API overview - Cloud Firewall - Alibaba Cloud Documentation Center

AddAclBackupData

Creates an access control list (ACL) backup.

AddAddressBook

Creates an address book. You can create an IPv4 address book, an ECS tag-based address book, an IPv6 address book, a domain name address book, or an ACK address book.

AddControlPolicy

Adds an access control policy.

AddDnsFirewallPolicy

Adds a DNS firewall Access Control List (ACL).

AddDomainResolveRealtimeTask

Creates a real-time domain name resolution task.

AddInstanceMembers

Adds member accounts to Cloud Firewall.

AddPrivateDnsDomainName

Adds a private DNS domain name.

BatchCopyVpcFirewallControlPolicy

Copies all policies from a source VPC firewall policy group to a destination VPC firewall policy group.

BatchDeleteVpcFirewallControlPolicy

Deletes access control policies for a VPC firewall in a batch.

ClearLogStoreStorage

Clears the storage for firewall logs.

CreateAckClusterConnector

Creates an ACK cluster connector.

CreateAclCheck

Creates an access control list (ACL) check.

CreateDownloadTask

Creates a file download task.

CreateInstanceSyncTask

Creates a sync task for Internet assets.

CreateIpsPrivateAssoc

Creates an association for private IP traffic tracing with the Intrusion Prevention System (IPS).

CreateNatFirewallControlPolicy

Creates an access control policy for the NAT firewall.

CreateNatFirewallPreCheck

Runs a precheck for NAT firewall creation.

CreateNatFirewallSyncTask

Creates a sync task for NAT firewall assets.

CreatePrivateDnsEndpoint

Creates a private DNS endpoint.

CreateSecurityProxy

Creates a NAT firewall.

CreateSlsLogDispatch

Create Cloud Firewall SLS Log Delivery

CreateTrFirewallV2

Creates a VPC firewall for a transit router.

CreateTrFirewallV2RoutePolicy

Creates a routing rule for a VPC firewall for a transit router.

CreateVpcFirewallCenConfigure

Creates a VPC firewall to protect traffic between a network instance in a Cloud Enterprise Network (CEN) and a specified VPC.

CreateVpcFirewallCenManualConfigure

Manually creates a VPC border firewall.

CreateVpcFirewallConfigure

Creates a VPC firewall to protect traffic between two VPCs that are connected using Express Connect.

CreateVpcFirewallControlPolicy

Adds an access control policy to a policy group for a specified VPC firewall.

CreateVpcFirewallPrecheck

Creates a precheck task before you create a VPC firewall.

CreateVpcFirewallTask

Creates a sync task for VPC firewall assets.

DeleteAckClusterConnector

Deletes an ACK cluster connector.

DeleteAclBackupData

Deletes an access control list (ACL) backup.

DeleteAddressBook

Deletes an address book.

DeleteControlPolicy

Deletes an access control policy.

DeleteControlPolicyTemplate

Deletes an access control policy template.

DeleteDnsFirewallPolicy

Deletes a DNS firewall policy.

DeleteDownloadTask

Deletes a file download task.

DeleteFirewallV2RoutePolicies

Deletes a routing policy for a VPC firewall for a transit router.

DeleteInstanceMembers

Deletes Cloud Firewall member accounts.

DeleteIpsPrivateAssoc

Creates a private network association for an IPS.

DeleteNatFirewallControlPolicy

Deletes an access control policy for a NAT firewall.

DeleteNatFirewallControlPolicyBatch

Deletes a batch of NAT firewall policies.

DeletePrivateDnsAllDomainName

Deletes all private DNS domain names.

DeletePrivateDnsDomainName

Deletes private DNS domain names.

DeletePrivateDnsEndpoint

Deletes a private DNS endpoint.

DeleteSecurityProxy

Deletes the specified NAT firewall.

DeleteTrFirewallV2

Deletes a VPC firewall for a transit router.

DeleteVpcFirewallCenConfigure

Deletes a VPC firewall that protects traffic between a network instance in a Cloud Enterprise Network (CEN) and a specified VPC.

