter + |
+Type + |
+Description + |
+
|---|---|---|
data + |
+String + |
+Return value for updating log configurations. The value is the firewall ID. + |
+
Update the log configurations of firewall 22c4a5db-504c-471f-8187-5192bc11de0b in project 408972e72dcd4c1a9b033e955802a36b. The LTS log, flow log, access control log, and attack log functions are disabled.
+https://{Endpoint}/v1/408972e72dcd4c1a9b033e955802a36b/cfw/logs/configuration?fw_instance_id=22c4a5db-504c-471f-8187-5192bc11de0b&enterprise_project_id=default
+
+{
+ "fw_instance_id" : "22c4a5db-504c-471f-8187-5192bc11de0b",
+ "lts_enable" : 0,
+ "lts_log_group_id" : "20282428-a8f9-4e75-8246-165e64cf8ba8",
+ "lts_attack_log_stream_enable" : 0,
+ "lts_access_log_stream_enable" : 0,
+ "lts_flow_log_stream_enable" : 0
+}
+Status code: 200
+Return value for updating log configurations.
+{
+ "data" : "4e113415-7811-4bb3-bf5e-eb835953f7d4"
+}
+Status Code + |
+Description + |
+
|---|---|
200 + |
+Return value for updating log configurations. + |
+
See Error Codes.
+This API is used to update a service group.
+PUT /v1/{project_id}/service-sets/{set_id}
+ +Parameter + |
+Mandatory + |
+Type + |
+Description + |
+
|---|---|---|---|
project_id + |
+Yes + |
+String + |
+Project ID, which can be obtained by calling an API or from the console. For details, see Obtaining a Project ID. + |
+
set_id + |
+Yes + |
+String + |
+Service group ID, which can be obtained by calling the API for querying the service group list. Find the value in data.records.set_id (The period [.] is used to separate different levels of objects). + |
+
Parameter + |
+Mandatory + |
+Type + |
+Description + |
+
|---|---|---|---|
enterprise_project_id + |
+No + |
+String + |
+Enterprise project ID, which is the ID of a project planned based on organizations. You can obtain the enterprise project ID by referring to Obtaining an Enterprise Project ID. If the enterprise project function is not enabled, the value is 0. + |
+
fw_instance_id + |
+No + |
+String + |
+Firewall ID, which can be obtained by referring to Obtaining a Firewall ID. + |
+
Parameter + |
+Mandatory + |
+Type + |
+Description + |
+
|---|---|---|---|
X-Auth-Token + |
+Yes + |
+String + |
+User token. You can obtain the token by referring to Obtaining a User Token. + |
+
Content-Type + |
+Yes + |
+String + |
+Content type. It can only be set to application/json. + |
+
Parameter + |
+Mandatory + |
+Type + |
+Description + |
+
|---|---|---|---|
name + |
+No + |
+String + |
+Service group name. + |
+
description + |
+No + |
+String + |
+Service group description. + |
+
Status code: 200
+ +Parameter + |
+Type + |
+Description + |
+
|---|---|---|
data + |
+ServiceSetId object + |
+Update service group data. + |
+
Parameter + |
+Type + |
+Description + |
+
|---|---|---|
id + |
+String + |
+Service group ID. + |
+
name + |
+String + |
+Service group name. + |
+
Status code: 400
+ +Parameter + |
+Type + |
+Description + |
+
|---|---|---|
error_code + |
+String + |
+Error code. + |
+
error_msg + |
+String + |
+Error description. + |
+
Change the name of the service group 221cfdca-3abf-4c30-ab0d-516a03c70866 in project 9d80d070b6d44942af73c9c3d38e0429 to ceshi2 and change its description to Description.
+https://{Endpoint}/v1/9d80d070b6d44942af73c9c3d38e0429/service-sets/221cfdca-3abf-4c30-ab0d-516a03c70866
+
+{
+ "name" : "ceshi2",
+ "description" : "Description."
+}
+Status code: 200
+Return value for updating a service group.
+{
+ "data" : {
+ "id" : "221cfdca-3abf-4c30-ab0d-516a03c70866"
+ }
+}
+Status code: 400
+Bad Request
+{
+ "error_code" : "CFW.00200005",
+ "error_msg" : "Object not found."
