This API is used to create an ACL rule.
+POST /v1/{project_id}/acl-rule
+ +Parameter + |
+Mandatory + |
+Type + |
+Description + |
+
|---|---|---|---|
project_id + |
+Yes + |
+String + |
+Project ID + |
+
Parameter + |
+Mandatory + |
+Type + |
+Description + |
+
|---|---|---|---|
enterprise_project_id + |
+No + |
+String + |
+Enterprise project id, the id generated by the enterprise project after the user supports the enterprise project. + |
+
fw_instance_id + |
+No + |
+String + |
+Firewall instance ID, which is automatically generated after a CFW instance is created. You can obtain the ID by calling the API used for querying a firewall instance. For details, see the API Explorer and Help Center FAQ.By default, if fw_instance_Id is not specified, information about the first firewall under the account is returned. If fw_instance_Id is specified, information about the firewall with this fw_instance_Id is returned.If object_Id is specified, information about the firewall with this object_Id is returned by default. If both fw_instance_Id and object_Id are specified, the specified object_Id must belong to the specified firewall. + |
+
Parameter + |
+Mandatory + |
+Type + |
+Description + |
+
|---|---|---|---|
X-Auth-Token + |
+Yes + |
+String + |
+User token. It can be obtained by calling the IAM API used to obtain a user token. The value of X-Subject-Token in the response header is a token. + |
+
Parameter + |
+Mandatory + |
+Type + |
+Description + |
+
|---|---|---|---|
object_id + |
+Yes + |
+String + |
+Protected object ID, which is used to distinguish Internet border protection from VPC border protection after a CFW instance is created. You can obtain the ID by calling the API used for querying a firewall instance. Note that the value 0 indicates the ID of a protected object on the Internet border, and the value 1 indicates the ID of a protected object on the VPC border. For details, see the API Explorer and Help Center FAQ. + |
+
type + |
+Yes + |
+Integer + |
+Rule type. The value can be 0 (Internet rule), 1 (VPC rule), or 2 (NAT rule). +Enumeration values: +
|
+
rules + |
+Yes + |
+Array of rules objects + |
+rules + |
+
Parameter + |
+Mandatory + |
+Type + |
+Description + |
+
|---|---|---|---|
name + |
+Yes + |
+String + |
+Rule name + |
+
sequence + |
+Yes + |
+OrderRuleAclDto object + |
+Rule sequence + |
+
address_type + |
+Yes + |
+Integer + |
+Address type. The value can be 0 (IPv4), 1 (IPv6), or 2 (domain). +Enumeration values: +
|
+
action_type + |
+Yes + |
+Integer + |
+Action. 0: allow; 1: deny + |
+
status + |
+Yes + |
+Integer + |
+Rule delivery status. 0: disabled; 1: enabled. +Enumeration values: +
|
+
long_connect_time + |
+No + |
+Long + |
+Persistent connection duration + |
+
long_connect_time_hour + |
+No + |
+Long + |
+Persistent connection duration (hour) + |
+
long_connect_time_minute + |
+No + |
+Long + |
+Persistent connection duration (minute) + |
+
long_connect_time_second + |
+No + |
+Long + |
+Persistent Connection Duration (second) + |
+
long_connect_enable + |
+Yes + |
+Integer + |
+Whether to support persistent connections. 0: not supported; 1: supported. +Enumeration values: +
|
+
description + |
+No + |
+String + |
+Description + |
+
direction + |
+No + |
+Integer + |
+Direction: 0 means outside to inside, 1 means inside to outside, direction value is required when rule type is internet or nat. +Enumeration values: +
|
+
source + |
+Yes + |
+RuleAddressDto object + |
+Source address transmission object + |
+
destination + |
+Yes + |
+RuleAddressDto object + |
+Destination address transmission object + |
+
service + |
+Yes + |
+RuleServiceDto object + |
+Service object + |
+
tag + |
+No + |
+TagsVO object + |
+Tag value + |
+
Parameter + |
+Mandatory + |
+Type + |
+Description + |
+
|---|---|---|---|
dest_rule_id + |
+No + |
+String + |
+ID of the rule that the added rule will follow. This parameter cannot be left blank if the rule is not pinned on top, and is empty when the added rule is pinned on top. + |
+
top + |
+No + |
+Integer + |
+Whether to pin on top. The options are as follows: 0: no; 1: yes. + |
+
Parameter + |
+Mandatory + |
+Type + |
+Description + |
+
|---|---|---|---|
type + |
+Yes + |
+Integer + |
+Source type. 0: manual input; 1: associated IP address group; 2: domain name + |
+
address_type + |
+No + |
+Integer + |
+Source type. 0: IPv4; 1: IPv6 + |
+
address + |
+No + |
+String + |
+Source IP address. The value cannot be empty for the manual type, and cannot be empty for the automatic or domain type. + |
+
address_set_id + |
+No + |
+String + |
+ID of the associated IP address group. The value cannot be empty for the automatic type or for the manual or domain type. + |
+
address_set_name + |
+No + |
+String + |
+IP address group name + |
+
domain_address_name + |
+No + |
+String + |
+Name of the domain name address. This parameter cannot be left empty for the domain name type, and is empty for the manual or automatic type. + |
+
region_list_json + |
+No + |
+String + |
+JSON value of the rule region list. + |
+
region_list + |
+No + |
+Array of IpRegionDto objects + |
+Region list of a rule + |
+
domain_set_id + |
+No + |
+String + |
+domain set id + |
+
domain_set_name + |
+No + |
+String + |
+domain set name + |
+
ip_address + |
+No + |
+Array of strings + |
+IP address list + |
+
address_group + |
+No + |
+Array of strings + |
+address group + |
+
address_group_names + |
+No + |
+Array of AddressGroupVO objects + |
+Address set list + |
+
Parameter + |
+Mandatory + |
+Type + |
+Description + |
+
|---|---|---|---|
region_id + |
+No + |
+String + |
+region id + |
+
description_cn + |
+No + |
+String + |
+cn description + |
+
description_en + |
+No + |
+String + |
+en description + |
+
region_type + |
+No + |
+Integer + |
+Region type, 0 means country, 1 means province, 2 means continent + |
+
Parameter + |
+Mandatory + |
+Type + |
+Description + |
+
|---|---|---|---|
type + |
+Yes + |
+Integer + |
+Service input type. The value 0 indicates manual input, and the value 1 indicates automatic input. + |
+
protocol + |
+No + |
+Integer + |
+Protocol type. The value 6 indicates TCP, 17 indicates UDP, 1 indicates ICMP, 58 indicates ICMPv6, and -1 indicates any protocol. Regarding the addition type, a null value indicates it is automatically added. + |
+
source_port + |
+No + |
+String + |
+Source port + |
+
dest_port + |
+No + |
+String + |
+Destination port + |
+
service_set_id + |
+No + |
+String + |
+Service group ID. This parameter is left blank for the manual type and cannot be left blank for the automatic type. + |
+
service_set_name + |
+No + |
+String + |
+Service group name + |
+
custom_service + |
+No + |
+Array of ServiceItem objects + |
+custom service + |
+
service_group + |
+No + |
+Array of strings + |
+Service group list + |
+
service_group_names + |
+No + |
+Array of AddressGroupVO objects + |
+Service group name list + |
+
Parameter + |
+Mandatory + |
+Type + |
+Description + |
+
|---|---|---|---|
protocol + |
+No + |
+Integer + |
+Protocol type. The value 6 indicates TCP, 17 indicates UDP, 1 indicates ICMP, 58 indicates ICMPv6, and -1 indicates any protocol. Regarding the addition type, a null value indicates it is automatically added. + |
+
source_port + |
+No + |
+String + |
+source port + |
+
dest_port + |
+No + |
+String + |
+destination port + |
+
description + |
+No + |
+String + |
+description + |
+
name + |
+No + |
+String + |
+name + |
+
Status code: 200
+ +Parameter + |
+Type + |
+Description + |
+
|---|---|---|
data + |
+RuleIdList object + |
+Rule ID list + |
+
Parameter + |
+Type + |
+Description + |
+
|---|---|---|
rules + |
+Array of RuleId objects + |
+Rule ID list + |
+
Parameter + |
+Type + |
+Description + |
+
|---|---|---|
id + |
+String + |
+id + |
+
name + |
+String + |
+name + |
+
Status code: 400
+ +Parameter + |
+Type + |
+Description + |
+
|---|---|---|
error_code + |
+String + |
+Error code +Minimum: 8 +Maximum: 36 + |
+
error_msg + |
+String + |
+Description +Minimum: 2 +Maximum: 512 + |
+
The following example shows how to add an IPv4 inbound rule. The rule name is TestRule, the source is the IP address 1.1.1.1, the destination is the IP address 2.2.2.2, the service type is service, the protocol type is TCP, the source port is 0, and the destination port is 0. Persistent connections are not supported. The action is to allow. The status is enabled.
+https://{Endpoint}/v1/9d80d070b6d44942af73c9c3d38e0429/acl-rule
+
+{
+ "object_id" : "ae42418e-f077-41a0-9d3b-5b2f5ad9102b",
+ "rules" : [ {
+ "name" : "TestRule",
+ "status" : 1,
+ "action_type" : 0,
+ "description" : "",
+ "source" : {
+ "type" : 0,
+ "address" : "1.1.1.1"
+ },
+ "destination" : {
+ "type" : 0,
+ "address" : "2.2.2.2"
+ },
+ "service" : {
+ "type" : 0,
+ "protocol" : 6,
+ "source_port" : "0",
+ "dest_port" : "0"
+ },
+ "address_type" : 0,
+ "tag" : {
+ "tag_key" : "",
+ "tag_value" : ""
+ },
+ "long_connect_enable" : 0,
+ "direction" : 0,
+ "sequence" : {
+ "top" : 1,
+ "dest_rule_id" : null
+ }
+ } ],
+ "type" : 0
+}
+Status code: 200
+Response to the request for adding an ACL
+{
+ "data" : {
+ "rules" : [ {
+ "id" : "0475c516-0e41-4caf-990b-0c504eebd73f"
+ } ]
+ }
+}
+Status code: 400
+Bad Request
+{
+ "error_code" : "CFW.00900016",
+ "error_msg" : "The import task is in progress. Please operate after the task is completed"
+}
+Status Code + |
+Description + |
+
|---|---|
200 + |
+Response to the request for adding an ACL + |
+
400 + |
+Bad Request + |
+
401 + |
+Unauthorized + |
+
403 + |
+Forbidden + |
+
404 + |
+Not Found + |
+
500 + |
+Internal Server Error + |
+
See Error Codes.
+This API is used to add an address group member.
+POST /v1/{project_id}/address-items
+ +Parameter + |
+Mandatory + |
+Type + |
+Description + |
+
|---|---|---|---|
project_id + |
+Yes + |
+String + |
+Project ID + |
+
Parameter + |
+Mandatory + |
+Type + |
+Description + |
+
|---|---|---|---|
enterprise_project_id + |
+No + |
+String + |
+Enterprise project id, the id generated by the enterprise project after the user supports the enterprise project. + |
+
fw_instance_id + |
+No + |
+String + |
+Firewall instance ID, which is automatically generated after a CFW instance is created. You can obtain the ID by calling the API used for querying a firewall instance. For details, see the API Explorer and Help Center FAQ.By default, if fw_instance_Id is not specified, information about the first firewall under the account is returned. If fw_instance_Id is specified, information about the firewall with this fw_instance_Id is returned.If object_Id is specified, information about the firewall with this object_Id is returned by default. If both fw_instance_Id and object_Id are specified, the specified object_Id must belong to the specified firewall. + |
+
Parameter + |
+Mandatory + |
+Type + |
+Description + |
+
|---|---|---|---|
X-Auth-Token + |
+Yes + |
+String + |
+User token. It can be obtained by calling the IAM API used to obtain a user token. The value of X-Subject-Token in the response header is a token. + |
+
Parameter + |
+Mandatory + |
+Type + |
+Description + |
+
|---|---|---|---|
set_id + |
+No + |
+String + |
+ID of the IP address group + |
+
address_items + |
+No + |
+Array of address_items objects + |
+Address group member information + |
+
Parameter + |
+Mandatory + |
+Type + |
+Description + |
+
|---|---|---|---|
name + |
+Yes + |
+String + |
+Address name + |
+
address_type + |
+No + |
+Integer + |
+Address type. The value can be 0 (IPv4) or 1 (IPv6). + |
+
address + |
+No + |
+String + |
+IP address information of the address group + |
+
description + |
+No + |
+String + |
+Address group member description + |
+
Status code: 200
+ +Parameter + |
+Type + |
+Description + |
+
|---|---|---|
data + |
+AddressItems object + |
+Data returned after an address group member is added + |
+
Parameter + |
+Type + |
+Description + |
+
|---|---|---|
items + |
+Array of IdObject objects + |
+List of address group member IDs + |
+
covered_ip + |
+Array of CoveredIPVO objects + |
+covered ip list + |
+
Parameter + |
+Type + |
+Description + |
+
|---|---|---|
id + |
+String + |
+ID + |
+
name + |
+String + |
+name + |
+
Parameter + |
+Type + |
+Description + |
+
|---|---|---|
ip + |
+String + |
+ip address + |
+
covered_Ip + |
+String + |
+covered ip + |
+
Status code: 400
+ +Parameter + |
+Type + |
+Description + |
+
|---|---|---|
error_code + |
+String + |
+Error code +Minimum: 8 +Maximum: 36 + |
+
error_msg + |
+String + |
+Description +Minimum: 2 +Maximum: 512 + |
+
Add an address group member whose IP address is 2.2.2.2 and name is ceshi to the group whose set_id is 8773c082-2a6c-4529-939a-edc28ef1a67c in project 9d80d070b6d44942af73c9c3d38e0429.
+https://{Endpoint}/v1/9d80d070b6d44942af73c9c3d38e0429/address-items
+
+{
+ "set_id" : "8773c082-2a6c-4529-939a-edc28ef1a67c",
+ "address_items" : [ {
+ "description" : "",
+ "name" : "ceshi",
+ "address" : "2.2.2.2"
+ } ]
+}
+Status code: 200
+Return value for adding an address group member
+{
+ "data" : {
+ "covered_ip" : [ ],
+ "items" : [ {
+ "id" : "65cb47fc-e666-4af4-8c2c-1fbd2f4b1eae"
+ } ]
+ }
+}
+Status code: 400
+Bad Request
+{
+ "error_code" : "CFW.00200001",
+ "error_msg" : "empty param"
+}
+Status Code + |
+Description + |
+
|---|---|
200 + |
+Return value for adding an address group member + |
+
400 + |
+Bad Request + |
+
401 + |
+Unauthorized + |
+
403 + |
+Forbidden + |
+
404 + |
+Not Found + |
+
500 + |
+Internal Server Error + |
+
See Error Codes.
+This API is used to add an address group.
+POST /v1/{project_id}/address-set
+ +Parameter + |
+Mandatory + |
+Type + |
+Description + |
+
|---|---|---|---|
project_id + |
+Yes + |
+String + |
+Project ID + |
+
Parameter + |
+Mandatory + |
+Type + |
+Description + |
+
|---|---|---|---|
enterprise_project_id + |
+No + |
+String + |
+Enterprise project id, the id generated by the enterprise project after the user supports the enterprise project. + |
+
fw_instance_id + |
+No + |
+String + |
+Firewall instance ID, which is automatically generated after a CFW instance is created. You can obtain the ID by calling the API used for querying a firewall instance. For details, see the API Explorer and Help Center FAQ.By default, if fw_instance_Id is not specified, information about the first firewall under the account is returned. If fw_instance_Id is specified, information about the firewall with this fw_instance_Id is returned.If object_Id is specified, information about the firewall with this object_Id is returned by default. If both fw_instance_Id and object_Id are specified, the specified object_Id must belong to the specified firewall. + |
+
Parameter + |
+Mandatory + |
+Type + |
+Description + |
+
|---|---|---|---|
X-Auth-Token + |
+Yes + |
+String + |
+User token. It can be obtained by calling the IAM API used to obtain a user token. The value of X-Subject-Token in the response header is a token. + |
+
Parameter + |
+Mandatory + |
+Type + |
+Description + |
+
|---|---|---|---|
object_id + |
+Yes + |
+String + |
+Protected object ID, which is used to distinguish Internet border protection from VPC border protection after a CFW instance is created. You can obtain the ID by calling the API used for querying a firewall instance. Note that the value 0 indicates the ID of a protected object on the Internet border, and the value 1 indicates the ID of a protected object on the VPC border. For details, see the API Explorer and Help Center FAQ. + |
+
name + |
+Yes + |
+String + |
+IP address group name + |
+
description + |
+No + |
+String + |
+Address group description + |
+
address_type + |
+No + |
+Integer + |
+Address type. The value can be 0 (IPv4) or 1 (IPv6). +Enumeration values: +
|
+
Status code: 200
+ +Parameter + |
+Type + |
+Description + |
+
|---|---|---|
data + |
+IdObject object + |
+Data returned after an address group is added + |
+
Parameter + |
+Type + |
+Description + |
+
|---|---|---|
id + |
+String + |
+ID + |
+
name + |
+String + |
+name + |
+
Status code: 400
+ +Parameter + |
+Type + |
+Description + |
+
|---|---|---|
error_code + |
+String + |
+Error code +Minimum: 8 +Maximum: 36 + |
+
error_msg + |
+String + |
+Description +Minimum: 2 +Maximum: 512 + |
+
Add an IPv4 address group whose project ID is 14181c1245cf4fd786824efe1e2b9388, protected object ID is 1530de8a-522d-4771-9067-9fa4e2f53b48, and name is ceshi.
+https://{Endpoint}/v1/14181c1245cf4fd786824efe1e2b9388/address-set
+
+{
+ "object_id" : "1530de8a-522d-4771-9067-9fa4e2f53b48",
+ "name" : "ceshi",
+ "description" : "",
+ "address_type" : 0
+}
+Status code: 200
+OK
+{
+ "data" : {
+ "id" : "9dffcd62-23bf-4456-83fa-80fa0fee47db"
+ }
+}
+Status code: 400
+Bad Request
+{
+ "error_code" : "CFW.00900020",
+ "error_msg" : "Address groups exceed the maximum limit"
+}
+Status Code + |
+Description + |
+
|---|---|
200 + |
+OK + |
+
400 + |
+Bad Request + |
+
401 + |
+Unauthorized + |
+
403 + |
+Forbidden + |
+
404 + |
+Not Found + |
+
500 + |
+Internal Server Error + |
+
See Error Codes.
+This API is used for creating a blacklist or whitelist rule.
+POST /v1/{project_id}/black-white-list
+ +Parameter + |
+Mandatory + |
+Type + |
+Description + |
+
|---|---|---|---|
project_id + |
+Yes + |
+String + |
+Project ID + |
+
Parameter + |
+Mandatory + |
+Type + |
+Description + |
+
|---|---|---|---|
enterprise_project_id + |
+No + |
+String + |
+Enterprise project id, the id generated by the enterprise project after the user supports the enterprise project. + |
+
fw_instance_id + |
+No + |
+String + |
+Firewall instance ID, which is automatically generated after a CFW instance is created. You can obtain the ID by calling the API used for querying a firewall instance. For details, see the API Explorer and Help Center FAQ.By default, if fw_instance_Id is not specified, information about the first firewall under the account is returned. If fw_instance_Id is specified, information about the firewall with this fw_instance_Id is returned.If object_Id is specified, information about the firewall with this object_Id is returned by default. If both fw_instance_Id and object_Id are specified, the specified object_Id must belong to the specified firewall. + |
+
Parameter + |
+Mandatory + |
+Type + |
+Description + |
+
|---|---|---|---|
X-Auth-Token + |
+Yes + |
+String + |
+User token. It can be obtained by calling the IAM API used to obtain a user token. The value of X-Subject-Token in the response header is a token. + |
+
Parameter + |
+Mandatory + |
+Type + |
+Description + |
+
|---|---|---|---|
object_id + |
+Yes + |
+String + |
+Protected object ID, which is used to distinguish Internet border protection from VPC border protection after a CFW instance is created. You can obtain the ID by calling the API used for querying a firewall instance. Note that the value 0 indicates the ID of a protected object on the Internet border, and the value 1 indicates the ID of a protected object on the VPC border. For details, see the API Explorer and Help Center FAQ. + |
+
list_type + |
+Yes + |
+Integer + |
+Blacklist/Whitelist type. The options are 4 (blacklist) and 5 (whitelist). + |
+
direction + |
+Yes + |
+Integer + |
+Indicates the address direction. 0: source address 1: destination address + |
+
address_type + |
+Yes + |
+Integer + |
+IP address type. 0: ipv4; 1: ipv6; 2: domain + |
+
address + |
+Yes + |
+String + |
+Address type + |
+
protocol + |
+Yes + |
+Integer + |
+Protocol type. The value 6 indicates TCP, 17 indicates UDP, 1 indicates ICMP, 58 indicates ICMPv6, and -1 indicates any protocol. Regarding the addition type, a null value indicates it is automatically added. + |
+
port + |
+Yes + |
+String + |
+Destination port + |
+
description + |
+No + |
+String + |
+description + |
+
Status code: 200
+ +Parameter + |
+Type + |
+Description + |
+
|---|---|---|
data + |
+IdObject object + |
+Response to the request for adding a blacklist or whitelist + |
+
Parameter + |
+Type + |
+Description + |
+
|---|---|---|
id + |
+String + |
+ID + |
+
name + |
+String + |
+name + |
+
Status code: 400
+ +Parameter + |
+Type + |
+Description + |
+
|---|---|---|
error_code + |
+String + |
+Error code +Minimum: 8 +Maximum: 36 + |
+
error_msg + |
+String + |
+Description +Minimum: 2 +Maximum: 512 + |
+
Add an IPv4 TCP whitelist to object cfebd347-b655-4b84-b938-3c54317599b2 of project 9d80d070b6d44942af73c9c3d38e0429. Direction: source address; IP address: 1.1.1.1; protocol type: TCP; port number: 1
+https://{Endpoint}/v1/9d80d070b6d44942af73c9c3d38e0429/black-white-list
+
+{
+ "object_id" : "cfebd347-b655-4b84-b938-3c54317599b2",
+ "list_type" : 5,
+ "direction" : 0,
+ "address" : "1.1.1.1",
+ "protocol" : 6,
+ "port" : "1",
+ "address_type" : 0
+}
+Status code: 200
+Response to the request for adding a blacklist or whitelist
+{
+ "data" : {
+ "id" : "2eee3fe8-0b9b-49ac-8e7f-eaafa321e99a",
+ "name" : "test"
+ }
+}
+Status code: 400
+Bad Request
+{
+ "error_code" : "CFW.0020016",
+ "error_msg" : "instance status error"
+}
+Status Code + |
+Description + |
+
|---|---|
200 + |
+Response to the request for adding a blacklist or whitelist + |
+
400 + |
+Bad Request + |
+
401 + |
+Unauthorized + |
+
403 + |
+Forbidden + |
+
404 + |
+Not Found + |
+
500 + |
+Internal Server Error + |
+
See Error Codes.
+This API is used to add domain set.
+POST /v1/{project_id}/domain-set
+ +Parameter + |
+Mandatory + |
+Type + |
+Description + |
+
|---|---|---|---|
project_id + |
+Yes + |
+String + |
+project ID + |
+
Parameter + |
+Mandatory + |
+Type + |
+Description + |
+
|---|---|---|---|
enterprise_project_id + |
+No + |
+String + |
+Enterprise project id, the id generated by the enterprise project after the user supports the enterprise project. + |
+
fw_instance_id + |
+No + |
+String + |
+Firewall instance ID, which is automatically generated after a CFW instance is created. You can obtain the ID by calling the API used for querying a firewall instance. For details, see the API Explorer and Help Center FAQ.By default, if fw_instance_Id is not specified, information about the first firewall under the account is returned. If fw_instance_Id is specified, information about the firewall with this fw_instance_Id is returned.If object_Id is specified, information about the firewall with this object_Id is returned by default. If both fw_instance_Id and object_Id are specified, the specified object_Id must belong to the specified firewall. + |
+
Parameter + |
+Mandatory + |
+Type + |
+Description + |
+
|---|---|---|---|
X-Auth-Token + |
+Yes + |
+String + |
+User token. It can be obtained by calling the IAM API used to obtain a user token. The value of X-Subject-Token in the response header is a token. + |
+
Parameter + |
+Mandatory + |
+Type + |
+Description + |
+
|---|---|---|---|
fw_instance_id + |
+Yes + |
+String + |
+Firewall instance ID, which is automatically generated after a CFW instance is created. You can obtain the ID by calling the API used for querying a firewall instance. For details, see the API Explorer and Help Center FAQ.By default, if fw_instance_Id is not specified, information about the first firewall under the account is returned. If fw_instance_Id is specified, information about the firewall with this fw_instance_Id is returned.If object_Id is specified, information about the firewall with this object_Id is returned by default. If both fw_instance_Id and object_Id are specified, the specified object_Id must belong to the specified firewall. + |
+
object_id + |
+Yes + |
+String + |
+Protected object ID, which is used to distinguish Internet border protection from VPC border protection after a CFW instance is created. You can obtain the ID by calling the API used for querying a firewall instance. Note that the value 0 indicates the ID of a protected object on the Internet border, and the value 1 indicates the ID of a protected object on the VPC border. For details, see the API Explorer and Help Center FAQ. + |
+
name + |
+Yes + |
+String + |
+name + |
+
description + |
+No + |
+String + |
+description + |
+
domain_names + |
+No + |
+Array of DomainSetInfoDto objects + |
+domain names + |
+
domain_set_type + |
+Yes + |
+Integer + |
+Domain set type, 0 means URL filtering, 1 means domain parse + |
+
Status code: 200
+ +Parameter + |
+Type + |
+Description + |
+
|---|---|---|
data + |
+DomainSetResponseData object + |
+Add Domain Set Response Data + |
+
Add a domain set whose project ID is 9d80d070b6d44942af73c9c3d38e0429, firewall ID is 546af3f8-88e9-47f2-a205-2346d7090925, domain set name is test, domain name is www.aaa.com, and protected object ID is fde07429-2e02-45c0-a85f-4f1cacea24d2.
+https://{Endpoint}/v1/9d80d070b6d44942af73c9c3d38e0429/domain-set?fw_instance_id=546af3f8-88e9-47f2-a205-2346d7090925&enterprise_project_id=default
+
+{
+ "name" : "test",
+ "domain_set_type" : 0,
+ "description" : "",
+ "domain_names" : [ {
+ "domain_name" : "www.aaa.com",
+ "description" : ""
+ } ],
+ "fw_instance_id" : "546af3f8-88e9-47f2-a205-2346d7090925",
+ "object_id" : "fde07429-2e02-45c0-a85f-4f1cacea24d2"
+}
+Status code: 200
+Add Domain Set Response
+{
+ "data" : {
+ "id" : "e43db369-a863-45ed-8850-58d6b571b1ab",
+ "name" : "test"
+ }
+}
+Status Code + |
+Description + |
+
|---|---|
200 + |
+Add Domain Set Response + |
+
See Error Codes.
+add domains
+POST /v1/{project_id}/domain-set/domains/{set_id}
+ +Parameter + |
+Mandatory + |
+Type + |
+Description + |
+
|---|---|---|---|
project_id + |
+Yes + |
+String + |
+Project ID + |
+
set_id + |
+Yes + |
+String + |
+Domain Set ID + |
+
Parameter + |
+Mandatory + |
+Type + |
+Description + |
+
|---|---|---|---|
enterprise_project_id + |
+No + |
+String + |
+Enterprise project id, the id generated by the enterprise project after the user supports the enterprise project. + |
+
fw_instance_id + |
+No + |
+String + |
+Firewall instance ID, which is automatically generated after a CFW instance is created. You can obtain the ID by calling the API used for querying a firewall instance. For details, see the API Explorer and Help Center FAQ.By default, if fw_instance_Id is not specified, information about the first firewall under the account is returned. If fw_instance_Id is specified, information about the firewall with this fw_instance_Id is returned.If object_Id is specified, information about the firewall with this object_Id is returned by default. If both fw_instance_Id and object_Id are specified, the specified object_Id must belong to the specified firewall. + |
+
Parameter + |
+Mandatory + |
+Type + |
+Description + |
+
|---|---|---|---|
X-Auth-Token + |
+Yes + |
+String + |
+User token. It can be obtained by calling the IAM API used to obtain a user token. The value of X-Subject-Token in the response header is a token. + |
+
Parameter + |
+Mandatory + |
+Type + |
+Description + |
+
|---|---|---|---|
fw_instance_id + |
+Yes + |
+String + |
+Firewall instance ID, which is automatically generated after a CFW instance is created. You can obtain the ID by calling the API used for querying a firewall instance. For details, see the API Explorer and Help Center FAQ.By default, if fw_instance_Id is not specified, information about the first firewall under the account is returned. If fw_instance_Id is specified, information about the firewall with this fw_instance_Id is returned.If object_Id is specified, information about the firewall with this object_Id is returned by default. If both fw_instance_Id and object_Id are specified, the specified object_Id must belong to the specified firewall. + |
+
object_id + |
+Yes + |
+String + |
+Protected object ID, which is used to distinguish Internet border protection from VPC border protection after a CFW instance is created. You can obtain the ID by calling the API used for querying a firewall instance. Note that the value 0 indicates the ID of a protected object on the Internet border, and the value 1 indicates the ID of a protected object on the VPC border. For details, see the API Explorer and Help Center FAQ. + |
+
domain_names + |
+Yes + |
+Array of DomainSetInfoDto objects + |
+domain names + |
+
Status code: 200
+ +Parameter + |
+Type + |
+Description + |
+
|---|---|---|
data + |
+DomainSetResponseData object + |
+add domains response data + |
+
Add domain names to the domain set under the project where project id is 14181c1245cf4fd786824efe1e2b9388, the firewall instance id is 546af3f8-88e9-47f2-a205-2346d7090925, the protected object id is ae42418e-f077-41a0-9d3b-5b2f5ad9102b, The domain set id is 78719348-6d79-477e-acec -676a29842ab2, and the domain names are www.bnm.com and www.vbc.com
+https://{Endpoint}v1/14181c1245cf4fd786824efe1e2b9388/domain-set/domains/78719348-6d79-477e-acec-676a29842ab2?fw_instance_id=546af3f8-88e9-47f2-a205-2346d7090925&enterprise_project_id=default
+
+{
+ "domain_names" : [ {
+ "description" : "",
+ "domain_name" : "www.bnm.com"
+ }, {
+ "description" : "",
+ "domain_name" : "www.vbc.com"
+ } ],
+ "fw_instance_id" : "546af3f8-88e9-47f2-a205-2346d7090925",
+ "object_id" : "ae42418e-f077-41a0-9d3b-5b2f5ad9102b"
+}
+Status code: 200
+add domains response
+{
+ "data" : {
+ "id" : "78719348-6d79-477e-acec-676a29842ab2",
+ "name" : "test26"
+ }
+}
+Status Code + |
+Description + |
+
|---|---|
200 + |
+add domains response + |
+
See Error Codes.
+This API is used to add log config.
+POST /v1/{project_id}/cfw/logs/configuration
+ +Parameter + |
+Mandatory + |
+Type + |
+Description + |
+
|---|---|---|---|
project_id + |
+Yes + |
+String + |
+Project ID + |
+
Parameter + |
+Mandatory + |
+Type + |
+Description + |
+
|---|---|---|---|
fw_instance_id + |
+Yes + |
+String + |
+Firewall instance ID, which is automatically generated after a CFW instance is created. You can obtain the ID by calling the API used for querying a firewall instance. For details, see the API Explorer and Help Center FAQ.By default, if fw_instance_Id is not specified, information about the first firewall under the account is returned. If fw_instance_Id is specified, information about the firewall with this fw_instance_Id is returned.If object_Id is specified, information about the firewall with this object_Id is returned by default. If both fw_instance_Id and object_Id are specified, the specified object_Id must belong to the specified firewall. + |
+
enterprise_project_id + |
+No + |
+String + |
+Enterprise project id, the id generated by the enterprise project after the user supports the enterprise project. + |
+
Parameter + |
+Mandatory + |
+Type + |
+Description + |
+
|---|---|---|---|
X-Auth-Token + |
+Yes + |
+String + |
+User token. It can be obtained by calling the IAM API used to obtain a user token. The value of X-Subject-Token in the response header is a token. + |
+
Parameter + |
+Mandatory + |
+Type + |
+Description + |
+
|---|---|---|---|
fw_instance_id + |
+Yes + |
+String + |
+Firewall instance ID, which is automatically generated after a CFW instance is created. You can obtain the ID by calling the API used for querying a firewall instance. For details, see the API Explorer and Help Center FAQ.By default, if fw_instance_Id is not specified, information about the first firewall under the account is returned. If fw_instance_Id is specified, information about the firewall with this fw_instance_Id is returned.If object_Id is specified, information about the firewall with this object_Id is returned by default. If both fw_instance_Id and object_Id are specified, the specified object_Id must belong to the specified firewall. + |
+
lts_enable + |
+Yes + |
+Integer + |
+whether to enable LTS + |
+
lts_log_group_id + |
+Yes + |
+String + |
+Lts log group id + |
+
lts_attack_log_stream_id + |
+No + |
+String + |
+Lts attack log stream id + |
+
lts_attack_log_stream_enable + |
+Yes + |
+Integer + |
+whether to enable attack log streaming + |
+
lts_access_log_stream_id + |
+No + |
+String + |
+Lts access log stream id + |
+
lts_access_log_stream_enable + |
+Yes + |
+Integer + |
+whether to enable access log streaming + |
+
lts_flow_log_stream_id + |
+No + |
+String + |
+Lts flow log stream id + |
+
lts_flow_log_stream_enable + |
+Yes + |
+Integer + |
+whether to enable flow log streaming + |
+
Status code: 200
+ +Parameter + |
+Type + |
+Description + |
+
|---|---|---|
data + |
+String + |
+Add Log Config Response Body + |
+
Add a log flow configuration to the firewall whose firewall instance id is 4d6c860a-0338-49e8-ac64-fcaeb4182ba5 and project id is 408972e72dcd4c1a9b033e955802a36b with LTS group ID 20282428-a8f9-4e75-8246-165e64cf8ba8, and the access control log flow is disabled, the traffic log flow is disabled, the attack log flow is disabled, and the LTS is disabled.
+https://{Endpoint}/v1/408972e72dcd4c1a9b033e955802a36b/cfw/logs/configuration?fw_instance_id=4d6c860a-0338-49e8-ac64-fcaeb4182ba5&enterprise_project_id=default
+
+{
+ "fw_instance_id" : "4d6c860a-0338-49e8-ac64-fcaeb4182ba5",
+ "lts_enable" : 0,
+ "lts_log_group_id" : "20282428-a8f9-4e75-8246-165e64cf8ba8",
+ "lts_attack_log_stream_enable" : 0,
+ "lts_access_log_stream_enable" : 0,
+ "lts_flow_log_stream_enable" : 0
+}
+Status code: 200
+Add Log Config Response
+{
+ "data" : "4d6c860a-0338-49e8-ac64-fcaeb4182ba5"
+}
+Status Code + |
+Description + |
+
|---|---|
200 + |
+Add Log Config Response + |
+
See Error Codes.
+This API is used to add group members in batches.
