CFW
更新时间:2026-03-23
创建CFW策略
函数声明
Java
1public CreateCfwResponse createCfw(CreateCfwRequest body) {
2 ......
3} 参数含义
| 参数名 | 类型 | 说明 |
|---|---|---|
| name | String | CFW名称,长度不超过65个字符,可由数字、字符、下划线组成 |
| description | String | CFW描述,不超过200字符 |
| cfwRules | List |
CFW规则列表 |
CreateRule参数说明:
| 参数名 | 类型 | 说明 |
|---|---|---|
| ipVersion | Integer | IP版本 |
| priority | Integer | 优先级 |
| protocol | String | 协议类型 |
| direction | String | 方向(入站/出站) |
| sourceAddress | String | 源地址 |
| destAddress | String | 目的地址 |
| sourcePort | String | 源端口 |
| destPort | String | 目的端口 |
| action | String | 动作(允许/拒绝) |
| description | String | 规则描述 |
返回值
- 操作成功
Plain Text
1{
2 "metadata":具体信息参考附录metadata部分,
3 "cfwId":"cfw-xxxxxxxx"
4}- 操作失败
操作失败返回异常,参考异常处理章节
代码示例
Java
1import com.baidubce.services.cfw.CfwClient;
2import com.baidubce.services.cfw.model.CreateCfwRequest;
3import com.baidubce.services.cfw.model.CreateCfwResponse;
4import java.util.ArrayList;
5import java.util.List;
6
7public class CreateCfwExample {
8 public static void main(String[] args) {
9 String ak = "your-access-key-id";
10 String sk = "your-secret-access-key";
11
12 CfwClient client = new CfwClient(ak, sk);
13
14 CreateCfwRequest request = new CreateCfwRequest();
15 request.setName("my-cfw-policy");
16 request.setDescription("测试CFW策略");
17
18 // 创建规则
19 List<CreateCfwRequest.CreateRule> rules = new ArrayList<>();
20 CreateCfwRequest.CreateRule rule = new CreateCfwRequest.CreateRule();
21 rule.setIpVersion(4);
22 rule.setPriority(100);
23 rule.setProtocol("TCP");
24 rule.setDirection("ingress");
25 rule.setSourceAddress("0.0.0.0/0");
26 rule.setDestAddress("10.0.0.0/8");
27 rule.setSourcePort("1-65535");
28 rule.setDestPort("80");
29 rule.setAction("allow");
30 rule.setDescription("允许HTTP访问");
31 rules.add(rule);
32
33 request.setCfwRules(rules);
34
35 CreateCfwResponse response = client.createCfw(request);
36 System.out.println("创建的CFW ID: " + response.getCfwId());
37 }
38}查询CFW策略详情
函数声明
Java
1public GetCfwResponse getCfw(String cfwId) {
2 ......
3} 参数含义
| 参数名 | 类型 | 说明 |
|---|---|---|
| cfwId | String | CFW策略的ID |
返回值
- 操作成功
Plain Text
1{
2 "metadata":具体信息参考附录metadata部分,
3 "cfwId":"cfw-xxxxxxxx",
4 "name":"my-cfw-policy",
5 "description":"测试CFW策略",
6 "createdTime":"2024-01-01T00:00:00Z",
7 "bindInstanceNum":5,
8 "cfwRules": [
9 {
10 "cfwRuleId":"rule-xxxxxxxx",
11 "ipVersion":4,
12 "priority":100,
13 "protocol":"TCP",
14 "direction":"ingress",
15 "sourceAddress":"0.0.0.0/0",
16 "destAddress":"10.0.0.0/8",
17 "sourcePort":"1-65535",
18 "destPort":"80",
19 "action":"allow",
20 "description":"允许HTTP访问"
21 }
22 ]
23}- 操作失败
操作失败返回异常,参考异常处理章节
代码示例
Java
1import com.baidubce.services.cfw.CfwClient;
2import com.baidubce.services.cfw.model.GetCfwResponse;
3
4public class GetCfwExample {
5 public static void main(String[] args) {
6 String ak = "your-access-key-id";
7 String sk = "your-secret-access-key";
8
9 CfwClient client = new CfwClient(ak, sk);
10
11 String cfwId = "cfw-xxxxxxxx";
12 GetCfwResponse response = client.getCfw(cfwId);
13
14 System.out.println("CFW名称: " + response.getName());
15 System.out.println("CFW描述: " + response.getDescription());
16 System.out.println("创建时间: " + response.getCreatedTime());
17 System.out.println("绑定实例数量: " + response.getBindInstanceNum());
18 }
19}查询CFW策略列表
函数声明
Java
1public ListCfwResponse listCfw(ListCfwRequest request) {
2 ......