+}
+Status Code + |
+Description + |
+
|---|---|
200 + |
+Return value for updating a service group. + |
+
400 + |
+Bad Request + |
+
401 + |
+Unauthorized + |
+
403 + |
+Forbidden + |
+
404 + |
+Not Found + |
+
500 + |
+Internal Server Error + |
+
See Error Codes.
+You can use all functions of CFW through its APIs.
+ +Type + |
+Description + |
+
|---|---|
Firewall Management + |
+Query firewall information, including querying the firewall list, modifying firewall protection status, and querying firewall details. + |
+
EIP Management + |
+Manage EIPs, including enabling or disabling EIPs, querying the number of EIPs, and querying the EIP list. + |
+
Network ACL Rule Management + |
+Manage ACL rules, including creating, updating, and deleting ACL rules. + |
+
Blacklist/Whitelist Management + |
+Manage blacklists and whitelists, including creating, updating, and deleting items in blacklists and whitelists. + |
+
Address Group Management + |
+Manage address groups, including adding, querying, and updating address groups. + |
+
Service Group Management + |
+Manage service groups, including adding, querying, and modifying service groups. + |
+
Domain Name Resolution and Domain Name Group Management + |
+Manage domain groups, including adding, querying, and updating domain groups. + |
+
IPS Management + |
+Manage the IPS switch, including querying the IPS status, IPS switch, and protection mode. + |
+
Log Management + |
+Manage log interfaces, including the interfaces for querying access control logs, attack event logs, and traffic logs. + |
+
Status Code + |
+Description + |
+Description + |
+
|---|---|---|
200 + |
+OK + |
+The request is successfully processed. + |
+
Status Code + |
+Description + |
+Description + |
+
|---|---|---|
400 + |
+Bad Request + |
+It is a bad request. + |
+
401 + |
+Unauthorized + |
+You do not have permissions to perform this action. + |
+
403 + |
+Forbidden + |
+Access is denied. + |
+
404 + |
+Not Found + |
+The page is not found. + |
+
500 + |
+Internal Server Error + |
+There is an internal server error. + |
+
A project ID is required for some URLs when an API is called. To obtain a project ID, perform the following operations:
+On the My Credential page, view project IDs in the project list.
+
Release Date + |
+Description + |
+
|---|---|
2024-12-05 + |
+This issue is the eighth official release. +The value type in the parameter description has been rectified. +Deleted: +APIs related to packet capture management. + |
+
2024-10-24 + |
+This issue is the seventh official release. +Optimized the description of parameters and example requests. + |
+
2024-09-18 + |
+This issue is the sixth official release. +Updated the API parameter description. +Added the following sections to the appendix:
+
|
+
2024-08-14 + |
+This issue is the fifth official release. +Optimized "ACL Rule Management".
+
|
+
2024-07-29 + |
+This issue is the fourth official release. +Optimized parameter description. + |
+
2024-07-02 + |
+This issue is the third official release. +Deleted: +
|
+
2024-05-28 + |
+This issue is the second official release. +Modified the description about whether X-Auth-Token is mandatory. + |
+
2024-04-30 + |
+This issue is the first official release. + |
+
Cloud service APIs comply with the RESTful API design principles. REST-based Web services are organized into resources. Each resource is identified by one or more Uniform Resource Identifiers (URIs). An application accesses a resource based on the resource's Unified Resource Locator (URL). A URL is usually in the following format: https://Endpoint/uri. In the URL, uri indicates the resource path, that is, the API access path.
+Cloud service APIs use HTTPS as the transmission protocol. Requests/Responses are transmitted by using JSON messages, with media type represented by Application/json.
+For details about how to use APIs, see API Usage Guidelines.
+This section describes how to obtain an enterprise project ID on the management console.
+A firewall ID (fw_instance_Id) is a CFW instance ID. It is automatically generated by the system after CFW is created.
+You can obtain the value by calling the API for Token Authentication.
+Before calling an API, you need to obtain a user token for authentication. For details about how to use Postman to obtain a user token, see Token Authentication.
+Your username, user ID, account name, account ID, project name, and project ID need to be specified in the URI and request body for calling certain APIs. Obtain these parameters on the My Credentials page.