+POST /v1/{project_id}/service-items
+ +Parameter + |
+Mandatory + |
+Type + |
+Description + |
+
|---|---|---|---|
project_id + |
+Yes + |
+String + |
+Project ID + |
+
Parameter + |
+Mandatory + |
+Type + |
+Description + |
+
|---|---|---|---|
enterprise_project_id + |
+No + |
+String + |
+Enterprise project id, the id generated by the enterprise project after the user supports the enterprise project. + |
+
fw_instance_id + |
+No + |
+String + |
+Firewall instance ID, which is automatically generated after a CFW instance is created. You can obtain the ID by calling the API used for querying a firewall instance. For details, see the API Explorer and Help Center FAQ.By default, if fw_instance_Id is not specified, information about the first firewall under the account is returned. If fw_instance_Id is specified, information about the firewall with this fw_instance_Id is returned.If object_Id is specified, information about the firewall with this object_Id is returned by default. If both fw_instance_Id and object_Id are specified, the specified object_Id must belong to the specified firewall. + |
+
Parameter + |
+Mandatory + |
+Type + |
+Description + |
+
|---|---|---|---|
X-Auth-Token + |
+Yes + |
+String + |
+User token. It can be obtained by calling the IAM API used to obtain a user token. The value of X-Subject-Token in the response header is a token. + |
+
Parameter + |
+Mandatory + |
+Type + |
+Description + |
+
|---|---|---|---|
set_id + |
+Yes + |
+String + |
+Service group ID + |
+
service_items + |
+Yes + |
+Array of service_items objects + |
+Add a member to a service group. + |
+
Parameter + |
+Mandatory + |
+Type + |
+Description + |
+
|---|---|---|---|
item_id + |
+No + |
+String + |
+Service member ID + |
+
protocol + |
+Yes + |
+Integer + |
+Protocol type. The value 6 indicates TCP, 17 indicates UDP, 1 indicates ICMP, 58 indicates ICMPv6, and -1 indicates any protocol. Regarding the addition type, a null value indicates it is automatically added. + |
+
source_port + |
+Yes + |
+String + |
+Source port + |
+
dest_port + |
+Yes + |
+String + |
+Destination port + |
+
name + |
+No + |
+String + |
+Service member name + |
+
description + |
+No + |
+String + |
+Service member description + |
+
Status code: 200
+ +Parameter + |
+Type + |
+Description + |
+
|---|---|---|
data + |
+ServiceItemIds object + |
+Data returned when a service group member is created + |
+
Parameter + |
+Type + |
+Description + |
+
|---|---|---|
items + |
+Array of IdObject objects + |
+Service group member ID list + |
+
Parameter + |
+Type + |
+Description + |
+
|---|---|---|
id + |
+String + |
+ID + |
+
name + |
+String + |
+name + |
+
Status code: 400
+ +Parameter + |
+Type + |
+Description + |
+
|---|---|---|
error_code + |
+String + |
+Error code +Minimum: 8 +Maximum: 36 + |
+
error_msg + |
+String + |
+Description +Minimum: 2 +Maximum: 512 + |
+
Add a service group member named ceshi to the project whose ID is 9d80d070b6d44942af73c9c3d38e0429.
+https://{Endpoint}/v1/9d80d070b6d44942af73c9c3d38e0429/service-items
+
+{
+ "set_id" : "7cdebed3-af07-494e-a3c2-b88bb8d58b57",
+ "service_items" : [ {
+ "description" : "Add a member to a service group",
+ "name" : "ceshi",
+ "dest_port" : "1",
+ "source_port" : "1",
+ "protocol" : 6
+ } ]
+}
+Status code: 200
+Return value for adding a service group member
+{
+ "data" : {
+ "items" : [ {
+ "id" : "cc41c4af-86e8-4ed2-80ad-87d399aeaed0"
+ } ]
+ }
+}
+Status code: 400
+Bad Request
+{
+ "error_code" : "CFW.00200001",
+ "error_msg" : "empty param"
+}
+Status Code + |
+Description + |
+
|---|---|
200 + |
+Return value for adding a service group member + |
+
400 + |
+Bad Request + |
+
401 + |
+Unauthorized + |
+
403 + |
+Forbidden + |
+
404 + |
+Not Found + |
+
500 + |
+Internal Server Error + |
+
See Error Codes.
+This API is used to create a service group.
+POST /v1/{project_id}/service-set
+ +Parameter + |
+Mandatory + |
+Type + |
+Description + |
+
|---|---|---|---|
project_id + |
+Yes + |
+String + |
+Project ID + |
+
Parameter + |
+Mandatory + |
+Type + |
+Description + |
+
|---|---|---|---|
enterprise_project_id + |
+No + |
+String + |
+Enterprise project id, the id generated by the enterprise project after the user supports the enterprise project. + |
+
fw_instance_id + |
+No + |
+String + |
+Firewall instance ID, which is automatically generated after a CFW instance is created. You can obtain the ID by calling the API used for querying a firewall instance. For details, see the API Explorer and Help Center FAQ.By default, if fw_instance_Id is not specified, information about the first firewall under the account is returned. If fw_instance_Id is specified, information about the firewall with this fw_instance_Id is returned.If object_Id is specified, information about the firewall with this object_Id is returned by default. If both fw_instance_Id and object_Id are specified, the specified object_Id must belong to the specified firewall. + |
+
Parameter + |
+Mandatory + |
+Type + |
+Description + |
+
|---|---|---|---|
X-Auth-Token + |
+Yes + |
+String + |
+User token. It can be obtained by calling the IAM API used to obtain a user token. The value of X-Subject-Token in the response header is a token. + |
+
Parameter + |
+Mandatory + |
+Type + |
+Description + |
+
|---|---|---|---|
object_id + |
+Yes + |
+String + |
+Protected object ID, which is used to distinguish Internet border protection from VPC border protection after a CFW instance is created. You can obtain the ID by calling the API used for querying a firewall instance. Note that the value 0 indicates the ID of a protected object on the Internet border, and the value 1 indicates the ID of a protected object on the VPC border. For details, see the API Explorer and Help Center FAQ. + |
+
name + |
+Yes + |
+String + |
+Service group name +Minimum: 1 +Maximum: 255 + |
+
description + |
+No + |
+String + |
+Service group description +Minimum: 1 +Maximum: 255 + |
+
Status code: 200
+ +Parameter + |
+Type + |
+Description + |
+
|---|---|---|
data + |
+IdObject object + |
+Data returned when a service group is created + |
+
Parameter + |
+Type + |
+Description + |
+
|---|---|---|
id + |
+String + |
+ID + |
+
name + |
+String + |
+name + |
+
Status code: 400
+ +Parameter + |
+Type + |
+Description + |
+
|---|---|---|
error_code + |
+String + |
+Error code +Minimum: 8 +Maximum: 36 + |
+
error_msg + |
+String + |
+Description +Minimum: 2 +Maximum: 512 + |
+
Add a service group whose project ID is 9d80d070b6d44942af73c9c3d38e0429, protected object is cfebd347-b655-4b84-b938-3c54317599b2, and name is ceshi.
+https://{Endpoint}/v1/9d80d070b6d44942af73c9c3d38e0429/service-set
+
+{
+ "object_id" : "cfebd347-b655-4b84-b938-3c54317599b2",
+ "name" : "ceshi",
+ "description" : ""
+}
+Status code: 200
+Return value of creating a service group
+{
+ "data" : {
+ "id" : "221cfdca-3abf-4c30-ab0d-516a03c70866"
+ }
+}
+Status code: 400
+Bad Request
+{
+ "error_code" : "CFW.00200024",
+ "error_msg" : "Exceeded maximum quantity limit"
+}
+Status Code + |
+Description + |
+
|---|---|
200 + |
+Return value of creating a service group + |
+
400 + |
+Bad Request + |
+
401 + |
+Unauthorized + |
+
403 + |
+Forbidden + |
+
404 + |
+Not Found + |
+
500 + |
+Internal Server Error + |
+
See Error Codes.
+Batch Delete Acl Rules
+DELETE /v1/{project_id}/acl-rule
+ +Parameter + |
+Mandatory + |
+Type + |
+Description + |
+
|---|---|---|---|
project_id + |
+Yes + |
+String + |
+project ID + |
+
Parameter + |
+Mandatory + |
+Type + |
+Description + |
+
|---|---|---|---|
enterprise_project_id + |
+No + |
+String + |
+Enterprise project id, the id generated by the enterprise project after the user supports the enterprise project. + |
+
fw_instance_id + |
+No + |
+String + |
+Firewall instance ID, which is automatically generated after a CFW instance is created. You can obtain the ID by calling the API used for querying a firewall instance. For details, see the API Explorer and Help Center FAQ.By default, if fw_instance_Id is not specified, information about the first firewall under the account is returned. If fw_instance_Id is specified, information about the firewall with this fw_instance_Id is returned.If object_Id is specified, information about the firewall with this object_Id is returned by default. If both fw_instance_Id and object_Id are specified, the specified object_Id must belong to the specified firewall. + |
+
Parameter + |
+Mandatory + |
+Type + |
+Description + |
+
|---|---|---|---|
X-Auth-Token + |
+Yes + |
+String + |
+User token. It can be obtained by calling the IAM API used to obtain a user token. The value of X-Subject-Token in the response header is a token. + |
+
Parameter + |
+Mandatory + |
+Type + |
+Description + |
+
|---|---|---|---|
object_id + |
+Yes + |
+String + |
+Protected object ID, which is used to distinguish Internet border protection from VPC border protection after a CFW instance is created. You can obtain the ID by calling the API used for querying a firewall instance. Note that the value 0 indicates the ID of a protected object on the Internet border, and the value 1 indicates the ID of a protected object on the VPC border. For details, see the API Explorer and Help Center FAQ. + |
+
rule_ids + |
+Yes + |
+Array of strings + |
+rule ids + |
+
Status code: 200
+ +Parameter + |
+Type + |
+Description + |
+
|---|---|---|
data + |
++ | +Batch delete acl rules response data + |
+
Parameter + |
+Type + |
+Description + |
+
|---|---|---|
responseDatas + |
+Array of BatchDeleteRuleInfo objects + |
+batch delete acl rules response data + |
+
Delete the rule with the object id ae42418e-f077-41a0-9d3b-5b2f5ad9102b under the project id 9d80d070b6d44942af73c9c3d38e0429, the rule id is 0475c516-0e41-4caf-990b-0c504eebd73f and 8 662868e-fe7e-4dfc-bfb1-ca4d73081ca6
+https://{Endpoint}/v1/9d80d070b6d44942af73c9c3d38e0429/acl-rule
+
+{
+ "rule_ids" : [ "0475c516-0e41-4caf-990b-0c504eebd73f", "8662868e-fe7e-4dfc-bfb1-ca4d73081ca6" ],
+ "object_id" : "ae42418e-f077-41a0-9d3b-5b2f5ad9102b"
+}
+Status code: 200
+Batch Delete Acl Rules Response Body
+{
+ "data" : {
+ "responseDatas" : [ {
+ "name" : "test",
+ "id" : "0475c516-0e41-4caf-990b-0c504eebd73f"
+ }, {
+ "name" : "test2",
+ "id" : "8662868e-fe7e-4dfc-bfb1-ca4d73081ca6"
+ } ]
+ }
+}
+Status Code + |
+Description + |
+
|---|---|
200 + |
+Batch Delete Acl Rules Response Body + |
+
See Error Codes.
+Batch Delete Address Items
+DELETE /v1/{project_id}/address-items
+ +Parameter + |
+Mandatory + |
+Type + |
+Description + |
+
|---|---|---|---|
project_id + |
+Yes + |
+String + |
+project ID + |
+
Parameter + |
+Mandatory + |
+Type + |
+Description + |
+
|---|---|---|---|
enterprise_project_id + |
+No + |
+String + |
+Enterprise project id, the id generated by the enterprise project after the user supports the enterprise project. + |
+
fw_instance_id + |
+No + |
+String + |
+Firewall instance ID, which is automatically generated after a CFW instance is created. You can obtain the ID by calling the API used for querying a firewall instance. For details, see the API Explorer and Help Center FAQ.By default, if fw_instance_Id is not specified, information about the first firewall under the account is returned. If fw_instance_Id is specified, information about the firewall with this fw_instance_Id is returned.If object_Id is specified, information about the firewall with this object_Id is returned by default. If both fw_instance_Id and object_Id are specified, the specified object_Id must belong to the specified firewall. + |
+
Parameter + |
+Mandatory + |
+Type + |
+Description + |
+
|---|---|---|---|
X-Auth-Token + |
+Yes + |
+String + |
+User token. It can be obtained by calling the IAM API used to obtain a user token. The value of X-Subject-Token in the response header is a token. + |
+
Parameter + |
+Mandatory + |
+Type + |
+Description + |
+
|---|---|---|---|
set_id + |
+Yes + |
+String + |
+set id + |
+
address_item_ids + |
+Yes + |
+Array of strings + |
+address item ids + |
+
Status code: 200
+ +Parameter + |
+Type + |
+Description + |
+
|---|---|---|
data + |
+Array of strings + |
+batch delete address item response + |
+
Delete address set member whose ID is d072ad2e-033c-40a9-b0b5-751f9c2943a6 from address set e4884376-7efb-40e7-b98b-13668d6f8b85 for project 9d80d070b6d44942af73c9c3d38e0429.
+https://{Endpoint}/v1/9d80d070b6d44942af73c9c3d38e0429/address-items?fw_instance_id=7a004e79-0b8b-4679-ab20-267f3946e8ba&enterprise_project_id=default
+
+{
+ "set_id" : "e4884376-7efb-40e7-b98b-13668d6f8b85",
+ "address_item_ids" : [ "d072ad2e-033c-40a9-b0b5-751f9c2943a6" ]
+}
+Status code: 200
+{
+ "data" : [ "d072ad2e-033c-40a9-b0b5-751f9c2943a6" ]
+}
+Status Code + |
+Description + |
+
|---|---|
200 + |
++ |
See Error Codes.
+This API is used to batch delete service items.
+DELETE /v1/{project_id}/service-items
+ +Parameter + |
+Mandatory + |
+Type + |
+Description + |
+
|---|---|---|---|
project_id + |
+Yes + |
+String + |
+project ID + |
+
Parameter + |
+Mandatory + |
+Type + |
+Description + |
+
|---|---|---|---|
enterprise_project_id + |
+No + |
+String + |
+Enterprise project id, the id generated by the enterprise project after the user supports the enterprise project. + |
+
fw_instance_id + |
+No + |
+String + |
+Firewall instance ID, which is automatically generated after a CFW instance is created. You can obtain the ID by calling the API used for querying a firewall instance. For details, see the API Explorer and Help Center FAQ.By default, if fw_instance_Id is not specified, information about the first firewall under the account is returned. If fw_instance_Id is specified, information about the firewall with this fw_instance_Id is returned.If object_Id is specified, information about the firewall with this object_Id is returned by default. If both fw_instance_Id and object_Id are specified, the specified object_Id must belong to the specified firewall. + |
+
Parameter + |
+Mandatory + |
+Type + |
+Description + |
+
|---|---|---|---|
X-Auth-Token + |
+Yes + |
+String + |
+User token. It can be obtained by calling the IAM API used to obtain a user token. The value of X-Subject-Token in the response header is a token. + |
+
Parameter + |
+Mandatory + |
+Type + |
+Description + |
+
|---|---|---|---|
set_id + |
+Yes + |
+String + |
+set id + |
+
service_item_ids + |
+Yes + |
+Array of strings + |
+service item ids + |
+
Status code: 200
+ +Parameter + |
+Type + |
+Description + |
+
|---|---|---|
data + |
+Array of strings + |
+batch delete service items + |
+
Delete the service item f837f7ae-22c9-449d-a99c-4be24533e243 under the service set 688faf62-20fc-4ca6-b9f9-6fbc518df5ae with project id 9d80d070b6d44942af73c9c3d38e0429
+https://{Endpoint}/v1/9d80d070b6d44942af73c9c3d38e0429/service-items?fw_instance_id=7a004e79-0b8b-4679-ab20-267f3946e8ba&enterprise_project_id=default
+
+{
+ "set_id" : "688faf62-20fc-4ca6-b9f9-6fbc518df5ae",
+ "service_item_ids" : [ "f837f7ae-22c9-449d-a99c-4be24533e243" ]
+}
+Status code: 200
+Batch Delete Service Item Response
+{
+ "data" : [ "f837f7ae-22c9-449d-a99c-4be24533e243" ]
+}
+Status Code + |
+Description + |
+
|---|---|
200 + |
+Batch Delete Service Item Response + |
+
See Error Codes.
+This API is used to update rule actions in batches.
+PUT /v1/{project_id}/acl-rule/action
+ +Parameter + |
+Mandatory + |
+Type + |
+Description + |
+
|---|---|---|---|
project_id + |
+Yes + |
+String + |
+project ID + |
+
Parameter + |
+Mandatory + |
+Type + |
+Description + |
+
|---|---|---|---|
enterprise_project_id + |
+No + |
+String + |
+Enterprise project id, the id generated by the enterprise project after the user supports the enterprise project. + |
+
Parameter + |
+Mandatory + |
+Type + |
+Description + |
+
|---|---|---|---|
X-Auth-Token + |
+Yes + |
+String + |
+User token. It can be obtained by calling the IAM API used to obtain a user token. The value of X-Subject-Token in the response header is a token. + |
+
Parameter + |
+Mandatory + |
+Type + |
+Description + |
+
|---|---|---|---|
object_id + |
+Yes + |
+String + |
+Protected object ID, which is used to distinguish Internet border protection from VPC border protection after a CFW instance is created. You can obtain the ID by calling the API used for querying a firewall instance. Note that the value 0 indicates the ID of a protected object on the Internet border, and the value 1 indicates the ID of a protected object on the VPC border. For details, see the API Explorer and Help Center FAQ. + |
+
action + |
+Yes + |
+String + |
+action + |
+
rule_ids + |
+Yes + |
+Array of strings + |
+rule ids + |
+
Status code: 200
+ +Parameter + |
+Type + |
+Description + |
+
|---|---|---|
data + |
+Array of strings + |
+batch update acl rule ids + |
+
Update the statuses of rules 4e12d889-c1d3-491b-8470-3d1b3dadc1fd and f798a6a8-c4c5-42b4-838c-c922c9908cb4 of firewall 546af3f8-88e9-47f2-a205-2346d7090925 in project 14181c1245cf4fd786824efe1e2b9388 to enabled.
+https://{Endpoint}/v1/14181c1245cf4fd786824efe1e2b9388/acl-rule/action?fw_instance_id=546af3f8-88e9-47f2-a205-2346d7090925&enterprise_project_id=default
+
+{
+ "action" : "enable",
+ "rule_ids" : [ "4e12d889-c1d3-491b-8470-3d1b3dadc1fd", "f798a6a8-c4c5-42b4-838c-c922c9908cb4" ],
+ "object_id" : "ae42418e-f077-41a0-9d3b-5b2f5ad9102b"
+}
+Status code: 200
+Batch Update Acl Rule Response
+{
+ "data" : [ "4e12d889-c1d3-491b-8470-3d1b3dadc1fd", "f798a6a8-c4c5-42b4-838c-c922c9908cb4" ]
+}
+Status Code + |
+Description + |
+
|---|---|
200 + |
+Batch Update Acl Rule Response + |
+
See Error Codes.
+This API is used to enable or disable east-west protection.
+POST /v1/{project_id}/firewall/east-west/protect
+ +Parameter + |
+Mandatory + |
+Type + |
+Description + |
+
|---|---|---|---|
project_id + |
+Yes + |
+String + |
+Project ID + |
+
Parameter + |
+Mandatory + |
+Type + |
+Description + |
+
|---|---|---|---|
enterprise_project_id + |
+No + |
+String + |
+Enterprise project id, the id generated by the enterprise project after the user supports the enterprise project. + |
+
fw_instance_id + |
+No + |
+String + |
+Firewall instance ID, which is automatically generated after a CFW instance is created. You can obtain the ID by calling the API used for querying a firewall instance. For details, see the API Explorer and Help Center FAQ.By default, if fw_instance_Id is not specified, information about the first firewall under the account is returned. If fw_instance_Id is specified, information about the firewall with this fw_instance_Id is returned.If object_Id is specified, information about the firewall with this object_Id is returned by default. If both fw_instance_Id and object_Id are specified, the specified object_Id must belong to the specified firewall. + |
+
Parameter + |
+Mandatory + |
+Type + |
+Description + |
+
|---|---|---|---|
X-Auth-Token + |
+Yes + |
+String + |
+User token. It can be obtained by calling the IAM API used to obtain a user token. The value of X-Subject-Token in the response header is a token. + |
+
Parameter + |
+Mandatory + |
+Type + |
+Description + |
+
|---|---|---|---|
object_id + |
+Yes + |
+String + |
+Protected object ID, which is used to distinguish Internet border protection from VPC border protection after a CFW instance is created. You can obtain the ID by calling the API used for querying a firewall instance. Note that the value 0 indicates the ID of a protected object on the Internet border, and the value 1 indicates the ID of a protected object on the VPC border. For details, see the API Explorer and Help Center FAQ. + |
+
status + |
+Yes + |
+Integer + |
+Protection status. The value can be 0 (enabled) or 1 (disabled). +Enumeration values: +
|
+
Status code: 200
+ +Parameter + |
+Type + |
+Description + |
+
|---|---|---|
data + |
+data object + |
+Response body + |
+
trace_id + |
+String + |
+trace id + |
+
Status code: 400
+ +Parameter + |
+Type + |
+Description + |
+
|---|---|---|
error_code + |
+String + |
+Error code +Minimum: 8 +Maximum: 36 + |
+
error_msg + |
+String + |
+Description +Minimum: 2 +Maximum: 512 + |
+
In the project with the ID 09bb24e6fe80d23d2fa2c010b53b418c, enable east-west firewall protection for the object with the ID 74820b38-1cc0-4f0b-8cce-32490fa840a3.
+https://{Endpoint}/v1/09bb24e6fe80d23d2fa2c010b53b418c/firewall/east-west/protect
+
+{
+ "object_id" : "74820b38-1cc0-4f0b-8cce-32490fa840a3",
+ "status" : 1
+}
+Status code: 200
+Response body for updating the east-west protection status
+{
+ "data" : {
+ "id" : "5c539816-7a94-4833-9df0-944b362f0797"
+ }
+}
+Status code: 400
+Bad Request
+{
+ "error_code" : "CFW.00200005",
+ "error_msg" : "operation content does not exist"
+}
+Status Code + |
+Description + |
+
|---|---|
200 + |
+Response body for updating the east-west protection status + |
+
400 + |
+Bad Request + |
+
401 + |
+Unauthorized + |
+
403 + |
+Forbidden + |
+
404 + |
+Not Found + |
+
500 + |
+Internal Server Error + |
+
See Error Codes.
+Enable and disable EIPs, you need to use ListEips to synchronize EIP assets and set the sync field to 1 before enabling EIP protection for the first time after purchasing an EIP.
+POST /v1/{project_id}/eip/protect
+ +Parameter + |
+Mandatory + |
+Type + |
+Description + |
+
|---|---|---|---|
project_id + |
+Yes + |
+String + |
+Project ID +Minimum: 32 +Maximum: 32 + |
+
Parameter + |
+Mandatory + |
+Type + |
+Description + |
+
|---|---|---|---|
enterprise_project_id + |
+No + |
+String + |
+Enterprise project id, the id generated by the enterprise project after the user supports the enterprise project. + |
+
fw_instance_id + |
+No + |
+String + |
+Firewall instance ID, which is automatically generated after a CFW instance is created. You can obtain the ID by calling the API used for querying a firewall instance. For details, see the API Explorer and Help Center FAQ.By default, if fw_instance_Id is not specified, information about the first firewall under the account is returned. If fw_instance_Id is specified, information about the firewall with this fw_instance_Id is returned.If object_Id is specified, information about the firewall with this object_Id is returned by default. If both fw_instance_Id and object_Id are specified, the specified object_Id must belong to the specified firewall. + |
+
Parameter + |
+Mandatory + |
+Type + |
+Description + |
+
|---|---|---|---|
X-Auth-Token + |
+Yes + |
+String + |
+User token. It can be obtained by calling the IAM API used to obtain a user token. The value of X-Subject-Token in the response header is a token. + |
+
Parameter + |
+Mandatory + |
+Type + |
+Description + |
+
|---|---|---|---|
object_id + |
+Yes + |
+String + |
+Protected object ID, which is used to distinguish Internet border protection from VPC border protection after a CFW instance is created. You can obtain the ID by calling the API used for querying a firewall instance. Note that the value 0 indicates the ID of a protected object on the Internet border, and the value 1 indicates the ID of a protected object on the VPC border. For details, see the API Explorer and Help Center FAQ. +Minimum: 36 +Maximum: 36 + |
+
status + |
+Yes + |
+Integer + |
+EIP Status,0:protected,1:unprotected +Minimum: 0 +Maximum: 1 + |
+
ip_infos + |
+Yes + |
+Array of ip_infos objects + |
+EIP information list +Array Length: 0 - 50 + |
+
Status code: 200
+ +Parameter + |
+Type + |
+Description + |
+
|---|---|---|
data + |
+EIPSwitchStatusVO object + |
+Eip Switch Status Vo + |
+
Parameter + |
+Type + |
+Description + |
+
|---|---|---|
object_id + |
+String + |
+Protected object ID, which is used to distinguish Internet border protection from VPC border protection after a CFW instance is created. You can obtain the ID by calling the API used for querying a firewall instance. Note that the value 0 indicates the ID of a protected object on the Internet border, and the value 1 indicates the ID of a protected object on the VPC border. For details, see the API Explorer and Help Center FAQ. + |
+
fail_eip_id_list + |
+Array of strings + |
+failed eip id list + |
+
id + |
+String + |
+ID + |
+
Status code: 400
+ +Parameter + |
+Type + |
+Description + |
+
|---|---|---|
error_code + |
+String + |
+Error code +Minimum: 8 +Maximum: 36 + |
+
error_msg + |
+String + |
+Description +Minimum: 2 +Maximum: 512 + |
+
Enable EIP (100.85.121.62) traffic protection.
+https://{Endpoint}/v1/857ddec2-55f2-4503-a93a-fe70021b743c/eip/protect
+
+{
+ "object_id" : "6d3db4fd-fd58-4d8e-914b-ef91aa268f62",
+ "status" : 0,
+ "ip_infos" : [ {
+ "id" : "4a589be0-b40a-4694-94ff-c0710af9a0a2",
+ "public_ip" : "1.2.3.4"
+ } ]
+}
+Disable EIP (100.85.121.62) traffic protection.
+/v1/857ddec2-55f2-4503-a93a-fe70021b743c/eip/protect
+
+{
+ "object_id" : "6d3db4fd-fd58-4d8e-914b-ef91aa268f62",
+ "status" : 1,
+ "ip_infos" : [ {
+ "id" : "4a589be0-b40a-4694-94ff-c0710af9a0a2",
+ "public_ip" : "1.2.3.4"
+ } ]
+}
+Status code: 200
+Return value for enabling or disabling EIP protection
+{
+ "data" : {
+ "fail_eip_id_list" : [ ],
+ "object_id" : "ae42418e-f077-41a0-9d3b-5b2f5ad9102b",
+ "id" : "b0a2dacc-3886-4805-838e-281653d3cd1f"
+ }
+}
+Status Code + |
+Description + |
+
|---|---|
200 + |
+Return value for enabling or disabling EIP protection + |
+
400 + |
+Bad Request + |
+
401 + |
+Unauthorized + |
+
403 + |
+Forbidden + |
+
404 + |
+Not Found + |
+
500 + |
+Internal Server Error + |
+
See Error Codes.
+This API is used to switch the protection mode.
+POST /v1/{project_id}/ips/protect
+ +Parameter + |
+Mandatory + |
+Type + |
+Description + |
+
|---|---|---|---|
project_id + |
+Yes + |
+String + |
+Project ID + |
+
Parameter + |
+Mandatory + |
+Type + |
+Description + |
+
|---|---|---|---|
enterprise_project_id + |
+No + |
+String + |
+Enterprise project id, the id generated by the enterprise project after the user supports the enterprise project. + |
+
fw_instance_id + |
+No + |
+String + |
+Firewall instance ID, which is automatically generated after a CFW instance is created. You can obtain the ID by calling the API used for querying a firewall instance. For details, see the API Explorer and Help Center FAQ.By default, if fw_instance_Id is not specified, information about the first firewall under the account is returned. If fw_instance_Id is specified, information about the firewall with this fw_instance_Id is returned.If object_Id is specified, information about the firewall with this object_Id is returned by default. If both fw_instance_Id and object_Id are specified, the specified object_Id must belong to the specified firewall. + |
+
Parameter + |
+Mandatory + |
+Type + |
+Description + |
+
|---|---|---|---|
X-Auth-Token + |
+Yes + |
+String + |
+User token. It can be obtained by calling the IAM API used to obtain a user token. The value of X-Subject-Token in the response header is a token. + |
+
Parameter + |
+Mandatory + |
+Type + |
+Description + |
+
|---|---|---|---|
object_id + |
+No + |
+String + |
+Protected object ID, which is used to distinguish Internet border protection from VPC border protection after a CFW instance is created. You can obtain the ID by calling the API used for querying a firewall instance. Note that the value 0 indicates the ID of a protected object on the Internet border, and the value 1 indicates the ID of a protected object on the VPC border. For details, see the API Explorer and Help Center FAQ. + |
+
mode + |
+No + |
+Integer + |
+IPS protection mode. 0: observation mode; 1: strict mode; 2: medium mode; 3: loose mode + |
+
Status code: 200
+ +Parameter + |
+Type + |
+Description + |
+
|---|---|---|
data + |
+IdObject object + |
+Update the IPS protection mode + |
+
Parameter + |
+Type + |
+Description + |
+
|---|---|---|
id + |
+String + |
+ID + |
+
name + |
+String + |
+name + |
+
Status code: 400
+ +Parameter + |
+Type + |
+Description + |
+
|---|---|---|
error_code + |
+String + |
+Error code +Minimum: 8 +Maximum: 36 + |
+
error_msg + |
+String + |
+Description +Minimum: 2 +Maximum: 512 + |
+
Deliver the strict protection mode to object cfebd347-b655-4b84-b938-3c54317599b2 in project 9d80d070b6d44942af73c9c3d38e0429.
+https://{Endpoint}/v1/9d80d070b6d44942af73c9c3d38e0429/ips/protect
+
+{
+ "object_id" : "cfebd347-b655-4b84-b938-3c54317599b2",
+ "mode" : 1
+}
+Status code: 200
+OK
+{
+ "data" : {
+ "id" : "cfebd347-b655-4b84-b938-3c54317599b2"
+ }
+}
+Status code: 400
+Bad Request
+{
+ "error_code" : "CFW.0020016",
+ "error_msg" : "instance status error"
+}
+Status Code + |
+Description + |
+
|---|---|
200 + |
+OK + |
+
400 + |
+Bad Request + |
+
401 + |
+Unauthorized + |
+
403 + |
+Forbidden + |
+
404 + |
+Not Found + |
+
500 + |
+Internal Server Error + |
+
See Error Codes.
+This API is used to enable or disable the feature.
+POST /v1/{project_id}/ips/switch
+ +Parameter + |
+Mandatory + |
+Type + |
+Description + |
+
|---|---|---|---|
project_id + |
+Yes + |
+String + |
+project_id + |
+
Parameter + |
+Mandatory + |
+Type + |
+Description + |
+
|---|---|---|---|
enterprise_project_id + |
+No + |
+String + |
+Enterprise project id, the id generated by the enterprise project after the user supports the enterprise project. + |
+
fw_instance_id + |
+No + |
+String + |
+Firewall instance ID, which is automatically generated after a CFW instance is created. You can obtain the ID by calling the API used for querying a firewall instance. For details, see the API Explorer and Help Center FAQ.By default, if fw_instance_Id is not specified, information about the first firewall under the account is returned. If fw_instance_Id is specified, information about the firewall with this fw_instance_Id is returned.If object_Id is specified, information about the firewall with this object_Id is returned by default. If both fw_instance_Id and object_Id are specified, the specified object_Id must belong to the specified firewall. + |
+
Parameter + |
+Mandatory + |
+Type + |
+Description + |
+
|---|---|---|---|
X-Auth-Token + |
+Yes + |
+String + |
+User token. It can be obtained by calling the IAM API used to obtain a user token. The value of X-Subject-Token in the response header is a token. + |
+
X-Language + |
+No + |
+String + |
+Language header, the default is zh-cn, if you need to use English, please select en-us. + |
+
Parameter + |
+Mandatory + |
+Type + |
+Description + |
+
|---|---|---|---|
object_id + |
+Yes + |
+String + |
+Protected object ID, which is used to distinguish Internet border protection from VPC border protection after a CFW instance is created. You can obtain the ID by calling the API used for querying a firewall instance. Note that the value 0 indicates the ID of a protected object on the Internet border, and the value 1 indicates the ID of a protected object on the VPC border. For details, see the API Explorer and Help Center FAQ. + |
+
ips_type + |
+Yes + |
+Integer + |
+Patch type. Only virtual patch is supported. The value is 2. +Enumeration values: +
|
+
status + |
+Yes + |
+Integer + |
+IPS switch status + |
+
Status code: 200
+ +Parameter + |
+Type + |
+Description + |
+
|---|---|---|
trace_id + |
+String + |
+trace_id + |
+
data + |
+data object + |
+object + |
+
Enable or disable the basic patch and virtual patch of the engine on the user portal. The following example shows how to enable the virtual patch function for project 14181c1245cf4fd786824efe1e2b9388 whose protected object ID is 1530de8a-522d-4771-9067-9fa4e2f53b48.
+https://{Endpoint}/v1/14181c1245cf4fd786824efe1e2b9388/ips/switch?fw_instance_id=546af3f8-88e9-47f2-a205-2346d7090925&enterprise_project_id=default
+
+{
+ "ips_type" : 1,
+ "object_id" : "1530de8a-522d-4771-9067-9fa4e2f53b48",
+ "status" : 1
+}
+Status code: 200
+OK
+{
+ "data" : {
+ "id" : "1530de8a-522d-4771-9067-9fa4e2f53b48"
+ },
+ "trace_id" : "358144a9885ff55100aa63cb0d0e1039"
+}
+Status Code + |
+Description + |
+
|---|---|
200 + |
+OK + |
+
401 + |
+Unauthorized + |
+
403 + |
+Forbidden + |
+
404 + |
+Not Found + |
+
500 + |
+Internal Server Error + |
+
See Error Codes.
+This API is used to create east west firewall.
+POST /v1/{project_id}/firewall/east-west
+ +Parameter + |
+Mandatory + |
+Type + |
+Description + |
+
|---|---|---|---|
project_id + |
+Yes + |
+String + |
+Project ID + |
+
Parameter + |
+Mandatory + |
+Type + |
+Description + |
+
|---|---|---|---|
enterprise_project_id + |
+No + |
+String + |
+Enterprise project id, the id generated by the enterprise project after the user supports the enterprise project. + |
+
fw_instance_id + |
+Yes + |
+String + |
+Firewall instance ID, which is automatically generated after a CFW instance is created. You can obtain the ID by calling the API used for querying a firewall instance. For details, see the API Explorer and Help Center FAQ.By default, if fw_instance_Id is not specified, information about the first firewall under the account is returned. If fw_instance_Id is specified, information about the firewall with this fw_instance_Id is returned.If object_Id is specified, information about the firewall with this object_Id is returned by default. If both fw_instance_Id and object_Id are specified, the specified object_Id must belong to the specified firewall. + |
+
Parameter + |
+Mandatory + |
+Type + |
+Description + |
+
|---|---|---|---|
X-Auth-Token + |
+Yes + |
+String + |
+User token. It can be obtained by calling the IAM API used to obtain a user token. The value of X-Subject-Token in the response header is a token. + |
+
Parameter + |
+Mandatory + |
+Type + |
+Description + |
+
|---|---|---|---|
er_id + |
+No + |
+String + |
+Instance ID of the associated outbound ER + |
+
inspection_cidr + |
+Yes + |
+String + |
+inspection cidr + |
+
mode + |
+Yes + |
+String + |
+east-west protection mode,only er mode is supported + |
+
Status code: 200
+ +Parameter + |
+Type + |
+Description + |
+
|---|---|---|
data + |
+IdObject object + |
+create east west firewall response + |
+
Create an east-west protection in ER mode under firewall 55b26ab5-e4b0-40e8-941c-a1778fe2a500, the project ID is 09bb24e6f280d23d0f9fc0104b901480, the inspection_cidr is 10.1.0.0/24, and the er_id is e0b22a23-02cf-4092-ace9-34b39e10dc77.
+https://{Endpoint}/v1/09bb24e6f280d23d0f9fc0104b901480/firewall/east-west?fw_instance_id=55b26ab5-e4b0-40e8-941c-a1778fe2a500&enterprise_project_id=default
+
+{
+ "inspection_cidr" : "10.1.0.0/24",
+ "mode" : "er",
+ "er_id" : "e0b22a23-02cf-4092-ace9-34b39e10dc77"
+}
+Status code: 200
+Create East West Firewall Response Body
+{
+ "data" : {
+ "id" : "b6d4a7d5-388e-4594-b696-fb4bba1d2b9e"
+ }
+}
+Status Code + |
+Description + |
+
|---|---|
200 + |
+Create East West Firewall Response Body + |
+
See Error Codes.
+This API is used to create firewall.
