Edit Access Control V2
This API is used to edit access control for the website acceleration service.
Request
Request-Line
PUT /cdn/v1.1/services/{serviceId}/accessControl/{policyId} HTTP/1.1
Request Parameters
Path Parameters
| Parameter | Type | Required | Description |
|---|---|---|---|
| serviceId | Integer | Mandatory | The unique identifier of the website acceleration service. |
| policyId | Integer | Mandatory | Policy ID number for access control. |
Body Parameters
| Parameter | Type | Required | Description |
|---|---|---|---|
| policyName | String | Mandatory | Policy name for access control. |
| type | String | Mandatory | Access control type, could be "allow", "deny" or "token". |
| matches | Array | Mandatory | Matching configuration that determines which requests the rule applies to. See Matches for details. |
| priority | Integer | Optional | Priority weight for the rule. Rules with a higher weight take precedence. The weight must be non-zero. |
| ipRestriction | String | Optional | Comma-separated list of ips/networks.Only requests from these subnets are allowed, other requests will be rejected with 403 Forbidden response. |
| geoRestriction | Integer | Optional | Comma-separated list of geographic locations to be matched. Each location should be specified as a 2-letter ISO3166 code. E.g "SG,GB". |
| anonymousIp | Boolean | Optional | Set true to apply for anonymous IP, set false to apply for non anonymous IP. Default is false. |
| tokenSecret | String | Optional | Field tokenSecret is only for type "token".Comma-separated list of tokens.Each token should have 64 characters,Each character must be numeric or lowercase letter. |
| enabled | Boolean | Optional | Flag indicating whether the rule is active. Default is true. |
Object: Matches
| Parameter | Type | Required | Description |
|---|---|---|---|
| Array | Mandatory | See Match for details. |
Object: Match
| Parameter | Type | Required | Description |
|---|---|---|---|
| field | String | Mandatory | Which part of the request to match. Supported values: • req.path - Request path (excluding query string).• req.query - Request query parameters.• req.method - HTTP method (GET, POST, etc.).• client.ip - Client IP address.• req.host - Request host.• req.header.user-agent - User-Agent header.• req.header.cookie - Cookie header.• req.header.origin - Origin header.• req.header.via - Via header. |
| operator | String | Mandatory | Defines how to match the field. Supported values: • startswith - Succeeds if the what matches one of the prefixes listed in patterns.• not_startswith - Matches if field value does not starts with any of the specified prefixes.• istartswith - Case-independent version of startswith.• not_istartwith - Matches if the field value does not starts with any of the specified prefixes, ignoring letter case differences.• regex - Succeeds if what matches one of the regexes listed in patterns.• equals - Succeeds if the what matches one of the strings listed in patterns.• not_equals - Succeeds if the field value does not exactly match any of the specified strings.• iequals - Case-independent version of equals.• not_iequals - Succeeds if the field value does not exactly match any of the specified strings,ignoring letter case differences.• endswith - Succeeds if the what ends with one of the strings listed in patterns. Useful e.g. to match file extensions like ".mp4".• not_endswith - Succeeds if the what does not ends with one of the strings listed in patterns.• iendswith - Case-independent version of endswith.• not_iendswith - Succeeds if the what does not ends with one of the strings listed in patterns,ignoring letter case differences.• subnet - Succeeds if the what belongs to one of subnets, specified in patterns, like "1.222.94.98/32".• not_subnet - Succeeds if the what does not belongs to one of subnets.Note: subnet operator is applicable only to the client.ip match option. |
| values | String[] | Mandatory | List of values matching the URL path string. |
Status Codes, Error Codes and Error Messages
| Status Code | Error Code | Error Message |
|---|---|---|
| 400 | Request.BadRequest | Bad request. |
| 400 | InvalidCustomer.IdEmpty | Customer id can be empty or invalid. |
