Querying a Protection Rule¶
Function¶
This API is used to query a protection rule.
URI¶
GET /v1/{project_id}/acl-rules
Parameter | Mandatory | Type | Description |
|---|---|---|---|
project_id | Yes | String | Project ID. |
Parameter | Mandatory | Type | Description |
|---|---|---|---|
object_id | Yes | String | Protected object ID, which is used to distinguish between Internet border protection and VPC border protection after a cloud firewall is created. You can obtain the ID by calling the API for querying firewall instances. In the return value, find the ID in data.records.protect_objects.object_id (The period [.] is used to separate different levels of objects). If the value of type is 0, the protected object ID belongs to the Internet border. If the value of type is 1, the protected object ID belongs to the VPC border. You can obtain the value of type from data.records.protect_objects.type (The period [.] is used to separate different levels of objects). |
type | No | Integer | Rule type: 0 (Internet rule), 1 (VPC rule), or 2 (NAT rule). |
ip | No | String | IP address |
name | No | String | Rule name. |
direction | No | Integer | Direction: 0 (inbound), 1 (outbound). |
status | No | Integer | Rule delivery status: 0 (disabled), 1 (enabled). |
action_type | No | Integer | Action: 0 (allow), 1 (deny). |
address_type | No | Integer | Address type: 0 (IPv4), 1 (IPv6). |
limit | Yes | Integer | Number of records displayed on each page. The value ranges from 1 to 1024. |
offset | Yes | Integer | Offset, which specifies the start position of the record to be returned. The value must be a number no less than 0. The default value is 0. |
enterprise_project_id | No | String | Enterprise project ID, which is the ID of a project planned based on organizations. You can obtain the enterprise project ID by referring to Obtaining an Enterprise Project ID. If the enterprise project function is not enabled, the value is 0. |
fw_instance_id | No | String | Firewall ID, which can be obtained by referring to Obtaining a Firewall ID. |
tags_id | No | String | Rule tag ID, which is generated when a rule is created. |
source | No | String | Source IP address. |
destination | No | String | Destination IP address. |
service | No | String | Service port. |
application | No | String | Rule application type. Its value can be HTTP, HTTPS, TLS1, DNS, SSH, MYSQL, SMTP, RDP, RDPS, VNC, POP3, IMAP4, SMTPS, POP3S, FTPS, ANY, or BGP. |
Request Parameters¶
Parameter | Mandatory | Type | Description |
|---|---|---|---|
X-Auth-Token | Yes | String | User token. It can be obtained by calling the IAM API used to obtain a user token. The value of X-Subject-Token in the response header is a token. |
Content-Type | Yes | String | Content type. It can only be set to application/json. |
Response Parameters¶
Status code: 200
Parameter | Type | Description |
|---|---|---|
data | data object | Return value for querying the rule list. |
Parameter | Type | Description |
|---|---|---|
offset | Integer | Offset, which specifies the start position of the record to be returned. The value must be a number no less than 0. The default value is 0. |
limit | Integer | Number of records displayed on each page. The value ranges from 1 to 1024. |
total | Integer | Query the total number of rules in the rule list. |
object_id | String | Protected object ID, which is used to distinguish Internet border protection from VPC border protection after a CFW instance is created. You can obtain the ID by calling the API for querying a firewall instance. Note that the value 0 indicates the ID of a protected object on the Internet border, and the value 1 indicates the ID of a protected object on the VPC border. |
records | Array of records objects | Query the rule list. |
Parameter | Type | Description |
|---|---|---|
rule_id | String | Rule ID. |
address_type | Integer | Address type: 0 (IPv4), 1 (IPv6). |
name | String | Rule name. |
direction | Integer | Rule direction: 0 (inbound), 1 (outbound). |
action_type | Integer | Action: 0 (allow), 1 (deny). |
status | Integer | Rule delivery status: 0 (disabled), 1 (enabled). |
description | String | Description. |
long_connect_time | Long | Persistent connection duration. |
long_connect_enable | Integer | Persistent connection support. |
long_connect_time_hour | Long | Persistent connection duration (hour). |
long_connect_time_minute | Long | Persistent connection duration (minute). |
long_connect_time_second | Long | Persistent connection duration (second). |
source | RuleAddressDtoForResponse object | Source address object. |
destination | RuleAddressDtoForResponse object | Destination address object. |
service | RuleServiceDtoForResponse object | Service object. |
type | Integer | Rule type: 0 (Internet rule), 1 (VPC rule), or 2 (NAT rule). |
created_date | String | Rule creation time, for example, 2024-08-12 08:40:00. |
last_open_time | String | Last time when the rule was enabled, for example, 2024-08-12 08:40:00. |
tag | TagsVO object | Tag object attached to a rule. |
Parameter | Type | Description |
|---|---|---|
type | Integer | Address type: 0 (manual input), 1 (associated IP address group), 2 (domain name), 3 (geographical location), 4 (domain name group) 5 (multiple objects), 6 (domain name group - network), 7 (domain name group - application). |
address_type | Integer | Address type: 0 (IPv4), 1 (IPv6). If type is 0, the input cannot be left blank. |
address | String | IP address information. |
address_set_id | String | ID of an associated IP address group. |