DeleteVpcFirewallConfigure

Deletes a VPC firewall that protects traffic between two VPCs that are connected by an Express Connect circuit.

DeleteVpcFirewallControlPolicy

Deletes an access control policy from a specific VPC firewall policy group.

DescribeACLProtectTrend

Queries the trend of traffic blocked by Internet access control.

DescribeAITrafficAnalysisStatus

Queries the enabling status of AI-powered traffic analysis.

DescribeAccessInstanceRegionList

Queries the regions that contain synchronization nodes.

DescribeAccessInstanceTask

Queries the progress of a synchronization task on a node.

DescribeAccessInstanceVSwitchList

Queries the vSwitches for synchronization nodes.

DescribeAccessInstanceVpcList

Queries the VPCs associated with synchronization nodes.

DescribeAccessInstanceZoneList

Returns a list of available zones for access instances.

DescribeAckClusterConnector

Queries the details of a specified ACK cluster connector.

DescribeAckClusterConnectors

Queries a list of ACK cluster connectors.

DescribeAckClusterNamespaces

Queries the namespaces in an Alibaba Cloud Container Service for Kubernetes (ACK) cluster.

DescribeAckClusterPodLabels

Queries the labels within an Alibaba Cloud Container Service for Kubernetes (ACK) cluster.

DescribeAckClusters

Queries for Container Service for Kubernetes (ACK) clusters based on specified conditions, such as cluster type and specifications.

DescribeAclApps

Queries multiple access control applications.

DescribeAclBackupList

Queries a list of access control list (ACL) backups.

DescribeAclCheck

Queries the details of an Access Control List (ACL) check.

DescribeAclCheckQuota

Queries the quota for access control list (ACL) checks.

DescribeAclChecks

Queries Access Control List (ACL) checks in batches.

DescribeAclRuleCount

Retrieves the total number of access control list (ACL) configurations.

DescribeAclWhitelist

Queries the Access Control List (ACL) whitelist.

DescribeAddressBook

Queries a list of address books.

DescribeAssetList

Queries information about assets that are protected by Cloud Firewall.

DescribeAssetRiskList

Retrieves a list of asset risk levels.

DescribeAssetStatistic

Queries statistics about assets protected by Cloud Firewall.

DescribeAttackAppCategory

Queries a list of attack categories.

DescribeBatchSlsDispatchStatus

Queries the status of log delivery.

DescribeCfwRiskLevelSummary

Queries a summary of threat levels for Cloud Firewall.

DescribeClearAuthInfo

Queries information about cleared authorizations.

DescribeConfiguredDestinationIP

Queries the list of configured destination IP addresses for outbound connections.

DescribeConfiguredDomainNames

Queries the list of domain names for outbound connections.

DescribeControlPolicy

Retrieves information about all access control policies.

DescribeControlPolicyDomainResolve

Queries the domain name resolution results for an access control policy.

DescribeCreatedNatFirewall

Retrieves a list of created NAT firewalls.

DescribeCtrlInstanceMemberAccounts

Queries a list of member accounts.

DescribeDefaultIPSConfig

Provides Intrusion Prevention System (IPS) protection for internet traffic.

DescribeDnsFirewallPolicy

Queries the list of access control lists (ACLs) for the DNS firewall.

DescribeDomainResolve

Retrieves the Domain Name System (DNS) resolution results for a domain name.

DescribeDownloadTask

Queries the information and download URLs of file download tasks.

DescribeDownloadTaskType

Queries the types of download tasks. The returned types correspond to the TaskType field in other download-related API operations.

DescribeFirewallDropStatistics

Retrieves statistics on packets dropped by the firewall.

DescribeFirewallTask

Retrieves the details of a firewall task.

DescribeFirewallVSwitch

Queries the vSwitches that are created by Cloud Firewall.

DescribeFirewallVswitchResources

Queries the vSwitch resources for Cloud Firewall.

DescribeInstanceMembers

Queries information about the member accounts of Cloud Firewall.

DescribeInstanceRdAccounts

Queries the member accounts in a resource directory for a Cloud Firewall instance.

DescribeInstanceRiskLevels

Queries the risk levels of instances.