3} 参数含义
| 参数名 | 类型 | 说明 |
|---|---|---|
| marker | String | 批量获取列表的查询的起始位置,是一个由系统生成的字符串 |
| maxKeys | Integer | 每页包含的最大数量,最大数量通常不超过1000。缺省值为1000 |
返回值
- 操作成功
Plain Text
1{
2 "metadata":具体信息参考附录metadata部分,
3 "marker":"",
4 "isTruncated":false,
5 "nextMarker":"",
6 "maxKeys":1000,
7 "cfws": [
8 {
9 "cfwId":"cfw-xxxxxxxx",
10 "name":"my-cfw-policy",
11 "description":"测试CFW策略",
12 "createdTime":"2024-01-01T00:00:00Z",
13 "bindInstanceNum":5,
14 "cfwRules":[...]
15 }
16 ]
17}- 操作失败
操作失败返回异常,参考异常处理章节
代码示例
Java
1import com.baidubce.services.cfw.CfwClient;
2import com.baidubce.services.cfw.model.ListCfwRequest;
3import com.baidubce.services.cfw.model.ListCfwResponse;
4
5public class ListCfwExample {
6 public static void main(String[] args) {
7 String ak = "your-access-key-id";
8 String sk = "your-secret-access-key";
9
10 CfwClient client = new CfwClient(ak, sk);
11
12 ListCfwRequest request = new ListCfwRequest();
13 request.setMaxKeys(100);
14
15 ListCfwResponse response = client.listCfw(request);
16
17 System.out.println("CFW策略总数: " + response.getCfws().size());
18 for (ListCfwResponse.Cfw cfw : response.getCfws()) {
19 System.out.println("CFW ID: " + cfw.getCfwId() + ", 名称: " + cfw.getName());
20 }
21 }
22}更新CFW策略
函数声明
Java
1public void updateCfw(String cfwId, UpdateCfwRequest body) {
2 ......
3} 参数含义
| 参数名 | 类型 | 说明 |
|---|---|---|
| cfwId | String | CFW策略的ID |
| name | String | CFW名称,长度不超过65个字符,可由数字、字符、下划线组成 |
| description | String | CFW描述,不超过200字符 |
返回值
- 操作成功
无
- 操作失败
操作失败返回异常,参考异常处理章节
代码示例
Java
1import com.baidubce.services.cfw.CfwClient;
2import com.baidubce.services.cfw.model.UpdateCfwRequest;
3
4public class UpdateCfwExample {
5 public static void main(String[] args) {
6 String ak = "your-access-key-id";
7 String sk = "your-secret-access-key";
8
9 CfwClient client = new CfwClient(ak, sk);
10
11 String cfwId = "cfw-xxxxxxxx";
12 UpdateCfwRequest request = new UpdateCfwRequest();
13 request.setName("updated-cfw-policy");
14 request.setDescription("更新后的CFW策略描述");
15
16 client.updateCfw(cfwId, request);
17 System.out.println("CFW策略更新成功");
18 }
19}删除CFW策略
函数声明
Java
1public void deleteCfw(String cfwId) {
2 ......
3} 参数含义
| 参数名 | 类型 | 说明 |
|---|---|---|
| cfwId | String | CFW策略的ID |
注意:CFW存在绑定关系时不允许删除
返回值
- 操作成功
无
- 操作失败
操作失败返回异常,参考异常处理章节
代码示例
Java
1import com.baidubce.services.cfw.CfwClient;
2
3public class DeleteCfwExample {
4 public static void main(String[] args) {
5 String ak = "your-access-key-id";
6 String sk = "your-secret-access-key";
7
8 CfwClient client = new CfwClient(ak, sk);
9
10 String cfwId = "cfw-xxxxxxxx";
11 client.deleteCfw(cfwId);
12 System.out.println("CFW策略删除成功");
13 }
14}批量创建CFW规则
函数声明
Java
1public void createCfwRule(String cfwId, CreateCfwRuleRequest body) {
2 ......