+Continent + |
+Code + |
+
|---|---|
North America + |
+NA + |
+
Oceania + |
+OA + |
+
Africa + |
+AF + |
+
Antarctica + |
+AN + |
+
South America + |
+SA + |
+
Europe + |
+EU + |
+
Asia + |
+AS + |
+
Country + |
+Code + |
+
|---|---|
Albania + |
+AL + |
+
Algeria + |
+DZ + |
+
Afghanistan + |
+AF + |
+
Libya + |
+LY + |
+
United Arab Emirates + |
+AE + |
+
Aruba + |
+AW + |
+
Oman + |
+OM + |
+
Azerbaijan + |
+AZ + |
+
Egypt + |
+EG + |
+
Ethiopia + |
+ET + |
+
Ireland + |
+IE + |
+
Estonia + |
+EE + |
+
Andorra + |
+AD + |
+
Angola + |
+AO + |
+
Anguilla + |
+AI + |
+
Antigua and Barbuda + |
+AG + |
+
Austria + |
+AT + |
+
Åland Islands + |
+AX + |
+
Australia + |
+AU + |
+
Barbados + |
+BB + |
+
Papua New Guinea + |
+PG + |
+
Bahamas + |
+BS + |
+
Pakistan + |
+PK + |
+
Paraguay + |
+PY + |
+
Bahrain + |
+BH + |
+
Brazil + |
+BR + |
+
Belarus + |
+BY + |
+
Bermuda + |
+BM + |
+
Bulgaria + |
+BG + |
+
Benin + |
+BJ + |
+
Belgium + |
+BE + |
+
Iceland + |
+IS + |
+
Poland + |
+PL + |
+
Bosnia and Herzegovina + |
+BA + |
+
Botswana + |
+BW + |
+
Bhutan + |
+BT + |
+
Burkina Faso + |
+BF + |
+
Burundi + |
+BI + |
+
North Korea + |
+KP + |
+
Equatorial Guinea + |
+GQ + |
+
Denmark + |
+DK + |
+
Germany + |
+DE + |
+
East Timor + |
+TL + |
+
Togo + |
+TG + |
+
Dominica + |
+DM + |
+
Dominican Republic + |
+DO + |
+
Russia + |
+RU + |
+
Eritrea + |
+ER + |
+
France + |
+FR + |
+
Faroe Islands + |
+FO + |
+
French Guiana + |
+GF + |
+
French Southern Territories + |
+TF + |
+
Philippines + |
+PH + |
+
Fiji + |
+FJ + |
+
Finland + |
+FI + |
+
Cape Verde + |
+CV + |
+
Falkland Islands + |
+FK + |
+
Gambia + |
+GM + |
+
Republic of the Congo + |
+CG + |
+
Guernsey + |
+GG + |
+
Greenland + |
+GL + |
+
Georgia + |
+GE + |
+
Guyana + |
+GY + |
+
Kazakhstan + |
+KZ + |
+
South Korea + |
+KR + |
+
Netherlands + |
+NL + |
+
Montenegro + |
+ME + |
+
Djibouti + |
+DJ + |
+
Kyrgyzstan + |
+KG + |
+
Guinea + |
+GN + |
+
Guinea-Bissau + |
+GW + |
+
Ghana + |
+GH + |
+
Gabon + |
+GA + |
+
Cambodia + |
+KH + |
+
Czech Republic + |
+CZ + |
+
Zimbabwe + |
+ZW + |
+
Cameroon + |
+CM + |
+
Qatar + |
+QA + |
+
Cocos (Keeling) Islands + |
+CC + |
+
Comoros + |
+KM + |
+
Kuwait + |
+KW + |
+
Croatia + |
+HR + |
+
Kenya + |
+KE + |
+
Cook Islands + |
+CK + |
+
Latvia + |
+LV + |
+
Lesotho + |
+LS + |
+
Laos + |
+LA + |
+
Lebanon + |
+LB + |
+
Republic of Lithuania + |
+LT + |
+
Liberia + |
+LR + |
+
Liechtenstein + |
+LI + |
+
Reunion + |
+RE + |
+
Luxembourg + |
+LU + |
+
Rwanda + |
+RW + |
+
Romania + |
+RO + |
+
Madagascar + |
+MG + |
+
Maldives + |
