yexinru/doc-exports
1
0
Fork 0
forked from docs/doc-exports
Code Pull Requests Activity
Files
d167e4cc29458fd80ea2e4d84d6df87e142bbfd1
doc-exports/docs/cfw/api-ref/AddAclRule.html
qiaoli 2ced5c725f CFW API 20250123 version 
Reviewed-by: Gladkov, Maksim <mgladkov@noreply.gitea.eco.tsi-dev.otc-service.com>
Co-authored-by: qiaoli <qiaoli@huawei.com>
Co-committed-by: qiaoli <qiaoli@huawei.com>
2025-02-18 12:17:50 +00:00

997 lines
58 KiB
HTML
Raw Blame History

<a name="AddAclRule"></a><a name="AddAclRule"></a>
<h1 class="topictitle1">Creating an ACL Rule</h1>
<div id="body1708331107508"><div class="section"><h4 class="sectiontitle">Function</h4><p>This API is used to create an ACL rule.</p>
</div>
<div class="section" id="AddAclRule__atuogenerate_1"><h4 class="sectiontitle">URI</h4><p>POST /v1/{project_id}/acl-rule</p>
<div class="tablenoborder"><table cellpadding="4" cellspacing="0" summary="" frame="border" border="1" rules="all"><caption><b>Table 1 </b>Path Parameters</caption><thead align="left"><tr><th align="left" class="cellrowborder" valign="top" width="20%" id="mcps1.3.2.3.2.5.1.1"><p>Parameter</p>
</th>
<th align="left" class="cellrowborder" valign="top" width="20%" id="mcps1.3.2.3.2.5.1.2"><p>Mandatory</p>
</th>
<th align="left" class="cellrowborder" valign="top" width="20%" id="mcps1.3.2.3.2.5.1.3"><p>Type</p>
</th>
<th align="left" class="cellrowborder" valign="top" width="40%" id="mcps1.3.2.3.2.5.1.4"><p>Description</p>
</th>
</tr>
</thead>
<tbody><tr><td class="cellrowborder" valign="top" width="20%" headers="mcps1.3.2.3.2.5.1.1 "><p>project_id</p>
</td>
<td class="cellrowborder" valign="top" width="20%" headers="mcps1.3.2.3.2.5.1.2 "><p>Yes</p>
</td>
<td class="cellrowborder" valign="top" width="20%" headers="mcps1.3.2.3.2.5.1.3 "><p>String</p>
</td>
<td class="cellrowborder" valign="top" width="40%" headers="mcps1.3.2.3.2.5.1.4 "><p>Project ID, which can be obtained by calling an API or from the console. For details, see <a href="cfw_02_0015.html">Obtaining a Project ID</a>.</p>
</td>
</tr>
</tbody>
</table>
</div>
<div class="tablenoborder"><table cellpadding="4" cellspacing="0" summary="" frame="border" border="1" rules="all"><caption><b>Table 2 </b>Query Parameters</caption><thead align="left"><tr><th align="left" class="cellrowborder" valign="top" width="20%" id="mcps1.3.2.4.2.5.1.1"><p>Parameter</p>
</th>
<th align="left" class="cellrowborder" valign="top" width="20%" id="mcps1.3.2.4.2.5.1.2"><p>Mandatory</p>
</th>
<th align="left" class="cellrowborder" valign="top" width="20%" id="mcps1.3.2.4.2.5.1.3"><p>Type</p>
</th>
<th align="left" class="cellrowborder" valign="top" width="40%" id="mcps1.3.2.4.2.5.1.4"><p>Description</p>
</th>
</tr>
</thead>
<tbody><tr><td class="cellrowborder" valign="top" width="20%" headers="mcps1.3.2.4.2.5.1.1 "><p>enterprise_project_id</p>
</td>
<td class="cellrowborder" valign="top" width="20%" headers="mcps1.3.2.4.2.5.1.2 "><p>No</p>
</td>
<td class="cellrowborder" valign="top" width="20%" headers="mcps1.3.2.4.2.5.1.3 "><p>String</p>
</td>
<td class="cellrowborder" valign="top" width="40%" headers="mcps1.3.2.4.2.5.1.4 "><p>Enterprise project ID, which is the ID of a project planned based on organizations. You can obtain the enterprise project ID by referring to <a href="cfw_02_0027.html">Obtaining an Enterprise Project ID</a>. If the enterprise project function is not enabled, the value is <strong>0</strong>.</p>
</td>
</tr>
<tr><td class="cellrowborder" valign="top" width="20%" headers="mcps1.3.2.4.2.5.1.1 "><p>fw_instance_id</p>
</td>
<td class="cellrowborder" valign="top" width="20%" headers="mcps1.3.2.4.2.5.1.2 "><p>No</p>
</td>
<td class="cellrowborder" valign="top" width="20%" headers="mcps1.3.2.4.2.5.1.3 "><p>String</p>
</td>
<td class="cellrowborder" valign="top" width="40%" headers="mcps1.3.2.4.2.5.1.4 "><p>Firewall ID, which can be obtained by referring to <a href="cfw_02_0028.html">Obtaining a Firewall ID</a>.</p>
</td>
</tr>
</tbody>
</table>
</div>
</div>
<div class="section"><h4 class="sectiontitle">Request Parameters</h4>
<div class="tablenoborder"><table cellpadding="4" cellspacing="0" summary="" id="AddAclRule__HeaderParameter" frame="border" border="1" rules="all"><caption><b>Table 3 </b>Request header parameters</caption><thead align="left"><tr><th align="left" class="cellrowborder" valign="top" width="20%" id="mcps1.3.3.2.2.5.1.1"><p>Parameter</p>
</th>
<th align="left" class="cellrowborder" valign="top" width="20%" id="mcps1.3.3.2.2.5.1.2"><p>Mandatory</p>
</th>
<th align="left" class="cellrowborder" valign="top" width="20%" id="mcps1.3.3.2.2.5.1.3"><p>Type</p>
</th>
<th align="left" class="cellrowborder" valign="top" width="40%" id="mcps1.3.3.2.2.5.1.4"><p>Description</p>
</th>
</tr>
</thead>
<tbody><tr><td class="cellrowborder" valign="top" width="20%" headers="mcps1.3.3.2.2.5.1.1 "><p>X-Auth-Token</p>
</td>
<td class="cellrowborder" valign="top" width="20%" headers="mcps1.3.3.2.2.5.1.2 "><p>Yes</p>
</td>
<td class="cellrowborder" valign="top" width="20%" headers="mcps1.3.3.2.2.5.1.3 "><p>String</p>
</td>
<td class="cellrowborder" valign="top" width="40%" headers="mcps1.3.3.2.2.5.1.4 "><p>User token. You can obtain the token by referring to <a href="cfw_02_0029.html">Obtaining a User Token</a>.</p>
</td>
</tr>
<tr><td class="cellrowborder" valign="top" width="20%" headers="mcps1.3.3.2.2.5.1.1 "><p>Content-Type</p>
</td>
<td class="cellrowborder" valign="top" width="20%" headers="mcps1.3.3.2.2.5.1.2 "><p>Yes</p>
</td>
<td class="cellrowborder" valign="top" width="20%" headers="mcps1.3.3.2.2.5.1.3 "><p>String</p>
</td>
<td class="cellrowborder" valign="top" width="40%" headers="mcps1.3.3.2.2.5.1.4 "><p>Content type. It can only be set to application/json.</p>
</td>
</tr>
</tbody>
</table>
</div>
<div class="tablenoborder"><table cellpadding="4" cellspacing="0" summary="" id="AddAclRule__request_AddRuleAclDto" frame="border" border="1" rules="all"><caption><b>Table 4 </b>Request body parameters</caption><thead align="left"><tr><th align="left" class="cellrowborder" valign="top" width="20%" id="mcps1.3.3.3.2.5.1.1"><p>Parameter</p>
</th>
<th align="left" class="cellrowborder" valign="top" width="20%" id="mcps1.3.3.3.2.5.1.2"><p>Mandatory</p>
</th>
<th align="left" class="cellrowborder" valign="top" width="20%" id="mcps1.3.3.3.2.5.1.3"><p>Type</p>
</th>
<th align="left" class="cellrowborder" valign="top" width="40%" id="mcps1.3.3.3.2.5.1.4"><p>Description</p>
</th>
</tr>
</thead>
<tbody><tr><td class="cellrowborder" valign="top" width="20%" headers="mcps1.3.3.3.2.5.1.1 "><p>object_id</p>
</td>
<td class="cellrowborder" valign="top" width="20%" headers="mcps1.3.3.3.2.5.1.2 "><p>Yes</p>
</td>
<td class="cellrowborder" valign="top" width="20%" headers="mcps1.3.3.3.2.5.1.3 "><p>String</p>
</td>
<td class="cellrowborder" valign="top" width="40%" headers="mcps1.3.3.3.2.5.1.4 "><p>Protected object ID, which is used to distinguish between Internet border protection and VPC border protection after a cloud firewall is created. You can obtain the ID by calling the <a href="ListFirewallDetail.html">API for querying firewall instances</a>. In the return value, find the ID in <strong>data.records.protect_objects.object_id</strong> (The period [.] is used to separate different levels of objects). If the value of <strong>type</strong> is <strong>0</strong>, the protected object ID belongs to the Internet border. If the value of <strong>type</strong> is <strong>1</strong>, the protected object ID belongs to the VPC border. You can obtain the value of <strong>type</strong> from <strong>data.records.protect_objects.type</strong> (The period [.] is used to separate different levels of objects).</p>