3} 参数含义
| 参数名 | 类型 | 说明 |
|---|---|---|
| cfwId | String | CFW策略的ID |
| cfwRules | List |
CFW规则列表 |
CreateRule参数说明:
| 参数名 | 类型 | 说明 |
|---|---|---|
| ipVersion | Integer | IP版本 |
| priority | Integer | 优先级 |
| protocol | String | 协议类型 |
| direction | String | 方向(ingress/egress) |
| sourceAddress | String | 源地址 |
| destAddress | String | 目的地址 |
| sourcePort | String | 源端口 |
| destPort | String | 目的端口 |
| action | String | 动作(allow/deny) |
| description | String | 规则描述 |
注意:
- 五元组(protocol/sourceAddress/destAddress/sourcePort/destPort) + 方向(direction)不能全部相同
- 一次最多创建100条规则
返回值
- 操作成功
无
- 操作失败
操作失败返回异常,参考异常处理章节
代码示例
Java
1import com.baidubce.services.cfw.CfwClient;
2import com.baidubce.services.cfw.model.CreateCfwRuleRequest;
3import java.util.ArrayList;
4import java.util.List;
5
6public class CreateCfwRuleExample {
7 public static void main(String[] args) {
8 String ak = "your-access-key-id";
9 String sk = "your-secret-access-key";
10
11 CfwClient client = new CfwClient(ak, sk);
12
13 String cfwId = "cfw-xxxxxxxx";
14 CreateCfwRuleRequest request = new CreateCfwRuleRequest();
15
16 List<CreateCfwRuleRequest.CreateRule> rules = new ArrayList<>();
17
18 // 创建第一条规则
19 CreateCfwRuleRequest.CreateRule rule1 = new CreateCfwRuleRequest.CreateRule();
20 rule1.setIpVersion(4);
21 rule1.setPriority(100);
22 rule1.setProtocol("TCP");
23 rule1.setDirection("ingress");
24 rule1.setSourceAddress("0.0.0.0/0");
25 rule1.setDestAddress("10.0.0.0/8");
26 rule1.setSourcePort("1-65535");
27 rule1.setDestPort("80");
28 rule1.setAction("allow");
29 rule1.setDescription("允许HTTP访问");
30 rules.add(rule1);
31
32 // 创建第二条规则
33 CreateCfwRuleRequest.CreateRule rule2 = new CreateCfwRuleRequest.CreateRule();
34 rule2.setIpVersion(4);
35 rule2.setPriority(101);
36 rule2.setProtocol("TCP");
37 rule2.setDirection("ingress");
38 rule2.setSourceAddress("0.0.0.0/0");
39 rule2.setDestAddress("10.0.0.0/8");
40 rule2.setSourcePort("1-65535");
41 rule2.setDestPort("443");
42 rule2.setAction("allow");
43 rule2.setDescription("允许HTTPS访问");
44 rules.add(rule2);
45
46 request.setCfwRules(rules);
47
48 client.createCfwRule(cfwId, request);
49 System.out.println("CFW规则创建成功");
50 }
51}修改CFW规则
函数声明
Java
1public void updateCfwRule(String cfwId, String cfwRuleId, UpdateCfwRuleRequest body) {
2 ......
3} 参数含义
| 参数名 | 类型 | 说明 |
|---|---|---|
| cfwId | String | CFW策略的ID |
| cfwRuleId | String | CFW规则的ID |
| ipVersion | Integer | IP版本 |
| priority | Integer | 优先级 |
| protocol | String | 协议类型 |
| direction | String | 方向(ingress/egress) |
| sourceAddress | String | 源地址 |
| destAddress | String | 目的地址 |
| sourcePort | String | 源端口 |
| destPort | String | 目的端口 |
| action | String | 动作(allow/deny) |
| description | String | 规则描述 |
注意:五元组(protocol/sourceAddress/destAddress/sourcePort/destPort) + 方向(direction)不能全部相同
返回值
- 操作成功
无
- 操作失败
操作失败返回异常,参考异常处理章节
代码示例
Java
1import com.baidubce.services.cfw.CfwClient;
2import com.baidubce.services.cfw.model.UpdateCfwRuleRequest;
3
4public class UpdateCfwRuleExample {
5 public static void main(String[] args) {
6 String ak = "your-access-key-id";
7 String sk = "your-secret-access-key";
8
9 CfwClient client = new CfwClient(ak, sk);
10
11 String cfwId = "cfw-xxxxxxxx";
12 String cfwRuleId = "rule-xxxxxxxx";
13
14 UpdateCfwRuleRequest request = new UpdateCfwRuleRequest();
15 request.setPriority(200);
16 request.setDescription("更新后的规则描述");
17
18 client.updateCfwRule(cfwId, cfwRuleId, request);
19 System.out.println("CFW规则更新成功");
20 }
21}批量删除CFW规则
函数声明
Java
1public void deleteCfwRule(String cfwId, DeleteCfwRuleRequest body) {
2 ......