+POST /v2/{project_id}/firewall
+ +Parameter + |
+Mandatory + |
+Type + |
+Description + |
+
|---|---|---|---|
project_id + |
+Yes + |
+String + |
+Project ID + |
+
Parameter + |
+Mandatory + |
+Type + |
+Description + |
+
|---|---|---|---|
X-Auth-Token + |
+No + |
+String + |
+User token. It can be obtained by calling the IAM API used to obtain a user token. The value of X-Subject-Token in the response header is a token. + |
+
X-Client-Token + |
+No + |
+String + |
+An identity that guarantees the idempotency of client requests. The identifier is in 32-bit UUID format, generated by the client, and must be unique between requests. + |
+
X-Trace-Id + |
+No + |
+String + |
++ |
Parameter + |
+Mandatory + |
+Type + |
+Description + |
+
|---|---|---|---|
name + |
+Yes + |
+String + |
+Firewall Name + |
+
enterprise_project_id + |
+No + |
+String + |
+Enterprise project id, the id generated by the enterprise project after the user supports the enterprise project. +Default: 0 + |
+
tags + |
+No + |
+Array of tags objects + |
+Resource Tag + |
+
flavor + |
+No + |
+flavor object + |
+flavor + |
+
charge_info + |
+Yes + |
+charge_info object + |
+Billing type information, prepaid and postpaid, the default is postpaid. + |
+
Parameter + |
+Mandatory + |
+Type + |
+Description + |
+
|---|---|---|---|
key + |
+Yes + |
+String + |
+Tag Key + |
+
value + |
+Yes + |
+String + |
+Tag Value + |
+
Parameter + |
+Mandatory + |
+Type + |
+Description + |
+
|---|---|---|---|
version + |
+No + |
+String + |
+Firewall version: If charge_mode is set to prePaid, only the Professional Edition is supported, and when charge_mode is set to postPaid, the Standard and Professional Editions are supported. +Enumeration values: +
|
+
extend_eip_count + |
+No + |
+Integer + |
+Expand the number of EIPs and take effect only in the prepaid mode. +Minimum: 0 +Maximum: 2000 +Default: 0 + |
+
extend_bandwidth + |
+No + |
+Integer + |
+Expand band width and take effect only in the prepaid mode. +Minimum: 0 +Maximum: 5000 + |
+
extend_vpc_count + |
+No + |
+Integer + |
+Expand the number of VPCs and take effect only in the prepaid mode. +Minimum: 0 +Maximum: 100 + |
+
Parameter + |
+Mandatory + |
+Type + |
+Description + |
+
|---|---|---|---|
charge_mode + |
+Yes + |
+String + |
+The billing mode can be prepaid, i.e., yearly/monthly, and postPaid: postpaid, i.e., pay-per-use. + |
+
period_type + |
+No + |
+String + |
+The value range of the subscription cycle,include monthly and yearly. Note: This parameter takes effect when charge_mode is set to prePaid, and the value is required. + |
+
period_num + |
+No + |
+Integer + |
+the time of the subscription, take effect when charge_mode is prePaid and it is required, value range: 1~9 when period_type is set to month, and 1~3 when period_type is set to year. + |
+
is_auto_renew + |
+Yes + |
+Boolean + |
+whether the firewall instance is auto renewed +Default: false + |
+
is_auto_pay + |
+Yes + |
+Boolean + |
+whether the firewall instance is auto paid +Default: false + |
+
Status code: 200
+ +Parameter + |
+Type + |
+Description + |
+
|---|---|---|
job_id + |
+String + |
+The job id, created when the firewall instance is created, which is returned only when the billing mode is postpaid. + |
+
order_id + |
+String + |
+Order id,which is returned when the firewall instance is created. + |
+
data + |
+CreateFirewallReq object + |
+Create Firewall Request + |
+
Parameter + |
+Type + |
+Description + |
+
|---|---|---|
name + |
+String + |
+Firewall Name + |
+
enterprise_project_id + |
+String + |
+Enterprise project id, the id generated by the enterprise project after the user supports the enterprise project. +Default: 0 + |
+
tags + |
+Array of tags objects + |
+Resource Tag + |
+
flavor + |
+flavor object + |
+flavor + |
+
charge_info + |
+charge_info object + |
+Billing type information, prepaid and postpaid, the default is postpaid. + |
+
Parameter + |
+Type + |
+Description + |
+
|---|---|---|
key + |
+String + |
+Tag Key + |
+
value + |
+String + |
+Tag Value + |
+
Parameter + |
+Type + |
+Description + |
+
|---|---|---|
version + |
+String + |
+Firewall version: If charge_mode is set to prePaid, only the Professional Edition is supported, and when charge_mode is set to postPaid, the Standard and Professional Editions are supported. +Enumeration values: +
|
+
extend_eip_count + |
+Integer + |
+Expand the number of EIPs and take effect only in the prepaid mode. +Minimum: 0 +Maximum: 2000 +Default: 0 + |
+
extend_bandwidth + |
+Integer + |
+Expand band width and take effect only in the prepaid mode. +Minimum: 0 +Maximum: 5000 + |
+
extend_vpc_count + |
+Integer + |
+Expand the number of VPCs and take effect only in the prepaid mode. +Minimum: 0 +Maximum: 100 + |
+
Parameter + |
+Type + |
+Description + |
+
|---|---|---|
charge_mode + |
+String + |
+The billing mode can be prepaid, i.e., yearly/monthly, and postPaid: postpaid, i.e., pay-per-use. + |
+
period_type + |
+String + |
+The value range of the subscription cycle,include monthly and yearly. Note: This parameter takes effect when charge_mode is set to prePaid, and the value is required. + |
+
period_num + |
+Integer + |
+the time of the subscription, take effect when charge_mode is prePaid and it is required, value range: 1~9 when period_type is set to month, and 1~3 when period_type is set to year. + |
+
is_auto_renew + |
+Boolean + |
+whether the firewall instance is auto renewed +Default: false + |
+
is_auto_pay + |
+Boolean + |
+whether the firewall instance is auto paid +Default: false + |
+
Status code: 400
+ +Parameter + |
+Type + |
+Description + |
+
|---|---|---|
error_code + |
+String + |
+Error code +Minimum: 8 +Maximum: 36 + |
+
error_msg + |
+String + |
+Description +Minimum: 2 +Maximum: 512 + |
+
Enable a standard firewall with 2000 extended EIP, 5,000 Mbps extended protection bandwidth, 100 extended protection VCPs under a monthly billing auto-renewal model.
+https://{Endpoint}/v2/124147da-5b08-471a-93d2-bc82acc290c6/firewall
+
+{
+ "name" : "CFW-TEST",
+ "enterprise_project_id" : "0",
+ "tags" : [ {
+ "key" : "TagKey",
+ "value" : "TagVal"
+ } ],
+ "flavor" : {
+ "version" : "standard",
+ "extend_eip_count" : 2000,
+ "extend_bandwidth" : 5000,
+ "extend_vpc_count" : 100
+ },
+ "charge_info" : {
+ "charge_mode" : "prePaid",
+ "period_type" : "month",
+ "period_num" : 1,
+ "is_auto_renew" : true,
+ "is_auto_pay" : true
+ }
+}
+Status code: 200
+Create Firewall Response
+{
+ "data" : "6ed72853-34cb-4b97-9b87-cfc47087c96e"
+}
+Status code: 400
+Bad Request
+{
+ "error_code" : "CFW.00100001",
+ "error_msg" : "The system is busy. Please try again later."
+}
+Status Code + |
+Description + |
+
|---|---|
200 + |
+Create Firewall Response + |
+
400 + |
+Bad Request + |
+
See Error Codes.
+This API is used to delete an ACL rule group.
+DELETE /v1/{project_id}/acl-rule/{acl_rule_id}
+ +Parameter + |
+Mandatory + |
+Type + |
+Description + |
+
|---|---|---|---|
project_id + |
+Yes + |
+String + |
+Project ID + |
+
acl_rule_id + |
+Yes + |
+String + |
+Rule ID + |
+
Parameter + |
+Mandatory + |
+Type + |
+Description + |
+
|---|---|---|---|
enterprise_project_id + |
+No + |
+String + |
+Enterprise project id, the id generated by the enterprise project after the user supports the enterprise project. + |
+
fw_instance_id + |
+No + |
+String + |
+Firewall instance ID, which is automatically generated after a CFW instance is created. You can obtain the ID by calling the API used for querying a firewall instance. For details, see the API Explorer and Help Center FAQ.By default, if fw_instance_Id is not specified, information about the first firewall under the account is returned. If fw_instance_Id is specified, information about the firewall with this fw_instance_Id is returned.If object_Id is specified, information about the firewall with this object_Id is returned by default. If both fw_instance_Id and object_Id are specified, the specified object_Id must belong to the specified firewall. + |
+
Parameter + |
+Mandatory + |
+Type + |
+Description + |
+
|---|---|---|---|
X-Auth-Token + |
+Yes + |
+String + |
+User token. It can be obtained by calling the IAM API used to obtain a user token. The value of X-Subject-Token in the response header is a token. + |
+
Status code: 200
+ +Parameter + |
+Type + |
+Description + |
+
|---|---|---|
data + |
+RuleId object + |
++ |
Parameter + |
+Type + |
+Description + |
+
|---|---|---|
id + |
+String + |
+id + |
+
name + |
+String + |
+name + |
+
Status code: 400
+ +Parameter + |
+Type + |
+Description + |
+
|---|---|---|
error_code + |
+String + |
+Error code +Minimum: 8 +Maximum: 36 + |
+
error_msg + |
+String + |
+Description +Minimum: 2 +Maximum: 512 + |
+
Delete the rule whose project ID is 9d80d070b6d44942af73c9c3d38e0429 and rule ID is ceaa0407-b9c8-4dfd-9eca-b6ead2dfd031.
+https://{Endpoint}/v1/9d80d070b6d44942af73c9c3d38e0429/acl-rule/ceaa0407-b9c8-4dfd-9eca-b6ead2dfd031
+Status code: 200
+OK
+{
+ "data" : {
+ "id" : "ceaa0407-b9c8-4dfd-9eca-b6ead2dfd031",
+ "name" : "name"
+ }
+}
+Status code: 400
+Bad Request
+{
+ "error_code" : "CFW.00900016",
+ "error_msg" : "The import task is in progress. Please operate after the task is completed"
+}
+Status Code + |
+Description + |
+
|---|---|
200 + |
+OK + |
+
400 + |
+Bad Request + |
+
401 + |
+Unauthorized + |
+
403 + |
+Forbidden + |
+
404 + |
+Not Found + |
+
500 + |
+Internal Server Error + |
+
See Error Codes.
+This API is used to delete the rule hit count.
+DELETE /v1/{project_id}/acl-rule/count
+ +Parameter + |
+Mandatory + |
+Type + |
+Description + |
+
|---|---|---|---|
project_id + |
+Yes + |
+String + |
+project id + |
+
Parameter + |
+Mandatory + |
+Type + |
+Description + |
+
|---|---|---|---|
enterprise_project_id + |
+No + |
+String + |
+Enterprise project id, the id generated by the enterprise project after the user supports the enterprise project. + |
+
fw_instance_id + |
+No + |
+String + |
+Firewall instance ID, which is automatically generated after a CFW instance is created. You can obtain the ID by calling the API used for querying a firewall instance. For details, see the API Explorer and Help Center FAQ.By default, if fw_instance_Id is not specified, information about the first firewall under the account is returned. If fw_instance_Id is specified, information about the firewall with this fw_instance_Id is returned.If object_Id is specified, information about the firewall with this object_Id is returned by default. If both fw_instance_Id and object_Id are specified, the specified object_Id must belong to the specified firewall. + |
+
Parameter + |
+Mandatory + |
+Type + |
+Description + |
+
|---|---|---|---|
X-Auth-Token + |
+Yes + |
+String + |
+User token. It can be obtained by calling the IAM API used to obtain a user token. The value of X-Subject-Token in the response header is a token. + |
+
Parameter + |
+Mandatory + |
+Type + |
+Description + |
+
|---|---|---|---|
rule_ids + |
+Yes + |
+Array of strings + |
+Rule ID list + |
+
Status code: 400
+ +Parameter + |
+Type + |
+Description + |
+
|---|---|---|
error_code + |
+String + |
+Error code +Minimum: 8 +Maximum: 36 + |
+
error_msg + |
+String + |
+Description +Minimum: 2 +Maximum: 512 + |
+
Clear the hits of ACL rule 59ff6bd9-0a76-41ec-9650-380086069965 in the project whose ID is 0b2179bbe180d3762fb0c01a2d5725c7.
+https://{Endpoint}/v1/0b2179bbe180d3762fb0c01a2d5725c7/acl-rule/count
+
+{
+ "rule_ids" : [ "59ff6bd9-0a76-41ec-9650-380086069965" ]
+}
+Status code: 200
+OK
+{ }
+Status code: 400
+Bad Request
+{
+ "error_code" : "CFW.00400006",
+ "error_msg" : "clear rule hit count param error."
+}
+Status Code + |
+Description + |
+
|---|---|
200 + |
+OK + |
+
400 + |
+Bad Request + |
+
401 + |
+Unauthorized + |
+
403 + |
+Forbidden + |
+
404 + |
+Not Found + |
+
500 + |
+Internal Server Error + |
+
See Error Codes.
+This API is used to delete a member from an address group.
+DELETE /v1/{project_id}/address-items/{item_id}
+ +Parameter + |
+Mandatory + |
+Type + |
+Description + |
+
|---|---|---|---|
item_id + |
+Yes + |
+String + |
+ID of an address group member + |
+
project_id + |
+Yes + |
+String + |
+Project ID + |
+
Parameter + |
+Mandatory + |
+Type + |
+Description + |
+
|---|---|---|---|
enterprise_project_id + |
+No + |
+String + |
+Enterprise project id, the id generated by the enterprise project after the user supports the enterprise project. + |
+
fw_instance_id + |
+No + |
+String + |
+Firewall instance ID, which is automatically generated after a CFW instance is created. You can obtain the ID by calling the API used for querying a firewall instance. For details, see the API Explorer and Help Center FAQ.By default, if fw_instance_Id is not specified, information about the first firewall under the account is returned. If fw_instance_Id is specified, information about the firewall with this fw_instance_Id is returned.If object_Id is specified, information about the firewall with this object_Id is returned by default. If both fw_instance_Id and object_Id are specified, the specified object_Id must belong to the specified firewall. + |
+
Parameter + |
+Mandatory + |
+Type + |
+Description + |
+
|---|---|---|---|
X-Auth-Token + |
+Yes + |
+String + |
+User token. It can be obtained by calling the IAM API used to obtain a user token. The value of X-Subject-Token in the response header is a token. + |
+
Status code: 200
+ +Parameter + |
+Type + |
+Description + |
+
|---|---|---|
data + |
+IdObject object + |
+delete address item response + |
+
Parameter + |
+Type + |
+Description + |
+
|---|---|---|
id + |
+String + |
+ID + |
+
name + |
+String + |
+name + |
+
Status code: 400
+ +Parameter + |
+Type + |
+Description + |
+
|---|---|---|
error_code + |
+String + |
+Error code +Minimum: 8 +Maximum: 36 + |
+
error_msg + |
+String + |
+Description +Minimum: 2 +Maximum: 512 + |
+
Delete the address group member whose ID is 65cb47fc-e666-4af4-8c2c-1fbd2f4b1eae from the project whose ID is 9d80d070b6d44942af73c9c3d38e0429.
+https://{Endpoint}/v1/9d80d070b6d44942af73c9c3d38e0429/address-items/65cb47fc-e666-4af4-8c2c-1fbd2f4b1eae
+Status code: 200
+Return value for deleting an address group member
+{
+ "data" : {
+ "id" : "65cb47fc-e666-4af4-8c2c-1fbd2f4b1eae",
+ "name" : "test"
+ }
+}
+Status code: 400
+Bad Request
+{
+ "error_code" : "CFW.0020016",
+ "error_msg" : "Incorrect instance status."
+}
+Status Code + |
+Description + |
+
|---|---|
200 + |
+Return value for deleting an address group member + |
+
400 + |
+Bad Request + |
+
401 + |
+Unauthorized + |
+
403 + |
+Forbidden + |
+
404 + |
+Not Found + |
+
500 + |
+Internal Server Error + |
+
See Error Codes.
+This API is used to delete an address group.
+DELETE /v1/{project_id}/address-sets/{set_id}
+ +Parameter + |
+Mandatory + |
+Type + |
+Description + |
+
|---|---|---|---|
project_id + |
+Yes + |
+String + |
+Project ID + |
+
set_id + |
+Yes + |
+String + |
+ID of the IP address group + |
+
Parameter + |
+Mandatory + |
+Type + |
+Description + |
+
|---|---|---|---|
enterprise_project_id + |
+No + |
+String + |
+Enterprise project id, the id generated by the enterprise project after the user supports the enterprise project. + |
+
fw_instance_id + |
+No + |
+String + |
+Firewall instance ID, which is automatically generated after a CFW instance is created. You can obtain the ID by calling the API used for querying a firewall instance. For details, see the API Explorer and Help Center FAQ.By default, if fw_instance_Id is not specified, information about the first firewall under the account is returned. If fw_instance_Id is specified, information about the firewall with this fw_instance_Id is returned.If object_Id is specified, information about the firewall with this object_Id is returned by default. If both fw_instance_Id and object_Id are specified, the specified object_Id must belong to the specified firewall. + |
+
Parameter + |
+Mandatory + |
+Type + |
+Description + |
+
|---|---|---|---|
X-Auth-Token + |
+Yes + |
+String + |
+User token. It can be obtained by calling the IAM API used to obtain a user token. The value of X-Subject-Token in the response header is a token. + |
+
Status code: 200
+ +Parameter + |
+Type + |
+Description + |
+
|---|---|---|
data + |
+IdObject object + |
+Data returned after an address group is deleted + |
+
Parameter + |
+Type + |
+Description + |
+
|---|---|---|
id + |
+String + |
+ID + |
+
name + |
+String + |
+name + |
+
Status code: 400
+ +Parameter + |
+Type + |
+Description + |
+
|---|---|---|
error_code + |
+String + |
+Error code +Minimum: 8 +Maximum: 36 + |
+
error_msg + |
+String + |
+Description +Minimum: 2 +Maximum: 512 + |
+
Delete address set cf18f0b1-0ce7-4eb8-83b6-4b33c8448e16 from project 9d80d070b6d44942af73c9c3d38e0429.
+https://{Endpoint}/v1/9d80d070b6d44942af73c9c3d38e0429/address-sets/cf18f0b1-0ce7-4eb8-83b6-4b33c8448e16
+Status code: 200
+OK
+{
+ "data" : {
+ "id" : "cf18f0b1-0ce7-4eb8-83b6-4b33c8448e16",
+ "name" : "test"
+ }
+}
+Status code: 400
+Bad Request
+{
+ "error_code" : "CFW.00200004",
+ "error_msg" : "can not delete for used"
+}
+Status Code + |
+Description + |
+
|---|---|
200 + |
+OK + |
+
400 + |
+Bad Request + |
+
401 + |
+Unauthorized + |
+
403 + |
+Forbidden + |
+
404 + |
+Not Found + |
+
500 + |
+Internal Server Error + |
+
See Error Codes.
+This API is used to delete a blacklist or whitelist rule.
+DELETE /v1/{project_id}/black-white-list/{list_id}
+ +Parameter + |
+Mandatory + |
+Type + |
+Description + |
+
|---|---|---|---|
project_id + |
+Yes + |
+String + |
+Project ID + |
+
list_id + |
+Yes + |
+String + |
+Blacklist/Whitelist ID + |
+
Parameter + |
+Mandatory + |
+Type + |
+Description + |
+
|---|---|---|---|
enterprise_project_id + |
+No + |
+String + |
+Enterprise project id, the id generated by the enterprise project after the user supports the enterprise project. + |
+
fw_instance_id + |
+No + |
+String + |
+Firewall instance ID, which is automatically generated after a CFW instance is created. You can obtain the ID by calling the API used for querying a firewall instance. For details, see the API Explorer and Help Center FAQ.By default, if fw_instance_Id is not specified, information about the first firewall under the account is returned. If fw_instance_Id is specified, information about the firewall with this fw_instance_Id is returned.If object_Id is specified, information about the firewall with this object_Id is returned by default. If both fw_instance_Id and object_Id are specified, the specified object_Id must belong to the specified firewall. + |
+
Parameter + |
+Mandatory + |
+Type + |
+Description + |
+
|---|---|---|---|
X-Auth-Token + |
+Yes + |
+String + |
+User token. It can be obtained by calling the IAM API used to obtain a user token. The value of X-Subject-Token in the response header is a token. + |
+
Status code: 200
+ +Parameter + |
+Type + |
+Description + |
+
|---|---|---|
data + |
+IdObject object + |
+Response to the request for deleting a blacklist or whitelist + |
+
Parameter + |
+Type + |
+Description + |
+
|---|---|---|
id + |
+String + |
+ID + |
+
name + |
+String + |
+name + |
+
Status code: 400
+ +Parameter + |
+Type + |
+Description + |
+
|---|---|---|
error_code + |
+String + |
+Error code +Minimum: 8 +Maximum: 36 + |
+
error_msg + |
+String + |
+Description +Minimum: 2 +Maximum: 512 + |
+
Delete the black and white list with the project id 9d80d070b6d44942af73c9c3d38e0429 and the black and white list with the id 2eee3fe8-0b9b-49ac-8e7f-eaafa321e99a
+https://{Endpoint}/v1/9d80d070b6d44942af73c9c3d38e0429/black-white-list/2eee3fe8-0b9b-49ac-8e7f-eaafa321e99a
+Status code: 200
+Blacklist/Whitelist deletion response
+{
+ "data" : {
+ "id" : "2eee3fe8-0b9b-49ac-8e7f-eaafa321e99a"
+ }
+}
+Status code: 400
+Bad Request
+{
+ "error_code" : "CFW.00200005",
+ "error_msg" : "operation content does not exist"
+}
+Status Code + |
+Description + |
+
|---|---|
200 + |
+Blacklist/Whitelist deletion response + |
+
400 + |
+Bad Request + |
+
401 + |
+Unauthorized + |
+
403 + |
+Forbidden + |
+
404 + |
+Not Found + |
+
500 + |
+Internal Server Error + |
+
See Error Codes.
+This API is used to delete domain set.
+DELETE /v1/{project_id}/domain-set/{set_id}
+ +Parameter + |
+Mandatory + |
+Type + |
+Description + |
+
|---|---|---|---|
project_id + |
+Yes + |
+String + |
+project ID + |
+
set_id + |
+Yes + |
+String + |
+set id + |
+
Parameter + |
+Mandatory + |
+Type + |
+Description + |
+
|---|---|---|---|
enterprise_project_id + |
+No + |
+String + |
+Enterprise project id, the id generated by the enterprise project after the user supports the enterprise project. + |
+
fw_instance_id + |
+Yes + |
+String + |
+Firewall instance ID, which is automatically generated after a CFW instance is created. You can obtain the ID by calling the API used for querying a firewall instance. For details, see the API Explorer and Help Center FAQ.By default, if fw_instance_Id is not specified, information about the first firewall under the account is returned. If fw_instance_Id is specified, information about the firewall with this fw_instance_Id is returned.If object_Id is specified, information about the firewall with this object_Id is returned by default. If both fw_instance_Id and object_Id are specified, the specified object_Id must belong to the specified firewall. + |
+
Parameter + |
+Mandatory + |
+Type + |
+Description + |
+
|---|---|---|---|
X-Auth-Token + |
+Yes + |
+String + |
+User token. It can be obtained by calling the IAM API used to obtain a user token. The value of X-Subject-Token in the response header is a token. + |
+
Status code: 200
+ +Parameter + |
+Type + |
+Description + |
+
|---|---|---|
data + |
+DomainSetResponseData object + |
+delete domain set response + |
+
Delete domain set 89bce6a4-9b59-4d7a-b5f9-cac5ac16d88a from firewall 7a004e79-0b8b-4679-ab20-267f3946e8ba in project 9d80d070b6d44942af73c9c3d38e0429.
+https://{Endpoint}/v1/9d80d070b6d44942af73c9c3d38e0429/domain-set/89bce6a4-9b59-4d7a-b5f9-cac5ac16d88a?fw_instance_id=7a004e79-0b8b-4679-ab20-267f3946e8ba&enterprise_project_id=default
+Status code: 200
+Delete Domain Set Response
+{
+ "data" : {
+ "id" : "89bce6a4-9b59-4d7a-b5f9-cac5ac16d88a",
+ "name" : "test"
+ }
+}
+Status Code + |
+Description + |
+
|---|---|
200 + |
+Delete Domain Set Response + |
+
See Error Codes.
+delete domains
+DELETE /v1/{project_id}/domain-set/domains/{set_id}
+ +Parameter + |
+Mandatory + |
+Type + |
+Description + |
+
|---|---|---|---|
project_id + |
+Yes + |
+String + |
+Project ID + |
+
set_id + |
+Yes + |
+String + |
+Domain Set ID + |
+
Parameter + |
+Mandatory + |
+Type + |
+Description + |
+
|---|---|---|---|
enterprise_project_id + |
+No + |
+String + |
+Enterprise project id, the id generated by the enterprise project after the user supports the enterprise project. + |
+
Parameter + |
+Mandatory + |
+Type + |
+Description + |
+
|---|---|---|---|
X-Auth-Token + |
+Yes + |
+String + |
+User token. It can be obtained by calling the IAM API used to obtain a user token. The value of X-Subject-Token in the response header is a token. + |
+
Parameter + |
+Mandatory + |
+Type + |
+Description + |
+
|---|---|---|---|
object_id + |
+Yes + |
+String + |
+Protected object ID, which is used to distinguish Internet border protection from VPC border protection after a CFW instance is created. You can obtain the ID by calling the API used for querying a firewall instance. Note that the value 0 indicates the ID of a protected object on the Internet border, and the value 1 indicates the ID of a protected object on the VPC border. For details, see the API Explorer and Help Center FAQ. + |
+
domain_address_ids + |
+Yes + |
+Array of strings + |
+domain address ids + |
+
Status code: 200
+ +Parameter + |
+Type + |
+Description + |
+
|---|---|---|
data + |
+DomainSetResponseData object + |
+delete domains response data + |
+
For the project whose project id is 14181c1245cf4fd786824efe1e2b9388, delete the domain names under the firewall whose firewall id is 546af3f8-88e9-47f2-a205-2346d7090925, the protected object id is ae42418e-f077-41a0-9d3b-5b2f5ad910 2b, the domain set id is 78719348-6d79- 477e-acec-676a29842ab2, and the domain names are "b9c23ad8-16d2-4f14-894f-29250c5d27e5", "c36f9462-467b-4303-9734-f9abc38ddb95".
+https://{Endpoint}/v1/14181c1245cf4fd786824efe1e2b9388/domain-set/domains/78719348-6d79-477e-acec-676a29842ab2?fw_instance_id=546af3f8-88e9-47f2-a205-2346d7090925&enterprise_project_id=default
+
+{
+ "domain_address_ids" : [ "b9c23ad8-16d2-4f14-894f-29250c5d27e5", "c36f9462-467b-4303-9734-f9abc38ddb95" ],
+ "object_id" : "ae42418e-f077-41a0-9d3b-5b2f5ad9102b"
+}
+Status code: 200
+delete domains response
+{
+ "data" : {
+ "id" : "78719348-6d79-477e-acec-676a29842ab2",
+ "name" : "test26"
+ }
+}
+Status Code + |
+Description + |
+
|---|---|
200 + |
+delete domains response + |
+
See Error Codes.
+Delete firewall instance,only postpaid mode is supported.
+DELETE /v2/{project_id}/firewall/{resource_id}
+ +Parameter + |
+Mandatory + |
+Type + |
+Description + |
+
|---|---|---|---|
project_id + |
+Yes + |
+String + |
+Project ID + |
+
resource_id + |
+Yes + |
+String + |
+Resource Id + |
+
Parameter + |
+Mandatory + |
+Type + |
+Description + |
+
|---|---|---|---|
X-Auth-Token + |
+No + |
+String + |
+User token. It can be obtained by calling the IAM API used to obtain a user token. The value of X-Subject-Token in the response header is a token. + |
+
Status code: 200
+ +Parameter + |
+Type + |
+Description + |
+
|---|---|---|
data + |
+String + |
+Delete Firewall Response + |
+
Delete firewall whose firewall instance id is 08065281-860a-4c98-aeb5-82cf65c44c46c46 and project id is 06217ebc876e427a80a2c05d51264ab1.
+https://{Endpoint}/v2/06217ebc876e427a80a2c05d51264ab1/firewall/08065281-860a-4c98-aeb5-82cf65c44c46
+Status code: 200
+Delete Firewall Response
+{
+ "data" : "56884cd0-cf3c-4cb7-bbeb-59d8722a2671"
+}
+Status Code + |
+Description + |
+
|---|---|
200 + |
+Delete Firewall Response + |
+
See Error Codes.
+This API is used to delete a member from a service group.
+DELETE /v1/{project_id}/service-items/{item_id}
+ +Parameter + |
+Mandatory + |
+Type + |
+Description + |
+
|---|---|---|---|
project_id + |
+Yes + |
+String + |
+Project ID + |
+
item_id + |
+Yes + |
+String + |
+ID of a service group member + |
+
Parameter + |
+Mandatory + |
+Type + |
+Description + |
+
|---|---|---|---|
enterprise_project_id + |
+No + |
+String + |
+Enterprise project id, the id generated by the enterprise project after the user supports the enterprise project. + |
+
fw_instance_id + |
+No + |
+String + |
+Firewall instance ID, which is automatically generated after a CFW instance is created. You can obtain the ID by calling the API used for querying a firewall instance. For details, see the API Explorer and Help Center FAQ.By default, if fw_instance_Id is not specified, information about the first firewall under the account is returned. If fw_instance_Id is specified, information about the firewall with this fw_instance_Id is returned.If object_Id is specified, information about the firewall with this object_Id is returned by default. If both fw_instance_Id and object_Id are specified, the specified object_Id must belong to the specified firewall. + |
+
Parameter + |
+Mandatory + |
+Type + |
+Description + |
+
|---|---|---|---|
X-Auth-Token + |
+Yes + |
+String + |
+User token. It can be obtained by calling the IAM API used to obtain a user token. The value of X-Subject-Token in the response header is a token. + |
+
Status code: 200
+ +Parameter + |
+Type + |
+Description + |
+
|---|---|---|
data + |
+IdObject object + |
+Delete service group member data. + |
+
Parameter + |
+Type + |
+Description + |
+
|---|---|---|
id + |
+String + |
+ID + |
+
name + |
+String + |
+name + |
+
Status code: 400
+ +Parameter + |
+Type + |
+Description + |
+
|---|---|---|
error_code + |
+String + |
+Error code +Minimum: 8 +Maximum: 36 + |
+
error_msg + |
+String + |
+Description +Minimum: 2 +Maximum: 512 + |
+
This API is used to Delete the service group member whose project ID is 9d80d070b6d44942af73c9c3d38e0429 and service group member ID is 6b37ed55-1e21-46a5-a7dc-a59ef418d359.
+https://{Endpoint}/v1/9d80d070b6d44942af73c9c3d38e0429/service-items/6b37ed55-1e21-46a5-a7dc-a59ef418d359
+Status code: 200
+Response to the request for deleting a service group member.
+{
+ "data" : {
+ "id" : "26f562c4-fe11-43d0-9654-f54298d5b12e"
+ }
+}
+Status code: 400
+Bad Request
+{
+ "error_code" : "CFW.0020016",
+ "error_msg" : "instance status error"
+}
+Status Code + |
+Description + |
+
|---|---|
200 + |
+Response to the request for deleting a service group member. + |
+
400 + |
+Bad Request + |
+
401 + |
+Unauthorized + |
+
403 + |
+Forbidden + |
+
404 + |
+Not Found + |
+
500 + |
+Internal Server Error + |
+
See Error Codes.
+This API is used to delete a service group.
+DELETE /v1/{project_id}/service-sets/{set_id}
+ +Parameter + |
+Mandatory + |
+Type + |
+Description + |
+
|---|---|---|---|
project_id + |
+Yes + |
+String + |
+Project ID + |
+
set_id + |
+Yes + |
+String + |
+Indicates the service set ID. + |
+
Parameter + |
+Mandatory + |
+Type + |
+Description + |
+
|---|---|---|---|
enterprise_project_id + |
+No + |
+String + |
+Enterprise project id, the id generated by the enterprise project after the user supports the enterprise project. + |
+
fw_instance_id + |
+No + |
+String + |
+Firewall instance ID, which is automatically generated after a CFW instance is created. You can obtain the ID by calling the API used for querying a firewall instance. For details, see the API Explorer and Help Center FAQ.By default, if fw_instance_Id is not specified, information about the first firewall under the account is returned. If fw_instance_Id is specified, information about the firewall with this fw_instance_Id is returned.If object_Id is specified, information about the firewall with this object_Id is returned by default. If both fw_instance_Id and object_Id are specified, the specified object_Id must belong to the specified firewall. + |
+
Parameter + |
+Mandatory + |
+Type + |
+Description + |
+
|---|---|---|---|
X-Auth-Token + |
+Yes + |
+String + |
+User token. It can be obtained by calling the IAM API used to obtain a user token. The value of X-Subject-Token in the response header is a token. + |
+
Status code: 200
+ +Parameter + |
+Type + |
+Description + |
+
|---|---|---|
data + |
+IdObject object + |
+Data returned after a service group is deleted + |
+
Parameter + |
+Type + |
+Description + |
+
|---|---|---|
id + |
+String + |
+ID + |
+
name + |
+String + |
+name + |
+
Status code: 400
+ +Parameter + |
+Type + |
+Description + |
+
|---|---|---|
error_code + |
+String + |
+Error code +Minimum: 8 +Maximum: 36 + |
+
error_msg + |
+String + |
+Description +Minimum: 2 +Maximum: 512 + |
+
Delete the service group whose project ID is 9d80d070b6d44942af73c9c3d38e0429 and service group ID is 221cfdca-3abf-4c30-ab0d-516a03c70866.
+https://{Endpoint}/v1/9d80d070b6d44942af73c9c3d38e0429/service-sets/221cfdca-3abf-4c30-ab0d-516a03c70866
+Status code: 200
+OK
+{
+ "data" : {
+ "id" : "221cfdca-3abf-4c30-ab0d-516a03c70866",
+ "name" : "test"
+ }
+}
+Status code: 400
+Bad Request
+{
+ "error_code" : "CFW.00200004",
+ "error_msg" : "can not delete for used"
+}
+Status Code + |
+Description + |
+
|---|---|
200 + |
+OK + |
+
400 + |
+Bad Request + |
+
401 + |
+Unauthorized + |
+
403 + |
+Forbidden + |
+
404 + |
+Not Found + |
+
500 + |
+Internal Server Error + |
+
See Error Codes.
