Updating an ACL Rule

Function

This API is used to update an ACL rule.

URI

PUT /v1/{project_id}/acl-rule/{acl_rule_id}

Table 1 Path Parameters

Parameter	Mandatory	Type	Description
project_id	Yes	String	Project ID, which can be obtained by calling an API or from the console. For details, see Obtaining a Project ID.
acl_rule_id	Yes	String	Rule ID, which can be obtained by calling the API for querying protection rules. Find the value in data.records.rule_id (The period [.] is used to separate different levels of objects).

Table 2 Query Parameters

Parameter	Mandatory	Type	Description
enterprise_project_id	No	String	Enterprise project ID, which is the ID of a project planned based on organizations. You can obtain the enterprise project ID by referring to Obtaining an Enterprise Project ID. If the enterprise project function is not enabled, the value is 0.
fw_instance_id	No	String	Firewall ID, which can be obtained by referring to Obtaining a Firewall ID.

Request Parameters

Table 3 Request header parameters

Parameter	Mandatory	Type	Description
X-Auth-Token	Yes	String	User token. You can obtain the token by referring to Obtaining a User Token.
Content-Type	Yes	String	Content type. It can only be set to application/json.

Table 4 Request body parameters

Parameter	Mandatory	Type	Description
address_type	No	Integer	Address type: 0 (IPv4), 1 (IPv6).
name	No	String	Rule name.
direction	No	Integer	Direction: 0 (inbound) or 1 (outbound). This parameter is mandatory when type is set to 0 (Internet rule) or 2 (NAT rule).
action_type	No	Integer	Rule action: 0 (permit), 1 (deny).
status	No	Integer	Rule status: 0 (disabled), 1 (enabled).
applications	No	Array of strings	Rule application list. Rule application type: HTTP, HTTPS, TLS1, DNS, SSH, MYSQL, SMTP, RDP, RDPS, VNC, POP3, IMAP4, SMTPS, POP3S, FTPS, ANY, or BGP.
applicationsJsonString	No	String	JSON string converted from the applications field in the application list.
description	No	String	Rule description.
long_connect_time_hour	No	Long	Persistent connection duration (hour).
long_connect_time_minute	No	Long	Persistent connection duration (minute).
long_connect_time_second	No	Long	Persistent connection duration (second).
long_connect_time	No	Long	Persistent connection duration.
long_connect_enable	No	Integer	Whether to support persistent connections: 0 (no), 1 (yes).
source	No	RuleAddressDto object	Source address Data Transport Object.
destination	No	RuleAddressDto object	Destination address Data Transport Object.
service	No	RuleServiceDto object	Service object.
type	No	Integer	Rule type: 0 (Internet rule), 1 (VPC rule), or 2 (NAT rule).
tag	No	TagsVO object	Tag object attached to a rule.