3} 参数含义
| 参数名 | 类型 | 说明 |
|---|---|---|
| cfwId | String | CFW策略的ID |
| cfwRuleIds | List |
CFW规则ID列表 |
注意:CFW已绑定到实例时,至少保留一条规则
返回值
- 操作成功
无
- 操作失败
操作失败返回异常,参考异常处理章节
代码示例
Java
1import com.baidubce.services.cfw.CfwClient;
2import com.baidubce.services.cfw.model.DeleteCfwRuleRequest;
3import java.util.Arrays;
4
5public class DeleteCfwRuleExample {
6 public static void main(String[] args) {
7 String ak = "your-access-key-id";
8 String sk = "your-secret-access-key";
9
10 CfwClient client = new CfwClient(ak, sk);
11
12 String cfwId = "cfw-xxxxxxxx";
13
14 DeleteCfwRuleRequest request = new DeleteCfwRuleRequest();
15 request.setCfwRuleIds(Arrays.asList("rule-xxxxxxxx", "rule-yyyyyyyy"));
16
17 client.deleteCfwRule(cfwId, request);
18 System.out.println("CFW规则删除成功");
19 }
20}批量绑定CFW策略到实例
函数声明
Java
1public void bindCfw(String cfwId, BindCfwRequest body) {
2 ......
3} 参数含义
| 参数名 | 类型 | 说明 |
|---|---|---|
| cfwId | String | CFW策略的ID |
| instanceType | String | 实例类型,取值:eip、nat、etGateway、peerconn、csn、ipv6Gateway |
| instances | List |
绑定实例信息列表 |
CfwBind参数说明:
| 参数名 | 类型 | 说明 |
|---|---|---|
| region | String | 实例所在区域 |
| instanceId | String | 实例ID |
| role | String | 角色(对于某些实例类型需要) |
| memberId | String | 成员ID(对于某些实例类型需要) |
注意:没有规则的CFW不能绑定到实例
返回值
- 操作成功
无
- 操作失败
操作失败返回异常,参考异常处理章节
代码示例
Java
1import com.baidubce.services.cfw.CfwClient;
2import com.baidubce.services.cfw.model.BindCfwRequest;
3import java.util.ArrayList;
4import java.util.List;
5
6public class BindCfwExample {
7 public static void main(String[] args) {
8 String ak = "your-access-key-id";
9 String sk = "your-secret-access-key";
10
11 CfwClient client = new CfwClient(ak, sk);
12
13 String cfwId = "cfw-xxxxxxxx";
14
15 BindCfwRequest request = new BindCfwRequest();
16 request.setInstanceType("eip");
17
18 List<BindCfwRequest.CfwBind> instances = new ArrayList<>();
19
20 BindCfwRequest.CfwBind instance1 = new BindCfwRequest.CfwBind();
21 instance1.setRegion("bj");
22 instance1.setInstanceId("eip-xxxxxxxx");
23 instances.add(instance1);
24
25 BindCfwRequest.CfwBind instance2 = new BindCfwRequest.CfwBind();
26 instance2.setRegion("gz");
27 instance2.setInstanceId("eip-yyyyyyyy");
28 instances.add(instance2);
29
30 request.setInstances(instances);
31
32 client.bindCfw(cfwId, request);
33 System.out.println("CFW策略绑定成功");
34 }
35}批量解绑CFW策略
函数声明
Java
1public void unbindCfw(String cfwId, UnbindCfwRequest body) {
2 ......
