DocsICP FilingConsole
官方文档
首页

Manage authorization rules

更新时间:
复制 MD 格式
我的收藏

Use authorization rules to configure access policies that allow or deny IoT devices access to destination addresses.

Introduction to authorization rules

An authorization rule consists of a destination address type, a destination address, and an access policy. The destination address type can be a domain name or a CIDR block. The access policy can be either allow or deny. You can specify which destination addresses IoT devices are allowed or denied to access.

If the same domain name or IP address is configured for both allow and deny policies, the deny policy takes precedence. If an IP address is resolved from a domain name that is denied, the deny policy also takes precedence.

Add an authorization rule

  1. Log on to the 5G Express Cloud Connect console.

  2. On the Instance List page, find the target instance and click Configure Authorization Rule in the Actions column.

  3. On the Authorization Rule tab, click Add Rule.

  4. In the Add Rule dialog box, configure the following settings, and then click OK.

Configuration

Description

Rule Name

Enter a name for the authorization rule.

The name must be 2 to 128 characters long. It must start with a letter and can contain digits, periods (.), underscores (_), and hyphens (-).

Objective

Configure the destination address to access.

  1. Select a destination address type. Valid values are Domain Name and CIDR Block.

  2. Enter the destination address. Based on the selected type, enter the domain name or destination CIDR block to access.

Protocol Type

Configure the protocol type for the access policy.

  • icmp: Internet Control Message Protocol.

  • tcp: Transmission Control Protocol.

  • udp: User Datagram Protocol.

  • all: All protocols are supported.

Port Range

The destination port range. The value range is:

  • TCP and UDP protocols: 1 to 65535. Use a forward slash (/) to separate the start and end ports. For example: 1/200.

  • ICMP protocol: -1/-1.

  • ALL: -1/-1.

Action

Select an action for the access policy. Valid values are Allow and Deny.

  • Allow: Allows IoT devices to access the configured address.

  • Deny: Denies IoT devices access to the configured address.

Note

  • You can configure a wildcard domain name to match all of its subdomains.

  • If both a wildcard domain name (such as *.example.com) and an exact-match domain name (such as www.example.com) are configured, the rule for the exact-match domain name takes precedence.

  • After you configure a domain name or a wildcard domain name, the rule takes about 5 seconds to take effect the first time an IoT device accesses the domain.

Modify an authorization rule

If your access policy changes, you can modify an authorization rule, including its name, destination address, and access policy.

  1. Log on to the 5G Express Cloud Connect console.

  2. On the Instance List page, find the target instance and click Configure Authorization Rule in the Actions column.

  3. On the Authorization Rule tab, find the target rule and click Edit in the Actions column.

  4. In the Edit Rule dialog box, modify the rule, and then click OK.

Delete an authorization rule

  1. Log on to the 5G Express Cloud Connect console.

  2. On the Instance List page, find the target instance and click Configure Authorization Rule in the Actions column.

  3. On the Authorization Rule tab, find the target rule and click Delete in the Actions column.

  4. In the dialog box that appears, click OK.

References

Previous:Connection managementNext:Add and manage DNS authorization rules