address_set_name | String | IP address group name. |
domain_address_name | String | Name of a domain name address. |
region_list_json | String | JSON value of the rule region list. |
region_list | Array of IpRegionDto objects | Rule region list. |
domain_set_id | String | Domain name group ID |
domain_set_name | String | Domain name group name. |
ip_address | Array of strings | IP address list. |
address_group | Array of strings | Address group ID list. |
address_group_names | Array of AddressGroupVO objects | Address group name list. |
address_set_type | Integer | Address group type: 0 (user-defined address group), 1 (WAF back-to-source IP address group), 2 (DDoS back-to-source IP address group), or 3 (NAT64 address group). |
Parameter | Type | Description |
|---|---|---|
region_id | String | Region ID. You can obtain the ID by referring to Obtaining Information About Account, IAM User, Group, Project, Region, and Agency. |
region_type | Integer | Region type: 0 (country), 1 (province), and 2 (continent). It can be obtained from the region information table. |
Parameter | Type | Description |
|---|---|---|
address_set_type | Integer | Address group type: 0 (user-defined address group), 1 (WAF back-to-source IP address group), 2 (DDoS back-to-source IP address group), or 3 (NAT64 address group). |
name | String | Name of an associated IP address group, which can be obtained by calling the API for querying the address group list. Find the value in data.records.name (The period [.] is used to separate different levels of objects). |
set_id | String | ID of an associated IP address group, which can be obtained by calling the API for querying the address group list. Find the value in data.records.set_id (The period [.] is used to separate different levels of objects). |
Parameter | Type | Description |
|---|---|---|
type | Integer | Service input type: 0 (manual), 1 (automatic). |
protocol | Integer | Protocol type: 6 (TCP), 17 (UDP), 1 (ICMP), 58 (ICMPv6), or -1 (any). It cannot be left blank when type is set to 0 (manual), and can be left blank when type is set to 1 (automatic). |
protocols | Array of integers | Protocol list. Protocol type: 6 (TCP), 17 (UDP), 1 (ICMP), 58 (ICMPv6), or -1 (any). It cannot be left blank when type is set to 0 (manual), and can be left blank when type is set to 1 (automatic). |
source_port | String | Source port. |
dest_port | String | Destination port. |
service_set_id | String | Service group ID. |
service_set_name | String | Service group name. |
custom_service | Array of ServiceItem objects | Custom service. |
service_group | Array of strings | Service group ID list. |
service_group_names | Array of ServiceGroupVO objects | Service group name list. |
service_set_type | Integer | Service group type: 0 (user-defined service group), 1 (common web service), 2 (common remote login and ping), or 3 (common database). |
Parameter | Type | Description |
|---|---|---|
protocol | Integer | Protocol type: 6 (TCP), 17 (UDP), 1 (ICMP), 58 (ICMPv6), or -1 (any). It cannot be left blank when RuleServiceDto.type is set to 0 (manual). |
source_port | String | Source port. |
dest_port | String | Destination port. |
description | String | Service member description. |
name | String | Service member name. |
Parameter | Type | Description |
|---|---|---|
name | String | Service group name. |
protocols | Array of integers | Protocol list. Protocol type: 6 (TCP), 17 (UDP), 1 (ICMP), 58 (ICMPv6), or -1 (any). |
service_set_type | Integer | Service group type: 0 (user-defined service group), 1 (predefined service group). |
set_id | String | Service group ID, which can be obtained by calling the API for querying the service group list. Find the value in data.records.set_id (The period [.] is used to separate different levels of objects). |
Parameter | Type | Description |
|---|---|---|
tag_id | String | Rule ID. |
tag_key | String | Rule tag key. |
tag_value | String | Rule tag value. |
Status code: 400
Parameter | Type | Description |
|---|---|---|
error_code | String | Error code. |
error_msg | String | Error description. |
Example Requests¶
Query data on the first page of the protected object e12bd2cd-ebfc-4af7-ad6f-ebe6da398029 whose project ID is 9d80d070b6d44942af73c9c3d38e0429, with limit set to 10.
Example URL: https://{Endpoint}/v1/9d80d070b6d44942af73c9c3d38e0429/acl-rules?object_id=e12bd2cd-ebfc-4af7-ad6f-ebe6da398029&limit=10&offset=0
Example Responses¶
Status code: 200
Return value for querying the rule list.
{
"data" : {
"limit" : 10,
"object_id" : "cfebd347-b655-4b84-b938-3c54317599b2",
"offset" : 0,
"records" : [ {
"action_type" : 0,
"address_type" : 0,
"destination" : {
"address" : "0.0.0.0/0",
"address_type" : 0,
"type" : 0
},
"direction" : 1,
"long_connect_enable" : 0,
"created_date" : "2024-02-27 04:01:17",
"last_open_time" : "2024-02-27 04:01:17",
"description" : "description",
"name" : "eip_ipv4_n_w_allow",
"rule_id" : "ffe9af47-d893-483b-86e3-ee5242e8cb15",
"service" : {
"dest_port" : "0",
"protocol" : -1,
"source_port" : "0",
"type" : 0
},
"source" : {
"address_set_id" : "48bfb09b-6f3a-4371-8ddb-05d5d7148bcc",
"address_set_name" : "ip_group",
"address_type" : 0,
"type" : 1
},
"status" : 1,
"type" : "0"
} ],
"total" : 1
}
}
Status code: 400
Bad Request
{
"error_code" : "CFW.0020016",
"error_msg" : "Incorrect instance status."
}
Status Codes¶
Status Code | Description |
|---|---|
200 | Return value for querying the rule list. |
400 | Bad Request |
401 | Unauthorized |
403 | Forbidden |
404 | Not Found |
500 | Internal Server Error |
Error Codes¶
See Error Codes.