</td>
</tr>
<tr><td class="cellrowborder" valign="top" width="20%" headers="mcps1.3.3.3.2.5.1.1 "><p>type</p>
</td>
<td class="cellrowborder" valign="top" width="20%" headers="mcps1.3.3.3.2.5.1.2 "><p>Yes</p>
</td>
<td class="cellrowborder" valign="top" width="20%" headers="mcps1.3.3.3.2.5.1.3 "><p>Integer</p>
</td>
<td class="cellrowborder" valign="top" width="40%" headers="mcps1.3.3.3.2.5.1.4 "><p>Rule type: <strong>0</strong> (Internet border rule), <strong>1</strong> (inter-VPC rule), or <strong>2</strong> (NAT rule). When <strong>type</strong> is set to <strong>0</strong>, the source and destination addresses of the rule must be EIPs or domain names of the public network. For an inter-VPC rule, the source and destination addresses must be private IP addresses. For a NAT rule, the source address must be a private IP address, and the destination address must be an EIP or domain name of the public network.</p>
</td>
</tr>
<tr><td class="cellrowborder" valign="top" width="20%" headers="mcps1.3.3.3.2.5.1.1 "><p>rules</p>
</td>
<td class="cellrowborder" valign="top" width="20%" headers="mcps1.3.3.3.2.5.1.2 "><p>Yes</p>
</td>
<td class="cellrowborder" valign="top" width="20%" headers="mcps1.3.3.3.2.5.1.3 "><p>Array of <a href="#AddAclRule__request_rules">rules</a> objects</p>
</td>
<td class="cellrowborder" valign="top" width="40%" headers="mcps1.3.3.3.2.5.1.4 "><p>Rule list in a rule addition request.</p>
</td>
</tr>
</tbody>
</table>
</div>
<div class="tablenoborder"><a name="AddAclRule__request_rules"></a><a name="request_rules"></a><table cellpadding="4" cellspacing="0" summary="" id="AddAclRule__request_rules" frame="border" border="1" rules="all"><caption><b>Table 5 </b>rules</caption><thead align="left"><tr><th align="left" class="cellrowborder" valign="top" width="20%" id="mcps1.3.3.4.2.5.1.1"><p>Parameter</p>
</th>
<th align="left" class="cellrowborder" valign="top" width="20%" id="mcps1.3.3.4.2.5.1.2"><p>Mandatory</p>
</th>
<th align="left" class="cellrowborder" valign="top" width="20%" id="mcps1.3.3.4.2.5.1.3"><p>Type</p>
</th>
<th align="left" class="cellrowborder" valign="top" width="40%" id="mcps1.3.3.4.2.5.1.4"><p>Description</p>
</th>
</tr>
</thead>
<tbody><tr><td class="cellrowborder" valign="top" width="20%" headers="mcps1.3.3.4.2.5.1.1 "><p>name</p>
</td>
<td class="cellrowborder" valign="top" width="20%" headers="mcps1.3.3.4.2.5.1.2 "><p>Yes</p>
</td>
<td class="cellrowborder" valign="top" width="20%" headers="mcps1.3.3.4.2.5.1.3 "><p>String</p>
</td>
<td class="cellrowborder" valign="top" width="40%" headers="mcps1.3.3.4.2.5.1.4 "><p>Rule name.</p>
</td>
</tr>
<tr><td class="cellrowborder" valign="top" width="20%" headers="mcps1.3.3.4.2.5.1.1 "><p>sequence</p>
</td>
<td class="cellrowborder" valign="top" width="20%" headers="mcps1.3.3.4.2.5.1.2 "><p>Yes</p>
</td>
<td class="cellrowborder" valign="top" width="20%" headers="mcps1.3.3.4.2.5.1.3 "><p><a href="#AddAclRule__request_OrderRuleAclDto">OrderRuleAclDto</a> object</p>
</td>
<td class="cellrowborder" valign="top" width="40%" headers="mcps1.3.3.4.2.5.1.4 "><p>Request body for changing the rule sequence.</p>
</td>
</tr>
<tr><td class="cellrowborder" valign="top" width="20%" headers="mcps1.3.3.4.2.5.1.1 "><p>address_type</p>
</td>
<td class="cellrowborder" valign="top" width="20%" headers="mcps1.3.3.4.2.5.1.2 "><p>Yes</p>
</td>
<td class="cellrowborder" valign="top" width="20%" headers="mcps1.3.3.4.2.5.1.3 "><p>Integer</p>
</td>
<td class="cellrowborder" valign="top" width="40%" headers="mcps1.3.3.4.2.5.1.4 "><p>Internet protocol type of an address: <strong>0</strong> (IPv4), <strong>1</strong> (IPv6).</p>
</td>
</tr>
<tr><td class="cellrowborder" valign="top" width="20%" headers="mcps1.3.3.4.2.5.1.1 "><p>action_type</p>
</td>
<td class="cellrowborder" valign="top" width="20%" headers="mcps1.3.3.4.2.5.1.2 "><p>Yes</p>
</td>
<td class="cellrowborder" valign="top" width="20%" headers="mcps1.3.3.4.2.5.1.3 "><p>Integer</p>
</td>
<td class="cellrowborder" valign="top" width="40%" headers="mcps1.3.3.4.2.5.1.4 "><p>Rule action: <strong>0</strong> (permit), <strong>1</strong> (deny).</p>
</td>
</tr>
<tr><td class="cellrowborder" valign="top" width="20%" headers="mcps1.3.3.4.2.5.1.1 "><p>status</p>
</td>
<td class="cellrowborder" valign="top" width="20%" headers="mcps1.3.3.4.2.5.1.2 "><p>Yes</p>
</td>
<td class="cellrowborder" valign="top" width="20%" headers="mcps1.3.3.4.2.5.1.3 "><p>Integer</p>
</td>
<td class="cellrowborder" valign="top" width="40%" headers="mcps1.3.3.4.2.5.1.4 "><p>Rule status: <strong>0</strong> (disabled), <strong>1</strong> (enabled).</p>
</td>
</tr>
<tr><td class="cellrowborder" valign="top" width="20%" headers="mcps1.3.3.4.2.5.1.1 "><p>applications</p>
</td>
<td class="cellrowborder" valign="top" width="20%" headers="mcps1.3.3.4.2.5.1.2 "><p>No</p>
</td>
<td class="cellrowborder" valign="top" width="20%" headers="mcps1.3.3.4.2.5.1.3 "><p>Array of strings</p>
</td>
<td class="cellrowborder" valign="top" width="40%" headers="mcps1.3.3.4.2.5.1.4 "><p>Rule application list. Rule application type: <strong>HTTP</strong>, <strong>HTTPS</strong>, <strong>TLS1</strong>, <strong>DNS</strong>, <strong>SSH</strong>, <strong>MYSQL</strong>, <strong>SMTP</strong>, <strong>RDP</strong>, <strong>RDPS</strong>, <strong>VNC</strong>, <strong>POP3</strong>, <strong>IMAP4</strong>, <strong>SMTPS</strong>, <strong>POP3S</strong>, <strong>FTPS</strong>, <strong>ANY</strong>, or <strong>BGP</strong>.</p>
</td>
</tr>
<tr><td class="cellrowborder" valign="top" width="20%" headers="mcps1.3.3.4.2.5.1.1 "><p>applicationsJsonString</p>
</td>
<td class="cellrowborder" valign="top" width="20%" headers="mcps1.3.3.4.2.5.1.2 "><p>No</p>
</td>
<td class="cellrowborder" valign="top" width="20%" headers="mcps1.3.3.4.2.5.1.3 "><p>String</p>
</td>
<td class="cellrowborder" valign="top" width="40%" headers="mcps1.3.3.4.2.5.1.4 "><p>JSON string converted from the <strong>applications</strong> field in the application list.</p>
</td>
</tr>
<tr><td class="cellrowborder" valign="top" width="20%" headers="mcps1.3.3.4.2.5.1.1 "><p>long_connect_time</p>
</td>
<td class="cellrowborder" valign="top" width="20%" headers="mcps1.3.3.4.2.5.1.2 "><p>No</p>
</td>
<td class="cellrowborder" valign="top" width="20%" headers="mcps1.3.3.4.2.5.1.3 "><p>Long</p>
</td>
<td class="cellrowborder" valign="top" width="40%" headers="mcps1.3.3.4.2.5.1.4 "><p>Persistent connection duration.</p>
</td>
</tr>
<tr><td class="cellrowborder" valign="top" width="20%" headers="mcps1.3.3.4.2.5.1.1 "><p>long_connect_time_hour</p>
</td>
<td class="cellrowborder" valign="top" width="20%" headers="mcps1.3.3.4.2.5.1.2 "><p>No</p>
</td>
<td class="cellrowborder" valign="top" width="20%" headers="mcps1.3.3.4.2.5.1.3 "><p>Long</p>
</td>
<td class="cellrowborder" valign="top" width="40%" headers="mcps1.3.3.4.2.5.1.4 "><p>Persistent connection duration (hour).</p>
</td>
</tr>
<tr><td class="cellrowborder" valign="top" width="20%" headers="mcps1.3.3.4.2.5.1.1 "><p>long_connect_time_minute</p>
</td>
<td class="cellrowborder" valign="top" width="20%" headers="mcps1.3.3.4.2.5.1.2 "><p>No</p>
</td>
<td class="cellrowborder" valign="top" width="20%" headers="mcps1.3.3.4.2.5.1.3 "><p>Long</p>
</td>