3} 参数含义
| 参数名 | 类型 | 说明 |
|---|---|---|
| cfwId | String | CFW策略的ID |
| instanceType | String | 实例类型,取值:eip、nat、etGateway、peerconn、csn、ipv6Gateway |
| instances | List |
解绑实例信息列表 |
CfwUnbind参数说明:
| 参数名 | 类型 | 说明 |
|---|---|---|
| region | String | 实例所在区域 |
| instanceId | String | 实例ID |
| role | String | 角色(对于某些实例类型需要) |
| memberId | String | 成员ID(对于某些实例类型需要) |
返回值
- 操作成功
无
- 操作失败
操作失败返回异常,参考异常处理章节
代码示例
Java
1import com.baidubce.services.cfw.CfwClient;
2import com.baidubce.services.cfw.model.UnbindCfwRequest;
3import java.util.ArrayList;
4import java.util.List;
5
6public class UnbindCfwExample {
7 public static void main(String[] args) {
8 String ak = "your-access-key-id";
9 String sk = "your-secret-access-key";
10
11 CfwClient client = new CfwClient(ak, sk);
12
13 String cfwId = "cfw-xxxxxxxx";
14
15 UnbindCfwRequest request = new UnbindCfwRequest();
16 request.setInstanceType("eip");
17
18 List<UnbindCfwRequest.CfwUnbind> instances = new ArrayList<>();
19
20 UnbindCfwRequest.CfwUnbind instance1 = new UnbindCfwRequest.CfwUnbind();
21 instance1.setRegion("bj");
22 instance1.setInstanceId("eip-xxxxxxxx");
23 instances.add(instance1);
24
25 request.setInstances(instances);
26
27 client.unbindCfw(cfwId, request);
28 System.out.println("CFW策略解绑成功");
29 }
30}临时关闭CFW防护
函数声明
Java
1public void disableCfw(String cfwId, DisableCfwRequest body) {
2 ......
3} 参数含义
| 参数名 | 类型 | 说明 |
|---|---|---|
| cfwId | String | CFW策略的ID |
| instanceType | String | 实例类型,取值:eip、nat、etGateway、peerconn、csn、ipv6Gateway |
| instances | List |
需要关闭防护的实例信息列表 |
CfwDisable参数说明:
| 参数名 | 类型 | 说明 |
|---|---|---|
| region | String | 实例所在区域 |
| instanceId | String | 实例ID |
| role | String | 角色(对于某些实例类型需要) |
| memberId | String | 成员ID(对于某些实例类型需要) |
说明:已绑定CFW的实例,使用该接口临时关闭CFW的防护功能
返回值
- 操作成功
无
- 操作失败
操作失败返回异常,参考异常处理章节
代码示例
Java
1import com.baidubce.services.cfw.CfwClient;
2import com.baidubce.services.cfw.model.DisableCfwRequest;
3import java.util.ArrayList;
4import java.util.List;
5
6public class DisableCfwExample {
7 public static void main(String[] args) {
8 String ak = "your-access-key-id";
9 String sk = "your-secret-access-key";
10
11 CfwClient client = new CfwClient(ak, sk);
12
13 String cfwId = "cfw-xxxxxxxx";
14
15 DisableCfwRequest request = new DisableCfwRequest();
16 request.setInstanceType("eip");
17
18 List<DisableCfwRequest.CfwDisable> instances = new ArrayList<>();
19
20 DisableCfwRequest.CfwDisable instance1 = new DisableCfwRequest.CfwDisable();
21 instance1.setRegion("bj");
22 instance1.setInstanceId("eip-xxxxxxxx");
23 instances.add(instance1);
24
25 request.setInstances(instances);
26
27 client.disableCfw(cfwId, request);
28 System.out.println("CFW防护已临时关闭");
29 }
30}恢复CFW防护
函数声明
Java
1public void enableCfw(String cfwId, EnableCfwRequest body) {
2 ......