+MV + |
+
Malta + |
+MT + |
+
Malawi + |
+MW + |
+
Malaysia + |
+MY + |
+
Mali + |
+ML + |
+
Marshall Islands + |
+MH + |
+
Martinique + |
+MQ + |
+
Mayotte + |
+YT + |
+
Isle of Man + |
+IM + |
+
Mauritius + |
+MU + |
+
Mauritania + |
+MR + |
+
Mongolia + |
+MN + |
+
Bangladesh + |
+BD + |
+
Federated States of Micronesia + |
+FM + |
+
Myanmar + |
+MM + |
+
Republic of Moldova + |
+MD + |
+
Morocco + |
+MA + |
+
Monaco + |
+MC + |
+
Mozambique + |
+MZ + |
+
Namibia + |
+NA + |
+
South Africa + |
+ZA + |
+
South Georgia and South Sandwich Islands + |
+GS + |
+
Nauru + |
+NR + |
+
Nepal + |
+NP + |
+
Niger + |
+NE + |
+
Nigeria + |
+NG + |
+
Norway + |
+NO + |
+
Norfolk Island + |
+NF + |
+
Palau + |
+PW + |
+
Portugal + |
+PT + |
+
North Macedonia + |
+MK + |
+
Japan + |
+JP + |
+
Sweden + |
+SE + |
+
Switzerland + |
+CH + |
+
Sierra Leone + |
+SL + |
+
Senegal + |
+SN + |
+
Cyprus + |
+CY + |
+
Seychelles + |
+SC + |
+
Saudi Arabia + |
+SA + |
+
Christmas Island + |
+CX + |
+
Sao Tome and Principe + |
+ST + |
+
Saint Helena + |
+SH + |
+
Saint Kitts and Nevis + |
+KN + |
+
Sant Lucia + |
+LC + |
+
San Marino + |
+SM + |
+
Saint Pierre and Miquelon + |
+PM + |
+
Vatican City + |
+VA + |
+
Sri Lanka + |
+LK + |
+
Slovak Republic + |
+SK + |
+
Slovenia + |
+SI + |
+
Svalbard and Jan Mayen + |
+SJ + |
+
Eswatini + |
+SZ + |
+
Suriname + |
+SR + |
+
Solomon Islands + |
+SB + |
+
Somalia + |
+SO + |
+
Tajikistan + |
+TJ + |
+
Thailand + |
+TH + |
+
Tanzania + |
+TZ + |
+
Turks and Caicos Islands + |
+TC + |
+
Trinidad and Tobago + |
+TT + |
+
Tunisia + |
+TN + |
+
Tuvalu + |
+TV + |
+
Türkiye + |
+TR + |
+
Turkmenistan + |
+TM + |
+
Vanuatu + |
+VU + |
+
Brunei + |
+BN + |
+
Uganda + |
+UG + |
+
Ukraine + |
+UA + |
+
Uruguay + |
+UY + |
+
Uzbekistan + |
+UZ + |
+
Spain + |
+ES + |
+
Greece + |
+GR + |
+
Ivory Coast + |
+CI + |
+
Singapore + |
+SG + |
+
New Caledonia + |
+NC + |
+
New Zealand + |
+NZ + |
+
Hungary + |
+HU + |
+
Jamaica + |
+JM + |
+
Armenia + |
+AM + |
+
Yemen + |
+YE + |
+
Iraq + |
+IQ + |
+
Israel + |
+IL + |
+
Italy + |
+IT + |
+
India + |
+IN + |
+
Indonesia + |
+ID + |
+
United Kingdom + |
+GB + |
+
Virgin Islands, British + |
+VG + |
+
British Indian Ocean Territory + |
+IO + |
+
Jordan + |
+JO + |
+
Vietnam + |
+VN + |
+
Zambia + |
+ZM + |
+
Jersey + |
+JE + |
+
Republic of Zaire + |
+CD + |
+
Chad + |
+TD + |
+
Gibraltar + |
+GI + |
+
Central African Republic + |
+CF + |
+
Macao (China) + |
+MO + |
+
Chinese mainland + |
+CN + |
+
Taiwan (China) + |
+TW + |
+
Hong Kong (China) + |
+HK + |
+
+
+
+
+
+
+
+
+
+