<td class="cellrowborder" valign="top" width="40%" headers="mcps1.3.3.4.2.5.1.4 "><p>Persistent connection duration (minute).</p>
</td>
</tr>
<tr><td class="cellrowborder" valign="top" width="20%" headers="mcps1.3.3.4.2.5.1.1 "><p>long_connect_time_second</p>
</td>
<td class="cellrowborder" valign="top" width="20%" headers="mcps1.3.3.4.2.5.1.2 "><p>No</p>
</td>
<td class="cellrowborder" valign="top" width="20%" headers="mcps1.3.3.4.2.5.1.3 "><p>Long</p>
</td>
<td class="cellrowborder" valign="top" width="40%" headers="mcps1.3.3.4.2.5.1.4 "><p>Persistent connection duration (second).</p>
</td>
</tr>
<tr><td class="cellrowborder" valign="top" width="20%" headers="mcps1.3.3.4.2.5.1.1 "><p>long_connect_enable</p>
</td>
<td class="cellrowborder" valign="top" width="20%" headers="mcps1.3.3.4.2.5.1.2 "><p>Yes</p>
</td>
<td class="cellrowborder" valign="top" width="20%" headers="mcps1.3.3.4.2.5.1.3 "><p>Integer</p>
</td>
<td class="cellrowborder" valign="top" width="40%" headers="mcps1.3.3.4.2.5.1.4 "><p>Whether to support persistent connections: <strong>0</strong> (no), <strong>1</strong> (yes).</p>
</td>
</tr>
<tr><td class="cellrowborder" valign="top" width="20%" headers="mcps1.3.3.4.2.5.1.1 "><p>description</p>
</td>
<td class="cellrowborder" valign="top" width="20%" headers="mcps1.3.3.4.2.5.1.2 "><p>No</p>
</td>
<td class="cellrowborder" valign="top" width="20%" headers="mcps1.3.3.4.2.5.1.3 "><p>String</p>
</td>
<td class="cellrowborder" valign="top" width="40%" headers="mcps1.3.3.4.2.5.1.4 "><p>Description.</p>
</td>
</tr>
<tr><td class="cellrowborder" valign="top" width="20%" headers="mcps1.3.3.4.2.5.1.1 "><p>direction</p>
</td>
<td class="cellrowborder" valign="top" width="20%" headers="mcps1.3.3.4.2.5.1.2 "><p>No</p>
</td>
<td class="cellrowborder" valign="top" width="20%" headers="mcps1.3.3.4.2.5.1.3 "><p>Integer</p>
</td>
<td class="cellrowborder" valign="top" width="40%" headers="mcps1.3.3.4.2.5.1.4 "><p>Direction: <strong>0</strong> (inbound) or <strong>1</strong> (outbound). This parameter is mandatory when <strong>type</strong> is set to <strong>0</strong> (Internet rule) or <strong>2</strong> (NAT rule).</p>
</td>
</tr>
<tr><td class="cellrowborder" valign="top" width="20%" headers="mcps1.3.3.4.2.5.1.1 "><p>source</p>
</td>
<td class="cellrowborder" valign="top" width="20%" headers="mcps1.3.3.4.2.5.1.2 "><p>Yes</p>
</td>
<td class="cellrowborder" valign="top" width="20%" headers="mcps1.3.3.4.2.5.1.3 "><p><a href="#AddAclRule__request_RuleAddressDtoForRequest">RuleAddressDtoForRequest</a> object</p>
</td>
<td class="cellrowborder" valign="top" width="40%" headers="mcps1.3.3.4.2.5.1.4 "><p>Source address Data Transport Object.</p>
</td>
</tr>
<tr><td class="cellrowborder" valign="top" width="20%" headers="mcps1.3.3.4.2.5.1.1 "><p>destination</p>
</td>
<td class="cellrowborder" valign="top" width="20%" headers="mcps1.3.3.4.2.5.1.2 "><p>Yes</p>
</td>
<td class="cellrowborder" valign="top" width="20%" headers="mcps1.3.3.4.2.5.1.3 "><p><a href="#AddAclRule__request_RuleAddressDtoForRequest">RuleAddressDtoForRequest</a> object</p>
</td>
<td class="cellrowborder" valign="top" width="40%" headers="mcps1.3.3.4.2.5.1.4 "><p>Destination address Data Transport Object.</p>
</td>
</tr>
<tr><td class="cellrowborder" valign="top" width="20%" headers="mcps1.3.3.4.2.5.1.1 "><p>service</p>
</td>
<td class="cellrowborder" valign="top" width="20%" headers="mcps1.3.3.4.2.5.1.2 "><p>Yes</p>
</td>
<td class="cellrowborder" valign="top" width="20%" headers="mcps1.3.3.4.2.5.1.3 "><p><a href="#AddAclRule__request_RuleServiceDto">RuleServiceDto</a> object</p>
</td>
<td class="cellrowborder" valign="top" width="40%" headers="mcps1.3.3.4.2.5.1.4 "><p>Service object.</p>
</td>
</tr>
<tr><td class="cellrowborder" valign="top" width="20%" headers="mcps1.3.3.4.2.5.1.1 "><p>tag</p>
</td>
<td class="cellrowborder" valign="top" width="20%" headers="mcps1.3.3.4.2.5.1.2 "><p>No</p>
</td>
<td class="cellrowborder" valign="top" width="20%" headers="mcps1.3.3.4.2.5.1.3 "><p><a href="#AddAclRule__request_TagsVO">TagsVO</a> object</p>
</td>
<td class="cellrowborder" valign="top" width="40%" headers="mcps1.3.3.4.2.5.1.4 "><p>Tag object attached to a rule.</p>
</td>
</tr>
</tbody>
</table>
</div>
<div class="tablenoborder"><a name="AddAclRule__request_OrderRuleAclDto"></a><a name="request_OrderRuleAclDto"></a><table cellpadding="4" cellspacing="0" summary="" id="AddAclRule__request_OrderRuleAclDto" frame="border" border="1" rules="all"><caption><b>Table 6 </b>OrderRuleAclDto</caption><thead align="left"><tr><th align="left" class="cellrowborder" valign="top" width="20%" id="mcps1.3.3.5.2.5.1.1"><p>Parameter</p>
</th>
<th align="left" class="cellrowborder" valign="top" width="20%" id="mcps1.3.3.5.2.5.1.2"><p>Mandatory</p>
</th>
<th align="left" class="cellrowborder" valign="top" width="20%" id="mcps1.3.3.5.2.5.1.3"><p>Type</p>
</th>
<th align="left" class="cellrowborder" valign="top" width="40%" id="mcps1.3.3.5.2.5.1.4"><p>Description</p>
</th>
</tr>
</thead>
<tbody><tr><td class="cellrowborder" valign="top" width="20%" headers="mcps1.3.3.5.2.5.1.1 "><p>dest_rule_id</p>
</td>
<td class="cellrowborder" valign="top" width="20%" headers="mcps1.3.3.5.2.5.1.2 "><p>No</p>
</td>
<td class="cellrowborder" valign="top" width="20%" headers="mcps1.3.3.5.2.5.1.3 "><p>String</p>
</td>
<td class="cellrowborder" valign="top" width="40%" headers="mcps1.3.3.5.2.5.1.4 "><p>ID of the target rule. The added rule is placed after this rule. This parameter cannot be left blank when the added rule is not pinned on top, and can be left blank when the added rule is pinned on top. The rule ID can be obtained by calling the <a href="ListAclRules.html">API for querying protection rules</a>. Find the value in <strong>data.records.rule_id</strong> (The period [.] is used to separate different levels of objects).</p>
</td>
</tr>
<tr><td class="cellrowborder" valign="top" width="20%" headers="mcps1.3.3.5.2.5.1.1 "><p>top</p>
</td>
<td class="cellrowborder" valign="top" width="20%" headers="mcps1.3.3.5.2.5.1.2 "><p>No</p>
</td>
<td class="cellrowborder" valign="top" width="20%" headers="mcps1.3.3.5.2.5.1.3 "><p>Integer</p>
</td>
<td class="cellrowborder" valign="top" width="40%" headers="mcps1.3.3.5.2.5.1.4 "><p>Whether to pin on top: <strong>0</strong> (no), <strong>1</strong> (yes).</p>
</td>
</tr>
<tr><td class="cellrowborder" valign="top" width="20%" headers="mcps1.3.3.5.2.5.1.1 "><p>bottom</p>
</td>
<td class="cellrowborder" valign="top" width="20%" headers="mcps1.3.3.5.2.5.1.2 "><p>No</p>
</td>
<td class="cellrowborder" valign="top" width="20%" headers="mcps1.3.3.5.2.5.1.3 "><p>Integer</p>
</td>
<td class="cellrowborder" valign="top" width="40%" headers="mcps1.3.3.5.2.5.1.4 "><p>Whether to pin to bottom: <strong>0</strong> (no), <strong>1</strong> (yes).</p>
</td>
</tr>
</tbody>
</table>
</div>
<div class="tablenoborder"><a name="AddAclRule__request_RuleAddressDtoForRequest"></a><a name="request_RuleAddressDtoForRequest"></a><table cellpadding="4" cellspacing="0" summary="" id="AddAclRule__request_RuleAddressDtoForRequest" frame="border" border="1" rules="all"><caption><b>Table 7 </b>RuleAddressDtoForRequest</caption><thead align="left"><tr><th align="left" class="cellrowborder" valign="top" width="20%" id="mcps1.3.3.6.2.5.1.1"><p>Parameter</p>
</th>
<th align="left" class="cellrowborder" valign="top" width="20%" id="mcps1.3.3.6.2.5.1.2"><p>Mandatory</p>
</th>