+Status Code + |
+Error Codes + |
+Error Message + |
+Description + |
+Solution + |
+
|---|---|---|---|---|
400 + |
+CFW.00109004 + |
+http to external service error. + |
+http to external service error. + |
+Try again later or contact technical support. + |
+
400 + |
+CFW.00200001 + |
+empty param + |
+empty param. + |
+contact technical support. + |
+
400 + |
+can not delete for used. + |
+can not delete for used. + |
+can not delete for used. + |
+contact technical support. + |
+
400 + |
+CFW.00200005 + |
+operation content does not exist. + |
+operation content does not exist. + |
+contact technical support. + |
+
400 + |
+CFW.00200007 + |
+name conflict. + |
+name conflict. + |
+please rename the name. + |
+
400 + |
+CFW.00200009 + |
+A request with the same param already exists. + |
+A request with the same param already exists. + |
+contact technical support. + |
+
400 + |
+CFW.00200010 + |
+Config type error. + |
+Config type error. + |
+contact technical support. + |
+
400 + |
+CFW.00200011 + |
+Not support batch operation. + |
+Not support batch operation. + |
+contact technical support. + |
+
400 + |
+CFW.00200013 + |
+url syntax error. + |
+url syntax error. + |
+contact technical support. + |
+
400 + |
+CFW.00200020 + |
+added acl rules can't exceed 20. + |
+added acl rules can't exceed 20. + |
+Please reduce the number of added acl rules. + |
+
400 + |
+CFW.00200022 + |
+all IP address segments is not allowed in black and white list. + |
+all IP address segments is not allowed in black and white list. + |
+Please specify the black and white list ip address segment. + |
+
400 + |
+CFW.00200023 + |
+PARAM_UPGRADING_TASK_OUT_OF_RANGE + |
+PARAM_UPGRADING_TASK_OUT_OF_RANGE. + |
+contact technical support. + |
+
400 + |
+CFW.00200024 + |
+Exceeded maximum quantity limit. + |
+Exceeded maximum quantity limit. + |
+contact technical support. + |
+
400 + |
+CFW.00200025 + |
+long connection acl rules time out of range. + |
+long connection acl rules time out of range. + |
+Please make sure the long connection rule duration is from one second to a thousand days. + |
+
400 + |
+CFW.00200026 + |
+Long connection acl rules reach limit. + |
+Long connection acl rules reach limit. + |
+Please delete some long connection rules. + |
+
400 + |
+CFW.00200027 + |
+acl address is error. + |
+acl address is error. + |
+Please make sure that the acl rule address conforms to the specification. + |
+
400 + |
+CFW.00200028 + |
+inconsistent address types. + |
+inconsistent address types. + |
+Please make sure the address type is the same. + |
+
400 + |
+CFW.00200030 + |
+address type is error. + |
+address type is error. + |
+contact technical support. + |
+
400 + |
+CFW.00200032 + |
+The engine does not support IPv6. + |
+The engine does not support IPv6. + |
+contact technical support. + |
+
400 + |
+CFW.00200036 + |
+The network segment cannot be changed to a private network segment. + |
+The network segment cannot be changed to a private network segment. + |
+contact technical support. + |
+
400 + |
+CFW.00200041 + |
+address is null. + |
+address is null. + |
+Please add address type parameter. + |
+
400 + |
+CFW.00200016 + |
+instance status error. + |
+instance status error. + |
+contact technical support. + |
+
400 + |
+CFW.00200110 + |
+Can't operate basic defense + |
+Can't operate basic defense + |
+contact technical support. + |
+
400 + |
+CFW.00300001 + |
+Parse command error. + |
+Parse command error. + |
+contact technical support. + |
+
400 + |
+CFW.00400002 + |
+not need to operate. + |
+not need to operate. + |
+contact technical support. + |
+
400 + |
+CFW.00400004 + |
+item already exist. + |
+item already exist. + |
+Please delete some service items. + |
+
400 + |
+CFW.00400006 + |
+clear rule hit count param error. + |
+clear rule hit count param error. + |
+Please check and confirm whether the parameter value is legal. + |
+
400 + |
+CFW.00400007 + |
+ACL_RULE_TYPE_INCONSISTENT. + |
+ACL_RULE_TYPE_INCONSISTENT. + |
+Make sure to add the same rule type. + |
+
400 + |
+CFW.00400008 + |
+protect object doesn't exist. + |
+protect object doesn't exist. + |
+contact technical support. + |
+
400 + |
+CFW.00400009 + |
+The number of wildcard domain name protection rules exceeds the upper limit + |
+The number of wildcard domain name protection rules exceeds the upper limit + |
+Please delete some generic domain name protection rules. + |
+
400 + |
+CFW.00400010 + |
+not supported protocol for long connection. + |
+not supported protocol for long connection. + |
+Please make sure that the rule protocol belongs to TCP, UDP. + |
+
400 + |
+CFW.00400011 + |
+BLACK_WHITE_LIST_REPEAT. + |
+BLACK_WHITE_LIST_REPEAT. + |
+Make sure to add a different black and white list. + |
+
400 + |
+CFW.00400012 + |
+East west protection not existed,private Ip blackWhite list cannot be submitted. + |
+East west protection not existed,private Ip blackWhite list cannot be submitted. + |
+Please add east-west protection. + |
+
400 + |
+CFW.00400013 + |
+The number of blocklists or trustlists exceeds the maximum 2000. + |
+The number of blocklists or trustlists exceeds the maximum 2000. + |
+Please delete some black and white lists. + |
+
400 + |
+CFW.00500002 + |
+time range error. + |
+time range error. + |
+contact technical support. + |
+
400 + |
+CFW.00500004 + |
+time range error. + |
+time range error. + |
+contact technical support. + |
+
400 + |
+CFW.00600003 + |
+HTTP response status code does not match. + |
+HTTP response status code does not match. + |
+contact technical support. + |
+
400 + |
+CFW.00700001 + |
+er not exist error. + |
+er not exist error. + |
+Please check if er exists. + |
+
400 + |
+CFW.00700002 + |
+vpc not exist error. + |
+vpc not exist error. + |
+Please check if vpc exists. + |
+
400 + |
+CFW.00700003 + |
+associated subnet conflict. + |
+associated subnet conflict. + |
+Please make sure that the created subnet does not overlap with the subnet segment under the existing vpc. + |
+
400 + |
+CFW.00700004 + |
+create subnet error. + |
+create subnet error. + |
+contact technical support. + |
+
400 + |
+CFW.00700007 + |
+er attach vpc error. + |
+er attach vpc error. + |
+contact technical support. + |
+
400 + |
+CFW.00700012 + |
+change route error. + |
+change route error. + |
+contact technical support. + |
+
400 + |
+CFW.00700015 + |
+Get VPC quotas error. + |
+Get VPC quotas error. + |
+contact technical support. + |
+
400 + |
+CFW.00700016 + |
+Vpc contain route table quota not enough. + |
+Vpc contain route table quota not enough. + |
+Please delete the existing routing table under vpc. + |
+
400 + |
+CFW.00800001 + |
+An error occurred when querying from etcd. + |
+An error occurred when querying from etcd. + |
+contact technical support. + |
+
400 + |
+CFW.00800002 + |
+An error occurred when deleting from etcd. + |
+An error occurred when deleting from etcd. + |
+contact technical support. + |
+
400 + |
+CFW.00800003 + |
+An error occurred when save to etcd. + |
+An error occurred when save to etcd. + |
+contact technical support. + |
+
400 + |
+CFW.00900016 + |
+The import task is in progress. Please operate after the task is completed. + |
+The import task is in progress. Please operate after the task is completed. + |
+Please wait some time until the import task finishes. + |
+
400 + |
+CFW.00900020 + |
+Address groups exceed the maximum limit + |
+Address groups exceed the maximum limit + |
+Please delete some address groups. + |
+
400 + |
+CFW.00900030 + |
+Global services reach limit. + |
+Global services reach limit. + |
+Please delete some service items. + |
+
400 + |
+CFW.01100008 + |
+Configurations cannot be delivered during cluster capacity expansion. + |
+Configurations cannot be delivered during cluster capacity expansion. + |
+contact technical support. + |
+
This API is used to query access control logs.
+GET /v1/{project_id}/cfw/logs/access-control
+ +Parameter + |
+Mandatory + |
+Type + |
+Description + |
+
|---|---|---|---|
project_id + |
+Yes + |
+String + |
+Project ID + |
+
Parameter + |
+Mandatory + |
+Type + |
+Description + |
+
|---|---|---|---|
fw_instance_id + |
+Yes + |
+String + |
+Firewall instance ID, which is automatically generated after a CFW instance is created. You can obtain the ID by calling the API used for querying a firewall instance. For details, see the API Explorer and Help Center FAQ. + |
+
rule_id + |
+No + |
+String + |
+Rule ID + |
+
start_time + |
+Yes + |
+Long + |
+Start time + |
+
end_time + |
+Yes + |
+Long + |
+End time + |
+
src_ip + |
+No + |
+String + |
+Source IP address + |
+
src_port + |
+No + |
+Integer + |
+Source port + |
+
dst_ip + |
+No + |
+String + |
+Destination IP address + |
+
dst_port + |
+No + |
+Integer + |
+Destination port + |
+
protocol + |
+No + |
+String + |
+Protocol + |
+
app + |
+No + |
+String + |
+Application protocol + |
+
log_id + |
+No + |
+String + |
+Document ID. The value is null for the first page and not null for the rest of the pages. + |
+
next_date + |
+No + |
+Integer + |
+Date. The value is null for the first page and not null for the rest of the pages. + |
+
offset + |
+No + |
+Integer + |
+Offset, which specifies the start position of the record to be returned. The value must be a number no less than 0. The default value is 0. + |
+
limit + |
+Yes + |
+Integer + |
+Number of records displayed on each page, in the range 1-1024 + |
+
log_type + |
+No + |
+String + |
+Log type +Enumeration values: +
|
+
enterprise_project_id + |
+No + |
+String + |
+Enterprise project id, the id generated by the enterprise project after the user supports the enterprise project. + |
+
dst_host + |
+No + |
+String + |
+destination host + |
+
rule_name + |
+No + |
+String + |
+rule name + |
+
action + |
+No + |
+String + |
+Action. 0: allow; 1: deny + |
+
Parameter + |
+Mandatory + |
+Type + |
+Description + |
+
|---|---|---|---|
X-Auth-Token + |
+Yes + |
+String + |
+User token. It can be obtained by calling the IAM API used to obtain a user token. The value of X-Subject-Token in the response header is a token. + |
+
Status code: 200
+ +Parameter + |
+Type + |
+Description + |
+
|---|---|---|
data + |
+data object + |
+Data returned for querying access control logs + |
+
Parameter + |
+Type + |
+Description + |
+
|---|---|---|
total + |
+Integer + |
+Returned quantity + |
+
limit + |
+Integer + |
+Number of records displayed on each page, in the range 1-1024 + |
+
records + |
+Array of records objects + |
+Record + |
+
Parameter + |
+Type + |
+Description + |
+
|---|---|---|
action + |
+String + |
+Action. 0: allow; 1: deny + |
+
rule_name + |
+String + |
+Rule name + |
+
rule_id + |
+String + |
+Rule ID + |
+
hit_time + |
+Long + |
+Hit time + |
+
src_region_id + |
+String + |
+source region id + |
+
src_region_name + |
+String + |
+source region name + |
+
dst_region_id + |
+String + |
+destination region id + |
+
dst_region_name + |
+String + |
+destination region name + |
+
log_id + |
+String + |
+Document ID + |
+
src_ip + |
+String + |
+Source IP address + |
+
src_port + |
+Integer + |
+Source port + |
+
dst_ip + |
+String + |
+Destination IP address + |
+
dst_port + |
+Integer + |
+Destination port + |
+
protocol + |
+String + |
+Protocol type. The value 6 indicates TCP, 17 indicates UDP, 1 indicates ICMP, 58 indicates ICMPv6, and -1 indicates any protocol. Regarding the addition type, a null value indicates it is automatically added. + |
+
app + |
+String + |
+Application protocol + |
+
dst_host + |
+String + |
+destination host + |
+
Status code: 400
+ +Parameter + |
+Type + |
+Description + |
+
|---|---|---|
error_code + |
+String + |
+Error code +Minimum: 8 +Maximum: 36 + |
+
error_msg + |
+String + |
+Description +Minimum: 2 +Maximum: 512 + |
+
Query the records whose initial position is 0 on the first page of the firewall with the ID 2af58b7c-893c-4453-a984-bdd9b1bd6318 in the project 9d80d070b6d44942af73c9c3d38e0429. The query time range is 1664159069544 to 1664162669544.
+https://{Endpoint}/v1/9d80d070b6d44942af73c9c3d38e0429/cfw/logs/access-control?fw_instance_id=2af58b7c-893c-4453-a984-bdd9b1bd6318&start_time=1664159069544&end_time=1664162669544&limit=10
+Status code: 200
+OK
+{
+ "data" : {
+ "limit" : 10,
+ "records" : [ {
+ "action" : "deny",
+ "app" : "PING",
+ "dst_ip" : "100.85.216.211",
+ "dst_port" : 59,
+ "hit_time" : 1664164255000,
+ "log_id" : "46032",
+ "protocol" : "ICMP: ECHO_REQUEST",
+ "rule_id" : "c755be1c-4b92-4ae7-a15e-c2d02b152538",
+ "rule_name" : "eip_ipv4_w_n_default_deny",
+ "src_ip" : "100.95.148.49",
+ "src_port" : 24954
+ } ],
+ "total" : 1
+ }
+}
+Status code: 400
+Bad Request
+{
+ "error_code" : "CFW.00500002",
+ "error_msg" : "time range error"
+}
+Status Code + |
+Description + |
+
|---|---|
200 + |
+OK + |
+
400 + |
+Bad Request + |
+
401 + |
+Unauthorized + |
+
403 + |
+Forbidden + |
+
404 + |
+Not Found + |
+
500 + |
+Internal Server Error + |
+
See Error Codes.
+This API is used to obtain the rule hit count.
+POST /v1/{project_id}/acl-rule/count
+ +Parameter + |
+Mandatory + |
+Type + |
+Description + |
+
|---|---|---|---|
project_id + |
+Yes + |
+String + |
+Project ID + |
+
Parameter + |
+Mandatory + |
+Type + |
+Description + |
+
|---|---|---|---|
enterprise_project_id + |
+No + |
+String + |
+Enterprise project id, the id generated by the enterprise project after the user supports the enterprise project. + |
+
fw_instance_id + |
+No + |
+String + |
+Firewall instance ID, which is automatically generated after a CFW instance is created. You can obtain the ID by calling the API used for querying a firewall instance. For details, see the API Explorer and Help Center FAQ.By default, if fw_instance_Id is not specified, information about the first firewall under the account is returned. If fw_instance_Id is specified, information about the firewall with this fw_instance_Id is returned.If object_Id is specified, information about the firewall with this object_Id is returned by default. If both fw_instance_Id and object_Id are specified, the specified object_Id must belong to the specified firewall. + |
+
Parameter + |
+Mandatory + |
+Type + |
+Description + |
+
|---|---|---|---|
X-Auth-Token + |
+No + |
+String + |
+User token. It can be obtained by calling the IAM API used to obtain a user token. The value of X-Subject-Token in the response header is a token. + |
+
Parameter + |
+Mandatory + |
+Type + |
+Description + |
+
|---|---|---|---|
rule_ids + |
+Yes + |
+Array of strings + |
+Rule ID list + |
+
Status code: 200
+ +Parameter + |
+Type + |
+Description + |
+
|---|---|---|
data + |
+RuleHitCountRecords object + |
+Rule hit count + |
+
Parameter + |
+Type + |
+Description + |
+
|---|---|---|
limit + |
+Integer + |
+Number of records displayed on each page, in the range 1-1024 + |
+
offset + |
+Integer + |
+Offset, which specifies the start position of the record to be returned. The value must be a number no less than 0. The default value is 0. + |
+
total + |
+Integer + |
+Total + |
+
records + |
+Array of RuleHitCountObject objects + |
+Rule hit count list + |
+
Query the hits of ACL rule 59ff6bd9-0a76-41ec-9650-380086069965 in the project whose ID is 0b2179bbe180d3762fb0c01a2d5725c7.
+https://{Endpoint}/v1/0b2179bbe180d3762fb0c01a2d5725c7/acl-rule/count
+
+{
+ "rule_ids" : [ "59ff6bd9-0a76-41ec-9650-380086069965" ]
+}
+Status code: 200
+Response to the request for obtaining the number of rule hits
+{
+ "data" : {
+ "limit" : 1,
+ "offset" : 1,
+ "records" : [ {
+ "rule_hit_count" : 0,
+ "rule_id" : "59ff6bd9-0a76-41ec-9650-380086069965"
+ } ],
+ "total" : 1
+ }
+}
+Status Code + |
+Description + |
+
|---|---|
200 + |
+Response to the request for obtaining the number of rule hits + |
+
401 + |
+Unauthorized + |
+
403 + |
+Forbidden + |
+
404 + |
+Not Found + |
+
500 + |
+Internal Server Error + |
+
See Error Codes.
+This API is used to query a protection rule.
+GET /v1/{project_id}/acl-rules
+ +Parameter + |
+Mandatory + |
+Type + |
+Description + |
+
|---|---|---|---|
project_id + |
+Yes + |
+String + |
+Project ID + |
+
Parameter + |
+Mandatory + |
+Type + |
+Description + |
+
|---|---|---|---|
object_id + |
+Yes + |
+String + |
+Protected object ID, which is used to distinguish Internet border protection from VPC border protection after a CFW instance is created. You can obtain the ID by calling the API used for querying a firewall instance. Note that the value 0 indicates the ID of a protected object on the Internet border, and the value 1 indicates the ID of a protected object on the VPC border. For details, see the API Explorer and Help Center FAQ. + |
+
type + |
+No + |
+Integer + |
+Specifies the rule type. The value can be 0 (Internet rule), 1 (VPC rule), or 2 (NAT rule). +Enumeration values: +
|
+
protocol + |
+No + |
+Integer + |
+Protocol type. The value is 6 for TCP, 17 for UDP, 1 for ICMP, 58 for ICMPv6, and -1 for any protocol. +Enumeration values: +
|
+
ip + |
+No + |
+String + |
+IP address + |
+
name + |
+No + |
+String + |
+Name + |
+
direction + |
+No + |
+Integer + |
+Direction. 0: inbound; 1: outbound + |
+
status + |
+No + |
+Integer + |
+Indicates the rule delivery status. 0: disabled; 1: enabled. +Enumeration values: +
|
+
action_type + |
+No + |
+Integer + |
+Action. 0: allow; 1: deny +Enumeration values: +
|
+
address_type + |
+No + |
+Integer + |
+Address type. The value can be 0 (IPv4), 1 (IPv6), or 2 (domain). +Enumeration values: +
|
+
limit + |
+Yes + |
+Integer + |
+Number of records displayed on each page, in the range 1-1024 + |
+
offset + |
+Yes + |
+Integer + |
+Offset, which specifies the start position of the record to be returned. The value must be a number no less than 0. The default value is 0. + |
+
enterprise_project_id + |
+No + |
+String + |
+Enterprise project id, the id generated by the enterprise project after the user supports the enterprise project. + |
+
fw_instance_id + |
+No + |
+String + |
+Firewall instance ID, which is automatically generated after a CFW instance is created. You can obtain the ID by calling the API used for querying a firewall instance. For details, see the API Explorer and Help Center FAQ.By default, if fw_instance_Id is not specified, information about the first firewall under the account is returned. If fw_instance_Id is specified, information about the firewall with this fw_instance_Id is returned.If object_Id is specified, information about the firewall with this object_Id is returned by default. If both fw_instance_Id and object_Id are specified, the specified object_Id must belong to the specified firewall. + |
+
tags_id + |
+No + |
+String + |
+tags id + |
+
source + |
+No + |
+String + |
+source address + |
+
destination + |
+No + |
+String + |
+destination address + |
+
service + |
+No + |
+String + |
+service port + |
+
Parameter + |
+Mandatory + |
+Type + |
+Description + |
+
|---|---|---|---|
X-Auth-Token + |
+Yes + |
+String + |
+User token. It can be obtained by calling the IAM API used to obtain a user token. The value of X-Subject-Token in the response header is a token. + |
+
Status code: 200
+ +Parameter + |
+Type + |
+Description + |
+
|---|---|---|
data + |
+data object + |
+data + |
+
Parameter + |
+Type + |
+Description + |
+
|---|---|---|
offset + |
+Integer + |
+Offset, which specifies the start position of the record to be returned. The value must be a number no less than 0. The default value is 0. + |
+
limit + |
+Integer + |
+Number of records displayed on each page, in the range 1-1024 + |
+
total + |
+Integer + |
+Total number of queried records + |
+
object_id + |
+String + |
+Protected object ID, which is used to distinguish Internet border protection from VPC border protection after a CFW instance is created. You can obtain the ID by calling the API used for querying a firewall instance. Note that the value 0 indicates the ID of a protected object on the Internet border, and the value 1 indicates the ID of a protected object on the VPC border. For details, see the API Explorer and Help Center FAQ. + |
+
records + |
+Array of records objects + |
+records + |
+
Parameter + |
+Type + |
+Description + |
+
|---|---|---|
rule_id + |
+String + |
+Rule ID + |
+
address_type + |
+Integer + |
+Address type. The value can be 0 (IPv4) or 1 (IPv6). + |
+
name + |
+String + |
+Rule name + |
+
sequence + |
+OrderRuleAclDto object + |
+UpdateRuleAclDto + |
+
direction + |
+Integer + |
+Direction: 0 means outside to inside, 1 means inside to outside, direction value is required when rule type is internet or nat. +Enumeration values: +
|
+
action_type + |
+Integer + |
+Action. 0: allow; 1: deny + |
+
status + |
+Integer + |
+Rule delivery status. 0: disabled; 1: enabled. + |
+
description + |
+String + |
+Description + |
+
long_connect_time_hour + |
+Long + |
+Persistent connection duration (hour) + |
+
long_connect_time_minute + |
+Long + |
+Persistent connection duration (hour) + |
+
long_connect_time_second + |
+Long + |
+Persistent connection duration (hour) + |
+
long_connect_time + |
+Long + |
+Persistent connection duration + |
+
long_connect_enable + |
+Integer + |
+Persistent connection support + |
+
source + |
+RuleAddressDto object + |
+Source address transmission object + |
+
destination + |
+RuleAddressDto object + |
+destination + |
+
service + |
+RuleServiceDto object + |
+service + |
+
type + |
+Integer + |
+Rule type. The value can be 0 (Internet rule), 1 (VPC rule), or 2 (NAT rule). +Enumeration values: +
|
+
created_date + |
+String + |
+Created time + |
+
last_open_time + |
+String + |
+Last open time + |
+
tag + |
+TagsVO object + |
+tag + |
+
Parameter + |
+Type + |
+Description + |
+
|---|---|---|
dest_rule_id + |
+String + |
+ID of the rule that the added rule will follow. This parameter cannot be left blank if the rule is not pinned on top, and is empty when the added rule is pinned on top. + |
+
top + |
+Integer + |
+Whether to pin on top. The options are as follows: 0: no; 1: yes. + |
+
Parameter + |
+Type + |
+Description + |
+
|---|---|---|
type + |
+Integer + |
+Source type. 0: manual input; 1: associated IP address group; 2: domain name + |
+
address_type + |
+Integer + |
+Source type. 0: IPv4; 1: IPv6 + |
+
address + |
+String + |
+Source IP address. The value cannot be empty for the manual type, and cannot be empty for the automatic or domain type. + |
+
address_set_id + |
+String + |
+ID of the associated IP address group. The value cannot be empty for the automatic type or for the manual or domain type. + |
+
address_set_name + |
+String + |
+IP address group name + |
+
domain_address_name + |
+String + |
+Name of the domain name address. This parameter cannot be left empty for the domain name type, and is empty for the manual or automatic type. + |
+
region_list_json + |
+String + |
+JSON value of the rule region list. + |
+
region_list + |
+Array of IpRegionDto objects + |
+Region list of a rule + |
+
domain_set_id + |
+String + |
+domain set id + |
+
domain_set_name + |
+String + |
+domain set name + |
+
ip_address + |
+Array of strings + |
+IP address list + |
+
address_group + |
+Array of strings + |
+address group + |
+
address_group_names + |
+Array of AddressGroupVO objects + |
+Address set list + |
+
Parameter + |
+Type + |
+Description + |
+
|---|---|---|
region_id + |
+String + |
+region id + |
+
description_cn + |
+String + |
+cn description + |
+
description_en + |
+String + |
+en description + |
+
region_type + |
+Integer + |
+Region type, 0 means country, 1 means province, 2 means continent + |
+
Parameter + |
+Type + |
+Description + |
+
|---|---|---|
type + |
+Integer + |
+Service input type. The value 0 indicates manual input, and the value 1 indicates automatic input. + |
+
protocol + |
+Integer + |
+Protocol type. The value 6 indicates TCP, 17 indicates UDP, 1 indicates ICMP, 58 indicates ICMPv6, and -1 indicates any protocol. Regarding the addition type, a null value indicates it is automatically added. + |
+
source_port + |
+String + |
+Source port + |
+
dest_port + |
+String + |
+Destination port + |
+
service_set_id + |
+String + |
+Service group ID. This parameter is left blank for the manual type and cannot be left blank for the automatic type. + |
+
service_set_name + |
+String + |
+Service group name + |
+
custom_service + |
+Array of ServiceItem objects + |
+custom service + |
+
service_group + |
+Array of strings + |
+Service group list + |
+
service_group_names + |
+Array of AddressGroupVO objects + |
+Service group name list + |
+
Parameter + |
+Type + |
+Description + |
+
|---|---|---|
protocol + |
+Integer + |
+Protocol type. The value 6 indicates TCP, 17 indicates UDP, 1 indicates ICMP, 58 indicates ICMPv6, and -1 indicates any protocol. Regarding the addition type, a null value indicates it is automatically added. + |
+
source_port + |
+String + |
+source port + |
+
dest_port + |
+String + |
+destination port + |
+
description + |
+String + |
+description + |
+
name + |
+String + |
+name + |
+
Parameter + |
+Type + |
+Description + |
+
|---|---|---|
set_id + |
+String + |
+set id + |
+
name + |
+String + |
+name + |
+
Parameter + |
+Type + |
+Description + |
+
|---|---|---|
tag_id + |
+String + |
+tag id + |
+
tag_key + |
+String + |
+tag key + |
+
tag_value + |
+String + |
+tag value + |
+
Status code: 400
+ +Parameter + |
+Type + |
+Description + |
+
|---|---|---|
error_code + |
+String + |
+Error code +Minimum: 8 +Maximum: 36 + |
+
error_msg + |
+String + |
+Description +Minimum: 2 +Maximum: 512 + |
+
Query the data whose project ID is 9d80d070b6d44942af73c9c3d38e0429, project ID is e12bd2cd-ebfc-4af7-ad6f-ebe6da398029, and size is 10.
+https://{Endpoint}/cfw/v1/9d80d070b6d44942af73c9c3d38e0429/acl-rules?object_id=e12bd2cd-ebfc-4af7-ad6f-ebe6da398029&limit=10&offset=0
+Status code: 200
+OK
+{
+ "data" : {
+ "limit" : 10,
+ "object_id" : "cfebd347-b655-4b84-b938-3c54317599b2",
+ "offset" : 0,
+ "records" : [ {
+ "action_type" : 0,
+ "address_type" : 0,
+ "destination" : {
+ "address" : "0.0.0.0/0",
+ "address_type" : 0,
+ "type" : 0
+ },
+ "direction" : 1,
+ "long_connect_enable" : 0,
+ "created_date" : "2024-02-27 04:01:17",
+ "last_open_time" : "2024-02-27 04:01:17",
+ "description" : "description",
+ "name" : "eip_ipv4_n_w_allow",
+ "rule_id" : "ffe9af47-d893-483b-86e3-ee5242e8cb15",
+ "service" : {
+ "dest_port" : "0",
+ "protocol" : -1,
+ "source_port" : "0",
+ "type" : 0
+ },
+ "source" : {
+ "address_set_id" : "48bfb09b-6f3a-4371-8ddb-05d5d7148bcc",
+ "address_set_name" : "ip_group",
+ "address_type" : 0,
+ "type" : 1
+ },
+ "status" : 1,
+ "type" : "0"
+ } ],
+ "total" : 1
+ }
+}
+Status code: 400
+Bad Request
+{
+ "error_code" : "CFW.0020016",
+ "error_msg" : "instance status error"
+}
+Status Code + |
+Description + |
+
|---|---|
200 + |
+OK + |
+
400 + |
+Bad Request + |
+
401 + |
+Unauthorized + |
+
403 + |
+Forbidden + |
+
404 + |
+Not Found + |
+
500 + |
+Internal Server Error + |
+
See Error Codes.
+This API is used to query address group members.
+GET /v1/{project_id}/address-items
+ +Parameter + |
+Mandatory + |
+Type + |
+Description + |
+
|---|---|---|---|
project_id + |
+Yes + |
+String + |
+Project ID + |
+
Parameter + |
+Mandatory + |
+Type + |
+Description + |
+
|---|---|---|---|
set_id + |
+Yes + |
+String + |
+ID of the IP address group + |
+
key_word + |
+No + |
+String + |
+Keyword + |
+
limit + |
+Yes + |
+Integer + |
+Number of records displayed on each page, in the range 1-1024 + |
+
offset + |
+Yes + |
+Integer + |
+Offset, which specifies the start position of the record to be returned. The value must be a number no less than 0. The default value is 0. + |
+
address + |
+No + |
+String + |
+IP address + |
+
enterprise_project_id + |
+No + |
+String + |
+Enterprise project id, the id generated by the enterprise project after the user supports the enterprise project. + |
+
fw_instance_id + |
+No + |
+String + |
+Firewall instance ID, which is automatically generated after a CFW instance is created. You can obtain the ID by calling the API used for querying a firewall instance. For details, see the API Explorer and Help Center FAQ.By default, if fw_instance_Id is not specified, information about the first firewall under the account is returned. If fw_instance_Id is specified, information about the firewall with this fw_instance_Id is returned.If object_Id is specified, information about the firewall with this object_Id is returned by default. If both fw_instance_Id and object_Id are specified, the specified object_Id must belong to the specified firewall. + |
+
Parameter + |
+Mandatory + |
+Type + |
+Description + |
+
|---|---|---|---|
X-Auth-Token + |
+Yes + |
+String + |
+User token. It can be obtained by calling the IAM API used to obtain a user token. The value of X-Subject-Token in the response header is a token. + |
+
Status code: 200
+ +Parameter + |
+Type + |
+Description + |
+
|---|---|---|
data + |
+data object + |
+Response for address group member query + |
+
Parameter + |
+Type + |
+Description + |
+
|---|---|---|
offset + |
+Integer + |
+Offset, which specifies the start position of the record to be returned. The value must be a number no less than 0. The default value is 0. + |
+
limit + |
+Integer + |
+Number of records displayed on each page, in the range 1-1024 + |
+
total + |
+Integer + |
+Total + |
+
set_id + |
+String + |
+ID of the IP address group + |
+
records + |
+Array of records objects + |
+Member information + |
+
Parameter + |
+Type + |
+Description + |
+
|---|---|---|
item_id + |
+String + |
+ID of an address group member + |
+
name + |
+String + |
+Name of an address group member + |
+
description + |
+String + |
+Description + |
+
address_type + |
+Integer + |
+Address group type. The value can be 0 (IPv4) or 1 (IPv6). + |
+
address + |
+String + |
+Address group + |
+
Status code: 400
+ +Parameter + |
+Type + |
+Description + |
+
|---|---|---|
error_code + |
+String + |
+Error code +Minimum: 8 +Maximum: 36 + |
+
error_msg + |
+String + |
+Description +Minimum: 2 +Maximum: 512 + |
+
Query members in address group 8773c082-2a6c-4529-939a-edc28ef1a67c of project 9d80d070b6d44942af73c9c3d38e0429.
+https://{Endpoint}/v1/9d80d070b6d44942af73c9c3d38e0429/address-items?set_id=8773c082-2a6c-4529-939a-edc28ef1a67c&limit=10&offset=0
+Status code: 200
+Return value for querying address group members
+{
+ "data" : {
+ "limit" : 10,
+ "offset" : 0,
+ "records" : [ {
+ "address" : "1.1.1.1",
+ "address_type" : 0,
+ "description" : "",
+ "item_id" : "294fab71-34bf-4858-a380-8f7530e1c816"
+ } ],
+ "set_id" : "8773c082-2a6c-4529-939a-edc28ef1a67c",
+ "total" : 1
+ }
+}
+Status code: 400
+Bad Request
+{
+ "error_code" : "CFW.00200005",
+ "error_msg" : "operation content does not exist"
+}
+Status Code + |
+Description + |
+
|---|---|
200 + |
+Return value for querying address group members + |
+
400 + |
+Bad Request + |
+
401 + |
+Unauthorized + |
+
403 + |
+Forbidden + |
+
404 + |
+Not Found + |
+
500 + |
+Internal Server Error + |
+
See Error Codes.
+This API is used to query details about an address group.
+GET /v1/{project_id}/address-sets/{set_id}
+ +Parameter + |
+Mandatory + |
+Type + |
+Description + |
+
|---|---|---|---|
project_id + |
+Yes + |
+String + |
+Project ID + |
+
set_id + |
+Yes + |
+String + |
+ID of the IP address group + |
+
Parameter + |
+Mandatory + |
+Type + |
+Description + |
+
|---|---|---|---|
enterprise_project_id + |
+No + |
+String + |
+Enterprise project id, the id generated by the enterprise project after the user supports the enterprise project. + |
+
fw_instance_id + |
+No + |
+String + |
+Firewall instance ID, which is automatically generated after a CFW instance is created. You can obtain the ID by calling the API used for querying a firewall instance. For details, see the API Explorer and Help Center FAQ.By default, if fw_instance_Id is not specified, information about the first firewall under the account is returned. If fw_instance_Id is specified, information about the firewall with this fw_instance_Id is returned.If object_Id is specified, information about the firewall with this object_Id is returned by default. If both fw_instance_Id and object_Id are specified, the specified object_Id must belong to the specified firewall. + |
+
query_address_set_type + |
+No + |
+Integer + |
+Query address set type, 0 indicates a custom address set and 1 indicates a predefined address set + |
+
Parameter + |
+Mandatory + |
+Type + |
+Description + |
+
|---|---|---|---|
X-Auth-Token + |
+Yes + |
+String + |
+User token. It can be obtained by calling the IAM API used to obtain a user token. The value of X-Subject-Token in the response header is a token. + |
+
Status code: 200
+ +Parameter + |
+Type + |
+Description + |
+
|---|---|---|
data + |
+data object + |
+Query address group details. + |
+
Parameter + |
+Type + |
+Description + |
+
|---|---|---|
id + |
+String + |
+ID of the IP address group + |
+
name + |
+String + |
+IP address group name + |
+
description + |
+String + |
+Address group description + |
+
address_set_type + |
+Integer + |
+Address set type, 0 indicates a custom address set and 1 indicates a predefined address set + |
+
address_type + |
+Integer + |
+Specifies the address type. The value can be 0 (IPv4) or 1 (IPv6). +Enumeration values: +
|
+
Status code: 400
+ +Parameter + |
+Type + |
+Description + |
+
|---|---|---|
error_code + |
+String + |
+Error code +Minimum: 8 +Maximum: 36 + |
+
error_msg + |
+String + |
+Description +Minimum: 2 +Maximum: 512 + |
+
Query details about address group cf18f0b1-0ce7-4eb8-83b6-4b33c8448e16 in project 9d80d070b6d44942af73c9c3d38e0429.
+https://{Endpoint}/v1/9d80d070b6d44942af73c9c3d38e0429/address-sets/cf18f0b1-0ce7-4eb8-83b6-4b33c8448e16
+Status code: 200
+OK
+{
+ "data" : {
+ "address_set_type" : 0,
+ "address_type" : 0,
+ "description" : "",
+ "id" : "cf18f0b1-0ce7-4eb8-83b6-4b33c8448e16",
+ "name" : "ABC"
+ }
+}
+Status code: 400
+Bad Request
+{
+ "error_code" : "CFW.00200005",
+ "error_msg" : "operation content does not exist"
+}
+Status Code + |
+Description + |
+
|---|---|
200 + |
+OK + |
+
400 + |
+Bad Request + |
+
401 + |
+Unauthorized + |
+
403 + |
+Forbidden + |
+
404 + |
+Not Found + |
+
500 + |
+Internal Server Error + |
+
See Error Codes.
+Querying IP Address Sets
+GET /v1/{project_id}/address-sets
+ +Parameter + |
+Mandatory + |
+Type + |
+Description + |
+
|---|---|---|---|
project_id + |
+Yes + |
+String + |
+Project ID + |
+
Parameter + |
+Mandatory + |
+Type + |
+Description + |
+
|---|---|---|---|
object_id + |
+Yes + |
+String + |
+Protected object ID, which is used to distinguish Internet border protection from VPC border protection after a CFW instance is created. You can obtain the ID by calling the API used for querying a firewall instance. Note that the value 0 indicates the ID of a protected object on the Internet border, and the value 1 indicates the ID of a protected object on the VPC border. For details, see the API Explorer and Help Center FAQ. + |
+
key_word + |
+No + |
+String + |
+Keyword + |
+
limit + |
+Yes + |
+Integer + |
+Number of records displayed on each page, in the range 1-1024 + |
+
offset + |
+Yes + |
+Integer + |
+Offset, which specifies the start position of the record to be returned. The value must be a number no less than 0. The default value is 0. + |
+
address + |
+No + |
+String + |
+IP address + |
+
address_type + |
+No + |
+Integer + |
+Specifies the address type. The value can be 0 (IPv4) or 1 (IPv6). +Enumeration values: +
|
+
enterprise_project_id + |
+No + |
+String + |
+Enterprise project id, the id generated by the enterprise project after the user supports the enterprise project. + |
+
fw_instance_id + |
+No + |
+String + |
+Firewall instance ID, which is automatically generated after a CFW instance is created. You can obtain the ID by calling the API used for querying a firewall instance. For details, see the API Explorer and Help Center FAQ.By default, if fw_instance_Id is not specified, information about the first firewall under the account is returned. If fw_instance_Id is specified, information about the firewall with this fw_instance_Id is returned.If object_Id is specified, information about the firewall with this object_Id is returned by default. If both fw_instance_Id and object_Id are specified, the specified object_Id must belong to the specified firewall. + |
+
query_address_set_type + |
+No + |
+Integer + |
+Query address set type, 0 indicates a custom address set and 1 indicates a predefined address set + |
+
Parameter + |
+Mandatory + |
+Type + |
+Description + |
+
|---|---|---|---|
X-Auth-Token + |
+Yes + |
+String + |
+User token. It can be obtained by calling the IAM API used to obtain a user token. The value of X-Subject-Token in the response header is a token. + |
+
Status code: 200
+ +Parameter + |
+Type + |
+Description + |
+
|---|---|---|
data + |
+data object + |
+Data returned for the address group list query + |
+
Parameter + |
+Type + |
+Description + |
+
|---|---|---|
offset + |
+Integer + |
+Offset, which specifies the start position of the record to be returned. The value must be a number no less than 0. The default value is 0. + |
+
limit + |
+Integer + |
+Number of records displayed on each page, in the range 1-1024 + |
+
total + |
+Integer + |
+Total + |
+
records + |
+Array of records objects + |
+IP address set list + |
+
Parameter + |
+Type + |
+Description + |
+
|---|---|---|
set_id + |
+String + |
+ID of the IP address group + |
+
ref_count + |
+Integer + |
+Reference count + |
+
description + |
+String + |
+Description + |
+
name + |
+String + |
+IP address group name + |
+
address_type + |
+Integer + |
+Address type. The value can be 0 (IPv4) or 1 (IPv6). + |
+
object_id + |
+String + |
+Protected object ID, which is used to distinguish Internet border protection from VPC border protection after a CFW instance is created. You can obtain the ID by calling the API used for querying a firewall instance. Note that the value 0 indicates the ID of a protected object on the Internet border, and the value 1 indicates the ID of a protected object on the VPC border. For details, see the API Explorer and Help Center FAQ. + |
+
address_set_type + |
+Integer + |
+Address set type, 0 indicates a custom address set and 1 indicates a predefined address set + |
+
Status code: 400
+ +Parameter + |
+Type + |
+Description + |
+
|---|---|---|
error_code + |
+String + |
+Error code +Minimum: 8 +Maximum: 36 + |
+
error_msg + |
+String + |
+Description +Minimum: 2 +Maximum: 512 + |
+
This API is used to query the IP address group information on the first page of project 8a41d6a5-f215-428a-a76c-dc923b5d599a. The protected object ID is 5c69cf330cda42369cbd726ee1bc5e76.