3} 参数含义
| 参数名 | 类型 | 说明 |
|---|---|---|
| cfwId | String | CFW策略的ID |
| instanceType | String | 实例类型,取值:eip、nat、etGateway、peerconn、csn、ipv6Gateway |
| instances | List |
需要恢复防护的实例信息列表 |
CfwEnable参数说明:
| 参数名 | 类型 | 说明 |
|---|---|---|
| region | String | 实例所在区域 |
| instanceId | String | 实例ID |
| role | String | 角色(对于某些实例类型需要) |
| memberId | String | 成员ID(对于某些实例类型需要) |
说明:已绑定CFW并且临时关闭了防护功能的实例,使用该接口恢复CFW的防护功能
返回值
- 操作成功
无
- 操作失败
操作失败返回异常,参考异常处理章节
代码示例
Java
1import com.baidubce.services.cfw.CfwClient;
2import com.baidubce.services.cfw.model.EnableCfwRequest;
3import java.util.ArrayList;
4import java.util.List;
5
6public class EnableCfwExample {
7 public static void main(String[] args) {
8 String ak = "your-access-key-id";
9 String sk = "your-secret-access-key";
10
11 CfwClient client = new CfwClient(ak, sk);
12
13 String cfwId = "cfw-xxxxxxxx";
14
15 EnableCfwRequest request = new EnableCfwRequest();
16 request.setInstanceType("eip");
17
18 List<EnableCfwRequest.CfwEnable> instances = new ArrayList<>();
19
20 EnableCfwRequest.CfwEnable instance1 = new EnableCfwRequest.CfwEnable();
21 instance1.setRegion("bj");
22 instance1.setInstanceId("eip-xxxxxxxx");
23 instances.add(instance1);
24
25 request.setInstances(instances);
26
27 client.enableCfw(cfwId, request);
28 System.out.println("CFW防护已恢复");
29 }
30}查询防护边界实例列表
函数声明
Java
1public ListInstanceResponse listInstance(ListInstanceRequest request) {
2 ......
3} 参数含义
| 参数名 | 类型 | 说明 |
|---|---|---|
| instanceType | String | 实例类型,必填,取值:eip、nat、etGateway、peerconn、csn、ipv6Gateway |
| marker | String | 批量获取列表的查询的起始位置,是一个由系统生成的字符串 |
| maxKeys | Integer | 每页包含的最大数量,最大数量通常不超过1000。缺省值为1000 |
| status | String | 实例状态(可选) |
| region | String | 实例所在区域(可选) |
返回值
- 操作成功
Plain Text
1{
2 "metadata":具体信息参考附录metadata部分,
3 "marker":"",
4 "isTruncated":false,
5 "nextMarker":"",
6 "maxKeys":1000,
7 "instances": [
8 {
9 "instanceId":"eip-xxxxxxxx",
10 "instanceName":"my-eip",
11 "status":"available",
12 "region":"bj",
13 "cfwId":"cfw-xxxxxxxx",
14 "cfwName":"my-cfw-policy",
15 "vpcId":"vpc-xxxxxxxx",
16 "vpcName":"my-vpc",
17 "publicIp":"1.2.3.4"
18 }
19 ]
20}- 操作失败
操作失败返回异常,参考异常处理章节
代码示例
Java
1import com.baidubce.services.cfw.CfwClient;
2import com.baidubce.services.cfw.model.ListInstanceRequest;
3import com.baidubce.services.cfw.model.ListInstanceResponse;
4
5public class ListInstanceExample {
6 public static void main(String[] args) {
7 String ak = "your-access-key-id";
8 String sk = "your-secret-access-key";
9
10 CfwClient client = new CfwClient(ak, sk);
11
12 ListInstanceRequest request = new ListInstanceRequest();
13 request.setInstanceType("eip");
14 request.setMaxKeys(100);
15 request.setRegion("bj");
16
17 ListInstanceResponse response = client.listInstance(request);
18
19 System.out.println("实例总数: " + response.getInstances().size());
20 for (ListInstanceResponse.Instance instance : response.getInstances()) {
21 System.out.println("实例ID: " + instance.getInstanceId()
22 + ", 名称: " + instance.getInstanceName()
23 + ", CFW策略: " + instance.getCfwName());
24 }
25 }
26}附录
公共返回信息metadata格式
Plain Text
1 {
2 "bceRequestId":"f5f0821d-45fe-439b-bbf4-fc48b639f84a",
3 "contentLength":28,
4 "contentType":"application/json;charset=UTF-8",
5 "date":1701917695000,
6 "server":"openresty/1.15.8.1"
7 }评价此篇文章