DescribeInternetDropTrafficTrend

Trends in internet security.

DescribeInternetOpenDetail

Retrieves the details of assets exposed to the Internet.

DescribeInternetOpenIp

Describes a Cloud Firewall access control policy group.

DescribeInternetOpenPort

Queries the ports that are open to the Internet.

DescribeInternetOpenService

Queries services exposed to the Internet.

DescribeInternetOpenStatistic

Retrieves statistics about assets exposed to the Internet.

DescribeInternetServiceNameList

Retrieves a list of Internet service names.

DescribeInternetSlb

Queries the details of Internet-facing SLB instances.

DescribeInternetTimeTop

Queries the top Internet traffic statistics over time.

DescribeInternetTrafficTop

Queries the top Internet traffic trends.

DescribeInternetTrafficTrend

Queries Internet traffic trends.

DescribeInvadeEcsTrend

Queries the trend of vulnerabilities on ECS instances.

DescribeInvadeEventDetail

Retrieves the details of a breach awareness event.

DescribeInvadeEventList

Queries a list of breach awareness events detected by Cloud Firewall.

DescribeInvadeEventNameList

Retrieves a list of vulnerability names.

DescribeInvadeEventStatistic

Queries statistics about intrusion events.

DescribeIpsPrivateAssoc

Queries the list of IPS Private IP Tracing associations.

DescribeIspInfo

Queries information about ISPs.

DescribeLocationInfo

Queries information about geographic locations.

DescribeLogStoreInfo

Get Log Service Information

Queries the details of the Logstore in Simple Log Service.

DescribeMemberInfo

Describes member information.

DescribeNatAclPageStatus

Queries the paging status of the NAT firewall.

DescribeNatFirewallAclGroupList

Queries the access control policy groups for NAT firewalls.

DescribeNatFirewallControlPolicy

Queries the details of all access control policies for NAT firewalls.

DescribeNatFirewallDropTrafficTrend

Describes the trend of traffic blocked by the NAT firewall on the Overview page.

DescribeNatFirewallList

Queries NAT firewall details.

DescribeNatFirewallPolicyPriorUsed

Queries the priority range of an access control policy for a NAT firewall.

DescribeNatFirewallPrecheckDetail

Queries the precheck details for a NAT firewall.

DescribeNatFirewallQuota

Retrieves the quotas for a NAT firewall.

DescribeNatFirewallTimeTop

Queries the top traffic data of a NAT firewall at a specific point in time.

DescribeNatFirewallTrafficTrend

Overview: NAT Traffic Trend

DescribeNetworkInstanceList

Queries a list of network instances.

DescribeNetworkInstanceRelationList

Queries the relationships between network instances.

DescribeNetworkTrafficTopRatio

Queries the ratio of the top network traffic.

DescribeOpenIpAccessSrcStat

Retrieves statistics about access sources for public IP addresses.

DescribeOutgoingAssetList

Retrieves a list of assets with outbound connections.

DescribeOutgoingDestination

This operation queries outbound destinations.

DescribeOutgoingDestinationCategory

Queries the categories of outbound connection destinations.

DescribeOutgoingDestinationIP

Queries the destination IP addresses of outbound connections.

DescribeOutgoingDestinationIPDetail

Retrieves the details of an outbound destination IP address.

DescribeOutgoingDomain

Queries information about outbound domain names.

DescribeOutgoingDomainDetail

Retrieves details about an outbound domain.

DescribeOutgoingRiskDomainAndIpCount

Queries the number of intrusion prevention threats.

DescribeOutgoingRiskTrend

Queries the trend of outgoing connection threats.

DescribeOutgoingStatistic

Retrieves outbound connection statistics.

DescribeOutgoingTag

Queries outbound connection tags.

DescribePageDocuments

Queries the frequently asked questions (FAQ) for a page.

DescribePolicyAdvancedConfig

Queries the status of strict mode for access control policies.

DescribePolicyPriorUsed

Queries the priority range of access control policies.

DescribePostpayEnabledProtection

Queries the status of pay-as-you-go protection.