<th align="left" class="cellrowborder" valign="top" width="20%" id="mcps1.3.3.6.2.5.1.3"><p>Type</p>
</th>
<th align="left" class="cellrowborder" valign="top" width="40%" id="mcps1.3.3.6.2.5.1.4"><p>Description</p>
</th>
</tr>
</thead>
<tbody><tr><td class="cellrowborder" valign="top" width="20%" headers="mcps1.3.3.6.2.5.1.1 "><p>type</p>
</td>
<td class="cellrowborder" valign="top" width="20%" headers="mcps1.3.3.6.2.5.1.2 "><p>Yes</p>
</td>
<td class="cellrowborder" valign="top" width="20%" headers="mcps1.3.3.6.2.5.1.3 "><p>Integer</p>
</td>
<td class="cellrowborder" valign="top" width="40%" headers="mcps1.3.3.6.2.5.1.4 "><p>Address type: <strong>0</strong> (manual input), <strong>1</strong> (associated IP address group), <strong>2</strong> (domain name), <strong>3</strong> (geographical location), <strong>4</strong> (domain name group) <strong>5</strong> (multiple objects), <strong>6</strong> (domain name group - network), <strong>7</strong> (domain name group - application).</p>
</td>
</tr>
<tr><td class="cellrowborder" valign="top" width="20%" headers="mcps1.3.3.6.2.5.1.1 "><p>address_type</p>
</td>
<td class="cellrowborder" valign="top" width="20%" headers="mcps1.3.3.6.2.5.1.2 "><p>No</p>
</td>
<td class="cellrowborder" valign="top" width="20%" headers="mcps1.3.3.6.2.5.1.3 "><p>Integer</p>
</td>
<td class="cellrowborder" valign="top" width="40%" headers="mcps1.3.3.6.2.5.1.4 "><p>Internet protocol type of an address: <strong>0</strong> (IPv4), <strong>1</strong> (IPv6). If <strong>type</strong> is <strong>0</strong>, this parameter cannot be left blank.</p>
</td>
</tr>
<tr><td class="cellrowborder" valign="top" width="20%" headers="mcps1.3.3.6.2.5.1.1 "><p>address</p>
</td>
<td class="cellrowborder" valign="top" width="20%" headers="mcps1.3.3.6.2.5.1.2 "><p>No</p>
</td>
<td class="cellrowborder" valign="top" width="20%" headers="mcps1.3.3.6.2.5.1.3 "><p>String</p>
</td>
<td class="cellrowborder" valign="top" width="40%" headers="mcps1.3.3.6.2.5.1.4 "><p>IP address information. It cannot be left blank if <strong>type</strong> is set to <strong>0</strong>.</p>
</td>
</tr>
<tr><td class="cellrowborder" valign="top" width="20%" headers="mcps1.3.3.6.2.5.1.1 "><p>address_set_id</p>
</td>
<td class="cellrowborder" valign="top" width="20%" headers="mcps1.3.3.6.2.5.1.2 "><p>No</p>
</td>
<td class="cellrowborder" valign="top" width="20%" headers="mcps1.3.3.6.2.5.1.3 "><p>String</p>
</td>
<td class="cellrowborder" valign="top" width="40%" headers="mcps1.3.3.6.2.5.1.4 "><p>ID of an associated IP address group. This parameter cannot be left blank when <strong>type</strong> is set to <strong>1</strong>. You can obtain the value by calling the <a href="ListAddressSets.html">API for querying the address group list</a>. Find the value in <strong>data.records.set_id</strong> (The period [.] is used to separate different levels of objects).</p>
</td>
</tr>
<tr><td class="cellrowborder" valign="top" width="20%" headers="mcps1.3.3.6.2.5.1.1 "><p>address_set_name</p>
</td>
<td class="cellrowborder" valign="top" width="20%" headers="mcps1.3.3.6.2.5.1.2 "><p>No</p>
</td>
<td class="cellrowborder" valign="top" width="20%" headers="mcps1.3.3.6.2.5.1.3 "><p>String</p>
</td>
<td class="cellrowborder" valign="top" width="40%" headers="mcps1.3.3.6.2.5.1.4 "><p>Name of an associated IP address group. This parameter cannot be left blank when <strong>type</strong> is set to <strong>1</strong>. You can obtain the value by calling the <a href="ListAddressSets.html">API for querying the address group list</a>. Find the value in <strong>data.records.name</strong> (The period [.] is used to separate different levels of objects).</p>
</td>
</tr>
<tr><td class="cellrowborder" valign="top" width="20%" headers="mcps1.3.3.6.2.5.1.1 "><p>domain_address_name</p>
</td>
<td class="cellrowborder" valign="top" width="20%" headers="mcps1.3.3.6.2.5.1.2 "><p>No</p>
</td>
<td class="cellrowborder" valign="top" width="20%" headers="mcps1.3.3.6.2.5.1.3 "><p>String</p>
</td>
<td class="cellrowborder" valign="top" width="40%" headers="mcps1.3.3.6.2.5.1.4 "><p>Name of a domain name address. This parameter is valid when <strong>type</strong> is set to <strong>2</strong> (domain name) or <strong>7</strong> (application domain name group).</p>
</td>
</tr>
<tr><td class="cellrowborder" valign="top" width="20%" headers="mcps1.3.3.6.2.5.1.1 "><p>region_list_json</p>
</td>
<td class="cellrowborder" valign="top" width="20%" headers="mcps1.3.3.6.2.5.1.2 "><p>No</p>
</td>
<td class="cellrowborder" valign="top" width="20%" headers="mcps1.3.3.6.2.5.1.3 "><p>String</p>
</td>
<td class="cellrowborder" valign="top" width="40%" headers="mcps1.3.3.6.2.5.1.4 "><p>JSON value of the rule region list.</p>
</td>
</tr>
<tr><td class="cellrowborder" valign="top" width="20%" headers="mcps1.3.3.6.2.5.1.1 "><p>region_list</p>
</td>
<td class="cellrowborder" valign="top" width="20%" headers="mcps1.3.3.6.2.5.1.2 "><p>No</p>
</td>
<td class="cellrowborder" valign="top" width="20%" headers="mcps1.3.3.6.2.5.1.3 "><p>Array of <a href="#AddAclRule__request_IpRegionDto">IpRegionDto</a> objects</p>
</td>
<td class="cellrowborder" valign="top" width="40%" headers="mcps1.3.3.6.2.5.1.4 "><p>Rule region list.</p>
</td>
</tr>
<tr><td class="cellrowborder" valign="top" width="20%" headers="mcps1.3.3.6.2.5.1.1 "><p>domain_set_id</p>
</td>
<td class="cellrowborder" valign="top" width="20%" headers="mcps1.3.3.6.2.5.1.2 "><p>No</p>
</td>
<td class="cellrowborder" valign="top" width="20%" headers="mcps1.3.3.6.2.5.1.3 "><p>String</p>
</td>
<td class="cellrowborder" valign="top" width="40%" headers="mcps1.3.3.6.2.5.1.4 "><p>Domain group ID. The value cannot be left blank when <strong>type</strong> is set to <strong>4</strong> (domain name group) or <strong>7</strong> (domain name group - application). Its value can be obtained by calling the <a href="ListDomainSets.html">API for querying the domain name group list</a>. Find the value in <strong>data.records.set_id</strong> (The period [.] is used to separate different levels of objects).</p>
</td>
</tr>
<tr><td class="cellrowborder" valign="top" width="20%" headers="mcps1.3.3.6.2.5.1.1 "><p>domain_set_name</p>
</td>
<td class="cellrowborder" valign="top" width="20%" headers="mcps1.3.3.6.2.5.1.2 "><p>No</p>
</td>
<td class="cellrowborder" valign="top" width="20%" headers="mcps1.3.3.6.2.5.1.3 "><p>String</p>
</td>
<td class="cellrowborder" valign="top" width="40%" headers="mcps1.3.3.6.2.5.1.4 "><p>Domain group name. The value cannot be left blank when <strong>type</strong> is set to <strong>4</strong> (domain name group) or <strong>7</strong> (domain name group - application). Its value can be obtained by calling the <a href="ListDomainSets.html">API for querying the domain name group list</a>. Find the value in <strong>data.records.name</strong> (The period [.] is used to separate different levels of objects).</p>
</td>
</tr>
<tr><td class="cellrowborder" valign="top" width="20%" headers="mcps1.3.3.6.2.5.1.1 "><p>ip_address</p>
</td>
<td class="cellrowborder" valign="top" width="20%" headers="mcps1.3.3.6.2.5.1.2 "><p>No</p>
</td>
<td class="cellrowborder" valign="top" width="20%" headers="mcps1.3.3.6.2.5.1.3 "><p>Array of strings</p>
</td>
<td class="cellrowborder" valign="top" width="40%" headers="mcps1.3.3.6.2.5.1.4 "><p>IP address list. This parameter cannot be left blank when <strong>type</strong> is set to <strong>5</strong> (multiple objects).</p>
</td>
</tr>