+https://{Endpoint}/v1/5c69cf330cda42369cbd726ee1bc5e76/address-sets?object_id=8a41d6a5-f215-428a-a76c-dc923b5d599a&limit=10&offset=0
+Status code: 200
+OK
+{
+ "data" : {
+ "limit" : 10,
+ "offset" : 0,
+ "records" : [ {
+ "address_set_type" : 0,
+ "object_id" : "cf18f0b1-0ce7-4eb8-83b6-4b33c8448e16",
+ "address_type" : 0,
+ "description" : "",
+ "name" : "test",
+ "ref_count" : 0,
+ "set_id" : "50da1eff-e58d-4380-b899-a78f94137d3b"
+ } ],
+ "total" : 1
+ }
+}
+Status code: 400
+Bad Request
+{
+ "error_code" : "CFW.0020016",
+ "error_msg" : "instance status error"
+}
+Status Code + |
+Description + |
+
|---|---|
200 + |
+OK + |
+
400 + |
+Bad Request + |
+
401 + |
+Unauthorized + |
+
403 + |
+Forbidden + |
+
404 + |
+Not Found + |
+
500 + |
+Internal Server Error + |
+
See Error Codes.
+This API is used to query attack logs.
+GET /v1/{project_id}/cfw/logs/attack
+ +Parameter + |
+Mandatory + |
+Type + |
+Description + |
+
|---|---|---|---|
project_id + |
+Yes + |
+String + |
+Project ID + |
+
Parameter + |
+Mandatory + |
+Type + |
+Description + |
+
|---|---|---|---|
start_time + |
+Yes + |
+Long + |
+Start time + |
+
end_time + |
+Yes + |
+Long + |
+End time + |
+
src_ip + |
+No + |
+String + |
+Source IP address + |
+
src_port + |
+No + |
+Integer + |
+Source port number +Minimum: 0 +Maximum: 65535 + |
+
dst_ip + |
+No + |
+String + |
+Destination IP address + |
+
dst_port + |
+No + |
+Integer + |
+Destination port number +Minimum: 0 +Maximum: 65535 + |
+
protocol + |
+No + |
+String + |
+Protocol type. The value 6 indicates TCP, 17 indicates UDP, 1 indicates ICMP, 58 indicates ICMPv6, and -1 indicates any protocol. Regarding the addition type, a null value indicates it is automatically added. +Enumeration values: +
|
+
app + |
+No + |
+String + |
+Application protocol + |
+
log_id + |
+No + |
+String + |
+Log ID. The value is null for the first page and not null for the rest of the pages. + |
+
next_date + |
+No + |
+Long + |
+Next date. The value is null for the first page and not null for the rest of the pages. + |
+
offset + |
+No + |
+Integer + |
+Offset, which specifies the start position of the record to be returned. The value must be a number no less than 0. The default value is 0. + |
+
limit + |
+Yes + |
+Integer + |
+Number of records displayed on each page, in the range 1-1024 + |
+
fw_instance_id + |
+Yes + |
+String + |
+Firewall instance ID, which is automatically generated after a CFW instance is created. You can obtain the ID by calling the API used for querying a firewall instance. For details, see the API Explorer and Help Center FAQ. + |
+
action + |
+No + |
+String + |
+Action. 0: allow; 1: deny +Enumeration values: +
|
+
direction + |
+No + |
+String + |
+Direction. 0: inbound; 1: outbound +Enumeration values: +
|
+
attack_type + |
+No + |
+String + |
+Intrusion event type + |
+
attack_rule + |
+No + |
+String + |
+Intrusion event rule + |
+
level + |
+No + |
+String + |
+Threat level + |
+
source + |
+No + |
+String + |
+Source + |
+
enterprise_project_id + |
+No + |
+String + |
+Enterprise project id, the id generated by the enterprise project after the user supports the enterprise project. + |
+
dst_host + |
+No + |
+String + |
+destination host + |
+
log_type + |
+No + |
+String + |
+log_type +Enumeration values: +
|
+
Parameter + |
+Mandatory + |
+Type + |
+Description + |
+
|---|---|---|---|
X-Auth-Token + |
+Yes + |
+String + |
+User token. It can be obtained by calling the IAM API used to obtain a user token. The value of X-Subject-Token in the response header is a token. + |
+
Status code: 200
+ +Parameter + |
+Type + |
+Description + |
+
|---|---|---|
data + |
+data object + |
+Return value of attack log query + |
+
Parameter + |
+Type + |
+Description + |
+
|---|---|---|
total + |
+Integer + |
+Returned quantity + |
+
limit + |
+Integer + |
+Number of records displayed on each page, in the range 1-1024 + |
+
records + |
+Array of records objects + |
+Record + |
+
Parameter + |
+Type + |
+Description + |
+
|---|---|---|
direction + |
+String + |
+Direction, which can be inbound or outbound +Enumeration values: +
|
+
action + |
+String + |
+Action + |
+
event_time + |
+Long + |
+Event time + |
+
attack_type + |
+String + |
+Attack type + |
+
attack_rule + |
+String + |
+Attack rule + |
+
level + |
+String + |
+Threat level + |
+
source + |
+String + |
+Source + |
+
packet_length + |
+Long + |
+Packet length + |
+
attack_rule_id + |
+String + |
+Attack rule ID + |
+
hit_time + |
+Integer + |
+Hit time + |
+
log_id + |
+String + |
+Log ID + |
+
src_ip + |
+String + |
+Source IP address + |
+
src_port + |
+Integer + |
+Source port +Minimum: 0 +Maximum: 65535 + |
+
dst_ip + |
+String + |
+Destination IP address + |
+
dst_port + |
+Integer + |
+Destination port +Minimum: 0 +Maximum: 65535 + |
+
protocol + |
+String + |
+Protocol + |
+
packet + |
+String + |
+Attack log packet + |
+
app + |
+String + |
+Application protocol + |
+
packetMessages + |
+Array of PacketMessage objects + |
+packet message + |
+
dst_host + |
+String + |
+destination host + |
+
src_region_id + |
+String + |
+source region id + |
+
src_region_name + |
+String + |
+source region name + |
+
dst_region_id + |
+String + |
+destination region id + |
+
dst_region_name + |
+String + |
+destination region name + |
+
Parameter + |
+Type + |
+Description + |
+
|---|---|---|
hex_index + |
+String + |
+hex index + |
+
hexs + |
+Array of strings + |
+hexs + |
+
utf8_String + |
+String + |
+utf8 string + |
+
Status code: 400
+ +Parameter + |
+Type + |
+Description + |
+
|---|---|---|
error_code + |
+String + |
+Error code +Minimum: 8 +Maximum: 36 + |
+
error_msg + |
+String + |
+Description +Minimum: 2 +Maximum: 512 + |
+
Query 10 records on the first page of the firewall with the ID 2af58b7c-893c-4453-a984-bdd9b1bd6318 in the project 9d80d070b6d44942af73c9c3d38e0429. The query time range is 1663567058000 to 1664171765000.
+https://{Endpoint}/v1/9d80d070b6d44942af73c9c3d38e0429/cfw/logs/attack?fw_instance_id=2af58b7c-893c-4453-a984-bdd9b1bd6318&start_time=1663567058000&end_time=1664171765000&limit=10
+Status code: 200
+OK
+{
+ "data" : {
+ "limit" : 10,
+ "records" : [ {
+ "action" : "deny",
+ "app" : "HTTP",
+ "attack_rule" : "Tool Nmap Web Server Probe Detected",
+ "attack_rule_id" : "336154",
+ "attack_type" : "Web Attack",
+ "direction" : "out2in",
+ "dst_ip" : "100.95.148.49",
+ "dst_port" : 8080,
+ "event_time" : 1664146216000,
+ "level" : "MEDIUM",
+ "log_id" : "15591",
+ "packet" : "+hZUZMhV+hY/AaHMCABFKABpXPNAADAGof1kVe6QZF+UMcTQH5B0wdaz888+uoAYAOVyNQAAAQEICjrmikVb9JLCR0VUIC9uaWNlJTIwcG9ydHMlMkMvVHJpJTZFaXR5LnR4dCUyZWJhayBIVFRQLzEuMA0KDQo=",
+ "packetMessages" : [ {
+ "hex_index" : "00000000",
+ "hexs" : [ "fa", "16", "54", "64", "c8", "55", "fa", "16", "3f", "01", "a1", "cc", "08", "00", "45", "28" ],
+ "utf8_String" : ".\u0016Td.U.\u0016?.....E("
+ }, {
+ "hex_index" : "00000010",
+ "hexs" : [ "00", "69", "5c", "f3", "40", "00", "30", "06", "a1", "fd", "64", "55", "ee", "90", "64", "5f" ],
+ "utf8_String" : ".i\\.@.0...dU.d_"
+ }, {
+ "hex_index" : "00000020",
+ "hexs" : [ "94", "31", "c4", "d0", "1f", "90", "74", "c1", "d6", "b3", "f3", "cf", "3e", "ba", "80", "18" ],
+ "utf8_String" : ".1..\u001F.t.Ö³..>..."
+ }, {
+ "hex_index" : "00000030",
+ "hexs" : [ "00", "e5", "72", "35", "00", "00", "01", "01", "08", "0a", "3a", "e6", "8a", "45", "5b", "f4" ],
+ "utf8_String" : "..r5......:.E[."
+ }, {
+ "hex_index" : "00000040",
+ "hexs" : [ "92", "c2", "47", "45", "54", "20", "2f", "6e", "69", "63", "65", "25", "32", "30", "70", "6f" ],
+ "utf8_String" : "..GET /nice%20po"
+ }, {
+ "hex_index" : "00000050",
+ "hexs" : [ "72", "74", "73", "25", "32", "43", "2f", "54", "72", "69", "25", "36", "45", "69", "74", "79" ],
+ "utf8_String" : "rts%2C/Tri%6Eity"
+ }, {
+ "hex_index" : "00000060",
+ "hexs" : [ "2e", "74", "78", "74", "25", "32", "65", "62", "61", "6b", "20", "48", "54", "54", "50", "2f" ],
+ "utf8_String" : ".txt%2ebak HTTP/"
+ }, {
+ "hex_index" : "00000070",
+ "hexs" : [ "31", "2e", "30", "0d", "0a", "0d", "0a" ],
+ "utf8_String" : "1.0\r.\r."
+ } ],
+ "packet_length" : 119,
+ "protocol" : "TCP",
+ "source" : "0",
+ "src_ip" : "100.85.238.144",
+ "src_port" : 50384
+ } ],
+ "total" : 1
+ }
+}
+Status code: 400
+Bad Request
+{
+ "error_code" : "00500002",
+ "error_msg" : "time range error"
+}
+Status Code + |
+Description + |
+
|---|---|
200 + |
+OK + |
+
400 + |
+Bad Request + |
+
401 + |
+Unauthorized + |
+
403 + |
+Forbidden + |
+
404 + |
+Not Found + |
+
500 + |
+Internal Server Error + |
+
See Error Codes.
+This API is used to query a blacklist or whitelist.
+GET /v1/{project_id}/black-white-lists
+ +Parameter + |
+Mandatory + |
+Type + |
+Description + |
+
|---|---|---|---|
project_id + |
+Yes + |
+String + |
+Project ID + |
+
Parameter + |
+Mandatory + |
+Type + |
+Description + |
+
|---|---|---|---|
object_id + |
+Yes + |
+String + |
+Protected object ID, which is used to distinguish Internet border protection from VPC border protection after a CFW instance is created. You can obtain the ID by calling the API used for querying a firewall instance. Note that the value 0 indicates the ID of a protected object on the Internet border, and the value 1 indicates the ID of a protected object on the VPC border. For details, see the API Explorer and Help Center FAQ. + |
+
list_type + |
+Yes + |
+Integer + |
+Blacklist/Whitelist type. The options are 4 (blacklist) and 5 (whitelist). +Enumeration values: +
|
+
address_type + |
+No + |
+Integer + |
+Specifies the IP address type. The value can be 0 (IPv4), 1 (IPv6), or 2 (domain). +Enumeration values: +
|
+
address + |
+No + |
+String + |
+IP address + |
+
port + |
+No + |
+String + |
+Port + |
+
limit + |
+Yes + |
+Integer + |
+Number of records displayed on each page, in the range 1-1024 + |
+
offset + |
+Yes + |
+Integer + |
+Offset, which specifies the start position of the record to be returned. The value must be a number no less than 0. The default value is 0. + |
+
enterprise_project_id + |
+No + |
+String + |
+Enterprise project id, the id generated by the enterprise project after the user supports the enterprise project. + |
+
fw_instance_id + |
+No + |
+String + |
+Firewall instance ID, which is automatically generated after a CFW instance is created. You can obtain the ID by calling the API used for querying a firewall instance. For details, see the API Explorer and Help Center FAQ.By default, if fw_instance_Id is not specified, information about the first firewall under the account is returned. If fw_instance_Id is specified, information about the firewall with this fw_instance_Id is returned.If object_Id is specified, information about the firewall with this object_Id is returned by default. If both fw_instance_Id and object_Id are specified, the specified object_Id must belong to the specified firewall. + |
+
Parameter + |
+Mandatory + |
+Type + |
+Description + |
+
|---|---|---|---|
X-Auth-Token + |
+Yes + |
+String + |
+User token. It can be obtained by calling the IAM API used to obtain a user token. The value of X-Subject-Token in the response header is a token. + |
+
Status code: 200
+ +Parameter + |
+Type + |
+Description + |
+
|---|---|---|
data + |
+data object + |
+Return value for querying the blacklist or whitelist + |
+
Parameter + |
+Type + |
+Description + |
+
|---|---|---|
object_id + |
+String + |
+Protected object ID, which is used to distinguish Internet border protection from VPC border protection after a CFW instance is created. You can obtain the ID by calling the API used for querying a firewall instance. Note that the value 0 indicates the ID of a protected object on the Internet border, and the value 1 indicates the ID of a protected object on the VPC border. For details, see the API Explorer and Help Center FAQ. + |
+
offset + |
+Integer + |
+Offset, which specifies the start position of the record to be returned. The value must be a number no less than 0. The default value is 0. + |
+
limit + |
+Integer + |
+Number of records displayed on each page, in the range 1-1024 + |
+
total + |
+Integer + |
+Total number of queried records + |
+
records + |
+Array of records objects + |
+Blacklist and whitelist records + |
+
Parameter + |
+Type + |
+Description + |
+
|---|---|---|
list_id + |
+String + |
+Blacklist/Whitelist ID + |
+
direction + |
+Integer + |
+Direction of a black or white address. 0: source address; 1: destination address. + |
+
address_type + |
+Integer + |
+IP address type. 0: ipv4; 1: ipv6; 2: domain + |
+
address + |
+String + |
+IP address + |
+
protocol + |
+Integer + |
+Protocol type. The value 6 indicates TCP, 17 indicates UDP, 1 indicates ICMP, 58 indicates ICMPv6, and -1 indicates any protocol. Regarding the addition type, a null value indicates it is automatically added. + |
+
port + |
+String + |
+Port + |
+
description + |
+String + |
+description + |
+
Status code: 400
+ +Parameter + |
+Type + |
+Description + |
+
|---|---|---|
error_code + |
+String + |
+Error code +Minimum: 8 +Maximum: 36 + |
+
error_msg + |
+String + |
+Description +Minimum: 2 +Maximum: 512 + |
+
Query five whitelist records on the first page of object cfebd347-b655-4b84-b938-3c54317599b2 in project 9d80d070b6d44942af73c9c3d38e0429.
+https://{Endpoint}/v1/9d80d070b6d44942af73c9c3d38e0429/black-white-lists?object_id=cfebd347-b655-4b84-b938-3c54317599b2&limit=10&offset=0&list_type=5
+Status code: 200
+Return value of a blacklist or whitelist query
+{
+ "data" : {
+ "limit" : 10,
+ "offset" : 0,
+ "records" : [ {
+ "address" : "1.1.1.1",
+ "address_type" : 0,
+ "description" : "",
+ "direction" : 0,
+ "list_id" : "1310d401-daf5-44f2-8276-f79e1643984d",
+ "protocol" : 6
+ } ],
+ "total" : 1
+ }
+}
+Status code: 400
+Bad Request
+{
+ "error_code" : "CFW.0020016",
+ "error_msg" : "instance status error"
+}
+Status Code + |
+Description + |
+
|---|---|
200 + |
+Return value of a blacklist or whitelist query + |
+
400 + |
+Bad Request + |
+
401 + |
+Unauthorized + |
+
403 + |
+Forbidden + |
+
404 + |
+Not Found + |
+
500 + |
+Internal Server Error + |
+
See Error Codes.
+This API is used to query the DNS server list.
+GET /v1/{project_id}/dns/servers
+ +Parameter + |
+Mandatory + |
+Type + |
+Description + |
+
|---|---|---|---|
project_id + |
+Yes + |
+String + |
+Project ID + |
+
Parameter + |
+Mandatory + |
+Type + |
+Description + |
+
|---|---|---|---|
limit + |
+No + |
+Integer + |
+Number of records displayed on each page, in the range 1-1024 + |
+
offset + |
+No + |
+Integer + |
+Offset, which specifies the start position of the record to be returned. The value must be a number no less than 0. The default value is 0. + |
+
fw_instance_id + |
+No + |
+String + |
+Firewall instance ID, which is automatically generated after a CFW instance is created. You can obtain the ID by calling the API used for querying a firewall instance. For details, see the API Explorer and Help Center FAQ.By default, if fw_instance_Id is not specified, information about the first firewall under the account is returned. If fw_instance_Id is specified, information about the firewall with this fw_instance_Id is returned.If object_Id is specified, information about the firewall with this object_Id is returned by default. If both fw_instance_Id and object_Id are specified, the specified object_Id must belong to the specified firewall. + |
+
enterprise_project_id + |
+No + |
+String + |
+Enterprise project id, the id generated by the enterprise project after the user supports the enterprise project. + |
+
Parameter + |
+Mandatory + |
+Type + |
+Description + |
+
|---|---|---|---|
X-Auth-Token + |
+Yes + |
+String + |
+User token. It can be obtained by calling the IAM API used to obtain a user token. The value of X-Subject-Token in the response header is a token. + |
+
Status code: 200
+ +Parameter + |
+Type + |
+Description + |
+
|---|---|---|
data + |
+Array of DnsServersResponseDTO objects + |
+dns server list + |
+
total + |
+Integer + |
+dns server total + |
+
Parameter + |
+Type + |
+Description + |
+
|---|---|---|
id + |
+Integer + |
+id + |
+
is_applied + |
+Integer + |
+Indicates whether to apply. 0: no; 1: yes + |
+
is_customized + |
+Integer + |
+Indicates whether the DNS server is user-defined. 0: no; 1: yes + |
+
server_ip + |
+String + |
+DNS server IP address + |
+
health_check_domain_name + |
+String + |
+health check domain name + |
+
Obtain the DNS server list of the project whose ID is 2349ba469daf4b7daf268bb0261d18b0.
+https://endpoint/cfw/v1/2349ba469daf4b7daf268bb0261d18b0/dns/servers+
Status code: 200
+Response to the request for obtaining DNS servers
+{
+ "data" : {
+ "data" : [ {
+ "health_check_domain_name" : "sslstatic.xiaoyusan.com",
+ "id" : 20165,
+ "is_applied" : 0,
+ "is_customized" : 1,
+ "server_ip" : "0.0.0.0"
+ }, {
+ "health_check_domain_name" : "sslstatic.xiaoyusan.com",
+ "id" : 14190,
+ "is_applied" : 1,
+ "is_customized" : 0,
+ "server_ip" : "100.79.1.240"
+ } ]
+ },
+ "total" : 2
+}
+Status Code + |
+Description + |
+
|---|---|
200 + |
+Response to the request for obtaining DNS servers + |
+
401 + |
+Unauthorized + |
+
403 + |
+Forbidden + |
+
404 + |
+Not Found + |
+
500 + |
+Internal Server Error + |
+
See Error Codes.
+This API is used to test the validity of a domain name.
+GET /v1/{project_id}/domain/parse/{domain_name}
+ +Parameter + |
+Mandatory + |
+Type + |
+Description + |
+
|---|---|---|---|
project_id + |
+Yes + |
+String + |
+Project ID + |
+
domain_name + |
+Yes + |
+String + |
+Domain name + |
+
Parameter + |
+Mandatory + |
+Type + |
+Description + |
+
|---|---|---|---|
enterprise_project_id + |
+No + |
+String + |
+Enterprise project id, the id generated by the enterprise project after the user supports the enterprise project. + |
+
fw_instance_id + |
+No + |
+String + |
+Firewall instance ID, which is automatically generated after a CFW instance is created. You can obtain the ID by calling the API used for querying a firewall instance. For details, see the API Explorer and Help Center FAQ.By default, if fw_instance_Id is not specified, information about the first firewall under the account is returned. If fw_instance_Id is specified, information about the firewall with this fw_instance_Id is returned.If object_Id is specified, information about the firewall with this object_Id is returned by default. If both fw_instance_Id and object_Id are specified, the specified object_Id must belong to the specified firewall. + |
+
address_type + |
+No + |
+String + |
+Specifies the address type. The value can be 0 (IPv4) or 1 (IPv6). + |
+
Parameter + |
+Mandatory + |
+Type + |
+Description + |
+
|---|---|---|---|
X-Auth-Token + |
+Yes + |
+String + |
+User token. It can be obtained by calling the IAM API used to obtain a user token. The value of X-Subject-Token in the response header is a token. + |
+
Status code: 200
+ +Parameter + |
+Type + |
+Description + |
+
|---|---|---|
data + |
+Array of strings + |
+Domain name ID list + |
+
Status code: 400
+ +Parameter + |
+Type + |
+Description + |
+
|---|---|---|
error_code + |
+String + |
+Error code +Minimum: 8 +Maximum: 36 + |
+
error_msg + |
+String + |
+Description +Minimum: 2 +Maximum: 512 + |
+
Check whether the ceshi.com domain name in the project whose ID is 5c69cf330cda42369cbd726ee1bc5e76 is valid.
+https://{Endpoint}/v1/5c69cf330cda42369cbd726ee1bc5e76/domain/parse/ceshi.com
+Status code: 200
+Return value of a domain name validity query
+{
+ "data" : [ "192.168.88.85", "192.168.88.50", "192.168.88.22", "192.168.88.87", "192.168.88.86", "192.168.5.1", "192.168.88.88", "192.168.88.90", "192.168.88.83", "192.168.88.84" ]
+}
+Status code: 400
+Bad Request
+{
+ "error_code" : "CFW.00109004",
+ "error_msg" : "http to external service error"
+}
+Status Code + |
+Description + |
+
|---|---|
200 + |
+Return value of a domain name validity query + |
+
400 + |
+Bad Request + |
+
401 + |
+Unauthorized + |
+
403 + |
+Forbidden + |
+
404 + |
+Not Found + |
+
500 + |
+Internal Server Error + |
+
See Error Codes.
+list domain sets
+GET /v1/{project_id}/domain-sets
+ +Parameter + |
+Mandatory + |
+Type + |
+Description + |
+
|---|---|---|---|
project_id + |
+Yes + |
+String + |
+project ID + |
+
Parameter + |
+Mandatory + |
+Type + |
+Description + |
+
|---|---|---|---|
enterprise_project_id + |
+No + |
+String + |
+Enterprise project id, the id generated by the enterprise project after the user supports the enterprise project. + |
+
fw_instance_id + |
+Yes + |
+String + |
+Firewall instance ID, which is automatically generated after a CFW instance is created. You can obtain the ID by calling the API used for querying a firewall instance. For details, see the API Explorer and Help Center FAQ.By default, if fw_instance_Id is not specified, information about the first firewall under the account is returned. If fw_instance_Id is specified, information about the firewall with this fw_instance_Id is returned.If object_Id is specified, information about the firewall with this object_Id is returned by default. If both fw_instance_Id and object_Id are specified, the specified object_Id must belong to the specified firewall. + |
+
limit + |
+Yes + |
+Integer + |
+Number of records displayed on each page, in the range 1-1024 + |
+
offset + |
+Yes + |
+Integer + |
+Offset, which specifies the start position of the record to be returned. The value must be a number no less than 0. The default value is 0. + |
+
object_id + |
+Yes + |
+String + |
+Protected object ID, which is used to distinguish Internet border protection from VPC border protection after a CFW instance is created. You can obtain the ID by calling the API used for querying a firewall instance. Note that the value 0 indicates the ID of a protected object on the Internet border, and the value 1 indicates the ID of a protected object on the VPC border. For details, see the API Explorer and Help Center FAQ. + |
+
key_word + |
+No + |
+String + |
+key + |
+
domain_set_type + |
+No + |
+Integer + |
+Domain set type, 0 means URL filtering, 1 means domain parse + |
+
config_status + |
+No + |
+Integer + |
+config status + |
+
Parameter + |
+Mandatory + |
+Type + |
+Description + |
+
|---|---|---|---|
X-Auth-Token + |
+Yes + |
+String + |
+User token. It can be obtained by calling the IAM API used to obtain a user token. The value of X-Subject-Token in the response header is a token. + |
+
Status code: 200
+ +Parameter + |
+Type + |
+Description + |
+
|---|---|---|
data + |
+ListDomainsetsResponseData object + |
+list domain set response + |
+
Parameter + |
+Type + |
+Description + |
+
|---|---|---|
limit + |
+Integer + |
+Number of records displayed on each page, in the range 1-1024 + |
+
offset + |
+Integer + |
+Offset, which specifies the start position of the record to be returned. The value must be a number no less than 0. The default value is 0. + |
+
total + |
+Integer + |
+total + |
+
records + |
+Array of DomainSetVo objects + |
+domain set list + |
+
Parameter + |
+Type + |
+Description + |
+
|---|---|---|
set_id + |
+String + |
+set id + |
+
name + |
+String + |
+domain set name + |
+
description + |
+String + |
+description + |
+
ref_count + |
+Integer + |
+reference count + |
+
domain_set_type + |
+Integer + |
+domain set type + |
+
config_status + |
+Integer + |
+config status + |
+
message + |
+String + |
+message + |
+
Query the domain set list of firewall 546af3f8-88e9-47f2-a205-2346d7090925 in project 9d80d070b6d44942af73c9c3d38e0429. The protected object ID is ae42418e-f077-41a0-9d3b-5b2f5ad9102b.
+https://{Endpoint}/v1/9d80d070b6d44942af73c9c3d38e0429/domain-sets?fw_instance_id=546af3f8-88e9-47f2-a205-2346d7090925&enterprise_project_id=default&limit=50&offset=0&object_id=ae42418e-f077-41a0-9d3b-5b2f5ad9102b
+Status code: 200
+List Domain Set Response
+{
+ "data" : {
+ "limit" : 50,
+ "offset" : 0,
+ "records" : [ {
+ "config_status" : 3,
+ "description" : "",
+ "domain_set_type" : 0,
+ "name" : "ccdd",
+ "ref_count" : 0,
+ "set_id" : "e43db369-a863-45ed-8850-58d6b571b1ab"
+ } ],
+ "total" : 1
+ }
+}
+Status Code + |
+Description + |
+
|---|---|
200 + |
+List Domain Set Response + |
+
See Error Codes.
+list domains
+GET /v1/{project_id}/domain-set/domains/{domain_set_id}
+ +Parameter + |
+Mandatory + |
+Type + |
+Description + |
+
|---|---|---|---|
project_id + |
+Yes + |
+String + |
+Project ID + |
+
domain_set_id + |
+Yes + |
+String + |
+domain set id + |
+
Parameter + |
+Mandatory + |
+Type + |
+Description + |
+
|---|---|---|---|
enterprise_project_id + |
+No + |
+String + |
+Enterprise project id, the id generated by the enterprise project after the user supports the enterprise project. + |
+
fw_instance_id + |
+Yes + |
+String + |
+Firewall instance ID, which is automatically generated after a CFW instance is created. You can obtain the ID by calling the API used for querying a firewall instance. For details, see the API Explorer and Help Center FAQ.By default, if fw_instance_Id is not specified, information about the first firewall under the account is returned. If fw_instance_Id is specified, information about the firewall with this fw_instance_Id is returned.If object_Id is specified, information about the firewall with this object_Id is returned by default. If both fw_instance_Id and object_Id are specified, the specified object_Id must belong to the specified firewall. + |
+
limit + |
+Yes + |
+Integer + |
+Number of records displayed on each page, in the range 1-1024 + |
+
offset + |
+Yes + |
+Integer + |
+Offset, which specifies the start position of the record to be returned. The value must be a number no less than 0. The default value is 0. + |
+
domain_name + |
+No + |
+String + |
+domain name + |
+
description + |
+No + |
+String + |
+description + |
+
set_id + |
+No + |
+String + |
+domain_set_id + |
+
object_Id + |
+No + |
+String + |
+Protected object ID, which is used to distinguish Internet border protection from VPC border protection after a CFW instance is created. You can obtain the ID by calling the API used for querying a firewall instance. Note that the value 0 indicates the ID of a protected object on the Internet border, and the value 1 indicates the ID of a protected object on the VPC border. For details, see the API Explorer and Help Center FAQ. + |
+
Parameter + |
+Mandatory + |
+Type + |
+Description + |
+
|---|---|---|---|
X-Auth-Token + |
+No + |
+String + |
+User token. It can be obtained by calling the IAM API used to obtain a user token. The value of X-Subject-Token in the response header is a token. + |
+
Status code: 200
+ +Parameter + |
+Type + |
+Description + |
+
|---|---|---|
data + |
+ListDomainResponseData object + |
+list domain response data + |
+
Parameter + |
+Type + |
+Description + |
+
|---|---|---|
limit + |
+Integer + |
+Number of records displayed on each page, in the range 1-1024 + |
+
offset + |
+Integer + |
+Offset, which specifies the start position of the record to be returned. The value must be a number no less than 0. The default value is 0. + |
+
project_id + |
+String + |
+Project ID + |
+
records + |
+Array of DomainInfo objects + |
+domain info list + |
+
set_id + |
+String + |
+domain set id + |
+
total + |
+Integer + |
+total + |
+
Query the list of domain names under project id 14181c1245cf4fd786824efe1e2b9388, domain set id 78719348-6d79-477e-acec-676a29842ab2, and the firewall instance id 546af3f8-88e9-47f2-a205-2346d7090925.
+https://{Endpoint}/v1/14181c1245cf4fd786824efe1e2b9388/domain-set/domains/78719348-6d79-477e-acec-676a29842ab2?fw_instance_id=546af3f8-88e9-47f2-a205-2346d7090925&enterprise_project_id=default&limit=200&offset=0
+Status code: 200
+list domain response
+{
+ "data" : {
+ "limit" : 200,
+ "offset" : 0,
+ "project_id" : "14181c1245cf4fd786824efe1e2b9388",
+ "records" : [ {
+ "description" : "",
+ "domain_address_id" : "6718279e-9761-4623-a48d-b16957b19e1b",
+ "domain_name" : "www.test.com"
+ } ],
+ "set_id" : "78719348-6d79-477e-acec-676a29842ab2",
+ "total" : 1
+ }
+}
+Status Code + |
+Description + |
+
|---|---|
200 + |
+list domain response + |
+
See Error Codes.
+This API is used to obtain east-west firewall information.
+GET /v1/{project_id}/firewall/east-west
+ +Parameter + |
+Mandatory + |
+Type + |
+Description + |
+
|---|---|---|---|
project_id + |
+Yes + |
+String + |
+Project ID + |
+
Parameter + |
+Mandatory + |
+Type + |
+Description + |
+
|---|---|---|---|
limit + |
+Yes + |
+Integer + |
+Number of records displayed on each page, in the range 1-1024 + |
+
offset + |
+Yes + |
+Integer + |
+Offset, which specifies the start position of the record to be returned. The value must be a number no less than 0. The default value is 0. + |
+
enterprise_project_id + |
+No + |
+String + |
+Enterprise project id, the id generated by the enterprise project after the user supports the enterprise project. + |
+
fw_instance_id + |
+No + |
+String + |
+Firewall instance ID, which is automatically generated after a CFW instance is created. You can obtain the ID by calling the API used for querying a firewall instance. For details, see the API Explorer and Help Center FAQ.By default, if fw_instance_Id is not specified, information about the first firewall under the account is returned. If fw_instance_Id is specified, information about the firewall with this fw_instance_Id is returned.If object_Id is specified, information about the firewall with this object_Id is returned by default. If both fw_instance_Id and object_Id are specified, the specified object_Id must belong to the specified firewall. + |
+
Parameter + |
+Mandatory + |
+Type + |
+Description + |
+
|---|---|---|---|
X-Auth-Token + |
+Yes + |
+String + |
+User token. It can be obtained by calling the IAM API used to obtain a user token. The value of X-Subject-Token in the response header is a token. + |
+
Status code: 200
+ +Parameter + |
+Type + |
+Description + |
+
|---|---|---|
data + |
++ | +Get east west firewall data response + |
+
Parameter + |
+Type + |
+Description + |
+
|---|---|---|
object_id + |
+String + |
+Protected object ID, which is used to distinguish Internet border protection from VPC border protection after a CFW instance is created. You can obtain the ID by calling the API used for querying a firewall instance. Note that the value 0 indicates the ID of a protected object on the Internet border, and the value 1 indicates the ID of a protected object on the VPC border. For details, see the API Explorer and Help Center FAQ. + |
+
project_id + |
+String + |
+Project ID + |
+
status + |
+Integer + |
+Protection status. The value can be 0 (protection enabled) or 1 (protection disabled). + |
+
er_associated_subnet + |
+SubnetInfo object + |
+Information about the subnet associated with ER + |
+
firewall_associated_subnets + |
+Array of SubnetInfo objects + |
+Subnet associated with CFW + |
+
er + |
+ErInstance object + |
+Information about the associated outbound enterprise router + |
+
inspection_vpc + |
+VpcDetail object + |
+Monitoring VPC information + |
+
protect_infos + |
+Array of EwProtectResourceInfo objects + |
+East-west protection resource information + |
+
total + |
+Integer + |
+Total number of protected VPCs + |
+
offset + |
+Integer + |
+Offset, which specifies the start position of the record to be returned. The value must be a number no less than 0. The default value is 0. + |
+
limit + |
+Integer + |
+Number of records displayed on each page, in the range 1-1024 + |
+
mode + |
+String + |
+mode + |
+
ew_vpc_route_limit + |
+Integer + |
+east west vpc route limit + |
+
Parameter + |
+Type + |
+Description + |
+
|---|---|---|
availability_zone + |
+String + |
+Subnet ID + |
+
cidr + |
+String + |
+vpc cidr + |
+
name + |
+String + |
+Subnet name + |
+
id + |
+String + |
+Subnet ID + |
+
gateway_ip + |
+String + |
+Subnet gateway IP address + |
+
vpc_id + |
+String + |
+vpc id + |
+
status + |
+String + |
+Subnet status + |
+
ipv6_enable + |
+Boolean + |
+Whether IPv6 is supported. The value true indicates yes and the value false indicates no. + |
+
Parameter + |
+Type + |
+Description + |
+
|---|---|---|
id + |
+String + |
+ER instance ID + |
+
name + |
+String + |
+ER name + |
+
state + |
+String + |
+ER status + |
+
enterprise_project_id + |
+String + |
+Enterprise user ID + |
+
project_id + |
+String + |
+User ID + |
+
enable_ipv6 + |
+String + |
+Whether to enable IPv6 + |
+
Parameter + |
+Type + |
+Description + |
+
|---|---|---|
id + |
+String + |
+id + |
+
name + |
+String + |
+Name + |
+
cidr + |
+String + |
+vpc cidr + |
+
status + |
+String + |
+Status + |
+
Parameter + |
+Type + |
+Description + |
+
|---|---|---|
protected_resource_type + |
+Integer + |
+Protection resource type. The value can be 0 (VPC) or 1 (VGW). + |
+
protected_resource_name + |
+String + |
+Protected resource name + |
+
protected_resource_id + |
+String + |
+Protected resource ID + |
+
protected_resource_nat_name + |
+String + |
+Name of the NAT gateway of the protected resource + |
+
protected_resource_nat_id + |
+String + |
+ID of the NAT gateway of the protected resource + |
+
protected_resource_project_id + |
+String + |
+Tenant ID of the protected resource + |
+
protected_resource_mode + |
+String + |
+protected resource mode + |
+
status + |
+Integer + |
+The protection status of the protected VPC, 0 indicates that it is associated, and 1 indicates that it is not associated. + |
+
Status code: 500
+ +Parameter + |
+Type + |
+Description + |
+
|---|---|---|
error_code + |
+String + |
+Error code +Minimum: 8 +Maximum: 36 + |
+
error_msg + |
+String + |
+Description +Minimum: 2 +Maximum: 512 + |
+
Obtain the east-west firewall information of the project whose ID is 09bb24e6f280d23d0f9fc0104b901480.