Table 5 RuleAddressDto

Parameter	Mandatory	Type	Description
type	Yes	Integer	Address type: 0 (manual input), 1 (associated IP address group), 2 (domain name), 3 (geographical location), 4 (domain name group) 5 (multiple objects), 6 (domain name group - network), 7 (domain name group - application).
address_type	No	Integer	Address type: 0 (IPv4), 1 (IPv6). If type is 0, the input cannot be left blank.
address	No	String	IP address information. It cannot be left blank if type is set to 0.
address_set_id	No	String	ID of an associated IP address group. This parameter cannot be left blank when type is set to 1. You can obtain the value by calling the API for querying the address group list. Find the value in data.records.set_id (The period [.] is used to separate different levels of objects).
address_set_name	No	String	Name of an associated IP address group. This parameter cannot be left blank when type is set to 1. You can obtain the value by calling the API for querying the address group list. Find the value in data.records.name (The period [.] is used to separate different levels of objects).
domain_address_name	No	String	Name of a domain name address. This parameter is valid when type is set to 2 (domain name) or 7 (application domain name group).
region_list_json	No	String	JSON value of the rule region list.
region_list	No	Array of IpRegionDto objects	Rule region list.
domain_set_id	No	String	Domain group ID. The value cannot be left blank when type is set to 4 (domain name group) or 7 (domain name group - application). Its value can be obtained by calling the API for querying the domain name group list. Find the value in data.records.set_id (The period [.] is used to separate different levels of objects).
domain_set_name	No	String	Domain group name. The value cannot be left blank when type is set to 4 (domain name group) or 7 (domain name group - application). Its value can be obtained by calling the API for querying the domain name group list. Find the value in data.records.name (The period [.] is used to separate different levels of objects).
ip_address	No	Array of strings	IP address list. This parameter cannot be left blank when type is set to 5 (multiple objects).
address_group	No	Array of strings	Address group ID list. This parameter cannot be left blank when type is set to 5 (multiple objects). Its value can be obtained by calling the API for querying the address group list. Find the value in data.records.set_id (The period [.] is used to separate different levels of objects). In the search criteria, query_address_set_type must be set to 0 (user-defined address group).
address_group_names	No	Array of AddressGroupVO objects	Address group name list.
address_set_type	No	Integer	Address group type. It cannot be left blank when type is set to 1 (associated IP address group). It value can be 0 (user-defined address group), 1 (WAF back-to-source IP address group), 2 (DDoS back-to-source IP address group), or 3 (NAT64 address group).
predefined_group	No	Array of strings	Pre-defined address group ID list. This parameter cannot be left blank when type is set to 5 (multiple objects). Its value can be obtained by calling the API for querying the address group list. Find the value in data.records.set_id (The period [.] is used to separate different levels of objects). In the search criteria, query_address_set_type must be set to 1 (predefined address group).

Table 6 IpRegionDto

Parameter	Mandatory	Type	Description
region_id	No	String	Region ID. You can obtain the ID by referring to Obtaining Information About Account, IAM User, Group, Project, Region, and Agency.
region_type	No	Integer	Region type: 0 (country), 1 (province), and 2 (continent). It can be obtained from the region information table.

Table 7 AddressGroupVO

Parameter	Mandatory	Type	Description
address_set_type	No	Integer	Address group type: 0 (user-defined address group), 1 (WAF back-to-source IP address group), 2 (DDoS back-to-source IP address group), or 3 (NAT64 address group).
name	No	String	Name of an associated IP address group, which can be obtained by calling the API for querying the address group list. Find the value in data.records.name (The period [.] is used to separate different levels of objects).
set_id	No	String	ID of an associated IP address group, which can be obtained by calling the API for querying the address group list. Find the value in data.records.set_id (The period [.] is used to separate different levels of objects).

Table 8 RuleServiceDto

Parameter	Mandatory	Type	Description
type	Yes	Integer	Service input type: 0 (manual), 1 (automatic).
protocol	No	Integer	Protocol type: 6 (TCP), 17 (UDP), 1 (ICMP), 58 (ICMPv6), or -1 (any). It cannot be left blank when type is set to 0 (manual).
protocols	No	Array of integers	Protocol list. Protocol type: 6 (TCP), 17 (UDP), 1 (ICMP), 58 (ICMPv6), or -1 (any). It cannot be left blank when type is set to 0 (manual).
source_port	No	String	Source port.
dest_port	No	String	Destination port.
service_set_id	No	String	Service group ID. This parameter cannot be left blank when type is set to 1 (associated IP address group). Its value can be obtained by calling the API for querying the service group list. Find the value in data.records.set_id (The period [.] is used to separate different levels of objects).
service_set_name	No	String	Service group name. This parameter cannot be left blank when type is set to 1 (associated IP address group). Its value can be obtained by calling the API for querying the service group list. Find the value in data.records.name (The period [.] is used to separate different levels of objects).
custom_service	No	Array of ServiceItem objects	Custom service.
predefined_group	No	Array of strings	Predefined service group ID list. The service group ID can be obtained by calling the API for querying the service group list. Find the value in data.records.set_id (The period [.] is used to separate different levels of objects). In the search criteria, query_service_set_type must be set to 1 (predefined service group).
service_group	No	Array of strings	Service group ID list. The service group ID can be obtained by calling the API for querying the service group list. Find the value in data.records.set_id (The period [.] is used to separate different levels of objects). In the search criteria, query_service_set_type must be set to 0 (user-defined service group).
service_group_names	No	Array of ServiceGroupVO objects	Service group name list.
service_set_type	No	Integer	Service group type: 0 (user-defined service group), 1 (common web service), 2 (common remote login and ping), or 3 (common database).