<tr><td class="cellrowborder" valign="top" width="20%" headers="mcps1.3.3.6.2.5.1.1 "><p>address_set_type</p>
</td>
<td class="cellrowborder" valign="top" width="20%" headers="mcps1.3.3.6.2.5.1.2 "><p>No</p>
</td>
<td class="cellrowborder" valign="top" width="20%" headers="mcps1.3.3.6.2.5.1.3 "><p>Integer</p>
</td>
<td class="cellrowborder" valign="top" width="40%" headers="mcps1.3.3.6.2.5.1.4 "><p>Address group type. It cannot be left blank when <strong>type</strong> is set to <strong>1</strong> (associated IP address group). It value can be <strong>0</strong> (user-defined address group), <strong>1</strong> (WAF back-to-source IP address group), <strong>2</strong> (DDoS back-to-source IP address group), or <strong>3</strong> (NAT64 address group).</p>
</td>
</tr>
<tr><td class="cellrowborder" valign="top" width="20%" headers="mcps1.3.3.6.2.5.1.1 "><p>predefined_group</p>
</td>
<td class="cellrowborder" valign="top" width="20%" headers="mcps1.3.3.6.2.5.1.2 "><p>No</p>
</td>
<td class="cellrowborder" valign="top" width="20%" headers="mcps1.3.3.6.2.5.1.3 "><p>Array of strings</p>
</td>
<td class="cellrowborder" valign="top" width="40%" headers="mcps1.3.3.6.2.5.1.4 "><p>Pre-defined address group ID list. This parameter cannot be left blank when <strong>type</strong> is set to <strong>5</strong> (multiple objects). Its value can be obtained by calling the <a href="ListAddressSets.html">API for querying the address group list</a>. Find the value in <strong>data.records.set_id</strong> (The period [.] is used to separate different levels of objects). In the search criteria, <strong>query_address_set_type</strong> must be set to <strong>1</strong> (predefined address group).</p>
</td>
</tr>
<tr><td class="cellrowborder" valign="top" width="20%" headers="mcps1.3.3.6.2.5.1.1 "><p>address_group</p>
</td>
<td class="cellrowborder" valign="top" width="20%" headers="mcps1.3.3.6.2.5.1.2 "><p>No</p>
</td>
<td class="cellrowborder" valign="top" width="20%" headers="mcps1.3.3.6.2.5.1.3 "><p>Array of strings</p>
</td>
<td class="cellrowborder" valign="top" width="40%" headers="mcps1.3.3.6.2.5.1.4 "><p>Address group ID list. This parameter cannot be left blank when <strong>type</strong> is set to <strong>5</strong> (multiple objects). Its value can be obtained by calling the <a href="ListAddressSets.html">API for querying the address group list</a>. Find the value in <strong>data.records.set_id</strong> (The period [.] is used to separate different levels of objects). In the search criteria, <strong>query_address_set_type</strong> must be set to <strong>0</strong> (user-defined address group).</p>
</td>
</tr>
</tbody>
</table>
</div>
<div class="tablenoborder"><a name="AddAclRule__request_IpRegionDto"></a><a name="request_IpRegionDto"></a><table cellpadding="4" cellspacing="0" summary="" id="AddAclRule__request_IpRegionDto" frame="border" border="1" rules="all"><caption><b>Table 8 </b>IpRegionDto</caption><thead align="left"><tr><th align="left" class="cellrowborder" valign="top" width="20%" id="mcps1.3.3.7.2.5.1.1"><p>Parameter</p>
</th>
<th align="left" class="cellrowborder" valign="top" width="20%" id="mcps1.3.3.7.2.5.1.2"><p>Mandatory</p>
</th>
<th align="left" class="cellrowborder" valign="top" width="20%" id="mcps1.3.3.7.2.5.1.3"><p>Type</p>
</th>
<th align="left" class="cellrowborder" valign="top" width="40%" id="mcps1.3.3.7.2.5.1.4"><p>Description</p>
</th>
</tr>
</thead>
<tbody><tr><td class="cellrowborder" valign="top" width="20%" headers="mcps1.3.3.7.2.5.1.1 "><p>region_id</p>
</td>
<td class="cellrowborder" valign="top" width="20%" headers="mcps1.3.3.7.2.5.1.2 "><p>No</p>
</td>
<td class="cellrowborder" valign="top" width="20%" headers="mcps1.3.3.7.2.5.1.3 "><p>String</p>
</td>
<td class="cellrowborder" valign="top" width="40%" headers="mcps1.3.3.7.2.5.1.4 "><p>Region ID. You can obtain the ID by referring to <a href="cfw_02_0030.html">Obtaining Information About Account, IAM User, Group, Project, Region, and Agency</a>.</p>
</td>
</tr>
<tr><td class="cellrowborder" valign="top" width="20%" headers="mcps1.3.3.7.2.5.1.1 "><p>region_type</p>
</td>
<td class="cellrowborder" valign="top" width="20%" headers="mcps1.3.3.7.2.5.1.2 "><p>No</p>
</td>
<td class="cellrowborder" valign="top" width="20%" headers="mcps1.3.3.7.2.5.1.3 "><p>Integer</p>
</td>
<td class="cellrowborder" valign="top" width="40%" headers="mcps1.3.3.7.2.5.1.4 "><p>Region type: <strong>0</strong> (country), <strong>1</strong> (province), and <strong>2</strong> (continent). It can be obtained from the <a href="cfw_02_0031.html">region information table</a>.</p>
</td>
</tr>
</tbody>
</table>
</div>
<div class="tablenoborder"><a name="AddAclRule__request_RuleServiceDto"></a><a name="request_RuleServiceDto"></a><table cellpadding="4" cellspacing="0" summary="" id="AddAclRule__request_RuleServiceDto" frame="border" border="1" rules="all"><caption><b>Table 9 </b>RuleServiceDto</caption><thead align="left"><tr><th align="left" class="cellrowborder" valign="top" width="20%" id="mcps1.3.3.8.2.5.1.1"><p>Parameter</p>
</th>
<th align="left" class="cellrowborder" valign="top" width="20%" id="mcps1.3.3.8.2.5.1.2"><p>Mandatory</p>
</th>
<th align="left" class="cellrowborder" valign="top" width="20%" id="mcps1.3.3.8.2.5.1.3"><p>Type</p>
</th>
<th align="left" class="cellrowborder" valign="top" width="40%" id="mcps1.3.3.8.2.5.1.4"><p>Description</p>
</th>
</tr>
</thead>
<tbody><tr><td class="cellrowborder" valign="top" width="20%" headers="mcps1.3.3.8.2.5.1.1 "><p>type</p>
</td>
<td class="cellrowborder" valign="top" width="20%" headers="mcps1.3.3.8.2.5.1.2 "><p>Yes</p>
</td>
<td class="cellrowborder" valign="top" width="20%" headers="mcps1.3.3.8.2.5.1.3 "><p>Integer</p>
</td>
<td class="cellrowborder" valign="top" width="40%" headers="mcps1.3.3.8.2.5.1.4 "><p>Service input type: <strong>0</strong> (manual), <strong>1</strong> (automatic).</p>
</td>
</tr>
<tr><td class="cellrowborder" valign="top" width="20%" headers="mcps1.3.3.8.2.5.1.1 "><p>protocol</p>
</td>
<td class="cellrowborder" valign="top" width="20%" headers="mcps1.3.3.8.2.5.1.2 "><p>No</p>
</td>
<td class="cellrowborder" valign="top" width="20%" headers="mcps1.3.3.8.2.5.1.3 "><p>Integer</p>
</td>
<td class="cellrowborder" valign="top" width="40%" headers="mcps1.3.3.8.2.5.1.4 "><p>Protocol type: <strong>6</strong> (TCP), <strong>17</strong> (UDP), <strong>1</strong> (ICMP), <strong>58</strong> (ICMPv6), or <strong>-1</strong> (any). It cannot be left blank when <strong>type</strong> is set to <strong>0</strong> (manual).</p>
</td>
</tr>
<tr><td class="cellrowborder" valign="top" width="20%" headers="mcps1.3.3.8.2.5.1.1 "><p>protocols</p>
</td>
<td class="cellrowborder" valign="top" width="20%" headers="mcps1.3.3.8.2.5.1.2 "><p>No</p>
</td>
<td class="cellrowborder" valign="top" width="20%" headers="mcps1.3.3.8.2.5.1.3 "><p>Array of integers</p>
</td>
<td class="cellrowborder" valign="top" width="40%" headers="mcps1.3.3.8.2.5.1.4 "><p>Protocol list. Protocol type: <strong>6</strong> (TCP), <strong>17</strong> (UDP), <strong>1</strong> (ICMP), <strong>58</strong> (ICMPv6), or <strong>-1</strong> (any). It cannot be left blank when <strong>type</strong> is set to <strong>0</strong> (manual).</p>
</td>
</tr>
<tr><td class="cellrowborder" valign="top" width="20%" headers="mcps1.3.3.8.2.5.1.1 "><p>source_port</p>
</td>
<td class="cellrowborder" valign="top" width="20%" headers="mcps1.3.3.8.2.5.1.2 "><p>No</p>
</td>