+https://{Endpoint}/v1/09bb24e6f280d23d0f9fc0104b901480/firewall/east-west?limit=10&offset=0
+Status code: 200
+Response to the request for querying east-west firewall information
+{
+ "data" : {
+ "ew_vpc_route_limit" : 5,
+ "inspection_vpc" : {
+ "cidr" : "10.90.90.0/24",
+ "id" : "4471b50f-811a-4f9b-9575-a491e6c81dd0",
+ "name" : "inspection-vpc"
+ },
+ "limit" : 50,
+ "mode" : "peer",
+ "object_id" : "5681ed03-ff3f-4dab-9bb1-daf388121ad1",
+ "offset" : 0,
+ "project_id" : "28f403ddd3f141daa6e046e85cb15519",
+ "protect_infos" : [ {
+ "protected_resource_id" : "4c51e814-03b5-4754-87cb-243701f5b4ff",
+ "protected_resource_mode" : "peer",
+ "protected_resource_name" : "vpc-c247",
+ "protected_resource_project_id" : "28f403ddd3f141daa6e046e85cb15519",
+ "protected_resource_type" : 0,
+ "status" : 0
+ }, {
+ "protected_resource_id" : "af44c693-a13c-46a7-a6d2-eb2cb2570e57",
+ "protected_resource_mode" : "peer",
+ "protected_resource_name" : "vpc-10.1",
+ "protected_resource_project_id" : "28f403ddd3f141daa6e046e85cb15519",
+ "protected_resource_type" : 0,
+ "status" : 0
+ }, {
+ "protected_resource_id" : "2ae53845-64b8-4cd5-bcbe-efb93a7c9207",
+ "protected_resource_mode" : "peer",
+ "protected_resource_name" : "vpc-test",
+ "protected_resource_project_id" : "28f403ddd3f141daa6e046e85cb15519",
+ "protected_resource_type" : 0,
+ "status" : 1
+ }, {
+ "protected_resource_id" : "8a51174b-376b-40e5-8ccf-89d33703842b",
+ "protected_resource_mode" : "peer",
+ "protected_resource_name" : "vpc-a0c1",
+ "protected_resource_project_id" : "28f403ddd3f141daa6e046e85cb15519",
+ "protected_resource_type" : 0,
+ "status" : 1
+ }, {
+ "protected_resource_id" : "9cccb096-31be-4d68-a7ee-156f0c947f0b",
+ "protected_resource_mode" : "peer",
+ "protected_resource_name" : "vpc-192.168",
+ "protected_resource_project_id" : "28f403ddd3f141daa6e046e85cb15519",
+ "protected_resource_type" : 0,
+ "status" : 1
+ } ],
+ "status" : 0,
+ "total" : 5
+ }
+}
+Status Code + |
+Description + |
+
|---|---|
200 + |
+Response to the request for querying east-west firewall information + |
+
400 + |
+Bad Request + |
+
401 + |
+Unauthorized + |
+
403 + |
+Forbidden + |
+
404 + |
+Not Found + |
+
500 + |
+Internal Server Error + |
+
See Error Codes.
+This API is used to query the number of EIPs.
+GET /v1/{project_id}/eip-count/{object_id}
+ +Parameter + |
+Mandatory + |
+Type + |
+Description + |
+
|---|---|---|---|
project_id + |
+Yes + |
+String + |
+Project ID +Minimum: 32 +Maximum: 32 + |
+
object_id + |
+Yes + |
+String + |
+Protected object ID, which is used to distinguish Internet border protection from VPC border protection after a CFW instance is created. You can obtain the ID by calling the API used for querying a firewall instance. Note that the value 0 indicates the ID of a protected object on the Internet border, and the value 1 indicates the ID of a protected object on the VPC border. For details, see the API Explorer and Help Center FAQ. +Minimum: 36 +Maximum: 36 + |
+
Parameter + |
+Mandatory + |
+Type + |
+Description + |
+
|---|---|---|---|
enterprise_project_id + |
+No + |
+String + |
+Enterprise project id, the id generated by the enterprise project after the user supports the enterprise project. + |
+
fw_instance_id + |
+No + |
+String + |
+Firewall instance ID, which is automatically generated after a CFW instance is created. You can obtain the ID by calling the API used for querying a firewall instance. For details, see the API Explorer and Help Center FAQ.By default, if fw_instance_Id is not specified, information about the first firewall under the account is returned. If fw_instance_Id is specified, information about the firewall with this fw_instance_Id is returned.If object_Id is specified, information about the firewall with this object_Id is returned by default. If both fw_instance_Id and object_Id are specified, the specified object_Id must belong to the specified firewall. + |
+
Parameter + |
+Mandatory + |
+Type + |
+Description + |
+
|---|---|---|---|
X-Auth-Token + |
+Yes + |
+String + |
+User token. It can be obtained by calling the IAM API used to obtain a user token. The value of X-Subject-Token in the response header is a token. + |
+
Status code: 200
+ +Parameter + |
+Type + |
+Description + |
+
|---|---|---|
data + |
+EipCountRespData object + |
+eip count response data + |
+
Parameter + |
+Type + |
+Description + |
+
|---|---|---|
object_id + |
+String + |
+Protected object ID, which is used to distinguish Internet border protection from VPC border protection after a CFW instance is created. You can obtain the ID by calling the API used for querying a firewall instance. Note that the value 0 indicates the ID of a protected object on the Internet border, and the value 1 indicates the ID of a protected object on the VPC border. For details, see the API Explorer and Help Center FAQ. +Minimum: 36 +Maximum: 36 + |
+
eip_total + |
+Integer + |
+Total EIPs +Minimum: 0 +Default: 0 + |
+
eip_protected + |
+Integer + |
+protected eip count +Minimum: 0 +Default: 0 + |
+
eip_protected_self + |
+Integer + |
+self protected eip count + |
+
Status code: 400
+ +Parameter + |
+Type + |
+Description + |
+
|---|---|---|
error_code + |
+String + |
+Error code +Minimum: 8 +Maximum: 36 + |
+
error_msg + |
+String + |
+Description +Minimum: 2 +Maximum: 512 + |
+
Query the number of EIPs whose project ID is 9d80d070b6d44942af73c9c3d38e0429 and protected object ID is cfebd347-b655-4b84-b938-3c54317599b2.
+https://{Endpoint}/v1/9d80d070b6d44942af73c9c3d38e0429/eip-count/cfebd347-b655-4b84-b938-3c54317599b2
+Status code: 200
+OK
+{
+ "data" : {
+ "eip_protected" : 1,
+ "eip_protected_self" : 4,
+ "eip_total" : 5,
+ "object_id" : "6d3db4fd-fd58-4d8e-914b-ef91aa268f62"
+ }
+}
+Status code: 400
+Bad Request
+{
+ "error_code" : "CFW.00200005",
+ "error_msg" : "operation content does not exist"
+}
+Status Code + |
+Description + |
+
|---|---|
200 + |
+OK + |
+
400 + |
+Bad Request + |
+
401 + |
+Unauthorized + |
+
403 + |
+Forbidden + |
+
404 + |
+Not Found + |
+
500 + |
+Internal Server Error + |
+
See Error Codes.
+This API is used to query the EIP list.
+GET /v1/{project_id}/eips/protect
+ +Parameter + |
+Mandatory + |
+Type + |
+Description + |
+
|---|---|---|---|
project_id + |
+Yes + |
+String + |
+Project ID +Minimum: 32 +Maximum: 32 + |
+
Parameter + |
+Mandatory + |
+Type + |
+Description + |
+
|---|---|---|---|
object_id + |
+Yes + |
+String + |
+Protected object ID, which is used to distinguish Internet border protection from VPC border protection after a CFW instance is created. You can obtain the ID by calling the API used for querying a firewall instance. Note that the value 0 indicates the ID of a protected object on the Internet border, and the value 1 indicates the ID of a protected object on the VPC border. For details, see the API Explorer and Help Center FAQ. +Minimum: 36 +Maximum: 36 + |
+
key_word + |
+No + |
+String + |
+Public network ID or EIP +Minimum: 0 +Maximum: 255 + |
+
status + |
+No + |
+String + |
+Specifies the protection status. The value can be null, 0 (enabled), or 1 (disabled). +Enumeration values: +
|
+
sync + |
+No + |
+Integer + |
+Specifies whether to synchronize tenant EIP data. The options are as follows: 0: no; 1: yes +Enumeration values: +
|
+
limit + |
+Yes + |
+Integer + |
+Number of records displayed on each page, in the range 1-1024 +Minimum: 0 + |
+
offset + |
+Yes + |
+Integer + |
+Offset, which specifies the start position of the record to be returned. The value must be a number no less than 0. The default value is 0. +Minimum: 0 + |
+
enterprise_project_id + |
+No + |
+String + |
+Enterprise project id, the id generated by the enterprise project after the user supports the enterprise project. + |
+
device_key + |
+No + |
+String + |
+Device key + |
+
address_type + |
+No + |
+Integer + |
+Specifies the address type. The value can be 0 (IPv4) or 1 (IPv6). + |
+
fw_instance_id + |
+No + |
+String + |
+Firewall instance ID, which is automatically generated after a CFW instance is created. You can obtain the ID by calling the API used for querying a firewall instance. For details, see the API Explorer and Help Center FAQ.By default, if fw_instance_Id is not specified, information about the first firewall under the account is returned. If fw_instance_Id is specified, information about the firewall with this fw_instance_Id is returned.If object_Id is specified, information about the firewall with this object_Id is returned by default. If both fw_instance_Id and object_Id are specified, the specified object_Id must belong to the specified firewall. + |
+
fw_key_word + |
+No + |
+String + |
+The bound firewall name + |
+
eps_id + |
+No + |
+String + |
+The enterprise project id of the eip + |
+
tags + |
+No + |
+String + |
+Tag list + |
+
Parameter + |
+Mandatory + |
+Type + |
+Description + |
+
|---|---|---|---|
X-Auth-Token + |
+Yes + |
+String + |
+User token. It can be obtained by calling the IAM API used to obtain a user token. The value of X-Subject-Token in the response header is a token. + |
+
Status code: 200
+ +Parameter + |
+Type + |
+Description + |
+
|---|---|---|
data + |
+EipResponseData object + |
+eip query response + |
+
Parameter + |
+Type + |
+Description + |
+
|---|---|---|
limit + |
+Integer + |
+Number of records displayed on each page, in the range 1-1024 + |
+
offset + |
+Integer + |
+Offset, which specifies the start position of the record to be returned. The value must be a number no less than 0. The default value is 0. + |
+
total + |
+Integer + |
+total + |
+
records + |
+Array of EipResource objects + |
+eip records + |
+
Parameter + |
+Type + |
+Description + |
+
|---|---|---|
id + |
+String + |
+EIP ID + |
+
public_ip + |
+String + |
+EIP + |
+
status + |
+Integer + |
+EIP protection status,0:protected,1:unprotected +Enumeration values: +
|
+
public_ipv6 + |
+String + |
+EIP IPv6 + |
+
enterprise_project_id + |
+String + |
+Enterprise project ID + |
+
device_id + |
+String + |
+Device ID + |
+
device_name + |
+String + |
+Device name + |
+
device_owner + |
+String + |
+Device owner + |
+
associate_instance_type + |
+String + |
+Type of the associated instance + |
+
fw_instance_name + |
+String + |
+firewall name + |
+
fw_instance_id + |
+String + |
+Firewall instance ID, which is automatically generated after a CFW instance is created. You can obtain the ID by calling the API used for querying a firewall instance. For details, see the API Explorer and Help Center FAQ. + |
+
fw_enterprise_project_id + |
+String + |
+Firewall enterprise project id bound to Eip + |
+
object_id + |
+String + |
+Protected object ID, which is used to distinguish Internet border protection from VPC border protection after a CFW instance is created. You can obtain the ID by calling the API used for querying a firewall instance. Note that the value 0 indicates the ID of a protected object on the Internet border, and the value 1 indicates the ID of a protected object on the VPC border. For details, see the API Explorer and Help Center FAQ. + |
+
tags + |
+String + |
+tags + |
+
domain_id + |
+String + |
+domain id + |
+
owner + |
+String + |
+owner + |
+
fw_domain_id + |
+String + |
+firewall domain id + |
+
Status code: 400
+ +Parameter + |
+Type + |
+Description + |
+
|---|---|---|
error_code + |
+String + |
+Error code +Minimum: 8 +Maximum: 36 + |
+
error_msg + |
+String + |
+Description +Minimum: 2 +Maximum: 512 + |
+
Query the data on the non-synchronized first page whose project ID is 9d80d070b6d44942af73c9c3d38e0429 and protected object ID is cfebd347-b655-4b84-b938-3c54317599b2.
+https://{Endpoint}/v1/9d80d070b6d44942af73c9c3d38e0429/eips/protect?object_id=cfebd347-b655-4b84-b938-3c54317599b2&limit=10&offset=0&sync=0
+Status code: 200
+Return value of EIP data query
+{
+ "data" : {
+ "limit" : 10,
+ "offset" : 0,
+ "records" : [ {
+ "associate_instance_type" : "PORT",
+ "device_id" : "c87579ab-c76a-4afd-83ce-62e0f531f13e",
+ "device_name" : "test",
+ "device_owner" : "compute:endpoint",
+ "domain_id" : "7d07807209524a4280266db9df63c4fa",
+ "enterprise_project_id" : "0",
+ "fw_domain_id" : "7d07807209524a4280266db9df63c4fa",
+ "fw_enterprise_project_id" : "default",
+ "fw_instance_id" : "546af3f8-88e9-47f2-a205-2346d7090925",
+ "fw_instance_name" : "test",
+ "id" : "465b34fe-e017-4831-a21c-9c6c753bb1f2",
+ "object_id" : "ae42418e-f077-41a0-9d3b-5b2f5ad9102b",
+ "public_ip" : "100.85.223.15",
+ "status" : 0,
+ "tags" : "combined_order_id=CBRCS23040615138M2KW912"
+ } ],
+ "total" : 1
+ }
+}
+Status code: 400
+Bad Request
+{
+ "error_code" : "CFW.00109004",
+ "error_msg" : "http to external service error"
+}
+Status Code + |
+Description + |
+
|---|---|
200 + |
+Return value of EIP data query + |
+
400 + |
+Bad Request + |
+
401 + |
+Unauthorized + |
+
403 + |
+Forbidden + |
+
404 + |
+Not Found + |
+
500 + |
+Internal Server Error + |
+
See Error Codes.
+This API is used to query a firewall instance.
+GET /v1/{project_id}/firewall/exist
+ +Parameter + |
+Mandatory + |
+Type + |
+Description + |
+
|---|---|---|---|
project_id + |
+Yes + |
+String + |
+Project ID + |
+
Parameter + |
+Mandatory + |
+Type + |
+Description + |
+
|---|---|---|---|
offset + |
+Yes + |
+Integer + |
+Offset, which specifies the start position of the record to be returned. The value must be a number no less than 0. The default value is 0. + |
+
limit + |
+Yes + |
+Integer + |
+Number of records displayed on each page, in the range 1-1024 + |
+
service_type + |
+Yes + |
+Integer + |
+Service type 0. North-south firewall +
Minimum: 0 +Maximum: 1 +Enumeration values: +
|
+
enterprise_project_id + |
+No + |
+String + |
+Enterprise project id, the id generated by the enterprise project after the user supports the enterprise project. + |
+
fw_instance_id + |
+No + |
+String + |
+Firewall instance ID, which is automatically generated after a CFW instance is created. You can obtain the ID by calling the API used for querying a firewall instance. For details, see the API Explorer and Help Center FAQ.By default, if fw_instance_Id is not specified, information about the first firewall under the account is returned. If fw_instance_Id is specified, information about the firewall with this fw_instance_Id is returned.If object_Id is specified, information about the firewall with this object_Id is returned by default. If both fw_instance_Id and object_Id are specified, the specified object_Id must belong to the specified firewall. + |
+
Parameter + |
+Mandatory + |
+Type + |
+Description + |
+
|---|---|---|---|
X-Auth-Token + |
+Yes + |
+String + |
+User token. It can be obtained by calling the IAM API used to obtain a user token. The value of X-Subject-Token in the response header is a token. + |
+
Status code: 200
+ +Parameter + |
+Type + |
+Description + |
+
|---|---|---|
data + |
+GetFirewallInstanceData object + |
+get firewall instance response data + |
+
Parameter + |
+Type + |
+Description + |
+
|---|---|---|
limit + |
+Integer + |
+Number of records displayed on each page, in the range 1-1024 + |
+
offset + |
+Integer + |
+Offset, which specifies the start position of the record to be returned. The value must be a number no less than 0. The default value is 0. + |
+
total + |
+Integer + |
+total + |
+
records + |
+Array of GetFirewallInstanceResponseRecord objects + |
+Get firewall instance records + |
+
Parameter + |
+Type + |
+Description + |
+
|---|---|---|
fw_instance_id + |
+String + |
+Firewall instance ID, which is automatically generated after a CFW instance is created. You can obtain the ID by calling the API used for querying a firewall instance. For details, see the API Explorer and Help Center FAQ. + |
+
name + |
+String + |
+Firewall name + |
+
ha_type + |
+Integer + |
+Cluster type + |
+
charge_mode + |
+Integer + |
+Billing mode. The value can be 0 (yearly/monthly) or 1 (pay-per-use). + |
+
service_type + |
+Integer + |
+Service type + |
+
engine_type + |
+Integer + |
+Engine type + |
+
flavor + |
+Flavor object + |
+Firewall specifications + |
+
protect_objects + |
+Array of ProtectObjectVO objects + |
+Project list + |
+
status + |
+Integer + |
+Firewall status list. The options are as follows: -1: waiting for payment; 0: creating; 1: deleting; 2: running; 3: upgrading; 4: deletion completed; 5: freezing; 6: creation failed; 7: deletion failed; 8: freezing failed; 9: storage in progress; 10: storage failed; 11: upgrade failed +Enumeration values: +
|
+
is_old_firewall_instance + |
+Boolean + |
+Whether the engine is an old engine. The options are true (yes) and false (no). +Enumeration values: +
|
+
is_available_obs + |
+Boolean + |
+Whether obs is available + |
+
is_support_threat_tags + |
+Boolean + |
+Whether threat tags is supported + |
+
support_ipv6 + |
+Boolean + |
+Whether IPv6 is supported. The options are true (yes) and false (no). + |
+
feature_toggle + |
+Map<String,Boolean> + |
+Whether to enable the feature. The options are true (yes) and false (no). + |
+
resources + |
+Array of FirewallInstanceResource objects + |
+Firewall instance resources + |
+
fw_instance_name + |
+String + |
+firewall name + |
+
enterprise_project_id + |
+String + |
+Enterprise project id, the id generated by the enterprise project after the user supports the enterprise project. + |
+
resource_id + |
+String + |
+resource id + |
+
support_url_filtering + |
+Boolean + |
+whether to enable url filtering. The options are true (yes) and false (no). + |
+
Parameter + |
+Type + |
+Description + |
+
|---|---|---|
version + |
+Integer + |
+Firewall version. The value can be 0 (standard edition), 1 (professional edition), or 3 (basic edition). +Enumeration values: +
|
+
eip_count + |
+Integer + |
+Number of EIPs +Minimum: 1 + |
+
vpc_count + |
+Integer + |
+Number of VPCs +Minimum: 1 + |
+
bandwidth + |
+Integer + |
+Bandwidth +Minimum: 1 + |
+
log_storage + |
+Integer + |
+Log storage + |
+
session_concurrent + |
+Integer + |
+concurrent session + |
+
session_create + |
+Integer + |
+created session + |
+
total_rule_count + |
+Integer + |
+total rule count + |
+
used_rule_count + |
+Integer + |
+used rule count + |
+
vpc_bandwith + |
+Integer + |
+vpc bandwith + |
+
Parameter + |
+Type + |
+Description + |
+
|---|---|---|
object_id + |
+String + |
+Protected object ID, which is used to distinguish Internet border protection from VPC border protection after a CFW instance is created. You can obtain the ID by calling the API used for querying a firewall instance. Note that the value 0 indicates the ID of a protected object on the Internet border, and the value 1 indicates the ID of a protected object on the VPC border. For details, see the API Explorer and Help Center FAQ. + |
+
object_name + |
+String + |
+Protected object name + |
+
type + |
+Integer + |
+Project type. The options are as follows: 0: north-south; 1: east-west. +Enumeration values: +
|
+
Parameter + |
+Type + |
+Description + |
+
|---|---|---|
resource_id + |
+String + |
+Resource ID + |
+
cloud_service_type + |
+String + |
+Service type, which is used by CBC. The value is hws.service.type.cfw. + |
+
resource_type + |
+String + |
+Resource type. The options are as follows:1. CFW: hws.resource.type.cfw 2. EIP:hws.resource.type.cfw.exp.eip 3. Bandwidth: hws.resource.type.cfw.exp.bandwidth 4. VPC: hws.resource.type.cfw.exp.vpc 5. Log storage: hws.resource.type.cfw.exp.logaudit + |
+
resource_spec_code + |
+String + |
+Inventory unit code + |
+
resource_size + |
+Integer + |
+Resource quantity + |
+
resource_size_measure_id + |
+Integer + |
+Resource unit name + |
+
Query the firewall list of the project whose ID is 9d80d070b6d44942af73c9c3d38e0429.
+https://{Endpoint}/v1/9d80d070b6d44942af73c9c3d38e0429/firewall/exist?service_type=0&offset=0&limit=10
+Status code: 200
+Response to the request for obtaining a firewall instance
+{
+ "data" : {
+ "limit" : 10,
+ "offset" : 0,
+ "records" : [ {
+ "charge_mode" : 0,
+ "engine_type" : 1,
+ "enterprise_project_id" : "default",
+ "feature_toggle" : {
+ "is_support_anti_virus" : true,
+ "is_support_application" : true,
+ "is_support_tcp_proxy" : false,
+ "is_support_url_profile" : true,
+ "is_support_threat_tags" : true,
+ "is_support_flow_associated_host" : false,
+ "is_support_predefined" : true,
+ "isSupportSession" : false,
+ "is_support_acl_region_config" : true,
+ "is_support_ips" : true,
+ "is_support_ew_create_er_tenant_inspection_mode" : false,
+ "ips_rule_list" : true,
+ "long_connect" : true,
+ "is_support_ew_create_vpc_peering_inspection_mode" : true,
+ "alarm_config" : true,
+ "is_not_support_resource_reduction" : false,
+ "acl_multi_object" : true,
+ "is_support_advanced_ips_rule" : true,
+ "is_support_multi_account" : false,
+ "is_support_capture" : true,
+ "is_support_ew_create_er_bearer_inspection_mode" : true
+ },
+ "flavor" : {
+ "bandwidth" : 60,
+ "eip_count" : 51,
+ "log_storage" : 0,
+ "session_concurrent" : 200,
+ "session_create" : 200,
+ "total_rule_count" : 200,
+ "used_rule_count" : 2136,
+ "version" : 1,
+ "vpc_bandwith" : 1400,
+ "vpc_count" : 8
+ },
+ "fw_instance_id" : "546af3f8-88e9-47f2-a205-2346d7090925",
+ "fw_instance_name" : "test",
+ "ha_type" : 1,
+ "is_available_obs" : false,
+ "is_old_firewall_instance" : false,
+ "is_support_threat_tags" : false,
+ "name" : "1680054140516",
+ "protect_objects" : [ {
+ "object_id" : "ae42418e-f077-41a0-9d3b-5b2f5ad9102b",
+ "object_name" : "1680054141674",
+ "type" : 0
+ }, {
+ "object_id" : "be83d202-df0b-498d-a96e-41589dc85c86",
+ "object_name" : "ew-1680070626042",
+ "type" : 1
+ } ],
+ "resource_id" : "546af3f8-88e9-47f2-a205-2346d7090925",
+ "resources" : [ {
+ "cloud_service_type" : "hws.service.type.cfw",
+ "resource_id" : "546af3f8-88e9-47f2-a205-2346d7090925",
+ "resource_spec_code" : "cfw.professional",
+ "resource_type" : "hws.resource.type.cfw"
+ }, {
+ "cloud_service_type" : "hws.service.type.cfw",
+ "resource_id" : "0acdd5c7-1178-4bea-b5b6-bd55dc5e2669",
+ "resource_size" : 5,
+ "resource_size_measure_id" : 14,
+ "resource_spec_code" : "cfw.expack.vpc.professional",
+ "resource_type" : "hws.resource.type.cfw.exp.vpc"
+ }, {
+ "cloud_service_type" : "hws.service.type.cfw",
+ "resource_id" : "4002620c-916a-49c7-8042-cbe02fc17e61",
+ "resource_size" : 5,
+ "resource_size_measure_id" : 36,
+ "resource_spec_code" : "cfw.expack.bandwidth.professional",
+ "resource_type" : "hws.resource.type.cfw.exp.bandwidth"
+ }, {
+ "cloud_service_type" : "hws.service.type.cfw",
+ "resource_id" : "0235c7db-0baa-4c82-8db2-7b8d5108bd86",
+ "resource_size" : 2,
+ "resource_size_measure_id" : 14,
+ "resource_spec_code" : "cfw.expack.eip.professional",
+ "resource_type" : "hws.resource.type.cfw.exp.eip"
+ }, {
+ "cloud_service_type" : "hws.service.type.cfw",
+ "resource_id" : "079ade46-18cd-4917-b7bb-00d402931097",
+ "resource_size" : 6,
+ "resource_size_measure_id" : 14,
+ "resource_spec_code" : "cfw.expack.vpc.professional",
+ "resource_type" : "hws.resource.type.cfw.exp.vpc"
+ }, {
+ "cloud_service_type" : "hws.service.type.cfw",
+ "resource_id" : "dd078faa-abfd-4e63-b681-1a93489955b9",
+ "resource_size" : 1,
+ "resource_size_measure_id" : 14,
+ "resource_spec_code" : "cfw.expack.eip.professional",
+ "resource_type" : "hws.resource.type.cfw.exp.eip"
+ }, {
+ "cloud_service_type" : "hws.service.type.cfw",
+ "resource_id" : "4d78d523-745d-4d54-a9ca-e6d25e555bde",
+ "resource_size" : 10,
+ "resource_size_measure_id" : 36,
+ "resource_spec_code" : "cfw.expack.bandwidth.professional",
+ "resource_type" : "hws.resource.type.cfw.exp.bandwidth"
+ } ],
+ "service_type" : 0,
+ "status" : 2,
+ "support_ipv6" : true,
+ "support_url_filtering" : true
+ } ],
+ "total" : 1
+ }
+}
+Status Code + |
+Description + |
+
|---|---|
200 + |
+Response to the request for obtaining a firewall instance + |
+
401 + |
+Unauthorized + |
+
403 + |
+Forbidden + |
+
404 + |
+Not Found + |
+
500 + |
+Internal Server Error + |
+
See Error Codes.
+list firewall list
+POST /v1/{project_id}/firewalls/list
+ +Parameter + |
+Mandatory + |
+Type + |
+Description + |
+
|---|---|---|---|
project_id + |
+Yes + |
+String + |
+project ID + |
+
Parameter + |
+Mandatory + |
+Type + |
+Description + |
+
|---|---|---|---|
enterprise_project_id + |
+No + |
+String + |
+Enterprise project id, the id generated by the enterprise project after the user supports the enterprise project. + |
+
Parameter + |
+Mandatory + |
+Type + |
+Description + |
+
|---|---|---|---|
X-Auth-Token + |
+Yes + |
+String + |
+User token. It can be obtained by calling the IAM API used to obtain a user token. The value of X-Subject-Token in the response header is a token. + |
+
Parameter + |
+Mandatory + |
+Type + |
+Description + |
+
|---|---|---|---|
enterprise_project_id + |
+No + |
+String + |
+Enterprise project id, the id generated by the enterprise project after the user supports the enterprise project. + |
+
key_word + |
+No + |
+String + |
+key + |
+
tags + |
+No + |
+Array of TagInfo objects + |
+tags + |
+
limit + |
+Yes + |
+Integer + |
+Number of records displayed on each page, in the range 1-1024 + |
+
offset + |
+Yes + |
+Integer + |
+Offset, which specifies the start position of the record to be returned. The value must be a number no less than 0. The default value is 0. + |
+
Status code: 200
+ +Parameter + |
+Type + |
+Description + |
+
|---|---|---|
user_support_eps + |
+Boolean + |
+Whether to enable eps. The options are true (yes) and false (no). + |
+
has_ndr + |
+Boolean + |
+Whether NDR exists + |
+
is_support_postpaid + |
+Boolean + |
+Whether postpaid is supported + |
+
is_support_basic_version + |
+Boolean + |
+Whether basic version is supported + |
+
is_support_buy_professional + |
+Boolean + |
+Whether professional version firewall is supported to buy + |
+
data + |
++ | +query firewall instance list response + |
+
Parameter + |
+Type + |
+Description + |
+
|---|---|---|
limit + |
+Integer + |
+Number of records displayed on each page, in the range 1-1024 + |
+
offset + |
+Integer + |
+Offset, which specifies the start position of the record to be returned. The value must be a number no less than 0. The default value is 0. + |
+
project_id + |
+String + |
+project ID + |
+
total + |
+Integer + |
+total + |
+
records + |
+Array of FirewallInstanceVO objects + |
+query firewall isntance list + |
+
Parameter + |
+Type + |
+Description + |
+
|---|---|---|
fw_instance_id + |
+String + |
+Firewall instance ID, which is automatically generated after a CFW instance is created. You can obtain the ID by calling the API used for querying a firewall instance. For details, see the API Explorer and Help Center FAQ.By default, if fw_instance_Id is not specified, information about the first firewall under the account is returned. If fw_instance_Id is specified, information about the firewall with this fw_instance_Id is returned.If object_Id is specified, information about the firewall with this object_Id is returned by default. If both fw_instance_Id and object_Id are specified, the specified object_Id must belong to the specified firewall. + |
+
resource_id + |
+String + |
+resource id + |
+
name + |
+String + |
+name + |
+
fw_instance_name + |
+String + |
+firewall instance name + |
+
enterprise_project_id + |
+String + |
+Enterprise project id, the id generated by the enterprise project after the user supports the enterprise project. + |
+
ha_type + |
+Integer + |
+ha type + |
+
charge_mode + |
+Integer + |
+Billing mode 0: Yearly/monthly subscription 1: On-demand + |
+
service_type + |
+Integer + |
+service type + |
+
engine_type + |
+Integer + |
++ |
flavor + |
+Flavor object + |
+flavor + |
+
status + |
+Integer + |
+Firewall status list. The options are as follows: -1: waiting for payment; 0: creating; 1: deleting; 2: running; 3: upgrading; 4: deletion completed; 5: freezing; 6: creation failed; 7: deletion failed; 8: freezing failed; 9: storage in progress; 10: storage failed; 11: upgrade failed + |
+
Parameter + |
+Type + |
+Description + |
+
|---|---|---|
version + |
+Integer + |
+Firewall version. The value can be 0 (standard edition), 1 (professional edition), or 3 (basic edition). +Enumeration values: +
|
+
eip_count + |
+Integer + |
+Number of EIPs +Minimum: 1 + |
+
vpc_count + |
+Integer + |
+Number of VPCs +Minimum: 1 + |
+
bandwidth + |
+Integer + |
+Bandwidth +Minimum: 1 + |
+
log_storage + |
+Integer + |
+Log storage + |
+
session_concurrent + |
+Integer + |
+concurrent session + |
+
session_create + |
+Integer + |
+created session + |
+
total_rule_count + |
+Integer + |
+total rule count + |
+
used_rule_count + |
+Integer + |
+used rule count + |
+
vpc_bandwith + |
+Integer + |
+vpc bandwith + |
+
Query the firewall list on the first page of the enterprise project whose ID is all_granted_eps and project ID is 14181c1245cf4fd786824efe1e2b9388.
+https://{Endpoint}/v1/14181c1245cf4fd786824efe1e2b9388/firewalls/list?enterprise_project_id=all_granted_eps
+
+{
+ "limit" : 10,
+ "offset" : 0
+}
+Status code: 200
+list firewall list response
+{
+ "data" : {
+ "limit" : 10,
+ "offset" : 0,
+ "project_id" : "14181c1245cf4fd786824efe1e2b9388",
+ "records" : [ {
+ "charge_mode" : 0,
+ "engine_type" : 1,
+ "enterprise_project_id" : "default",
+ "flavor" : {
+ "bandwidth" : 60,
+ "eip_count" : 51,
+ "log_storage" : 0,
+ "version" : 1,
+ "vpc_count" : 8
+ },
+ "fw_instance_id" : "546af3f8-88e9-47f2-a205-2346d7090925",
+ "fw_instance_name" : "test",
+ "ha_type" : 1,
+ "name" : "1680054140516",
+ "resource_id" : "546af3f8-88e9-47f2-a205-2346d7090925",
+ "service_type" : 0,
+ "status" : 2
+ } ],
+ "total" : 1
+ },
+ "user_support_eps" : false,
+ "has_ndr" : false,
+ "is_support_postpaid" : false,
+ "is_support_basic_version" : false,
+ "is_support_buy_professional" : false
+}
+Status Code + |
+Description + |
+
|---|---|
200 + |
+list firewall list response + |
+
See Error Codes.
+This API is used to query flow logs.