DescribePostpayTrafficDetail

Queries traffic details for pay-as-you-go billing.

DescribePostpayTrafficTotal

Queries the total pay-as-you-go traffic for all border firewalls.

DescribePostpayUserInternetStatus

Queries the status of the Internet Border firewall for a pay-as-you-go instance.

DescribePostpayUserNatStatus

Queries the NAT border firewall status for a pay-as-you-go Cloud Firewall.

DescribePostpayUserVpcStatus

Queries the VPC border firewall status for a pay-as-you-go user.

DescribePrefixLists

Queries prefix lists.

DescribePrivateDnsDomainNameList

Queries a list of private DNS domain names.

DescribePrivateDnsEndpointDetail

Queries the details of a private DNS endpoint.

DescribePrivateDnsEndpointList

Queries a list of private DNS endpoints.

DescribePrivateDnsStatistics

Returns statistics about private DNS.

DescribeRegionInfo

Queries information about regions.

DescribeRegionResourceTypeAutoEnable

Queries the automatic traffic redirection settings for asset types in a region.

DescribeResourceTypeAutoEnable

Queries the default traffic redirection settings for an asset type.

DescribeRiskEventGroup

Retrieves the details of intrusion prevention events.

DescribeRiskEventPayload

Queries the attack payloads of intrusion events.

DescribeRiskEventStatistic

Queries statistics about intrusion prevention events.

DescribeRiskEventTopAttackApp

Retrieves the ranking of applications that are targeted by intrusion prevention attacks.

DescribeRiskEventTopAttackAsset

Queries the top assets targeted by attacks.

DescribeRiskEventTopAttackType

Queries the ranking of attack types for intrusion prevention events.

DescribeRiskSecurityGroupDetail

Retrieves the details of a risk security group.

DescribeSdlEventDetail

Retrieves the details of a data leak event.

DescribeSdlEventList

Retrieves a list of data leak events.

DescribeSdlEventSdList

Retrieves the list of sensitive data from a data breach.

DescribeSdlEventStatistic

Queries statistics about data leaks.

DescribeSdlStatistic

Queries the details of sensitive data.

DescribeSecurityMode

Queries the settings of the safe mode.

DescribeSecurityProxy

Queries the details of NAT firewalls.

DescribeSecurityProxyResources

Describes NAT firewall resources.

DescribeSensitiveSwitch

Queries the status of the sensitive data detection switch.

DescribeSignatureLibVersion

Describes the version information of the signature library.

DescribeSlrGrant

Queries the authorization information of a service-linked role (SLR) for a user.

DescribeSlsAnalyzeOpenStatus

Queries the enabled status of Log Service (SLS).

DescribeThreatIntelligenceSwitch

Queries information about threat intelligence configurations.

DescribeTrFirewallPolicyBackUpAssociationList

You can obtain an ACL backup for a VPC firewall for a transit router.

DescribeTrFirewallV2RoutePolicyList

Queries the list of routing policies for a VPC firewall for a transit router.

DescribeTrFirewallsV2Detail

Queries the details of a VPC firewall for a transit router.

DescribeTrFirewallsV2List

Queries the list of VPC firewalls for a transit router.

DescribeTrFirewallsV2RouteList

Queries the route tables for a VPC firewall for a transit router.

DescribeTrafficLog

Queries log traffic information.

DescribeTransitRouterResourcesList

Queries a list of Transit Router resources.

DescribeUnprotectedPortTrend

Queries the trends of unprotected ports.

DescribeUnprotectedVulnTrend

Queries the trend of unprotected vulnerabilities.

DescribeUserAlarmConfig

Queries the alert configurations for a user.

DescribeUserAssetIPTrafficInfo

Queries the traffic information for a specified asset.

DescribeUserBuyVersion

Retrieves version information for a user.

DescribeUserIPSWhitelist

Queries the intrusion prevention system (IPS) whitelist for the Internet Border.

DescribeVfwIPSConfigList

Queries the intrusion prevention system (IPS) configurations for VPC firewalls.

DescribeVpcFirewallAccessDetail

Queries the access details of a VPC firewall.