<td class="cellrowborder" valign="top" width="20%" headers="mcps1.3.3.8.2.5.1.3 "><p>String</p>
</td>
<td class="cellrowborder" valign="top" width="40%" headers="mcps1.3.3.8.2.5.1.4 "><p>Source port.</p>
</td>
</tr>
<tr><td class="cellrowborder" valign="top" width="20%" headers="mcps1.3.3.8.2.5.1.1 "><p>dest_port</p>
</td>
<td class="cellrowborder" valign="top" width="20%" headers="mcps1.3.3.8.2.5.1.2 "><p>No</p>
</td>
<td class="cellrowborder" valign="top" width="20%" headers="mcps1.3.3.8.2.5.1.3 "><p>String</p>
</td>
<td class="cellrowborder" valign="top" width="40%" headers="mcps1.3.3.8.2.5.1.4 "><p>Destination port.</p>
</td>
</tr>
<tr><td class="cellrowborder" valign="top" width="20%" headers="mcps1.3.3.8.2.5.1.1 "><p>service_set_id</p>
</td>
<td class="cellrowborder" valign="top" width="20%" headers="mcps1.3.3.8.2.5.1.2 "><p>No</p>
</td>
<td class="cellrowborder" valign="top" width="20%" headers="mcps1.3.3.8.2.5.1.3 "><p>String</p>
</td>
<td class="cellrowborder" valign="top" width="40%" headers="mcps1.3.3.8.2.5.1.4 "><p>Service group ID. This parameter cannot be left blank when <strong>type</strong> is set to <strong>1</strong> (associated IP address group). Its value can be obtained by calling the <a href="ListServiceSets.html">API for querying the service group list</a>. Find the value in <strong>data.records.set_id</strong> (The period [.] is used to separate different levels of objects).</p>
</td>
</tr>
<tr><td class="cellrowborder" valign="top" width="20%" headers="mcps1.3.3.8.2.5.1.1 "><p>service_set_name</p>
</td>
<td class="cellrowborder" valign="top" width="20%" headers="mcps1.3.3.8.2.5.1.2 "><p>No</p>
</td>
<td class="cellrowborder" valign="top" width="20%" headers="mcps1.3.3.8.2.5.1.3 "><p>String</p>
</td>
<td class="cellrowborder" valign="top" width="40%" headers="mcps1.3.3.8.2.5.1.4 "><p>Service group name. This parameter cannot be left blank when <strong>type</strong> is set to <strong>1</strong> (associated IP address group). Its value can be obtained by calling the <a href="ListServiceSets.html">API for querying the service group list</a>. Find the value in <strong>data.records.name</strong> (The period [.] is used to separate different levels of objects).</p>
</td>
</tr>
<tr><td class="cellrowborder" valign="top" width="20%" headers="mcps1.3.3.8.2.5.1.1 "><p>custom_service</p>
</td>
<td class="cellrowborder" valign="top" width="20%" headers="mcps1.3.3.8.2.5.1.2 "><p>No</p>
</td>
<td class="cellrowborder" valign="top" width="20%" headers="mcps1.3.3.8.2.5.1.3 "><p>Array of <a href="#AddAclRule__request_ServiceItem">ServiceItem</a> objects</p>
</td>
<td class="cellrowborder" valign="top" width="40%" headers="mcps1.3.3.8.2.5.1.4 "><p>Custom service.</p>
</td>
</tr>
<tr><td class="cellrowborder" valign="top" width="20%" headers="mcps1.3.3.8.2.5.1.1 "><p>predefined_group</p>
</td>
<td class="cellrowborder" valign="top" width="20%" headers="mcps1.3.3.8.2.5.1.2 "><p>No</p>
</td>
<td class="cellrowborder" valign="top" width="20%" headers="mcps1.3.3.8.2.5.1.3 "><p>Array of strings</p>
</td>
<td class="cellrowborder" valign="top" width="40%" headers="mcps1.3.3.8.2.5.1.4 "><p>Predefined service group ID list. The service group ID can be obtained by calling the <a href="ListServiceSets.html">API for querying the service group list</a>. Find the value in <strong>data.records.set_id</strong> (The period [.] is used to separate different levels of objects). In the search criteria, <strong>query_service_set_type</strong> must be set to <strong>1</strong> (predefined service group).</p>
</td>
</tr>
<tr><td class="cellrowborder" valign="top" width="20%" headers="mcps1.3.3.8.2.5.1.1 "><p>service_group</p>
</td>
<td class="cellrowborder" valign="top" width="20%" headers="mcps1.3.3.8.2.5.1.2 "><p>No</p>
</td>
<td class="cellrowborder" valign="top" width="20%" headers="mcps1.3.3.8.2.5.1.3 "><p>Array of strings</p>
</td>
<td class="cellrowborder" valign="top" width="40%" headers="mcps1.3.3.8.2.5.1.4 "><p>Service group ID list. The service group ID can be obtained by calling the <a href="ListServiceSets.html">API for querying the service group list</a>. Find the value in <strong>data.records.set_id</strong> (The period [.] is used to separate different levels of objects). In the search criteria, <strong>query_service_set_type</strong> must be set to <strong>0</strong> (user-defined service group).</p>
</td>
</tr>
<tr><td class="cellrowborder" valign="top" width="20%" headers="mcps1.3.3.8.2.5.1.1 "><p>service_group_names</p>
</td>
<td class="cellrowborder" valign="top" width="20%" headers="mcps1.3.3.8.2.5.1.2 "><p>No</p>
</td>
<td class="cellrowborder" valign="top" width="20%" headers="mcps1.3.3.8.2.5.1.3 "><p>Array of <a href="#AddAclRule__request_ServiceGroupVO">ServiceGroupVO</a> objects</p>
</td>
<td class="cellrowborder" valign="top" width="40%" headers="mcps1.3.3.8.2.5.1.4 "><p>Service group name list.</p>
</td>
</tr>
<tr><td class="cellrowborder" valign="top" width="20%" headers="mcps1.3.3.8.2.5.1.1 "><p>service_set_type</p>
</td>
<td class="cellrowborder" valign="top" width="20%" headers="mcps1.3.3.8.2.5.1.2 "><p>No</p>
</td>
<td class="cellrowborder" valign="top" width="20%" headers="mcps1.3.3.8.2.5.1.3 "><p>Integer</p>
</td>
<td class="cellrowborder" valign="top" width="40%" headers="mcps1.3.3.8.2.5.1.4 "><p>Service group type: <strong>0</strong> (user-defined service group), <strong>1</strong> (common web service), <strong>2</strong> (common remote login and ping), or <strong>3</strong> (common database).</p>
</td>
</tr>
</tbody>
</table>
</div>
<div class="tablenoborder"><a name="AddAclRule__request_ServiceItem"></a><a name="request_ServiceItem"></a><table cellpadding="4" cellspacing="0" summary="" id="AddAclRule__request_ServiceItem" frame="border" border="1" rules="all"><caption><b>Table 10 </b>ServiceItem</caption><thead align="left"><tr><th align="left" class="cellrowborder" valign="top" width="20%" id="mcps1.3.3.9.2.5.1.1"><p>Parameter</p>
</th>
<th align="left" class="cellrowborder" valign="top" width="20%" id="mcps1.3.3.9.2.5.1.2"><p>Mandatory</p>
</th>
<th align="left" class="cellrowborder" valign="top" width="20%" id="mcps1.3.3.9.2.5.1.3"><p>Type</p>
</th>
<th align="left" class="cellrowborder" valign="top" width="40%" id="mcps1.3.3.9.2.5.1.4"><p>Description</p>
</th>
</tr>
</thead>
<tbody><tr><td class="cellrowborder" valign="top" width="20%" headers="mcps1.3.3.9.2.5.1.1 "><p>protocol</p>
</td>
<td class="cellrowborder" valign="top" width="20%" headers="mcps1.3.3.9.2.5.1.2 "><p>No</p>
</td>
<td class="cellrowborder" valign="top" width="20%" headers="mcps1.3.3.9.2.5.1.3 "><p>Integer</p>
</td>
<td class="cellrowborder" valign="top" width="40%" headers="mcps1.3.3.9.2.5.1.4 "><p>Protocol type: <strong>6</strong> (TCP), <strong>17</strong> (UDP), <strong>1</strong> (ICMP), <strong>58</strong> (ICMPv6), or <strong>-1</strong> (any). It cannot be left blank when <strong>RuleServiceDto.type</strong> is set to <strong>0</strong> (manual).</p>
</td>
</tr>
<tr><td class="cellrowborder" valign="top" width="20%" headers="mcps1.3.3.9.2.5.1.1 "><p>source_port</p>
</td>
<td class="cellrowborder" valign="top" width="20%" headers="mcps1.3.3.9.2.5.1.2 "><p>No</p>
</td>
<td class="cellrowborder" valign="top" width="20%" headers="mcps1.3.3.9.2.5.1.3 "><p>String</p>
</td>
<td class="cellrowborder" valign="top" width="40%" headers="mcps1.3.3.9.2.5.1.4 "><p>Source port.</p>
</td>
</tr>
<tr><td class="cellrowborder" valign="top" width="20%" headers="mcps1.3.3.9.2.5.1.1 "><p>dest_port</p>