+GET /v1/{project_id}/cfw/logs/flow
+ +Parameter + |
+Mandatory + |
+Type + |
+Description + |
+
|---|---|---|---|
project_id + |
+Yes + |
+String + |
+Project ID + |
+
Parameter + |
+Mandatory + |
+Type + |
+Description + |
+
|---|---|---|---|
fw_instance_id + |
+Yes + |
+String + |
+Firewall instance ID, which is automatically generated after a CFW instance is created. You can obtain the ID by calling the API used for querying a firewall instance. For details, see the API Explorer and Help Center FAQ. + |
+
direction + |
+No + |
+String + |
+Direction + |
+
log_type + |
+No + |
+String + |
+Log type +Enumeration values: +
|
+
start_time + |
+Yes + |
+Long + |
+Start time + |
+
end_time + |
+Yes + |
+Long + |
+End time + |
+
src_ip + |
+No + |
+String + |
+Source IP address + |
+
src_port + |
+No + |
+Integer + |
+Source port +Minimum: 0 +Maximum: 65535 + |
+
dst_ip + |
+No + |
+String + |
+Destination IP address + |
+
dst_port + |
+No + |
+Integer + |
+Destination port +Minimum: 0 +Maximum: 65535 + |
+
protocol + |
+No + |
+String + |
+Protocol type. The value 6 indicates TCP, 17 indicates UDP, 1 indicates ICMP, 58 indicates ICMPv6, and -1 indicates any protocol. Regarding the addition type, a null value indicates it is automatically added. +Enumeration values: +
|
+
app + |
+No + |
+String + |
+Application protocol + |
+
log_id + |
+No + |
+String + |
+Document ID. The value is null for the first page and not null for the rest of the pages. + |
+
next_date + |
+No + |
+Long + |
+Date. The value is null for the first page and not null for the rest of the pages. + |
+
offset + |
+No + |
+Integer + |
+Offset, which specifies the start position of the record to be returned. The value must be a number no less than 0. The default value is 0. + |
+
limit + |
+Yes + |
+Integer + |
+Number of records displayed on each page, in the range 1-1024 +Minimum: 1 +Maximum: 1024 + |
+
enterprise_project_id + |
+No + |
+String + |
+Enterprise project id, the id generated by the enterprise project after the user supports the enterprise project. + |
+
dst_host + |
+No + |
+String + |
+destination host + |
+
Parameter + |
+Mandatory + |
+Type + |
+Description + |
+
|---|---|---|---|
X-Auth-Token + |
+Yes + |
+String + |
+User token. It can be obtained by calling the IAM API used to obtain a user token. The value of X-Subject-Token in the response header is a token. + |
+
Status code: 200
+ +Parameter + |
+Type + |
+Description + |
+
|---|---|---|
data + |
+data object + |
+Value returned for flow log query + |
+
Parameter + |
+Type + |
+Description + |
+
|---|---|---|
total + |
+Integer + |
+Returned quantity + |
+
limit + |
+Integer + |
+Number of records displayed on each page, in the range 1-1024 + |
+
records + |
+Array of records objects + |
+Record + |
+
Parameter + |
+Type + |
+Description + |
+
|---|---|---|
bytes + |
+Integer + |
+Byte + |
+
direction + |
+String + |
+Direction, which can be inbound or outbound +Enumeration values: +
|
+
packets + |
+Integer + |
+Packet + |
+
start_time + |
+Long + |
+Start time + |
+
end_time + |
+Long + |
+End time + |
+
log_id + |
+String + |
+Document ID + |
+
src_ip + |
+String + |
+Source IP address + |
+
src_port + |
+Integer + |
+Source port + |
+
dst_ip + |
+String + |
+Destination IP address + |
+
app + |
+String + |
+Application protocol + |
+
dst_port + |
+Integer + |
+Destination port + |
+
protocol + |
+String + |
+Protocol type. The value 6 indicates TCP, 17 indicates UDP, 1 indicates ICMP, 58 indicates ICMPv6, and -1 indicates any protocol. Regarding the addition type, a null value indicates it is automatically added. + |
+
dst_host + |
+String + |
+destination host + |
+
Status code: 400
+ +Parameter + |
+Type + |
+Description + |
+
|---|---|---|
error_code + |
+String + |
+Error code +Minimum: 8 +Maximum: 36 + |
+
error_msg + |
+String + |
+Description +Minimum: 2 +Maximum: 512 + |
+
Query the flow logs on the first page of the firewall with the ID 2af58b7c-893c-4453-a984-bdd9b1bd6318 in the project 9d80d070b6d44942af73c9c3d38e0429. The query time range is 1663555012000 to 1664159798000.
+https://{Endpoint}/v1/9d80d070b6d44942af73c9c3d38e0429/cfw/logs/flow?fw_instance_id=2af58b7c-893c-4453-a984-bdd9b1bd6318&start_time=1663555012000&end_time=1664159798000&limit=10
+Status code: 200
+OK
+{
+ "data" : {
+ "limit" : 10,
+ "records" : [ {
+ "app" : "SSH",
+ "bytes" : 34.5,
+ "direction" : "out2in",
+ "dst_ip" : "100.95.148.49",
+ "dst_port" : 22,
+ "end_time" : 1664155493000,
+ "log_id" : "76354",
+ "packets" : 25,
+ "protocol" : "TCP",
+ "src_ip" : "100.93.27.17",
+ "src_port" : 49634,
+ "start_time" : 1664155428000
+ } ],
+ "total" : 1
+ }
+}
+Status code: 400
+Bad Request
+{
+ "error_code" : "CFW.00500002",
+ "error_msg" : "time range error"
+}
+Status Code + |
+Description + |
+
|---|---|
200 + |
+OK + |
+
400 + |
+Bad Request + |
+
401 + |
+Unauthorized + |
+
403 + |
+Forbidden + |
+
404 + |
+Not Found + |
+
500 + |
+Internal Server Error + |
+
See Error Codes.
+This API is used to query the protection mode.
+GET /v1/{project_id}/ips/protect
+ +Parameter + |
+Mandatory + |
+Type + |
+Description + |
+
|---|---|---|---|
project_id + |
+Yes + |
+String + |
+Project ID + |
+
Parameter + |
+Mandatory + |
+Type + |
+Description + |
+
|---|---|---|---|
object_id + |
+Yes + |
+String + |
+Protected object ID, which is used to distinguish Internet border protection from VPC border protection after a CFW instance is created. You can obtain the ID by calling the API used for querying a firewall instance. Note that the value 0 indicates the ID of a protected object on the Internet border, and the value 1 indicates the ID of a protected object on the VPC border. For details, see the API Explorer and Help Center FAQ. + |
+
enterprise_project_id + |
+No + |
+String + |
+Enterprise project id, the id generated by the enterprise project after the user supports the enterprise project. + |
+
fw_instance_id + |
+No + |
+String + |
+Firewall instance ID, which is automatically generated after a CFW instance is created. You can obtain the ID by calling the API used for querying a firewall instance. For details, see the API Explorer and Help Center FAQ.By default, if fw_instance_Id is not specified, information about the first firewall under the account is returned. If fw_instance_Id is specified, information about the firewall with this fw_instance_Id is returned.If object_Id is specified, information about the firewall with this object_Id is returned by default. If both fw_instance_Id and object_Id are specified, the specified object_Id must belong to the specified firewall. + |
+
Parameter + |
+Mandatory + |
+Type + |
+Description + |
+
|---|---|---|---|
X-Auth-Token + |
+Yes + |
+String + |
+User token. It can be obtained by calling the IAM API used to obtain a user token. The value of X-Subject-Token in the response header is a token. + |
+
Status code: 200
+ +Parameter + |
+Type + |
+Description + |
+
|---|---|---|
data + |
+IpsProtectModeObject object + |
+IpsProtectModeObject + |
+
Parameter + |
+Type + |
+Description + |
+
|---|---|---|
id + |
+String + |
+ips protect mode id + |
+
mode + |
+Integer + |
+IPS protection mode. 0: observation mode; 1: strict mode; 2: medium mode; 3: loose mode + |
+
Status code: 400
+ +Parameter + |
+Type + |
+Description + |
+
|---|---|---|
error_code + |
+String + |
+Error code +Minimum: 8 +Maximum: 36 + |
+
error_msg + |
+String + |
+Description +Minimum: 2 +Maximum: 512 + |
+
Query the IPS protection mode of the project whose ID is 9d80d070b6d44942af73c9c3d38e0429.
+https://{Endpoint}/v1/9d80d070b6d44942af73c9c3d38e0429/ips/protect?fw_instance_id=546af3f8-88e9-47f2-a205-2346d7090925&enterprise_project_id=default&object_id=cfebd347-b655-4b84-b938-3c54317599b2
+Status code: 400
+Bad Request
+{
+ "error_code" : "CFW.0020016",
+ "error_msg" : "instance status error"
+}
+Status Code + |
+Description + |
+
|---|---|
200 + |
+OK + |
+
400 + |
+Bad Request + |
+
401 + |
+Unauthorized + |
+
403 + |
+Forbidden + |
+
404 + |
+Not Found + |
+
500 + |
+Internal Server Error + |
+
See Error Codes.
+This API is used to query the IPS switch status.
+GET /v1/{project_id}/ips/switch
+ +Parameter + |
+Mandatory + |
+Type + |
+Description + |
+
|---|---|---|---|
project_id + |
+Yes + |
+String + |
+project_id + |
+
Parameter + |
+Mandatory + |
+Type + |
+Description + |
+
|---|---|---|---|
object_id + |
+Yes + |
+String + |
+Protected object ID, which is used to distinguish Internet border protection from VPC border protection after a CFW instance is created. You can obtain the ID by calling the API used for querying a firewall instance. Note that the value 0 indicates the ID of a protected object on the Internet border, and the value 1 indicates the ID of a protected object on the VPC border. For details, see the API Explorer and Help Center FAQ. + |
+
enterprise_project_id + |
+No + |
+String + |
+Enterprise project id, the id generated by the enterprise project after the user supports the enterprise project. + |
+
fw_instance_id + |
+No + |
+String + |
+Firewall instance ID, which is automatically generated after a CFW instance is created. You can obtain the ID by calling the API used for querying a firewall instance. For details, see the API Explorer and Help Center FAQ.By default, if fw_instance_Id is not specified, information about the first firewall under the account is returned. If fw_instance_Id is specified, information about the firewall with this fw_instance_Id is returned.If object_Id is specified, information about the firewall with this object_Id is returned by default. If both fw_instance_Id and object_Id are specified, the specified object_Id must belong to the specified firewall. + |
+
Parameter + |
+Mandatory + |
+Type + |
+Description + |
+
|---|---|---|---|
X-Auth-Token + |
+Yes + |
+String + |
+User token. It can be obtained by calling the IAM API used to obtain a user token. The value of X-Subject-Token in the response header is a token. + |
+
Status code: 200
+ +Parameter + |
+Type + |
+Description + |
+
|---|---|---|
data + |
+IpsSwitchResponseDTO object + |
+ips switch response + |
+
Query the patch status of the current user based on the received user ID 14181c1245cf4fd786824efe1e2b9388 and load the virtual patch on the intrusion prevention page.
+https://{Endpoint}/v1/14181c1245cf4fd786824efe1e2b9388/ips/switch?fw_instance_id=546af3f8-88e9-47f2-a205-2346d7090925&enterprise_project_id=default&object_id=cfebd347-b655-4b84-b938-3c54317599b2
+Status code: 200
+OK
+{
+ "data" : {
+ "basic_defense_status" : 1,
+ "id" : "cefe80aa-83e4-4308-99aa-f9b6c816de00",
+ "virtual_patches_status" : 0
+ }
+}
+Status Code + |
+Description + |
+
|---|---|
200 + |
+OK + |
+
401 + |
+Unauthorized + |
+
403 + |
+Forbidden + |
+
404 + |
+Not Found + |
+
500 + |
+Internal Server Error + |
+
See Error Codes.
+This API is used to obtain job status.
+GET /v3/{project_id}/jobs/{job_id}
+ +Parameter + |
+Mandatory + |
+Type + |
+Description + |
+
|---|---|---|---|
project_id + |
+Yes + |
+String + |
+Project ID + |
+
job_id + |
+Yes + |
+String + |
+job id + |
+
Parameter + |
+Mandatory + |
+Type + |
+Description + |
+
|---|---|---|---|
X-Auth-Token + |
+No + |
+String + |
+User token. It can be obtained by calling the IAM API used to obtain a user token. The value of X-Subject-Token in the response header is a token. + |
+
Status code: 200
+ +Parameter + |
+Type + |
+Description + |
+
|---|---|---|
error_code + |
+String + |
+Error code +Minimum: 8 +Maximum: 36 + |
+
error_msg + |
+String + |
+Description +Minimum: 2 +Maximum: 512 + |
+
data + |
+data object + |
+Job Result + |
+
Parameter + |
+Type + |
+Description + |
+
|---|---|---|
id + |
+String + |
+Job Id + |
+
status + |
+String + |
+Job execution status. Running means the job is being executed, Success means the job is successful, Failed means the job is failed. +Enumeration values: +
|
+
begin_time + |
+String + |
+Creation time, in the format yyyy-mm-ddThh:mm:ssZ. where T refers to the beginning of a certain time; Z refers to the time zone offset. + |
+
end_time + |
+String + |
+End time, in the format "yyyy-mm-ddThh:mm:ssZ". where T refers to the beginning of a certain time; Z refers to the time zone offset. + |
+
Get job status of the job which job id is f588ce71-e26c-400d-8981-f854355f6849 and project id is 09bb24e6fe80d23d2fa2c010b53b418c.
+/v3/09bb24e6fe80d23d2fa2c010b53b418c/jobs/f588ce71-e26c-400d-8981-f854355f6849+
Status code: 200
+Get Job Response
+{
+ "data" : {
+ "begin_time" : 1641370501000,
+ "end_time" : 1641370515000,
+ "id" : "f588ce71-e26c-400d-8981-f854355f6849",
+ "status" : "Success"
+ }
+}
+Status Code + |
+Description + |
+
|---|---|
200 + |
+Get Job Response + |
+
See Error Codes.
+This API is used to list log config.
+GET /v1/{project_id}/cfw/logs/configuration
+ +Parameter + |
+Mandatory + |
+Type + |
+Description + |
+
|---|---|---|---|
project_id + |
+Yes + |
+String + |
+Project ID + |
+
Parameter + |
+Mandatory + |
+Type + |
+Description + |
+
|---|---|---|---|
fw_instance_id + |
+Yes + |
+String + |
+Firewall instance ID, which is automatically generated after a CFW instance is created. You can obtain the ID by calling the API used for querying a firewall instance. For details, see the API Explorer and Help Center FAQ.By default, if fw_instance_Id is not specified, information about the first firewall under the account is returned. If fw_instance_Id is specified, information about the firewall with this fw_instance_Id is returned.If object_Id is specified, information about the firewall with this object_Id is returned by default. If both fw_instance_Id and object_Id are specified, the specified object_Id must belong to the specified firewall. + |
+
enterprise_project_id + |
+No + |
+String + |
+Enterprise project id, the id generated by the enterprise project after the user supports the enterprise project. + |
+
Parameter + |
+Mandatory + |
+Type + |
+Description + |
+
|---|---|---|---|
X-Auth-Token + |
+Yes + |
+String + |
+User token. It can be obtained by calling the IAM API used to obtain a user token. The value of X-Subject-Token in the response header is a token. + |
+
Status code: 200
+ +Parameter + |
+Type + |
+Description + |
+
|---|---|---|
data + |
+LogConfigDto object + |
+Log Config Response + |
+
Parameter + |
+Type + |
+Description + |
+
|---|---|---|
fw_instance_id + |
+String + |
+Firewall instance ID, which is automatically generated after a CFW instance is created. You can obtain the ID by calling the API used for querying a firewall instance. For details, see the API Explorer and Help Center FAQ.By default, if fw_instance_Id is not specified, information about the first firewall under the account is returned. If fw_instance_Id is specified, information about the firewall with this fw_instance_Id is returned.If object_Id is specified, information about the firewall with this object_Id is returned by default. If both fw_instance_Id and object_Id are specified, the specified object_Id must belong to the specified firewall. + |
+
lts_enable + |
+Integer + |
+whether to enable LTS + |
+
lts_log_group_id + |
+String + |
+Lts log group id + |
+
lts_attack_log_stream_id + |
+String + |
+Lts attack log stream id + |
+
lts_attack_log_stream_enable + |
+Integer + |
+whether to enable attack log streaming + |
+
lts_access_log_stream_id + |
+String + |
+Lts access log stream id + |
+
lts_access_log_stream_enable + |
+Integer + |
+whether to enable access log streaming + |
+
lts_flow_log_stream_id + |
+String + |
+Lts flow log stream id + |
+
lts_flow_log_stream_enable + |
+Integer + |
+whether to enable flow log streaming + |
+
Query the log configuration of whose firewall instance id is 4e113415-7811-4bb3-bf5e-eb835953f7d4 and project id is 408972e72dcd4c1a9b033e955802a36b.
+https://{Endpoint}/v1/408972e72dcd4c1a9b033e955802a36b/cfw/logs/configuration?fw_instance_id=4e113415-7811-4bb3-bf5e-eb835953f7d4&enterprise_project_id=default
+Status code: 200
+List Log Config Response
+{
+ "data" : {
+ "fw_instance_id" : "4df2bcd1-6299-4fba-8e71-8d50ea807090",
+ "lts_access_log_stream_enable" : 0,
+ "lts_attack_log_stream_enable" : 0,
+ "lts_enable" : 0,
+ "lts_flow_log_stream_enable" : 0,
+ "lts_log_group_id" : "d783ce42-7f56-4c2d-9a96-b1043d016f5a"
+ }
+}
+Status Code + |
+Description + |
+
|---|---|
200 + |
+List Log Config Response + |
+
See Error Codes.
+This API is used to query protected VPCs.
+GET /v1/{project_id}/vpcs/protection
+ +Parameter + |
+Mandatory + |
+Type + |
+Description + |
+
|---|---|---|---|
project_id + |
+Yes + |
+String + |
+Project ID + |
+
Parameter + |
+Mandatory + |
+Type + |
+Description + |
+
|---|---|---|---|
object_id + |
+Yes + |
+String + |
+Protected object ID, which is used to distinguish Internet border protection from VPC border protection after a CFW instance is created. You can obtain the ID by calling the API used for querying a firewall instance. Note that the value 0 indicates the ID of a protected object on the Internet border, and the value 1 indicates the ID of a protected object on the VPC border. For details, see the API Explorer and Help Center FAQ. + |
+
enterprise_project_id + |
+No + |
+String + |
+Enterprise project id, the id generated by the enterprise project after the user supports the enterprise project. + |
+
fw_instance_id + |
+No + |
+String + |
+Firewall instance ID, which is automatically generated after a CFW instance is created. You can obtain the ID by calling the API used for querying a firewall instance. For details, see the API Explorer and Help Center FAQ.By default, if fw_instance_Id is not specified, information about the first firewall under the account is returned. If fw_instance_Id is specified, information about the firewall with this fw_instance_Id is returned.If object_Id is specified, information about the firewall with this object_Id is returned by default. If both fw_instance_Id and object_Id are specified, the specified object_Id must belong to the specified firewall. + |
+
Parameter + |
+Mandatory + |
+Type + |
+Description + |
+
|---|---|---|---|
X-Auth-Token + |
+Yes + |
+String + |
+User token. It can be obtained by calling the IAM API used to obtain a user token. The value of X-Subject-Token in the response header is a token. + |
+
Status code: 200
+ +Parameter + |
+Type + |
+Description + |
+
|---|---|---|
trace_id + |
+String + |
+Call chain ID + |
+
data + |
+VPCProtectsVo object + |
+Return value of VPC protection + |
+
Parameter + |
+Type + |
+Description + |
+
|---|---|---|
total + |
+Integer + |
+Total number of VPCs + |
+
self_total + |
+Integer + |
+Total number of self VPCs + |
+
other_total + |
+Integer + |
+Total number of other VPCs + |
+
protect_vpcs + |
+Array of VpcAttachmentDetail objects + |
+Protect VPC + |
+
self_protect_vpcs + |
+Array of VpcAttachmentDetail objects + |
+Self Protect VPC + |
+
other_protect_vpcs + |
+Array of VpcAttachmentDetail objects + |
+Other Protect VPC + |
+
total_assets + |
+Integer + |
+Total Assets + |
+
Parameter + |
+Type + |
+Description + |
+
|---|---|---|
id + |
+String + |
+id + |
+
name + |
+String + |
+name + |
+
vpc_id + |
+String + |
+vpc id + |
+
virsubnet_id + |
+String + |
+subnet id + |
+
state + |
+String + |
+state + |
+
created_at + |
+String + |
+create time + |
+
updated_at + |
+String + |
+update time + |
+
tags + |
+Array of Tag objects + |
+tag + |
+
description + |
+String + |
+description + |
+
project_id + |
+String + |
+project id + |
+
vpc_project_id + |
+String + |
+vpc project id + |
+
enterprise_project_id + |
+String + |
+enterprise project id + |
+
Parameter + |
+Type + |
+Description + |
+
|---|---|---|
key + |
+String + |
+key + |
+
value + |
+String + |
+value + |
+
Status code: 500
+ +Parameter + |
+Type + |
+Description + |
+
|---|---|---|
error_code + |
+String + |
+Error code +Minimum: 8 +Maximum: 36 + |
+
error_msg + |
+String + |
+Description +Minimum: 2 +Maximum: 512 + |
+
Query the east-west firewall protection information about the projected object with the ID 8839526e-b804-4a15-a082-a2c797dce633 in project 0b2179bbe180d3762fb0c01a2d5725c7.
+https://{ENDPOINT}/v1/0b2179bbe180d3762fb0c01a2d5725c7/vpcs/protection?object_id=8839526e-b804-4a15-a082-a2c797dce633
+Status code: 200
+Return value of east-west protection query
+{
+ "data" : {
+ "other_protect_vpcs" : [ ],
+ "other_total" : 0,
+ "protect_vpcs" : [ ],
+ "self_protect_vpcs" : [ ],
+ "self_total" : 0,
+ "total" : 0,
+ "total_assets" : 5
+ }
+}
+Status code: 400
+Bad Request
+{
+ "error_code" : "CFW.00109004",
+ "error_msg" : "http to external service error"
+}
+Status Code + |
+Description + |
+
|---|---|
200 + |
+Return value of east-west protection query + |
+
400 + |
+Bad Request + |
+
401 + |
+Unauthorized + |
+
403 + |
+Forbidden + |
+
404 + |
+Not Found + |
+
500 + |
+Internal Server Error + |
+
See Error Codes.
+This API is used to list acl rule tags.
+GET /v2/{project_id}/cfw-acl/tags
+ +Parameter + |
+Mandatory + |
+Type + |
+Description + |
+
|---|---|---|---|
project_id + |
+Yes + |
+String + |
+project ID + |
+
Parameter + |
+Mandatory + |
+Type + |
+Description + |
+
|---|---|---|---|
enterprise_project_id + |
+No + |
+String + |
+Enterprise project id, the id generated by the enterprise project after the user supports the enterprise project. + |
+
fw_instance_id + |
+Yes + |
+String + |
+Firewall instance ID, which is automatically generated after a CFW instance is created. You can obtain the ID by calling the API used for querying a firewall instance. For details, see the API Explorer and Help Center FAQ.By default, if fw_instance_Id is not specified, information about the first firewall under the account is returned. If fw_instance_Id is specified, information about the firewall with this fw_instance_Id is returned.If object_Id is specified, information about the firewall with this object_Id is returned by default. If both fw_instance_Id and object_Id are specified, the specified object_Id must belong to the specified firewall. + |
+
offset + |
+Yes + |
+Integer + |
+Offset, which specifies the start position of the record to be returned. The value must be a number no less than 0. The default value is 0. + |
+
limit + |
+Yes + |
+Integer + |
+Number of records displayed on each page, in the range 1-1024 + |
+
Parameter + |
+Mandatory + |
+Type + |
+Description + |
+
|---|---|---|---|
X-Auth-Token + |
+Yes + |
+String + |
+User token. It can be obtained by calling the IAM API used to obtain a user token. The value of X-Subject-Token in the response header is a token. + |
+
Status code: 200
+ +Parameter + |
+Type + |
+Description + |
+
|---|---|---|
data + |
+HttpGetAclTagResponseData object + |
++ |
Parameter + |
+Type + |
+Description + |
+
|---|---|---|
offset + |
+Integer + |
+Offset, which specifies the start position of the record to be returned. The value must be a number no less than 0. The default value is 0. + |
+
limit + |
+Integer + |
+Number of records displayed on each page, in the range 1-1024 + |
+
total + |
+Integer + |
+total + |
+
records + |
+Array of TagsVO objects + |
+tag vos + |
+
Query the existing ACL tags of the firewall whose ID is 546af3f8-88e9-47f2-a205-2346d7090925 in the project whose ID is 14181c1245cf4fd786824efe1e2b9388.
+https://{Endpoint}/v2/14181c1245cf4fd786824efe1e2b9388/cfw-acl/tags?limit=1000&offset=0&fw_instance_id=546af3f8-88e9-47f2-a205-2346d7090925&enterprise_project_id=default
+Status code: 200
+{
+ "data" : {
+ "limit" : 1000,
+ "offset" : 0,
+ "records" : [ {
+ "tag_id" : "98fdf013-e7ad-4581-9c71-6de04c76a18f",
+ "tag_key" : "1",
+ "tag_value" : "1"
+ }, {
+ "tag_id" : "36e6fbfe-7fcd-48be-872b-4f6074e1e4e8",
+ "tag_key" : "1",
+ "tag_value" : "2"
+ }, {
+ "tag_id" : "0bf41046-6587-42f2-8399-a6864022b504",
+ "tag_key" : "test",
+ "tag_value" : "test"
+ } ],
+ "total" : 3
+ }
+}
+Status Code + |
+Description + |
+
|---|---|
200 + |
++ |
See Error Codes.
+This API is used to query service group members.
+GET /v1/{project_id}/service-items
+ +Parameter + |
+Mandatory + |
+Type + |
+Description + |
+
|---|---|---|---|
project_id + |
+Yes + |
+String + |
+Project ID + |
+
Parameter + |
+Mandatory + |
+Type + |
+Description + |
+
|---|---|---|---|
set_id + |
+Yes + |
+String + |
+Service group ID + |
+
key_word + |
+No + |
+String + |
+Query field + |
+
limit + |
+Yes + |
+Integer + |
+Number of records displayed on each page, in the range 1-1024 + |
+
offset + |
+Yes + |
+Integer + |
+Offset, which specifies the start position of the record to be returned. The value must be a number no less than 0. The default value is 0. + |
+
enterprise_project_id + |
+No + |
+String + |
+Enterprise project id, the id generated by the enterprise project after the user supports the enterprise project. + |
+
fw_instance_id + |
+No + |
+String + |
+Firewall instance ID, which is automatically generated after a CFW instance is created. You can obtain the ID by calling the API used for querying a firewall instance. For details, see the API Explorer and Help Center FAQ.By default, if fw_instance_Id is not specified, information about the first firewall under the account is returned. If fw_instance_Id is specified, information about the firewall with this fw_instance_Id is returned.If object_Id is specified, information about the firewall with this object_Id is returned by default. If both fw_instance_Id and object_Id are specified, the specified object_Id must belong to the specified firewall. + |
+
Parameter + |
+Mandatory + |
+Type + |
+Description + |
+
|---|---|---|---|
X-Auth-Token + |
+Yes + |
+String + |
+User token. It can be obtained by calling the IAM API used to obtain a user token. The value of X-Subject-Token in the response header is a token. + |
+
Status code: 200
+ +Parameter + |
+Type + |
+Description + |
+
|---|---|---|
data + |
+data object + |
+Service group member list + |
+
Parameter + |
+Type + |
+Description + |
+
|---|---|---|
offset + |
+Integer + |
+Offset, which specifies the start position of the record to be returned. The value must be a number no less than 0. The default value is 0. + |
+
limit + |
+Integer + |
+Number of records displayed on each page, in the range 1-1024 + |
+
total + |
+Integer + |
+Total number of records + |
+
set_id + |
+String + |
+service set id + |
+
records + |
+Array of records objects + |
+Record + |
+
Parameter + |
+Type + |
+Description + |
+
|---|---|---|
item_id + |
+String + |
+Service member ID + |
+
protocol + |
+Integer + |
+Protocol type. The value 6 indicates TCP, 17 indicates UDP, 1 indicates ICMP, 58 indicates ICMPv6, and -1 indicates any protocol. Regarding the addition type, a null value indicates it is automatically added. + |
+
source_port + |
+String + |
+Source port + |
+
dest_port + |
+String + |
+Destination port + |
+
name + |
+String + |
+Service member name + |
+
description + |
+String + |
+Service member description + |
+
Status code: 400
+ +Parameter + |
+Type + |
+Description + |
+
|---|---|---|
error_code + |
+String + |
+Error code +Minimum: 8 +Maximum: 36 + |
+
error_msg + |
+String + |
+Description +Minimum: 2 +Maximum: 512 + |
+
Query the member list of the service group whose project ID is 9d80d070b6d44942af73c9c3d38e0429 and service group ID is 7cdebed3-af07-494e-a3c2-b88bb8d58b57.
+https://{Endpoint}/v1/9d80d070b6d44942af73c9c3d38e0429/service-items?set_id=7cdebed3-af07-494e-a3c2-b88bb8d58b57&limit=10&offset=0
+Status code: 200
+Return value of the service group member list
+{
+ "data" : {
+ "limit" : 10,
+ "offset" : 0,
+ "records" : [ {
+ "dest_port" : "0",
+ "item_id" : "805b711d-c558-41e3-aab1-a4b8c3f1f90b",
+ "description" : "",
+ "protocol" : 1,
+ "source_port" : "0"
+ } ],
+ "set_id" : "7cdebed3-af07-494e-a3c2-b88bb8d58b57",
+ "total" : 1
+ }
+}
+Status code: 400
+Bad Request
+{
+ "error_code" : "CFW.00200005",
+ "error_msg" : "operation content does not exist"
+}
+Status Code + |
+Description + |
+
|---|---|
200 + |
+Return value of the service group member list + |
+
400 + |
+Bad Request + |
+
401 + |
+Unauthorized + |
+
403 + |
+Forbidden + |
+
404 + |
+Not Found + |
+
500 + |
+Internal Server Error + |
+
See Error Codes.
+This API is used to query the details about a service group.
+GET /v1/{project_id}/service-sets/{set_id}
+ +Parameter + |
+Mandatory + |
+Type + |
+Description + |
+
|---|---|---|---|
project_id + |
+Yes + |
+String + |
+Project ID + |
+
set_id + |
+Yes + |
+String + |
+Service group ID + |
+
Parameter + |
+Mandatory + |
+Type + |
+Description + |
+
|---|---|---|---|
enterprise_project_id + |
+No + |
+String + |
+Enterprise project id, the id generated by the enterprise project after the user supports the enterprise project. + |
+
fw_instance_id + |
+No + |
+String + |
+Firewall instance ID, which is automatically generated after a CFW instance is created. You can obtain the ID by calling the API used for querying a firewall instance. For details, see the API Explorer and Help Center FAQ.By default, if fw_instance_Id is not specified, information about the first firewall under the account is returned. If fw_instance_Id is specified, information about the firewall with this fw_instance_Id is returned.If object_Id is specified, information about the firewall with this object_Id is returned by default. If both fw_instance_Id and object_Id are specified, the specified object_Id must belong to the specified firewall. + |
+
Parameter + |
+Mandatory + |
+Type + |
+Description + |
+
|---|---|---|---|
X-Auth-Token + |
+Yes + |
+String + |
+User token. It can be obtained by calling the IAM API used to obtain a user token. The value of X-Subject-Token in the response header is a token. + |
+
Status code: 200
+ +Parameter + |
+Type + |
+Description + |
+
|---|---|---|
data + |
+ServiceSetDetailResponseDto object + |
+service set detail response + |
+
Parameter + |
+Type + |
+Description + |
+
|---|---|---|
id + |
+String + |
+Service group ID + |
+
name + |
+String + |
+Service group name +Minimum: 1 +Maximum: 255 + |
+
description + |
+String + |
+Service group description +Minimum: 1 +Maximum: 255 + |
+
service_set_type + |
+Integer + |
+Service set type, 0 indicates a custom service set and 1 indicates a predefined service set + |
+
Status code: 400
+ +Parameter + |
+Type + |
+Description + |
+
|---|---|---|
error_code + |
+String + |
+Error code +Minimum: 8 +Maximum: 36 + |
+
error_msg + |
+String + |
+Description +Minimum: 2 +Maximum: 512 + |
+
Query details about the service group whose project ID is 9d80d070b6d44942af73c9c3d38e0429 and service group ID is 221cfdca-3abf-4c30-ab0d-516a03c70866.
+https://{Endpoint}/v1/9d80d070b6d44942af73c9c3d38e0429/service-sets/221cfdca-3abf-4c30-ab0d-516a03c70866
+Status code: 200
+Response to the request for querying details about a service group member
+{
+ "data" : {
+ "service_set_type" : 0,
+ "id" : "221cfdca-3abf-4c30-ab0d-516a03c70866",
+ "name" : "ceshi2"
+ }
+}
+Status code: 400
+Bad Request
+{
+ "error_code" : "CFW.00200005",
+ "error_msg" : "operation content does not exist"
+}
+Status Code + |
+Description + |
+
|---|---|
200 + |
+Response to the request for querying details about a service group member + |
+
400 + |
+Bad Request + |
+
401 + |
+Unauthorized + |
+
403 + |
+Forbidden + |
+
404 + |
+Not Found + |
+
500 + |
+Internal Server Error + |
+
See Error Codes.
+This API is used to obtain the service group list.
+GET /v1/{project_id}/service-sets
+ +Parameter + |
+Mandatory + |
+Type + |
+Description + |
+
|---|---|---|---|
project_id + |
+Yes + |
+String + |
+Project ID + |
+
Parameter + |
+Mandatory + |
+Type + |
+Description + |
+
|---|---|---|---|
object_id + |
+Yes + |
+String + |
+Protected object ID, which is used to distinguish Internet border protection from VPC border protection after a CFW instance is created. You can obtain the ID by calling the API used for querying a firewall instance. Note that the value 0 indicates the ID of a protected object on the Internet border, and the value 1 indicates the ID of a protected object on the VPC border. For details, see the API Explorer and Help Center FAQ. + |
+
key_word + |
+No + |
+String + |
+Keyword + |
+
limit + |
+Yes + |
+Integer + |
+Number of queries on each page, in the range 1-1024 +Minimum: 1 +Maximum: 1024 + |
+
offset + |
+Yes + |
+Integer + |
+Offset, which specifies the start position of the record to be returned. The value must be a number no less than 0. The default value is 0. +Minimum: 0 + |
+
enterprise_project_id + |
+No + |
+String + |
+Enterprise project id, the id generated by the enterprise project after the user supports the enterprise project. + |
+
fw_instance_id + |
+No + |
+String + |
+Firewall instance ID, which is automatically generated after a CFW instance is created. You can obtain the ID by calling the API used for querying a firewall instance. For details, see the API Explorer and Help Center FAQ.By default, if fw_instance_Id is not specified, information about the first firewall under the account is returned. If fw_instance_Id is specified, information about the firewall with this fw_instance_Id is returned.If object_Id is specified, information about the firewall with this object_Id is returned by default. If both fw_instance_Id and object_Id are specified, the specified object_Id must belong to the specified firewall. + |
+
Parameter + |
+Mandatory + |
+Type + |
+Description + |
+
|---|---|---|---|
X-Auth-Token + |
+No + |
+String + |
+User token. It can be obtained by calling the IAM API used to obtain a user token. The value of X-Subject-Token in the response header is a token. + |
+
Status code: 200
+ +Parameter + |
+Type + |
+Description + |
+
|---|---|---|
data + |
+ServiceSetRecords object + |
+QueryServiceSetResponse + |
+
Parameter + |
+Type + |
+Description + |
+
|---|---|---|
offset + |
+Integer + |
+Offset, which specifies the start position of the record to be returned. The value must be a number no less than 0. The default value is 0. + |
+
limit + |
+Integer + |
+Number of records displayed on each page, in the range 1-1024 + |
+
total + |
+Integer + |
+Total number of records queried + |
+
records + |
+Array of ServiceSet objects + |
+Service group list + |
+
Parameter + |
+Type + |
+Description + |
+
|---|---|---|
set_id + |
+String + |
+Service group ID + |
+
name + |
+String + |
+Name + |
+
description + |
+String + |
+Description + |
+
service_set_type + |
+Integer + |
+Service set type, 0 indicates a custom service set and 1 indicates a predefined service set + |
+
ref_count + |
+Integer + |
+Reference count + |
+
status + |
+String + |
+Status + |
+
project_id + |
+String + |
+Project ID + |
+
protocols + |
+Array of integers + |
+Protocols + |
+
Status code: 400
+ +Parameter + |
+Type + |
+Description + |
+
|---|---|---|
error_code + |
+String + |
+Error code +Minimum: 8 +Maximum: 36 + |
+
error_msg + |
+String + |
+Description +Minimum: 2 +Maximum: 512 + |
+
Query the service group list on the first page of protected object a37bb4eb-c49e-4e88-bf77-944a75b0ce8a in project 2349ba469daf4b7daf268bb0261d18b0.
+https://{Endpoint}/v1/2349ba469daf4b7daf268bb0261d18b0/service-sets?object_id=a37bb4eb-c49e-4e88-bf77-944a75b0ce8a&limit=10&offset=0
+Status code: 200
+Response to the request for querying service group information
+{
+ "data" : {
+ "limit" : 50,
+ "offset" : 0,
+ "records" : [ {
+ "name" : "test",
+ "project_id" : "2349ba469daf4b7daf268bb0261d18b0",
+ "protocols" : [ 6 ],
+ "ref_count" : 2,
+ "service_set_type" : 0,
+ "set_id" : "6f475bad-5d33-45d1-98f8-c79f2f308d5a"
+ } ],
+ "total" : 1
+ }
+}
+Status code: 400
+Bad Request
+{
+ "error_code" : "CFW.0020016",
+ "error_msg" : "instance status error"
+}
+Status Code + |
+Description + |
+
|---|---|
200 + |
+Response to the request for querying service group information + |
+
400 + |
+Bad Request + |
+
401 + |
+Unauthorized + |
+
403 + |
+Forbidden + |
+
404 + |
+Not Found + |
+
500 + |
+Internal Server Error + |
+
See Error Codes.
