Creates or modifies an accurate access control rule of a website.
Debugging
Authorization information
The following table shows the authorization information corresponding to the API. The authorization information can be used in the Action policy element to grant a RAM user or RAM role the permissions to call this API operation. Description:
- Operation: the value that you can use in the Action element to specify the operation on a resource.
- Access level: the access level of each operation. The levels are read, write, and list.
- Resource type: the type of the resource on which you can authorize the RAM user or the RAM role to perform the operation. Take note of the following items:
- The required resource types are displayed in bold characters.
- If the permissions cannot be granted at the resource level,
All Resourcesis used in the Resource type column of the operation.
- Condition Key: the condition key that is defined by the cloud service.
- Associated operation: other operations that the RAM user or the RAM role must have permissions to perform to complete the operation. To complete the operation, the RAM user or the RAM role must have the permissions to perform the associated operations.
| Operation | Access level | Resource type | Condition key | Associated operation |
|---|---|---|---|---|
| yundun-ddoscoo:ModifyWebPreciseAccessRule | update |
|
| none |
Request parameters
| Parameter | Type | Required | Description | Example |
|---|---|---|---|---|
| ResourceGroupId | string | No | The ID of the resource group to which the instance belongs in Resource Management. This parameter is empty by default, which indicates that the instance belongs to the default resource group. | rg-acfm2pz25js**** |
| Domain | string | Yes | The domain name of the website. Note
A forwarding rule must be configured for the domain name. You can call the DescribeDomains operation to query all domain names.
| example.aliyundoc.com |
| Rules | string | Yes | The settings of the accurate access control rule. This parameter is a JSON string. The following list describes the fields in the value of the parameter:
| [{"action":"block","name":"testrule","condition":[{"field":"uri","match_method":"contain","content":"/test/123"}]}] |
| Expires | integer | No | The validity period of the rule. Unit: seconds. This parameter takes effect only when action of a rule is block. Access requests that match the rule are blocked within the specified validity period of the rule. If you do not specify this parameter, this rule takes effect all the time. | 600 |
Mappings between the field and match_method parameters
| field | Description | match_method |
|---|---|---|
| ip | The source IP address of the request. | belong: the Is Part Of relation.nbelong: the Is Not Part Of relation. |
| uri | The request URI. | contain: the Contains relation.ncontain: the Does Not Contain relation.equal: the Equals relation.nequal: the Does Not Equal relation.lless: the Is Shorter Than relation.lequal: the Has a Length Of relation.lgreat: the Is Longer Than relation.regular: The match content is the regular expression of the URI. |
| referer | The URL of the source page from which the request is redirected. | contain: the Contains relation.ncontain: the Does Not Contain relation.equal: the Equals relation.nequal: the Does Not Equal relation.lless: the Is Shorter Than relation.lequal: the Has a Length Of relation.lgreat: the Is Longer Than relation.nexist: the Does Not Exist relation.regular: The match content is the regular expression of the URI. |
| user-agent | The browser information about the client that initiates the request. The information includes the browser identifier, rendering engine, and version. | contain: the Contains relation.ncontain: the Does Not Contain relation.equal: the Equals relation.nequal: the Does Not Equal relation.lless: the Is Shorter Than relation.lequal: the Has a Length Of relation.lgreat: the Is Longer Than relation.regular: The match content is the regular expression of the URI. |
| params | The query string in the request URL. The query string is the part that follows the question mark (?) in the URL. For example, in demo.aliyundoc.com/index.html?action=logi, action=login is the query string. | contain: the Contains relation.ncontain: the Does Not Contain relation.equal: the Equals relation.nequal: the Does Not Equal relation.lless: the Is Shorter Than relation.lequal: the Has a Length Of relation.lgreat: the Is Longer Than relation. |
| cookie | The cookie information in the request. | contain: the Contains relation.ncontain: the Does Not Contain relation.equal: the Equals relation.nequal: the Does Not Equal relation.lless: the Is Shorter Than relation.lequal: the Has a Length Of relation.lgreat: the Is Longer Than relation.nexist: the Does Not Exist relation |
| content-type | The HTTP content type that is specified for the response. The HTTP content type is known as the Multipurpose Internet Mail Extensions (MIME) type. | contain: the Contains relation.ncontain: the Does Not Contain relation.equal: the Equals relation.nequal: the Does Not Equal relation.lless: the Is Shorter Than relation.lequal: the Has a Length Of relation.lgreat: the Is Longer Than relation. |
| x-forwarded-for | The originating IP address. The HTTP X-Forwarded-For (XFF) header is used to identify the originating IP address of the request that is forwarded by an HTTP proxy or a load balancer. The XFF header is included only in requests that are forwarded by an HTTP proxy or a load balancer. | contain: the Contains relation.ncontain: the Does Not Contain relation.equal: the Equals relation.nequal: the Does Not Equal relation.lless: the Is Shorter Than relation.lequal: the Has a Length Of relation.lgreat: the Is Longer Than relation.nexist: the Does Not Exist relation.regular: The match content is the regular expression of the URI. |
| content-length | The number of bytes in the request body. | vless: the Is Smaller Than relation.vequal: the Has a Value Of relation.vgreat: the Is Larger Than relation. |
| post-body | The content of the request. | contain: the Contains relation.ncontain: the Does Not Contain relation.equal: the Equals relation.nequal: the Does Not Equal relation.regular: The match content is the regular expression of the URI. |
| http-method | The request method, such as GET and POST. | equal: the Equals relation.nequal: the Does Not Equal relation. |
| header | The header of the request, which is used to specify a custom HTTP header. | contain: the Contains relation.ncontain: the Does Not Contain relation.equal: the Equals relation.nequal: the Does Not Equal relation.lless: the Is Shorter Than relation.lequal: the Has a Length Of relation.lgreat: the Is Longer Than relation.nexist: the Does Not Exist relation |
Response parameters
Examples
Sample success responses
JSONformat
{
"RequestId": "F908E959-ADA8-4D7B-8A05-FF2F67F50964"
}Error codes
For a list of error codes, visit the Service error codes.