</td>
<td class="cellrowborder" valign="top" width="20%" headers="mcps1.3.3.9.2.5.1.2 "><p>No</p>
</td>
<td class="cellrowborder" valign="top" width="20%" headers="mcps1.3.3.9.2.5.1.3 "><p>String</p>
</td>
<td class="cellrowborder" valign="top" width="40%" headers="mcps1.3.3.9.2.5.1.4 "><p>Destination port.</p>
</td>
</tr>
<tr><td class="cellrowborder" valign="top" width="20%" headers="mcps1.3.3.9.2.5.1.1 "><p>description</p>
</td>
<td class="cellrowborder" valign="top" width="20%" headers="mcps1.3.3.9.2.5.1.2 "><p>No</p>
</td>
<td class="cellrowborder" valign="top" width="20%" headers="mcps1.3.3.9.2.5.1.3 "><p>String</p>
</td>
<td class="cellrowborder" valign="top" width="40%" headers="mcps1.3.3.9.2.5.1.4 "><p>Service member description.</p>
</td>
</tr>
<tr><td class="cellrowborder" valign="top" width="20%" headers="mcps1.3.3.9.2.5.1.1 "><p>name</p>
</td>
<td class="cellrowborder" valign="top" width="20%" headers="mcps1.3.3.9.2.5.1.2 "><p>No</p>
</td>
<td class="cellrowborder" valign="top" width="20%" headers="mcps1.3.3.9.2.5.1.3 "><p>String</p>
</td>
<td class="cellrowborder" valign="top" width="40%" headers="mcps1.3.3.9.2.5.1.4 "><p>Service member name.</p>
</td>
</tr>
</tbody>
</table>
</div>
<div class="tablenoborder"><a name="AddAclRule__request_ServiceGroupVO"></a><a name="request_ServiceGroupVO"></a><table cellpadding="4" cellspacing="0" summary="" id="AddAclRule__request_ServiceGroupVO" frame="border" border="1" rules="all"><caption><b>Table 11 </b>ServiceGroupVO</caption><thead align="left"><tr><th align="left" class="cellrowborder" valign="top" width="20%" id="mcps1.3.3.10.2.5.1.1"><p>Parameter</p>
</th>
<th align="left" class="cellrowborder" valign="top" width="20%" id="mcps1.3.3.10.2.5.1.2"><p>Mandatory</p>
</th>
<th align="left" class="cellrowborder" valign="top" width="20%" id="mcps1.3.3.10.2.5.1.3"><p>Type</p>
</th>
<th align="left" class="cellrowborder" valign="top" width="40%" id="mcps1.3.3.10.2.5.1.4"><p>Description</p>
</th>
</tr>
</thead>
<tbody><tr><td class="cellrowborder" valign="top" width="20%" headers="mcps1.3.3.10.2.5.1.1 "><p>name</p>
</td>
<td class="cellrowborder" valign="top" width="20%" headers="mcps1.3.3.10.2.5.1.2 "><p>No</p>
</td>
<td class="cellrowborder" valign="top" width="20%" headers="mcps1.3.3.10.2.5.1.3 "><p>String</p>
</td>
<td class="cellrowborder" valign="top" width="40%" headers="mcps1.3.3.10.2.5.1.4 "><p>Service group name.</p>
</td>
</tr>
<tr><td class="cellrowborder" valign="top" width="20%" headers="mcps1.3.3.10.2.5.1.1 "><p>protocols</p>
</td>
<td class="cellrowborder" valign="top" width="20%" headers="mcps1.3.3.10.2.5.1.2 "><p>No</p>
</td>
<td class="cellrowborder" valign="top" width="20%" headers="mcps1.3.3.10.2.5.1.3 "><p>Array of integers</p>
</td>
<td class="cellrowborder" valign="top" width="40%" headers="mcps1.3.3.10.2.5.1.4 "><p>Protocol list. Protocol type: <strong>6</strong> (TCP), <strong>17</strong> (UDP), <strong>1</strong> (ICMP), <strong>58</strong> (ICMPv6), or <strong>-1</strong> (any).</p>
</td>
</tr>
<tr><td class="cellrowborder" valign="top" width="20%" headers="mcps1.3.3.10.2.5.1.1 "><p>service_set_type</p>
</td>
<td class="cellrowborder" valign="top" width="20%" headers="mcps1.3.3.10.2.5.1.2 "><p>No</p>
</td>
<td class="cellrowborder" valign="top" width="20%" headers="mcps1.3.3.10.2.5.1.3 "><p>Integer</p>
</td>
<td class="cellrowborder" valign="top" width="40%" headers="mcps1.3.3.10.2.5.1.4 "><p>Service group type: <strong>0</strong> (user-defined service group), <strong>1</strong> (predefined service group).</p>
</td>
</tr>
<tr><td class="cellrowborder" valign="top" width="20%" headers="mcps1.3.3.10.2.5.1.1 "><p>set_id</p>
</td>
<td class="cellrowborder" valign="top" width="20%" headers="mcps1.3.3.10.2.5.1.2 "><p>No</p>
</td>
<td class="cellrowborder" valign="top" width="20%" headers="mcps1.3.3.10.2.5.1.3 "><p>String</p>
</td>
<td class="cellrowborder" valign="top" width="40%" headers="mcps1.3.3.10.2.5.1.4 "><p>Service group ID, which can be obtained by calling the <a href="ListServiceSets.html">API for querying the service group list</a>. Find the value in <strong>data.records.set_id</strong> (The period [.] is used to separate different levels of objects).</p>
</td>
</tr>
</tbody>
</table>
</div>
<div class="tablenoborder"><a name="AddAclRule__request_TagsVO"></a><a name="request_TagsVO"></a><table cellpadding="4" cellspacing="0" summary="" id="AddAclRule__request_TagsVO" frame="border" border="1" rules="all"><caption><b>Table 12 </b>TagsVO</caption><thead align="left"><tr><th align="left" class="cellrowborder" valign="top" width="20%" id="mcps1.3.3.11.2.5.1.1"><p>Parameter</p>
</th>
<th align="left" class="cellrowborder" valign="top" width="20%" id="mcps1.3.3.11.2.5.1.2"><p>Mandatory</p>
</th>
<th align="left" class="cellrowborder" valign="top" width="20%" id="mcps1.3.3.11.2.5.1.3"><p>Type</p>
</th>
<th align="left" class="cellrowborder" valign="top" width="40%" id="mcps1.3.3.11.2.5.1.4"><p>Description</p>
</th>
</tr>
</thead>
<tbody><tr><td class="cellrowborder" valign="top" width="20%" headers="mcps1.3.3.11.2.5.1.1 "><p>tag_id</p>
</td>
<td class="cellrowborder" valign="top" width="20%" headers="mcps1.3.3.11.2.5.1.2 "><p>No</p>
</td>
<td class="cellrowborder" valign="top" width="20%" headers="mcps1.3.3.11.2.5.1.3 "><p>String</p>
</td>
<td class="cellrowborder" valign="top" width="40%" headers="mcps1.3.3.11.2.5.1.4 "><p>Rule tag ID.</p>
</td>
</tr>
<tr><td class="cellrowborder" valign="top" width="20%" headers="mcps1.3.3.11.2.5.1.1 "><p>tag_key</p>
</td>
<td class="cellrowborder" valign="top" width="20%" headers="mcps1.3.3.11.2.5.1.2 "><p>No</p>
</td>
<td class="cellrowborder" valign="top" width="20%" headers="mcps1.3.3.11.2.5.1.3 "><p>String</p>
</td>
<td class="cellrowborder" valign="top" width="40%" headers="mcps1.3.3.11.2.5.1.4 "><p>Rule tag key.</p>
</td>
</tr>
<tr><td class="cellrowborder" valign="top" width="20%" headers="mcps1.3.3.11.2.5.1.1 "><p>tag_value</p>
</td>
<td class="cellrowborder" valign="top" width="20%" headers="mcps1.3.3.11.2.5.1.2 "><p>No</p>
</td>
<td class="cellrowborder" valign="top" width="20%" headers="mcps1.3.3.11.2.5.1.3 "><p>String</p>
</td>
<td class="cellrowborder" valign="top" width="40%" headers="mcps1.3.3.11.2.5.1.4 "><p>Rule tag value.</p>
</td>
</tr>
</tbody>
</table>
</div>
</div>
<div class="section"><h4 class="sectiontitle">Response Parameters</h4><p><strong>Status code: 200</strong></p>
<div class="tablenoborder"><table cellpadding="4" cellspacing="0" summary="" id="AddAclRule__response_AddRuleIdListResponse" frame="border" border="1" rules="all"><caption><b>Table 13 </b>Response body parameters</caption><thead align="left"><tr><th align="left" class="cellrowborder" valign="top" width="25%" id="mcps1.3.4.3.2.4.1.1"><p>Parameter</p>
</th>
<th align="left" class="cellrowborder" valign="top" width="25%" id="mcps1.3.4.3.2.4.1.2"><p>Type</p>
</th>
<th align="left" class="cellrowborder" valign="top" width="50%" id="mcps1.3.4.3.2.4.1.3"><p>Description</p>
</th>
</tr>
</thead>
<tbody><tr><td class="cellrowborder" valign="top" width="25%" headers="mcps1.3.4.3.2.4.1.1 "><p>data</p>
</td>
<td class="cellrowborder" valign="top" width="25%" headers="mcps1.3.4.3.2.4.1.2 "><p><a href="#AddAclRule__response_RuleIdList">RuleIdList</a> object</p>
</td>
<td class="cellrowborder" valign="top" width="50%" headers="mcps1.3.4.3.2.4.1.3 "><p>Data of the return value for creating a rule.</p>
