All Products
Search
Document Center

Security Center:ListInterceptionRulePage

Last Updated:Nov 14, 2024

Queries defense rules that are configured for the container firewall feature.

Debugging

You can run this interface directly in OpenAPI Explorer, saving you the trouble of calculating signatures. After running successfully, OpenAPI Explorer can automatically generate SDK code samples.

Authorization information

The following table shows the authorization information corresponding to the API. The authorization information can be used in the Action policy element to grant a RAM user or RAM role the permissions to call this API operation. Description:

  • Operation: the value that you can use in the Action element to specify the operation on a resource.
  • Access level: the access level of each operation. The levels are read, write, and list.
  • Resource type: the type of the resource on which you can authorize the RAM user or the RAM role to perform the operation. Take note of the following items:
    • The required resource types are displayed in bold characters.
    • If the permissions cannot be granted at the resource level, All Resources is used in the Resource type column of the operation.
  • Condition Key: the condition key that is defined by the cloud service.
  • Associated operation: other operations that the RAM user or the RAM role must have permissions to perform to complete the operation. To complete the operation, the RAM user or the RAM role must have the permissions to perform the associated operations.
OperationAccess levelResource typeCondition keyAssociated operation
yundun-sas:ListInterceptionRulePageget
  • All Resources
    *
    none
none

Request parameters

ParameterTypeRequiredDescriptionExample
ClusterIdstringYes

The ID of the container cluster.

cc41de13ab5474210bc0ce772a009****
CriteriastringNo

The query condition.

80
CriteriaTypestringNo

The type of the query condition. Valid values:

  • ID
  • RULE_NAME
  • SRC_TARGET
  • DST_TARGET
  • DST_PORT
  • RULE_SWITCH
  • INTERCEPTOR_TYPE
DST_PORT
CurrentPageintegerYes

The number of the page to return.

1
PageSizeintegerYes

The number of entries to return on each page.

50

Response parameters

ParameterTypeDescriptionExample
object
RequestIdstring

The ID of the request, which is used to locate and troubleshoot issues.

ACF97412-FD09-4D1F-994F-34DF12BR****
PageInfoobject

The pagination information.

CurrentPageinteger

The page number of the returned page.

19
PageSizeinteger

The number of entries returned per page.

20
TotalCountinteger

The total number of entries returned.

2
Countinteger

The number of entries returned on the current page.

20
InterceptionRuleListarray<object>

An array that consists of information about the defense rules.

Ruleobject

The information about the defense rule.

RuleTypestring

The type of the defense rule.

customize
RuleSwitchinteger

The status of the defense rule. Valid values:

  • 1: enabled
  • 0: disabled
1
RuleIdlong

The ID of the defense rule.

30****
RuleNamestring

The name of the defense rule.

test
SrcTargetobject

The source network object.

AppNamestring

The name of the application.

ack-jenkins-lawr****
RuleTypestring

The type of the defense rule. Valid values:

  • suggest: intelligently recommended rule
  • customize: custom rule
  • system: system rule
customize
TargetIdinteger

The ID of the network object.

40****
TargetNamestring

The name of the network object.

mhh-te****
Namespacestring

The namespace.

jenkins
TargetTypestring

The type of the affected assets.

containerId
ImageListarray

An array that consists of the images of the network object.

imagestring

The images.

nginx:1.****
TagListarray

An array that consists of tags added to the source network object.

tagstring

The tags added to the source network object.

bpm
DstTargetobject

The destination network object.

AppNamestring

The name of the application.

console
RuleTypestring

The type of the defense rule. Valid values:

  • suggest: intelligently recommended rule
  • customize: custom rule
  • system: system rule
customize
TargetIdinteger

The ID of the network object.

302001
TargetNamestring

The name of the network object.

demo4****
Namespacestring

The namespace.

test
TargetTypestring

The type of the network object.

IMAGE
Portsarray

An array that consists of information about the ports used by the destination server.

portstring

The ports.

{"tcp":"1234","udp":"5555"}
ImageListarray

An array that consists of the affected images.

imagestring

The affected images.

nacos:v2.0****
TagListarray

An array that consists of tags added to the destination network object.

tagstring

The tags added to the destination network object.

111
OrderIndexlong

The order in which the entries are sorted.

1
InterceptTypelong

The interception mode. Valid values:

  • 0: monitor
  • 1: block
  • 2: alert
  • 3: allow
1

Examples

Sample success responses

JSONformat

{
  "RequestId": "ACF97412-FD09-4D1F-994F-34DF12BR****",
  "PageInfo": {
    "CurrentPage": 19,
    "PageSize": 20,
    "TotalCount": 2,
    "Count": 20
  },
  "InterceptionRuleList": [
    {
      "RuleType": "customize",
      "RuleSwitch": 1,
      "RuleId": 0,
      "RuleName": "test",
      "SrcTarget": {
        "AppName": "ack-jenkins-lawr****",
        "RuleType": "customize",
        "TargetId": 0,
        "TargetName": "mhh-te****",
        "Namespace": "jenkins",
        "TargetType": "containerId",
        "ImageList": [
          "nginx:1.****"
        ],
        "TagList": [
          "bpm"
        ]
      },
      "DstTarget": {
        "AppName": "console",
        "RuleType": "customize",
        "TargetId": 302001,
        "TargetName": "demo4****",
        "Namespace": "test",
        "TargetType": "IMAGE",
        "Ports": [
          "{\"tcp\":\"1234\",\"udp\":\"5555\"}"
        ],
        "ImageList": [
          "nacos:v2.0****"
        ],
        "TagList": [
          "111"
        ]
      },
      "OrderIndex": 1,
      "InterceptType": 1
    }
  ]
}

Error codes

HTTP status codeError codeError messageDescription
403NoPermissioncaller has no permissionYou are not authorized to do this operation.
500ServerErrorServerError-

For a list of error codes, visit the Service error codes.

Change history

Change timeSummary of changesOperation
No change history