DescribeVpcFirewallAclGroupList

Queries information about all access control policy groups for a VPC firewall.

DescribeVpcFirewallAssetList

Queries the assets protected by the VPC firewall.

DescribeVpcFirewallAssetRegionList

Returns a list of regions in which the VPC firewall is enabled.

DescribeVpcFirewallCenDetail

Queries the details of a VPC firewall that protects traffic between a network instance in a Cloud Enterprise Network (CEN) and a specified VPC.

DescribeVpcFirewallCenList

Queries the details of VPC firewalls that protect traffic between a specified VPC and network instances in a Cloud Enterprise Network (CEN) instance.

DescribeVpcFirewallCenSummaryList

Queries a list of Cloud Enterprise Network (CEN) instances for a VPC.

DescribeVpcFirewallControlPolicy

Queries all access control policies for a specified VPC firewall.

DescribeVpcFirewallDefaultIPSConfig

Queries the intrusion prevention configuration of a specified VPC firewall.

DescribeVpcFirewallDetail

Queries the details of a VPC firewall that protects traffic between two VPCs connected by an Express Connect circuit.

DescribeVpcFirewallDomainList

Queries a list of domain names accessed through a VPC firewall.

DescribeVpcFirewallDomainRelationList

Queries the access relationships for specified domain names that pass through a VPC firewall.

DescribeVpcFirewallDropTrafficTrend

Queries the traffic drop trend for a VPC firewall.

DescribeVpcFirewallIPSWhitelist

Describes the intrusion prevention system (IPS) whitelist for a VPC firewall.

DescribeVpcFirewallList

Queries information about a VPC firewall that protects traffic between two VPCs connected by an Express Connect circuit.

DescribeVpcFirewallManualVSwitchList

Queries the list of vSwitches for a VPC firewall created in manual mode.

DescribeVpcFirewallPolicyPriorUsed

Queries the effective priority range for access control policies in a specified VPC firewall policy group.

DescribeVpcFirewallPrecheckDetail

Retrieves the details of a VPC firewall precheck.

DescribeVpcFirewallSummaryInfo

Retrieves a summary of VPC firewalls.

DescribeVpcFirewallTrafficAssetList

Retrieves a list of assets that access domain names through a VPC firewall.

DescribeVpcFirewallZone

Describes the available zones for a VPC firewall.

DescribeVpcListLite

Queries a list of Virtual Private Clouds (VPCs).

DescribeVpcZone

Queries the zones that are available for VPCs.

DescribeVulnerabilityProtectedList

Retrieves a list of vulnerabilities that Cloud Firewall can protect against.

DisableSdlProtectedAsset

Disables sensitive data discovery for a protected asset.

EnableSdlProtectedAsset

Enables data breach protection for assets.

GetTlsInspectCertificateDownloadUrl

Retrieves the download path for the certificate of a Transport Layer Security (TLS) inspection policy.

ListTlsInspectCACertificates

This operation lists the Transport Layer Security (TLS) inspection certificate authority (CA) certificates.

ModifyAddressBook

Modifies an address book.

ModifyCfwInstance

Updates instance information for pay-as-you-go 2.0 users.

ModifyControlPolicy

Modifies the configurations of an access control policy.

ModifyControlPolicyPosition

Modifies the priority of an IPv4 access control policy for the Internet firewall. For this type of policy, the source and destination IP addresses are in IPv4 format.

ModifyControlPolicyPriority

Modifies the priority of an access control policy.

ModifyDefaultIPSConfig

Modifies the default intrusion prevention system (IPS) configuration.

ModifyDnsFirewallPolicy

Modifies a DNS firewall rule.

ModifyFirewallV2RoutePolicySwitch

Enables or disables a routing policy.

ModifyInstanceMemberAttributes

Updates the information about members in Cloud Firewall.

ModifyIpsRules

Modifies Intrusion Prevention System (IPS) rules.

ModifyIpsRulesToDefault

Resets Intrusion Prevention System (IPS) rules to the default settings.

ModifyNatFirewallControlPolicy

Modifies the configuration of an access control policy for a NAT firewall.