</td>
</tr>
</tbody>
</table>
</div>
<div class="tablenoborder"><a name="AddAclRule__response_RuleIdList"></a><a name="response_RuleIdList"></a><table cellpadding="4" cellspacing="0" summary="" id="AddAclRule__response_RuleIdList" frame="border" border="1" rules="all"><caption><b>Table 14 </b>RuleIdList</caption><thead align="left"><tr><th align="left" class="cellrowborder" valign="top" width="25%" id="mcps1.3.4.4.2.4.1.1"><p>Parameter</p>
</th>
<th align="left" class="cellrowborder" valign="top" width="25%" id="mcps1.3.4.4.2.4.1.2"><p>Type</p>
</th>
<th align="left" class="cellrowborder" valign="top" width="50%" id="mcps1.3.4.4.2.4.1.3"><p>Description</p>
</th>
</tr>
</thead>
<tbody><tr><td class="cellrowborder" valign="top" width="25%" headers="mcps1.3.4.4.2.4.1.1 "><p>rules</p>
</td>
<td class="cellrowborder" valign="top" width="25%" headers="mcps1.3.4.4.2.4.1.2 "><p>Array of <a href="#AddAclRule__response_RuleId">RuleId</a> objects</p>
</td>
<td class="cellrowborder" valign="top" width="50%" headers="mcps1.3.4.4.2.4.1.3 "><p>Rule ID list.</p>
</td>
</tr>
</tbody>
</table>
</div>
<div class="tablenoborder"><a name="AddAclRule__response_RuleId"></a><a name="response_RuleId"></a><table cellpadding="4" cellspacing="0" summary="" id="AddAclRule__response_RuleId" frame="border" border="1" rules="all"><caption><b>Table 15 </b>RuleId</caption><thead align="left"><tr><th align="left" class="cellrowborder" valign="top" width="25%" id="mcps1.3.4.5.2.4.1.1"><p>Parameter</p>
</th>
<th align="left" class="cellrowborder" valign="top" width="25%" id="mcps1.3.4.5.2.4.1.2"><p>Type</p>
</th>
<th align="left" class="cellrowborder" valign="top" width="50%" id="mcps1.3.4.5.2.4.1.3"><p>Description</p>
</th>
</tr>
</thead>
<tbody><tr><td class="cellrowborder" valign="top" width="25%" headers="mcps1.3.4.5.2.4.1.1 "><p>id</p>
</td>
<td class="cellrowborder" valign="top" width="25%" headers="mcps1.3.4.5.2.4.1.2 "><p>String</p>
</td>
<td class="cellrowborder" valign="top" width="50%" headers="mcps1.3.4.5.2.4.1.3 "><p>Rule ID.</p>
</td>
</tr>
<tr><td class="cellrowborder" valign="top" width="25%" headers="mcps1.3.4.5.2.4.1.1 "><p>name</p>
</td>
<td class="cellrowborder" valign="top" width="25%" headers="mcps1.3.4.5.2.4.1.2 "><p>String</p>
</td>
<td class="cellrowborder" valign="top" width="50%" headers="mcps1.3.4.5.2.4.1.3 "><p>Rule name.</p>
</td>
</tr>
</tbody>
</table>
</div>
<p><strong>Status code: 400</strong></p>
<div class="tablenoborder"><table cellpadding="4" cellspacing="0" summary="" id="AddAclRule__response_ErrorRsp" frame="border" border="1" rules="all"><caption><b>Table 16 </b>Response body parameters</caption><thead align="left"><tr><th align="left" class="cellrowborder" valign="top" width="25%" id="mcps1.3.4.7.2.4.1.1"><p>Parameter</p>
</th>
<th align="left" class="cellrowborder" valign="top" width="25%" id="mcps1.3.4.7.2.4.1.2"><p>Type</p>
</th>
<th align="left" class="cellrowborder" valign="top" width="50%" id="mcps1.3.4.7.2.4.1.3"><p>Description</p>
</th>
</tr>
</thead>
<tbody><tr><td class="cellrowborder" valign="top" width="25%" headers="mcps1.3.4.7.2.4.1.1 "><p>error_code</p>
</td>
<td class="cellrowborder" valign="top" width="25%" headers="mcps1.3.4.7.2.4.1.2 "><p>String</p>
</td>
<td class="cellrowborder" valign="top" width="50%" headers="mcps1.3.4.7.2.4.1.3 "><p>Error code.</p>
</td>
</tr>
<tr><td class="cellrowborder" valign="top" width="25%" headers="mcps1.3.4.7.2.4.1.1 "><p>error_msg</p>
</td>
<td class="cellrowborder" valign="top" width="25%" headers="mcps1.3.4.7.2.4.1.2 "><p>String</p>
</td>
<td class="cellrowborder" valign="top" width="50%" headers="mcps1.3.4.7.2.4.1.3 "><p>Error description.</p>
</td>
</tr>
</tbody>
</table>
</div>
</div>
<div class="section"><h4 class="sectiontitle">Example Requests</h4><p>The following example shows how to add an IPv4 inbound rule. The rule name is <strong>Test rule</strong>, the source is the IP address 1.1.1.1, the destination is the IP address 2.2.2.2, the service type is service, the protocol type is TCP, the source port is 0, and the destination port is 0. Persistent connections are not supported. The action is to allow. The status is enabled.</p>
<pre class="screen">https://{Endpoint}/v1/9d80d070b6d44942af73c9c3d38e0429/acl-rule
{
"object_id" : "ae42418e-f077-41a0-9d3b-5b2f5ad9102b",
"rules" : [ {
"name" : "Test rule.",
"status" : 1,
"action_type" : 0,
"description" : "",
"source" : {
"type" : 0,
"address" : "1.1.1.1"
},
"destination" : {
"type" : 0,
"address" : "2.2.2.2"
},
"service" : {
"type" : 0,
"protocol" : 6,
"source_port" : "0",
"dest_port" : "0"
},
"address_type" : 0,
"tag" : {
"tag_key" : "",
"tag_value" : ""
},
"long_connect_enable" : 0,
"direction" : 0,
"sequence" : {
"top" : 1,
"dest_rule_id" : null
}
} ],
"type" : 0
}</pre>
</div>
<div class="section"><h4 class="sectiontitle">Example Responses</h4><p><strong>Status code: 200</strong></p>
<p>Response to the request for creating an ACL rule.</p>
<pre class="screen">{
"data" : {
"rules" : [ {
"id" : "0475c516-0e41-4caf-990b-0c504eebd73f",
"name" : "testName"
} ]
}
}</pre>
<p><strong>Status code: 400</strong></p>
<p>Bad Request</p>
<pre class="screen">{
"error_code" : "CFW.00900016",
"error_msg" : "Import is in progress. Please wait until it is complete."
}</pre>
</div>
<div class="section"><h4 class="sectiontitle">Status Codes</h4>
<div class="tablenoborder"><table cellpadding="4" cellspacing="0" summary="" id="AddAclRule__status_code" frame="border" border="1" rules="all"><thead align="left"><tr><th align="left" class="cellrowborder" valign="top" width="15%" id="mcps1.3.7.2.1.3.1.1"><p>Status Code</p>
</th>
<th align="left" class="cellrowborder" valign="top" width="85%" id="mcps1.3.7.2.1.3.1.2"><p>Description</p>
</th>
</tr>
</thead>
<tbody><tr><td class="cellrowborder" valign="top" width="15%" headers="mcps1.3.7.2.1.3.1.1 "><p>200</p>
</td>
<td class="cellrowborder" valign="top" width="85%" headers="mcps1.3.7.2.1.3.1.2 "><p>Response to the request for creating an ACL rule.</p>
</td>
</tr>
<tr><td class="cellrowborder" valign="top" width="15%" headers="mcps1.3.7.2.1.3.1.1 "><p>400</p>
</td>
<td class="cellrowborder" valign="top" width="85%" headers="mcps1.3.7.2.1.3.1.2 "><p>Bad Request</p>
</td>
</tr>
<tr><td class="cellrowborder" valign="top" width="15%" headers="mcps1.3.7.2.1.3.1.1 "><p>401</p>
</td>
<td class="cellrowborder" valign="top" width="85%" headers="mcps1.3.7.2.1.3.1.2 "><p>Unauthorized</p>
</td>
</tr>
<tr><td class="cellrowborder" valign="top" width="15%" headers="mcps1.3.7.2.1.3.1.1 "><p>403</p>
</td>
<td class="cellrowborder" valign="top" width="85%" headers="mcps1.3.7.2.1.3.1.2 "><p>Forbidden</p>
</td>
</tr>
<tr><td class="cellrowborder" valign="top" width="15%" headers="mcps1.3.7.2.1.3.1.1 "><p>404</p>
</td>
<td class="cellrowborder" valign="top" width="85%" headers="mcps1.3.7.2.1.3.1.2 "><p>Not Found</p>
</td>
</tr>
<tr><td class="cellrowborder" valign="top" width="15%" headers="mcps1.3.7.2.1.3.1.1 "><p>500</p>
</td>
<td class="cellrowborder" valign="top" width="85%" headers="mcps1.3.7.2.1.3.1.2 "><p>Internal Server Error</p>
</td>
</tr>
</tbody>
</table>
</div>
</div>
<div class="section"><h4 class="sectiontitle">Error Codes</h4><p>See <a href="ErrorCode.html">Error Codes</a>.</p>
</div>
</div>
<div>
<div class="familylinks">
<div class="parentlink"><strong>Parent topic:</strong> <a href="topic_300000002.html">ACL Rule Management</a></div>
</div>
</div>
View Git Blame Copy Permalink