tencent cloud

Feedback

AddAcRule

Last updated: 2023-05-04 17:40:20

1. API Description

Domain name for API request: cfw.tencentcloudapi.com.

This API is used to add edge firewall rules.

A maximum of 20 requests can be initiated per second for this API.

We recommend you to use API Explorer
Try it
API Explorer provides a range of capabilities, including online call, signature authentication, SDK code generation, and API quick search. It enables you to view the request, response, and auto-generated examples.

2. Input Parameters

The following request parameter list only provides API request parameters and some common parameters. For the complete common parameter list, see Common Request Parameters.

Parameter Name Required Type Description
Action Yes String Common Params. The value used for this API: AddAcRule.
Version Yes String Common Params. The value used for this API: 2019-09-04.
Region No String Common Params. This parameter is not required for this API.
OrderIndex Yes String -1: lowest priority; 1: highest priority
RuleAction Yes String The action that Cloud Firewall performs on the traffic. Valid values:
accept: allow
drop: deny
log: observe
Direction Yes String The traffic direction for access control rules. Valid values:
in: incoming traffic access control
out: outgoing traffic access control
Description Yes String The description of access control rules.
SourceType Yes String The type of source address in access control rules. Valid values:
net: source IP or range (IP or CIDR)
location: source region
template: CFW address template
instance: instance ID
vendor: Cloud vendor
SourceContent Yes String The source address in the access control policy.
When SourceType is net, SourceContent is the source IP or CIDR block.
For example: 1.1.1.0/24

When SourceType is template, SourceContent must be the source address template ID.

When SourceType is location, SourceContent is the source region.
For example, ["BJ11", "ZB"]

When SourceType is instance, SourceContent is the public IP of the instance.
For example, ins-xxxxx

When SourceType is vendor, SourceContent is the cloud service provider.
Values: aws, huawei, tencent, aliyun, azure and all.
DestType Yes String The type of destination address in access control rules. Valid values:
net: destination IP or range (IP or CIDR)
location: source region
template: CFW address template
instance: instance ID
vendor: Cloud vendor
domain: Domain name or IP.
DestContent Yes String The destination address in the access control policy.
When DestType is net, DestContent is the destination IP or CIDR block.
For example: 1.1.1.0/24

When DestType is template, DestContent is the destination address template ID.

When DestType is location, DestContent is the destination region.
For example, ["BJ11", "ZB"]

When DestType is instance, DestContent is the public IP of the instance.
For example, ins-xxxxx

When DestType is domain, DestContent is the domain name associated with the instance.
For example, *.qq.com

When DestType, DestContent is the selected cloud service provider.
Values: aws, huawei, tencent, aliyun, azure and all.
Port Yes String The port to apply access control rules. Valid values:
-1/-1: all ports
80,443: 80 or 443
Protocol No String The protocol type of traffic in access control rules. Valid value: TCP. Only TCP is supported for edge firewall rules. If this parameter is not specified, it defaults to TCP.
ApplicationName No String The Layer 7 protocol. Valid values:
HTTP/HTTPS
TLS/SSL
Enable No String Indicates whether to enable the rules. Default: enable. Valid values:
true: enable; false: disable

3. Output Parameters

Parameter Name Type Description
RuleUuid Integer UUID of the new rule
ReturnCode Integer 0: operation successful; -1: operation failed
ReturnMsg String success: operation successful; failed: operation failed
RequestId String The unique request ID, which is returned for each request. RequestId is required for locating a problem.

4. Example

Example1 Adds edge firewall rules

Input Example

POST / HTTP/1.1
Host: cfw.tencentcloudapi.com
Content-Type: application/json
X-TC-Action: AddAcRule
<Common request parameters>

{
    "OrderIndex": "-1",
    "Description": "api test1",
    "SourceType": "location",
    "SourceContent": "cq50,sh31,tj12,bj11",
    "DestType": "net",
    "DestContent": "0.0.0.0/0",
    "Enable": "true",
    "Direction": "in",
    "RuleAction": "accept",
    "Port": "-1/-1",
    "Protocol": "tcp",
    "ApplicationName": ""
}

Output Example

{
    "Response": {
        "RuleUuid": 8888,
        "RequestId": "3c140219-cfe9-470e-b241-907877d6fb03",
        "ReturnCode": 0,
        "ReturnMsg": "success"
    }
}

5. Developer Resources

SDK

TencentCloud API 3.0 integrates SDKs that support various programming languages to make it easier for you to call APIs.

Command Line Interface

6. Error Code

The following only lists the error codes related to the API business logic. For other error codes, see Common Error Codes.

Error Code Description
AuthFailure CAM signature/authentication error.
DryRunOperation DryRun operation, which means the DryRun parameter is passed in yet the request will still be successful.
FailedOperation Operation failed.
InternalError Internal error.
InvalidParameter Invalid parameter.
InvalidParameterValue Invalid parameter value.
LimitExceeded The quota limit has been reached.
MissingParameter Missing parameter.
OperationDenied Operation denied.
RequestLimitExceeded The number of requests exceeds the frequency limit.
ResourceInUse The resource is occupied.
ResourceInsufficient Insufficient resource.
ResourceNotFound The resource does not exist.
ResourceUnavailable The resource is unavailable.
ResourcesSoldOut The resources have been sold out.
UnauthorizedOperation Unauthorized operation.
UnknownParameter Unknown parameter error.
UnsupportedOperation Unsupported operation.
Contact Us

Contact our sales team or business advisors to help your business.

Technical Support

Open a ticket if you're looking for further assistance. Our Ticket is 7x24 avaliable.

7x24 Phone Support