Table 9 ServiceItem

Parameter	Mandatory	Type	Description
protocol	No	Integer	Protocol type: 6 (TCP), 17 (UDP), 1 (ICMP), 58 (ICMPv6), or -1 (any). It cannot be left blank when RuleServiceDto.type is set to 0 (manual).
source_port	No	String	Source port.
dest_port	No	String	Destination port.
description	No	String	Service member description.
name	No	String	Service member name.

Table 10 ServiceGroupVO

Parameter	Mandatory	Type	Description
name	No	String	Service group name.
protocols	No	Array of integers	Protocol list. Protocol type: 6 (TCP), 17 (UDP), 1 (ICMP), 58 (ICMPv6), or -1 (any).
service_set_type	No	Integer	Service group type: 0 (user-defined service group), 1 (predefined service group).
set_id	No	String	Service group ID, which can be obtained by calling the API for querying the service group list. Find the value in data.records.set_id (The period [.] is used to separate different levels of objects).

Table 11 TagsVO

Parameter	Mandatory	Type	Description
tag_id	No	String	Rule ID.
tag_key	No	String	Rule tag key.
tag_value	No	String	Rule tag value.

Response Parameters

Status code: 200

Table 12 Response body parameters

Parameter	Type	Description
data	RuleId object	Rule data.

Table 13 RuleId

Parameter	Type	Description
id	String	Rule ID.
name	String	Rule name.

Status code: 400

Table 14 Response body parameters

Parameter	Type	Description
error_code	String	Error code.
error_msg	String	Error description.

Example Requests

The following example shows how to update an IPv4 inbound rule. The rule name is Test rule, the source is the IP address 1.1.1.1, the destination is the IP address 2.2.2.2, the service type is service, the protocol type is TCP, the source port is 0, and the destination port is 0. Persistent connections are not supported. The action is to allow. The status is enabled.

https://{Endpoint}/v1/9d80d070b6d44942af73c9c3d38e0429/acl-rule/ceaa0407-b9c8-4dfd-9eca-b6ead2dfd031

{
  "name" : "Test rule.",
  "status" : 1,
  "action_type" : 0,
  "description" : "",
  "source" : {
    "type" : 0,
    "address" : "1.1.1.1"
  },
  "destination" : {
    "type" : 0,
    "address" : "2.2.2.2"
  },
  "service" : {
    "type" : 0,
    "protocol" : 6,
    "source_port" : "0",
    "dest_port" : "0"
  },
  "type" : 0,
  "address_type" : 0,
  "tag" : {
    "tag_key" : "",
    "tag_value" : ""
  },
  "long_connect_enable" : 0,
  "direction" : 0
}

Example Responses

Status code: 200

OK

{
  "data" : {
    "id" : "ceaa0407-b9c8-4dfd-9eca-b6ead2dfd031"
  }
}

Status code: 400

Bad Request

{
  "error_code" : "CFW.00200005",
  "error_msg" : "Object not found."
}

Status Codes

Status Code	Description
200	OK
400	Bad Request
401	Unauthorized
403	Forbidden
404	Not Found
500	Internal Server Error

Error Codes

See Error Codes.

last updated: 2025-01-21 13:19 UTC - commit: abe94c6df6d30c3b44340c2119ffd81f9990504a