Doc CenterSign in to zenConsole

CreatePolicy

1. API Description

This API is used to create a protection strategy.

2. Input Parameters

The following request parameter list only provides API request parameters.

Parameter Name
Required
Type
Description

policyName

Yes

String

The name of the protection strategy.

The length is 2 to 63 characters.

Only letters, numbers, - and periods (.) are supported.

The name must start and end with a number or a letter.

resourceGroupId

No

String

Resource group ID. If the value is null, the protection strategy will be added into default resource group.

blackIpList

No

Array of String

IP deny list.

whiteIpList

No

Array of String

IP allow list.

ipBlackTimeout

No

Integer

IP deny timeout. Unit: minutes.

Available range: [1, 10080].

ports

No

Array of DdosPolicyPort

Port blocking, supports TCP and UDP.

blockProtocol

No

Array of Protocol

Enabled protocol blocking.

UDP and TCP cannot be enabled at the same time.

blockRegions

No

Array of String

Regions blocked.

finger

No

Array of DdosFingerprintRule

Fingerprint filtering configurations.

reflectUdpPort

No

Array of DdosReflectUdpPort

Port list for reflection attack filtering.

trafficControl

No

DdosTrafficControl

Source IP rate limiting configurations.

tags

No

TagAssociation

Bound tags when creating resources.

Tag keys must be unique.

3. Output Parameters

Parameter Name
Type
Description

requestId

String

The unique request ID, which is returned for each request. RequestId is required for locating a problem.

policyId

String

Protection strategy ID.

4. Code Example

Create a protection strategy.

POST /api/v2/zec HTTP/1.1
Host: console.zenlayer.com
Content-Type: application/json
X-ZC-Action: CreatePolicy
<Common Request Params>

Request:
{
    "policyName": "policyName",
    "blackIpList": ["10.0.0.1","10.0.0.2"],
    "whiteIpList": ["10.0.0.1","10.0.0.2"],
    "ipBlackTimeout": 100,
    "ports": [
      {
        "protocol": "TCP",
        "srcPortStart": 1,
        "srcPortEnd": 100,
        "dstPortStart": 1,
        "dstPortEnd": 100,
        "action": "Accept"
      }
    ]
}

Response:
{
  "requestId": "T05992D0C-7E8B-4047-B0C0-780F2CD549D3",
  "response": {
    "requestId": "T05992D0C-7E8B-4047-B0C0-780F2CD549D3",
    "policyId": "<policyId>"
  }
}

5. Developer Resources

Zenlayer Cloud API 2.0 SDKs to make it easier for you to call APIs. More programming languages will be supported.

6. Error Codes

The following only lists the error codes related to the API business logic. For other error codes, see Common Error Codes.

HTTP Status Code
Error Code
Description

404

INVALID_DDOS_POLICY_REGION_NOT_FOUND

The Geo-Blocking region does not exist.

400

INVALID_IP_FORMAT

Invalid IP format.

400

INVALID_POLICY_PACKET_LENGTH_RANGE_OF_FINGERPRINT

Invalid port range for fingerprint filtering.

400

INVALID_POLICY_PORT_OVERLAP

The port range overlaps.

400

INVALID_POLICY_PORT_RANGE_OF_BLOCKING

The port range of the port blocking is incorrect.

400

INVALID_POLICY_PORT_RANGE_OF_FINGERPRINT

Invalid port range for fingerprint filtering.

400

INVALID_POLICY_PROTOCOL_CONFLICT

Protocol blocking conflict. UDP and TCP cannot be enabled at the same time.

409

INVALID_POLICY_TRAFFIC_CONTROL_VALUE

The source IP rate limiting value is not set.

409

INVALID_REFLECT_UDP_PORT_CONFLICT_DEFAULT

The custom UDP reflection source port already exists in the default and cannot be set.

400

OPERATION_DENIED_POLICY_ACTION_AFTER_MATCHING

Traffic can only be dropped based on packet fingerprint rules.

400

OPERATION_DENIED_POLICY_FINGERPRINT_FILTER_LIMITED

The number of fingerprint rules exceeds the limit.

400

OPERATION_DENIED_POLICY_PORT_BLOCKING_LIMITED

The number of port blocked exceeds the limit.

400

OPERATION_DENIED_POLICY_REFLECTION_ATTACK_FILTERING_LIMITED

The number of UDP reflection source ports exceeds the limit.

400

OPERATION_DENIED_POLICY_WHITE_BLACK_IP_LIMITED

The number of IP allow and deny lists exceeds the limit.

Last updated