+This API is used to update an ACL rule.
+PUT /v1/{project_id}/acl-rule/{acl_rule_id}
+ +Parameter + |
+Mandatory + |
+Type + |
+Description + |
+
|---|---|---|---|
project_id + |
+Yes + |
+String + |
+Project ID + |
+
acl_rule_id + |
+Yes + |
+String + |
+Rule ID + |
+
Parameter + |
+Mandatory + |
+Type + |
+Description + |
+
|---|---|---|---|
enterprise_project_id + |
+No + |
+String + |
+Enterprise project id, the id generated by the enterprise project after the user supports the enterprise project. + |
+
fw_instance_id + |
+No + |
+String + |
+Firewall instance ID, which is automatically generated after a CFW instance is created. You can obtain the ID by calling the API used for querying a firewall instance. For details, see the API Explorer and Help Center FAQ.By default, if fw_instance_Id is not specified, information about the first firewall under the account is returned. If fw_instance_Id is specified, information about the firewall with this fw_instance_Id is returned.If object_Id is specified, information about the firewall with this object_Id is returned by default. If both fw_instance_Id and object_Id are specified, the specified object_Id must belong to the specified firewall. + |
+
Parameter + |
+Mandatory + |
+Type + |
+Description + |
+
|---|---|---|---|
X-Auth-Token + |
+Yes + |
+String + |
+User token. It can be obtained by calling the IAM API used to obtain a user token. The value of X-Subject-Token in the response header is a token. + |
+
Parameter + |
+Mandatory + |
+Type + |
+Description + |
+
|---|---|---|---|
address_type + |
+No + |
+Integer + |
+Address type. The value can be 0 (IPv4) or 1 (IPv6). +Enumeration values: +
|
+
name + |
+No + |
+String + |
+Rule name + |
+
sequence + |
+No + |
+OrderRuleAclDto object + |
+UpdateRuleAclDto + |
+
direction + |
+No + |
+Integer + |
+Direction: 0 means outside to inside, 1 means inside to outside, direction value is required when rule type is internet or nat. +Enumeration values: +
|
+
action_type + |
+No + |
+Integer + |
+Action. 0: allow; 1: deny +Enumeration values: +
|
+
status + |
+No + |
+Integer + |
+Rule delivery status. 0: disabled; 1: enabled. + |
+
description + |
+No + |
+String + |
+Description + |
+
long_connect_time_hour + |
+No + |
+Long + |
+Persistent connection duration (hour) + |
+
long_connect_time_minute + |
+No + |
+Long + |
+Persistent connection duration (hour) + |
+
long_connect_time_second + |
+No + |
+Long + |
+Persistent connection duration (minute) + |
+
long_connect_time + |
+No + |
+Long + |
+Persistent connection duration + |
+
long_connect_enable + |
+No + |
+Integer + |
+Whether to support persistent connections. 0: not supported; 1: supported. +Enumeration values: +
|
+
source + |
+No + |
+RuleAddressDto object + |
+Rule address DTO + |
+
destination + |
+No + |
+RuleAddressDto object + |
+Rule address DTO + |
+
service + |
+No + |
+RuleServiceDto object + |
+RuleServiceDto + |
+
type + |
+No + |
+Integer + |
+Rule type. The value can be 0 (Internet rule), 1 (VPC rule), or 2 (NAT rule). +Enumeration values: +
|
+
tag + |
+No + |
+TagsVO object + |
+tag + |
+
Parameter + |
+Mandatory + |
+Type + |
+Description + |
+
|---|---|---|---|
dest_rule_id + |
+No + |
+String + |
+ID of the rule that the added rule will follow. This parameter cannot be left blank if the rule is not pinned on top, and is empty when the added rule is pinned on top. + |
+
top + |
+No + |
+Integer + |
+Whether to pin on top. The options are as follows: 0: no; 1: yes. + |
+
Parameter + |
+Mandatory + |
+Type + |
+Description + |
+
|---|---|---|---|
type + |
+Yes + |
+Integer + |
+Source type. 0: manual input; 1: associated IP address group; 2: domain name + |
+
address_type + |
+No + |
+Integer + |
+Source type. 0: IPv4; 1: IPv6 + |
+
address + |
+No + |
+String + |
+Source IP address. The value cannot be empty for the manual type, and cannot be empty for the automatic or domain type. + |
+
address_set_id + |
+No + |
+String + |
+ID of the associated IP address group. The value cannot be empty for the automatic type or for the manual or domain type. + |
+
address_set_name + |
+No + |
+String + |
+IP address group name + |
+
domain_address_name + |
+No + |
+String + |
+Name of the domain name address. This parameter cannot be left empty for the domain name type, and is empty for the manual or automatic type. + |
+
region_list_json + |
+No + |
+String + |
+JSON value of the rule region list. + |
+
region_list + |
+No + |
+Array of IpRegionDto objects + |
+Region list of a rule + |
+
domain_set_id + |
+No + |
+String + |
+domain set id + |
+
domain_set_name + |
+No + |
+String + |
+domain set name + |
+
ip_address + |
+No + |
+Array of strings + |
+IP address list + |
+
address_group + |
+No + |
+Array of strings + |
+address group + |
+
address_group_names + |
+No + |
+Array of AddressGroupVO objects + |
+Address set list + |
+
Parameter + |
+Mandatory + |
+Type + |
+Description + |
+
|---|---|---|---|
region_id + |
+No + |
+String + |
+region id + |
+
description_cn + |
+No + |
+String + |
+cn description + |
+
description_en + |
+No + |
+String + |
+en description + |
+
region_type + |
+No + |
+Integer + |
+Region type, 0 means country, 1 means province, 2 means continent + |
+
Parameter + |
+Mandatory + |
+Type + |
+Description + |
+
|---|---|---|---|
type + |
+Yes + |
+Integer + |
+Service input type. The value 0 indicates manual input, and the value 1 indicates automatic input. + |
+
protocol + |
+No + |
+Integer + |
+Protocol type. The value 6 indicates TCP, 17 indicates UDP, 1 indicates ICMP, 58 indicates ICMPv6, and -1 indicates any protocol. Regarding the addition type, a null value indicates it is automatically added. + |
+
source_port + |
+No + |
+String + |
+Source port + |
+
dest_port + |
+No + |
+String + |
+Destination port + |
+
service_set_id + |
+No + |
+String + |
+Service group ID. This parameter is left blank for the manual type and cannot be left blank for the automatic type. + |
+
service_set_name + |
+No + |
+String + |
+Service group name + |
+
custom_service + |
+No + |
+Array of ServiceItem objects + |
+custom service + |
+
service_group + |
+No + |
+Array of strings + |
+Service group list + |
+
service_group_names + |
+No + |
+Array of AddressGroupVO objects + |
+Service group name list + |
+
Parameter + |
+Mandatory + |
+Type + |
+Description + |
+
|---|---|---|---|
protocol + |
+No + |
+Integer + |
+Protocol type. The value 6 indicates TCP, 17 indicates UDP, 1 indicates ICMP, 58 indicates ICMPv6, and -1 indicates any protocol. Regarding the addition type, a null value indicates it is automatically added. + |
+
source_port + |
+No + |
+String + |
+source port + |
+
dest_port + |
+No + |
+String + |
+destination port + |
+
description + |
+No + |
+String + |
+description + |
+
name + |
+No + |
+String + |
+name + |
+
Status code: 200
+ +Parameter + |
+Type + |
+Description + |
+
|---|---|---|
data + |
+RuleId object + |
+Rule ID + |
+
Parameter + |
+Type + |
+Description + |
+
|---|---|---|
id + |
+String + |
+id + |
+
name + |
+String + |
+name + |
+
Status code: 400
+ +Parameter + |
+Type + |
+Description + |
+
|---|---|---|
error_code + |
+String + |
+Error code +Minimum: 8 +Maximum: 36 + |
+
error_msg + |
+String + |
+Description +Minimum: 2 +Maximum: 512 + |
+
The following example shows how to update an IPv4 inbound rule. The rule name is TestRule, the source is the IP address 1.1.1.1, the destination is the IP address 2.2.2.2, the service type is service, the protocol type is TCP, the source port is 0, and the destination port is 0. Persistent connections are not supported. The action is to allow. The status is enabled.
+https://{Endpoint}/v1/9d80d070b6d44942af73c9c3d38e0429/acl-rule/ceaa0407-b9c8-4dfd-9eca-b6ead2dfd031
+
+{
+ "name" : "TestRule",
+ "status" : 1,
+ "action_type" : 0,
+ "description" : "",
+ "source" : {
+ "type" : 0,
+ "address" : "1.1.1.1"
+ },
+ "destination" : {
+ "type" : 0,
+ "address" : "2.2.2.2"
+ },
+ "service" : {
+ "type" : 0,
+ "protocol" : 6,
+ "source_port" : "0",
+ "dest_port" : "0"
+ },
+ "type" : 0,
+ "address_type" : 0,
+ "tag" : {
+ "tag_key" : "",
+ "tag_value" : ""
+ },
+ "long_connect_enable" : 0,
+ "direction" : 0
+}
+Status code: 200
+OK
+{
+ "data" : {
+ "id" : "ceaa0407-b9c8-4dfd-9eca-b6ead2dfd031"
+ }
+}
+Status code: 400
+Bad Request
+{
+ "error_code" : "CFW.00200005",
+ "error_msg" : "operation content does not exist"
+}
+Status Code + |
+Description + |
+
|---|---|
200 + |
+OK + |
+
400 + |
+Bad Request + |
+
401 + |
+Unauthorized + |
+
403 + |
+Forbidden + |
+
404 + |
+Not Found + |
+
500 + |
+Internal Server Error + |
+
See Error Codes.
+This API is used to set the priority of an ACL protection rule.
+PUT /v1/{project_id}/acl-rule/order/{acl_rule_id}
+ +Parameter + |
+Mandatory + |
+Type + |
+Description + |
+
|---|---|---|---|
project_id + |
+Yes + |
+String + |
+Project ID + |
+
acl_rule_id + |
+Yes + |
+String + |
+Rule ID + |
+
Parameter + |
+Mandatory + |
+Type + |
+Description + |
+
|---|---|---|---|
enterprise_project_id + |
+No + |
+String + |
+Enterprise project id, the id generated by the enterprise project after the user supports the enterprise project. + |
+
fw_instance_id + |
+No + |
+String + |
+Firewall instance ID, which is automatically generated after a CFW instance is created. You can obtain the ID by calling the API used for querying a firewall instance. For details, see the API Explorer and Help Center FAQ.By default, if fw_instance_Id is not specified, information about the first firewall under the account is returned. If fw_instance_Id is specified, information about the firewall with this fw_instance_Id is returned.If object_Id is specified, information about the firewall with this object_Id is returned by default. If both fw_instance_Id and object_Id are specified, the specified object_Id must belong to the specified firewall. + |
+
Parameter + |
+Mandatory + |
+Type + |
+Description + |
+
|---|---|---|---|
X-Auth-Token + |
+Yes + |
+String + |
+User token. It can be obtained by calling the IAM API used to obtain a user token. The value of X-Subject-Token in the response header is a token. + |
+
Parameter + |
+Mandatory + |
+Type + |
+Description + |
+
|---|---|---|---|
dest_rule_id + |
+No + |
+String + |
+ID of the rule that the added rule will follow. This parameter cannot be left blank if the rule is not pinned on top, and is empty when the added rule is pinned on top. + |
+
top + |
+No + |
+Integer + |
+Whether to pin on top. The options are as follows: 0: no; 1: yes. + |
+
Status code: 200
+ +Parameter + |
+Type + |
+Description + |
+
|---|---|---|
data + |
+RuleId object + |
+Rule ID list + |
+
Parameter + |
+Type + |
+Description + |
+
|---|---|---|
id + |
+String + |
+id + |
+
name + |
+String + |
+name + |
+
Status code: 400
+ +Parameter + |
+Type + |
+Description + |
+
|---|---|---|
error_code + |
+String + |
+Error code +Minimum: 8 +Maximum: 36 + |
+
error_msg + |
+String + |
+Description +Minimum: 2 +Maximum: 512 + |
+
Set the rule with the rule id of ffe9af47-d893-483b-86e3-ee5242e8cb15 in the project id9d80d070b6d44942af73c9c3d38e0429 under the rule with the id of 69c32dc5-f801-4294-98ee-978b51f97d35
+https://{Endpoint}/v1/9d80d070b6d44942af73c9c3d38e0429/acl-rule/order/ffe9af47-d893-483b-86e3-ee5242e8cb15
+
+{
+ "top" : 0,
+ "dest_rule_id" : "69c32dc5-f801-4294-98ee-978b51f97d35"
+}
+Status code: 200
+Rule sorting response
+{
+ "data" : {
+ "id" : "ffe9af47-d893-483b-86e3-ee5242e8cb15"
+ }
+}
+Status code: 400
+Bad Request
+{
+ "error_code" : "CFW.00200005",
+ "error_msg" : "operation content does not exist"
+}
+Status Code + |
+Description + |
+
|---|---|
200 + |
+Rule sorting response + |
+
400 + |
+Bad Request + |
+
401 + |
+Unauthorized + |
+
403 + |
+Forbidden + |
+
404 + |
+Not Found + |
+
500 + |
+Internal Server Error + |
+
See Error Codes.
+This API is used to update address group information.
+PUT /v1/{project_id}/address-sets/{set_id}
+ +Parameter + |
+Mandatory + |
+Type + |
+Description + |
+
|---|---|---|---|
project_id + |
+Yes + |
+String + |
+Project ID + |
+
set_id + |
+Yes + |
+String + |
+ID of the IP address group + |
+
Parameter + |
+Mandatory + |
+Type + |
+Description + |
+
|---|---|---|---|
enterprise_project_id + |
+No + |
+String + |
+Enterprise project id, the id generated by the enterprise project after the user supports the enterprise project. + |
+
fw_instance_id + |
+No + |
+String + |
+Firewall instance ID, which is automatically generated after a CFW instance is created. You can obtain the ID by calling the API used for querying a firewall instance. For details, see the API Explorer and Help Center FAQ.By default, if fw_instance_Id is not specified, information about the first firewall under the account is returned. If fw_instance_Id is specified, information about the firewall with this fw_instance_Id is returned.If object_Id is specified, information about the firewall with this object_Id is returned by default. If both fw_instance_Id and object_Id are specified, the specified object_Id must belong to the specified firewall. + |
+
Parameter + |
+Mandatory + |
+Type + |
+Description + |
+
|---|---|---|---|
X-Auth-Token + |
+Yes + |
+String + |
+User token. It can be obtained by calling the IAM API used to obtain a user token. The value of X-Subject-Token in the response header is a token. + |
+
Parameter + |
+Mandatory + |
+Type + |
+Description + |
+
|---|---|---|---|
name + |
+No + |
+String + |
+IP address group name + |
+
description + |
+No + |
+String + |
+Address group description + |
+
address_type + |
+No + |
+Integer + |
+Address type. The value can be 0 (IPv4), 1 (IPv6), or 2 (domain). +Enumeration values: +
|
+
Status code: 200
+ +Parameter + |
+Type + |
+Description + |
+
|---|---|---|
data + |
+UpdateAddressSetResponseData object + |
+Data returned after an address group is updated + |
+
Parameter + |
+Type + |
+Description + |
+
|---|---|---|
id + |
+String + |
+Id + |
+
Status code: 400
+ +Parameter + |
+Type + |
+Description + |
+
|---|---|---|
error_code + |
+String + |
+Error code +Minimum: 8 +Maximum: 36 + |
+
error_msg + |
+String + |
+Description +Minimum: 2 +Maximum: 512 + |
+
In the project 9d80d070b6d44942af73c9c3d38e0429, change the name of the address set whose ID is cf18f0b1-0ce7-4eb8-83b6-4b33c8448e16 to ABCD. Change its address set type to IPV4.
+https://{Endpoint}/v1/9d80d070b6d44942af73c9c3d38e0429/address-sets/cf18f0b1-0ce7-4eb8-83b6-4b33c8448e16
+
+{
+ "name" : "ABCD",
+ "description" : "",
+ "address_type" : 0
+}
+Status code: 200
+OK
+{
+ "data" : {
+ "id" : "cf18f0b1-0ce7-4eb8-83b6-4b33c8448e16"
+ }
+}
+Status code: 400
+Bad Request
+{
+ "error_code" : "CFW.00200005",
+ "error_msg" : "operation content does not exist"
+}
+Status Code + |
+Description + |
+
|---|---|
200 + |
+OK + |
+
400 + |
+Bad Request + |
+
401 + |
+Unauthorized + |
+
403 + |
+Forbidden + |
+
404 + |
+Not Found + |
+
500 + |
+Internal Server Error + |
+
See Error Codes.
+This API is used to update the blacklist or whitelist.
+PUT /v1/{project_id}/black-white-list/{list_id}
+ +Parameter + |
+Mandatory + |
+Type + |
+Description + |
+
|---|---|---|---|
project_id + |
+Yes + |
+String + |
+Project ID + |
+
list_id + |
+Yes + |
+String + |
+Blacklist/Whitelist ID + |
+
Parameter + |
+Mandatory + |
+Type + |
+Description + |
+
|---|---|---|---|
enterprise_project_id + |
+No + |
+String + |
+Enterprise project id, the id generated by the enterprise project after the user supports the enterprise project. + |
+
fw_instance_id + |
+No + |
+String + |
+Firewall instance ID, which is automatically generated after a CFW instance is created. You can obtain the ID by calling the API used for querying a firewall instance. For details, see the API Explorer and Help Center FAQ.By default, if fw_instance_Id is not specified, information about the first firewall under the account is returned. If fw_instance_Id is specified, information about the firewall with this fw_instance_Id is returned.If object_Id is specified, information about the firewall with this object_Id is returned by default. If both fw_instance_Id and object_Id are specified, the specified object_Id must belong to the specified firewall. + |
+
Parameter + |
+Mandatory + |
+Type + |
+Description + |
+
|---|---|---|---|
X-Auth-Token + |
+Yes + |
+String + |
+User token. It can be obtained by calling the IAM API used to obtain a user token. The value of X-Subject-Token in the response header is a token. + |
+
Parameter + |
+Mandatory + |
+Type + |
+Description + |
+
|---|---|---|---|
direction + |
+No + |
+Integer + |
+Indicates the address direction. 0: source address 1: destination address + |
+
address_type + |
+No + |
+Integer + |
+Address type. 0: ipv4; 1: ipv6; 2: domain + |
+
address + |
+No + |
+String + |
+IP address + |
+
protocol + |
+No + |
+Integer + |
+Protocol type. The value is 6 for TCP, 17 for UDP, 1 for ICMP, 58 for ICMPv6, and -1 for any protocol. + |
+
port + |
+No + |
+String + |
+Port + |
+
list_type + |
+No + |
+Integer + |
+Blacklist/Whitelist type. The options are 4 (blacklist) and 5 (whitelist). +Enumeration values: +
|
+
object_id + |
+No + |
+String + |
+Protected object ID, which is used to distinguish Internet border protection from VPC border protection after a CFW instance is created. You can obtain the ID by calling the API used for querying a firewall instance. Note that the value 0 indicates the ID of a protected object on the Internet border, and the value 1 indicates the ID of a protected object on the VPC border. For details, see the API Explorer and Help Center FAQ. + |
+
description + |
+No + |
+String + |
+description + |
+
Status code: 200
+ +Parameter + |
+Type + |
+Description + |
+
|---|---|---|
data + |
+IdObject object + |
+Response to the request for updating a blacklist or whitelist + |
+
Parameter + |
+Type + |
+Description + |
+
|---|---|---|
id + |
+String + |
+ID + |
+
name + |
+String + |
+name + |
+
Status code: 400
+ +Parameter + |
+Type + |
+Description + |
+
|---|---|---|
error_code + |
+String + |
+Error code +Minimum: 8 +Maximum: 36 + |
+
error_msg + |
+String + |
+Description +Minimum: 2 +Maximum: 512 + |
+
Update the whitelist with the project id 9d80d070b6d44942af73c9c3d38e0429 and the protected object id as cfebd347-b655-4b84-b938-3c54317599b2. The direction is the source address, the address is 1.1.1.1, the protocol type is tcp, and the port is 1 ipv4 tcp
+https://{Endpoint}/v1/9d80d070b6d44942af73c9c3d38e0429/black-white-list/9d80d070b6d44942af73c9c3d38e042b
+
+{
+ "object_id" : "cfebd347-b655-4b84-b938-3c54317599b2",
+ "list_type" : 5,
+ "direction" : 0,
+ "address" : "1.1.1.1",
+ "protocol" : 6,
+ "port" : "1",
+ "address_type" : 0
+}
+Status code: 200
+Blacklist/Whitelist update response
+{
+ "data" : {
+ "id" : "2eee3fe8-0b9b-49ac-8e7f-eaafa321e99a",
+ "name" : "test"
+ }
+}
+Status code: 400
+Bad Request
+{
+ "error_code" : "CFW.00200005",
+ "error_msg" : "operation content does not exist"
+}
+Status Code + |
+Description + |
+
|---|---|
200 + |
+Blacklist/Whitelist update response + |
+
400 + |
+Bad Request + |
+
401 + |
+Unauthorized + |
+
403 + |
+Forbidden + |
+
404 + |
+Not Found + |
+
500 + |
+Internal Server Error + |
+
See Error Codes.
+This API is used to update the DNS server list.
+PUT /v1/{project_id}/dns/servers
+ +Parameter + |
+Mandatory + |
+Type + |
+Description + |
+
|---|---|---|---|
project_id + |
+Yes + |
+String + |
+Project ID + |
+
Parameter + |
+Mandatory + |
+Type + |
+Description + |
+
|---|---|---|---|
fw_instance_id + |
+No + |
+String + |
+Firewall instance ID, which is automatically generated after a CFW instance is created. You can obtain the ID by calling the API used for querying a firewall instance. For details, see the API Explorer and Help Center FAQ.By default, if fw_instance_Id is not specified, information about the first firewall under the account is returned. If fw_instance_Id is specified, information about the firewall with this fw_instance_Id is returned.If object_Id is specified, information about the firewall with this object_Id is returned by default. If both fw_instance_Id and object_Id are specified, the specified object_Id must belong to the specified firewall. + |
+
enterprise_project_id + |
+No + |
+String + |
+Enterprise project id, the id generated by the enterprise project after the user supports the enterprise project. + |
+
Parameter + |
+Mandatory + |
+Type + |
+Description + |
+
|---|---|---|---|
X-Auth-Token + |
+Yes + |
+String + |
+User token. It can be obtained by calling the IAM API used to obtain a user token. The value of X-Subject-Token in the response header is a token. + |
+
Parameter + |
+Mandatory + |
+Type + |
+Description + |
+
|---|---|---|---|
dns_server + |
+No + |
+Array of dns_server objects + |
+DNS server + |
+
health_check_domain_name + |
+No + |
+String + |
+Health check domain name + |
+
Parameter + |
+Mandatory + |
+Type + |
+Description + |
+
|---|---|---|---|
server_ip + |
+No + |
+String + |
+DNS server IP address + |
+
is_customized + |
+No + |
+Integer + |
+Indicates whether the DNS server is user-defined. 0: no; 1: yes + |
+
is_applied + |
+No + |
+Integer + |
+Indicates whether to apply. 0: no; 1: yes + |
+
Status code: 200
+ +Parameter + |
+Type + |
+Description + |
+
|---|---|---|
data + |
+Array of strings + |
+Domain name server list + |
+
Status code: 400
+ +Parameter + |
+Type + |
+Description + |
+
|---|---|---|
error_code + |
+String + |
+Error code +Minimum: 8 +Maximum: 36 + |
+
error_msg + |
+String + |
+Description +Minimum: 2 +Maximum: 512 + |
+
Update the settings of the DNS resolver whose project ID is 2349ba469daf4b7daf268bb0261d18b0. Set server 8.8.8.8 to the default server and put it in use. Set server IP address 192.168.0.2 to a user-defined server and do not put it in use.
+https://{Endpoint}/v1/2349ba469daf4b7daf268bb0261d18b0/dns/servers
+
+{
+ "dns_server" : [ {
+ "server_ip" : "8.8.8.8",
+ "is_customized" : 0,
+ "is_applied" : 1
+ }, {
+ "server_ip" : "192.168.0.2",
+ "is_customized" : 1,
+ "is_applied" : 0
+ } ]
+}
+Status code: 200
+Response to the request for updating the DNS server list
+{
+ "data" : [ "100.95.150.83", "114.114.114.114", "223.5.5.5", "223.6.6.6", "119.29.29.29", "8.8.8.8", "100.79.1.250", "100.79.1.240" ]
+}
+Status code: 400
+Bad Request
+{
+ "error_code" : "CFW.01000001",
+ "error_msg" : "Duplicate DNS server IP address"
+}
+Status Code + |
+Description + |
+
|---|---|
200 + |
+Response to the request for updating the DNS server list + |
+
400 + |
+Bad Request + |
+
401 + |
+Unauthorized + |
+
403 + |
+Forbidden + |
+
404 + |
+Not Found + |
+
500 + |
+Internal Server Error + |
+
See Error Codes.
+This API is used to update domain set.
+PUT /v1/{project_id}/domain-set/{set_id}
+ +Parameter + |
+Mandatory + |
+Type + |
+Description + |
+
|---|---|---|---|
project_id + |
+Yes + |
+String + |
+project ID + |
+
set_id + |
+Yes + |
+String + |
+set id + |
+
Parameter + |
+Mandatory + |
+Type + |
+Description + |
+
|---|---|---|---|
enterprise_project_id + |
+No + |
+String + |
+Enterprise project id, the id generated by the enterprise project after the user supports the enterprise project. + |
+
fw_instance_id + |
+No + |
+String + |
+Firewall instance ID, which is automatically generated after a CFW instance is created. You can obtain the ID by calling the API used for querying a firewall instance. For details, see the API Explorer and Help Center FAQ.By default, if fw_instance_Id is not specified, information about the first firewall under the account is returned. If fw_instance_Id is specified, information about the firewall with this fw_instance_Id is returned.If object_Id is specified, information about the firewall with this object_Id is returned by default. If both fw_instance_Id and object_Id are specified, the specified object_Id must belong to the specified firewall. + |
+
Parameter + |
+Mandatory + |
+Type + |
+Description + |
+
|---|---|---|---|
X-Auth-Token + |
+Yes + |
+String + |
+User token. It can be obtained by calling the IAM API used to obtain a user token. The value of X-Subject-Token in the response header is a token. + |
+
Parameter + |
+Mandatory + |
+Type + |
+Description + |
+
|---|---|---|---|
name + |
+Yes + |
+String + |
+name + |
+
description + |
+No + |
+String + |
+description + |
+
set_id + |
+No + |
+String + |
+domain set id + |
+
domain_set_type + |
+No + |
+Integer + |
+domain set type + |
+
Status code: 200
+ +Parameter + |
+Type + |
+Description + |
+
|---|---|---|
data + |
+DomainSetResponseData object + |
+update domain set response + |
+
For the firewall 7a004e79-0b8b-4679-ab20-267f3946e8ba in the project 9d80d070b6d44942af73c9c3d38e0429, change the domain set ID to 94da194d-24b2-4f60-919e-cf0bc76c75b3, the domain name to www.aaa.com, and name to test.
+https://{Endpoint}/v1/9d80d070b6d44942af73c9c3d38e0429/domain-set/94da194d-24b2-4f60-919e-cf0bc76c75b3?fw_instance_id=7a004e79-0b8b-4679-ab20-267f3946e8ba&enterprise_project_id=default
+
+{
+ "name" : "test",
+ "description" : ""
+}
+Status code: 200
+Update Domain Set Response
+{
+ "data" : {
+ "id" : "94da194d-24b2-4f60-919e-cf0bc76c75b3",
+ "name" : "test"
+ }
+}
+Status Code + |
+Description + |
+
|---|---|
200 + |
+Update Domain Set Response + |
+
See Error Codes.
+This API is used to update log config.
+PUT /v1/{project_id}/cfw/logs/configuration
+ +Parameter + |
+Mandatory + |
+Type + |
+Description + |
+
|---|---|---|---|
project_id + |
+Yes + |
+String + |
+Project ID + |
+
Parameter + |
+Mandatory + |
+Type + |
+Description + |
+
|---|---|---|---|
fw_instance_id + |
+Yes + |
+String + |
+Firewall instance ID, which is automatically generated after a CFW instance is created. You can obtain the ID by calling the API used for querying a firewall instance. For details, see the API Explorer and Help Center FAQ.By default, if fw_instance_Id is not specified, information about the first firewall under the account is returned. If fw_instance_Id is specified, information about the firewall with this fw_instance_Id is returned.If object_Id is specified, information about the firewall with this object_Id is returned by default. If both fw_instance_Id and object_Id are specified, the specified object_Id must belong to the specified firewall. + |
+
enterprise_project_id + |
+No + |
+String + |
+Enterprise project id, the id generated by the enterprise project after the user supports the enterprise project. + |
+
Parameter + |
+Mandatory + |
+Type + |
+Description + |
+
|---|---|---|---|
X-Auth-Token + |
+Yes + |
+String + |
+User token. It can be obtained by calling the IAM API used to obtain a user token. The value of X-Subject-Token in the response header is a token. + |
+
Parameter + |
+Mandatory + |
+Type + |
+Description + |
+
|---|---|---|---|
fw_instance_id + |
+Yes + |
+String + |
+Firewall instance ID, which is automatically generated after a CFW instance is created. You can obtain the ID by calling the API used for querying a firewall instance. For details, see the API Explorer and Help Center FAQ.By default, if fw_instance_Id is not specified, information about the first firewall under the account is returned. If fw_instance_Id is specified, information about the firewall with this fw_instance_Id is returned.If object_Id is specified, information about the firewall with this object_Id is returned by default. If both fw_instance_Id and object_Id are specified, the specified object_Id must belong to the specified firewall. + |
+
lts_enable + |
+Yes + |
+Integer + |
+whether to enable LTS + |
+
lts_log_group_id + |
+Yes + |
+String + |
+Lts log group id + |
+
lts_attack_log_stream_id + |
+No + |
+String + |
+Lts attack log stream id + |
+
lts_attack_log_stream_enable + |
+Yes + |
+Integer + |
+whether to enable attack log streaming + |
+
lts_access_log_stream_id + |
+No + |
+String + |
+Lts access log stream id + |
+
lts_access_log_stream_enable + |
+Yes + |
+Integer + |
+whether to enable access log streaming + |
+
lts_flow_log_stream_id + |
+No + |
+String + |
+Lts flow log stream id + |
+
lts_flow_log_stream_enable + |
+Yes + |
+Integer + |
+whether to enable flow log streaming + |
+
Status code: 200
+ +Parameter + |
+Type + |
+Description + |
+
|---|---|---|
data + |
+String + |
+Log Config Id + |
+
Update the log configuration of the firewall whose firewall instance id is 22c4a5db-504c-471f-8187-5192bc11de0b and project id is 408972e72dcd4c1a9b033e955802a36b, set LTS logs to disabled, and set flow logs, access control logs, and attack logs to disabled.
+https://{Endpoint}/v1/408972e72dcd4c1a9b033e955802a36b/cfw/logs/configuration?fw_instance_id=22c4a5db-504c-471f-8187-5192bc11de0b&enterprise_project_id=default
+
+{
+ "fw_instance_id" : "22c4a5db-504c-471f-8187-5192bc11de0b",
+ "lts_enable" : 0,
+ "lts_log_group_id" : "20282428-a8f9-4e75-8246-165e64cf8ba8",
+ "lts_attack_log_stream_enable" : 0,
+ "lts_access_log_stream_enable" : 0,
+ "lts_flow_log_stream_enable" : 0
+}
+Status code: 200
+Update Log Config Response
+{
+ "data" : "4e113415-7811-4bb3-bf5e-eb835953f7d4"
+}
+Status Code + |
+Description + |
+
|---|---|
200 + |
+Update Log Config Response + |
+
See Error Codes.
+This API is used to update a service group.
+PUT /v1/{project_id}/service-sets/{set_id}
+ +Parameter + |
+Mandatory + |
+Type + |
+Description + |
+
|---|---|---|---|
project_id + |
+Yes + |
+String + |
+Project ID + |
+
set_id + |
+Yes + |
+String + |
+Service group ID + |
+
Parameter + |
+Mandatory + |
+Type + |
+Description + |
+
|---|---|---|---|
enterprise_project_id + |
+No + |
+String + |
+Enterprise project id, the id generated by the enterprise project after the user supports the enterprise project. + |
+
fw_instance_id + |
+No + |
+String + |
+Firewall instance ID, which is automatically generated after a CFW instance is created. You can obtain the ID by calling the API used for querying a firewall instance. For details, see the API Explorer and Help Center FAQ.By default, if fw_instance_Id is not specified, information about the first firewall under the account is returned. If fw_instance_Id is specified, information about the firewall with this fw_instance_Id is returned.If object_Id is specified, information about the firewall with this object_Id is returned by default. If both fw_instance_Id and object_Id are specified, the specified object_Id must belong to the specified firewall. + |
+
Parameter + |
+Mandatory + |
+Type + |
+Description + |
+
|---|---|---|---|
X-Auth-Token + |
+Yes + |
+String + |
+User token. It can be obtained by calling the IAM API used to obtain a user token. The value of X-Subject-Token in the response header is a token. + |
+
Parameter + |
+Mandatory + |
+Type + |
+Description + |
+
|---|---|---|---|
name + |
+No + |
+String + |
+Service group name +Minimum: 1 +Maximum: 255 + |
+
description + |
+No + |
+String + |
+Service group description +Minimum: 1 +Maximum: 255 + |
+
Status code: 200
+ +Parameter + |
+Type + |
+Description + |
+
|---|---|---|
data + |
+IdObject object + |
+Data returned when a service group is updated + |
+
Parameter + |
+Type + |
+Description + |
+
|---|---|---|
id + |
+String + |
+ID + |
+
name + |
+String + |
+name + |
+
Status code: 400
+ +Parameter + |
+Type + |
+Description + |
+
|---|---|---|
error_code + |
+String + |
+Error code +Minimum: 8 +Maximum: 36 + |
+
error_msg + |
+String + |
+Description +Minimum: 2 +Maximum: 512 + |
+
Change the name and description of service group 221cfdca-3abf-4c30-ab0d-516a03c70866 of project 9d80d070b6d44942af73c9c3d38e0429 to ceshi2.
+https://{Endpoint}/v1/9d80d070b6d44942af73c9c3d38e0429/service-sets/221cfdca-3abf-4c30-ab0d-516a03c70866
+
+{
+ "name" : "ceshi2",
+ "description" : "Description"
+}
+Status code: 200
+OK
+{
+ "data" : {
+ "id" : "221cfdca-3abf-4c30-ab0d-516a03c70866"
+ }
+}
+Status code: 400
+Bad Request
+{
+ "error_code" : "CFW.00200005",
+ "error_msg" : "operation content does not exist"
+}
+Status Code + |
+Description + |
+
|---|---|
200 + |
+OK + |
+
400 + |
+Bad Request + |
+
401 + |
+Unauthorized + |
+
403 + |
+Forbidden + |
+
404 + |
+Not Found + |
+
500 + |
+Internal Server Error + |
+
See Error Codes.
+Status Code + |
+Description + |
+Description + |
+
|---|---|---|
200 + |
+OK + |
+The request is successfully processed. + |
+
Status Code + |
+Description + |
+Description + |
+
|---|---|---|
400 + |
+Bad Request + |
+It is a bad request. + |
+
401 + |
+Unauthorized + |
+You do not have permissions to perform this action. + |
+
403 + |
+Forbidden + |
+Access is denied. + |
+
404 + |
+Not Found + |
+The page is not found. + |
+
500 + |
+Internal Server Error + |
+There is an internal server error. + |
+
Release Date + |
+Description + |
+
|---|---|
2024-04-30 + |
+This issue is the first official release. + |
+
Cloud service APIs comply with the RESTful API design principles. REST-based Web services are organized into resources. Each resource is identified by one or more Uniform Resource Identifiers (URIs). An application accesses a resource based on the resource's Unified Resource Locator (URL). A URL is usually in the following format: https://Endpoint/uri. In the URL, uri indicates the resource path, that is, the API access path.
+Cloud service APIs use HTTPS as the transmission protocol. Requests/Responses are transmitted by using JSON messages, with media type represented by Application/json.
+For details about how to use APIs, see API Usage Guidelines.
++
+
+
+
+
+
+
+
+