| 400 | InvalidService.IdIncorrect | Service id is empty or invalid. |
| 400 | ServiceId.IdPermission | ServiceId can not be found or unknown. |
| 400 | Invalid.PolicyName | Policy name is required. |
| 400 | InvalidPriority.Unique | Priority value must be unique. |
| 400 | InvalidPolicy.TypeEmpty | Policy type can not be empty. |
| 400 | InvalidPolicy.AccessType | Policy access type must be one of the following values 'allow','deny','token'. |
| 400 | InvalidPolicy.MatchURLIncorrect | The matchUrlPath can not be empty. |
| 400 | InvalidPolicy.Operator | Operator must be one of the following: prefix,regex,equals or suffix. |
| 400 | InvalidPolicy.MatchUrlPathPatternsIncorrect | The MatchUrlPath patterns could not be empty. |
| 400 | InvalidPolicy.Priority | Priority is required. |
| 400 | InvalidPolicy.IpRestriction | Ip restriction format is incorrect,Supported formats: 172.31.31.0, 172.31.31.0/255.255.255.0, 172.31.32.0/24. |
| 400 | InvalidPolicy.GeoFormat | Geo restriction format is incorrect. |
| 400 | InvalidPolicy.MatchesIncorrect | The matches can not be empty or incorrect. |
| 400 | InvalidPolicy.MatchFieldIncorrect | The match field can not be empty or use the specified value. |
| 400 | InvalidPolicy.MatchOperatorIncorrect | The match operator required or use the specified value. |
| 400 | InvalidPolicy.MatchValuesIncorrect | The match values required or can not be empty. |
| 400 | InvalidPolicy.MatchValueIncorrect | All match values must not be empty. |
Response
Response Body
| Parameter | Type | Description |
|---|---|---|
| policyId | Integer | Policy ID number for access control. |
| policyName | String | Policy name for access control. |
| type | String | Access control type, could be "allow", "deny" or "token". |
| matches | Array | Matching configuration that determines which requests the rule applies to. See Matches for details. |
| priority | Integer | Priority weight for the rule. Rules with a higher weight take precedence. The weight must be non-zero. |
| ipRestriction | String | Comma-separated list of ips/networks.Only requests from these subnets are allowed, other requests will be rejected with 403 Forbidden response. |
| geoRestriction | String | Comma-separated list of geographic locations to be matched. Each location should be specified as a 2-letter ISO3166 code. E.g "SG,GB". |
| anonymousIp | Boolean | Set true to apply for anonymous IP, set false to apply for non anonymous IP. Default is false. |
| tokenSecret | String | Field tokenSecret is only for type "token".Comma-separated list of tokens.Each token should have 64 characters,Each character must be numeric or lowercase letter. |
| enabled | Boolean | Flag indicating whether the rule is active. Default is true. |
| 400 | InvalidPolicy.MatchesIncorrect | The matches can not be empty or incorrect. |
| 400 | InvalidPolicy.MatchFieldIncorrect | The match field can not be empty or use the specified value. |
| 400 | InvalidPolicy.MatchOperatorIncorrect | The match operator required or use the specified value. |
| 400 | InvalidPolicy.MatchValuesIncorrect | The match values required or can not be empty. |
| 400 | InvalidPolicy.MatchValueIncorrect | All match values must not be empty. |
Examples
Edit Access Control V2
Request
PUT /cdn/v1.1/services/{serviceId}/accessControl/{policyId} HTTP/1.1
{
"policyName":"accetss",
"matches":[
{
"field":"req.path",
"operator":"startswith",
"values":["/css/","/images/abc/"]
},
{
"field":"req.method",
"operator":"iequals",
"values":["GET"]
}
],
"priority":41,
"type":"token",
"geoRestriction":"US,CN",
"ipRestriction":"172.16.12.1",
"anonymousIp":true,
"tokenSecret":"bdfy7r6jflo3iydy9zxigkl5m0hte6d423d45dfg6gavo07xvmtc4tzsdc9yxyjy",
"enabled":true
}
Successful Response Body
{
"policyId": 262277,
"policyName": "accetss",
"type": "token",
"matches": [
{
"field": "req.path",
"operator": "startswith",
"values": [
"/css/",
"/images/abc/"
]
},
{
"field": "req.method",
"operator": "iequals",
"values": [
"GET"
]
}
],
"priority": 41,
"ipRestriction": "172.16.12.1",
"geoRestriction": "CN,US",
"anonymousIp": false,
"tokenSecret": "bdfy7r6jflo3iydy9zxigkl5m0hte6d423d45dfg6gavo07xvmtc4tzsdc9yxyjy",
"enabled": true
}