ModifyNatFirewallControlPolicyPosition

Modifies the priority of an access control policy for a NAT firewall.

ModifyObjectGroupOperation

Modifies the operation for an object group.

ModifyPolicyAdvancedConfig

Enables or disables the strict mode for access control policies.

ModifyPrivateDnsEndpoint

Modifies a private DNS endpoint.

ModifyResourceTypeAutoEnable

Modifies the automatic protection settings for new assets.

ModifySensitiveSwitch

Modifies the status of the sensitive data detection switch.

ModifySlsDispatchStatus

Modifies the log delivery settings for Simple Log Service (SLS).

ModifyThreatIntelligenceSwitch

Modifies the threat intelligence configuration.

ModifyTrFirewallV2Configuration

Modifies the configuration of a VPC firewall for a transit router.

ModifyTrFirewallV2RoutePolicyScope

Modifies the scope of a routing policy for a VPC firewall that is created for a Transit Router (TR).

ModifyUserAlarmConfig

Modifies the alert configuration for a user.

ModifyUserIPSWhitelist

Modifies the intrusion prevention system (IPS) whitelist for the Internet Border.

ModifyUserSlsLogStorageTime

Modifies the storage duration for user logs.

ModifyVpcFirewallAclEngineMode

Modifies the ACL engine mode for a VPC firewall.

ModifyVpcFirewallCenConfigure

Modifies the configuration of a VPC firewall that protects traffic between network instances in a Cloud Enterprise Network (CEN) and a specified VPC.

ModifyVpcFirewallCenSwitchStatus

Modifies the status of a VPC firewall that protects traffic between network instances in a Cloud Enterprise Network (CEN) and a specified VPC.

ModifyVpcFirewallConfigure

Modifies the configuration of a VPC firewall that protects traffic between two VPCs connected by an Express Connect circuit.

ModifyVpcFirewallControlPolicy

Modifies an access control policy in a policy group for a VPC firewall.

ModifyVpcFirewallControlPolicyPosition

Modifies the priority of an access control policy in a policy group for a VPC firewall.

ModifyVpcFirewallDefaultIPSConfig

Modifies the intrusion prevention configuration of a VPC firewall.

ModifyVpcFirewallIPSWhitelist

Modifies the intrusion prevention system (IPS) whitelist for a VPC firewall.

ModifyVpcFirewallSwitchStatus

Enables or disables a VPC firewall. A VPC firewall protects traffic between two VPCs that are connected by an Express Connect circuit.

PutDisableAllFwSwitch

Disables all firewall switches.

PutDisableFwSwitch

Disables a firewall switch.

PutEnableAllFwSwitch

Enables all firewall switches.

PutEnableFwSwitch

Enables a firewall.

ReleaseExpiredInstance

Releases an expired instance.

ReleasePostInstance

Releases a pay-as-you-go firewall.

ResetNatFirewallRuleHitCount

Resets the hit count of a NAT firewall rule.

ResetRuleHitCount

Resets the hit count of a rule.

ResetVpcFirewallRuleHitCount

Resets the hit count of an access control policy in a specified VPC firewall policy group to zero.

SetAutoProtectNewAssets

Enables automatic protection for new assets.

SwitchSecurityProxy

Enables or disables a NAT firewall.

UpdateAITrafficAnalysisStatus

Changes the enabling status of AI-powered traffic analysis.

UpdateAckClusterConnector

Updates an ACK cluster connector.

UpdateAclCheckDetailStatus

Updates the status of an access control list (ACL) check detail.

UpdatePostpayUserInternetStatus

Updates the Internet Border firewall status for a pay-as-you-go user.

UpdatePostpayUserNatStatus

Updates the status of a NAT border firewall for a pay-as-you-go instance.

UpdatePostpayUserVpcStatus

Updates the status of the VPC border firewall for a pay-as-you-go user.

UpdateSecurityProxy

Updates a NAT firewall.

UseAclBackupData

Restores access control policies from a backup.

Cloud Firewall:API overview

API standard and pre-built SDKs in multi-language

Custom signature

Before you begin

API list