3.安装sdk
您可以通过Maven方式获取和安装SDK,首先需要在您的操作系统中下载并安装Maven ,安装完成后您只需要在Java项目的pom.xml文件中加入相应的依赖项即可。
使用服务端SDK前,您需要安装“huaweicloud-sdk-cfw”,具体的SDK版本号请参见 SDK开发中心 。
Copied!
<dependency>
<groupId>com.huaweicloud.sdk</groupId>
<artifactId>huaweicloud-sdk-cfw</artifactId>
<version>3.1.14</version>
</dependency>
4.开始使用
4.1 导入依赖模块
Copied!
import com.huaweicloud.sdk.cfw.v1.CfwClient;
import com.huaweicloud.sdk.cfw.v1.model.ChangeIpsProtectModeUsingPostRequest;
import com.huaweicloud.sdk.cfw.v1.model.ChangeIpsProtectModeUsingPostResponse;
import com.huaweicloud.sdk.cfw.v1.model.ChangeIpsSwitchUsingPostRequest;
import com.huaweicloud.sdk.cfw.v1.model.ChangeIpsSwitchUsingPostResponse;
import com.huaweicloud.sdk.cfw.v1.model.ChangeProtectEipRequest;
import com.huaweicloud.sdk.cfw.v1.model.ChangeProtectEipResponse;
import com.huaweicloud.sdk.cfw.v1.model.EipOperateProtectReq;
import com.huaweicloud.sdk.cfw.v1.model.EipOperateProtectReqIpInfos;
import com.huaweicloud.sdk.cfw.v1.model.EipResource;
import com.huaweicloud.sdk.cfw.v1.model.IpsProtectDTO;
import com.huaweicloud.sdk.cfw.v1.model.IpsSwitchDTO;
import com.huaweicloud.sdk.cfw.v1.model.ListAttackLogsRequest;
import com.huaweicloud.sdk.cfw.v1.model.ListAttackLogsResponse;
import com.huaweicloud.sdk.cfw.v1.model.ListEipResourcesRequest;
import com.huaweicloud.sdk.cfw.v1.model.ListEipResourcesResponse;
import com.huaweicloud.sdk.cfw.v1.region.CfwRegion;
import com.huaweicloud.sdk.core.auth.BasicCredentials;
import com.huaweicloud.sdk.core.exception.ConnectionException;
import com.huaweicloud.sdk.core.exception.RequestTimeoutException;
import com.huaweicloud.sdk.core.exception.ServiceResponseException;
import java.util.ArrayList;
import java.util.List;
4.2 初始化认证信息
Copied!
String ak = System.getenv("HUAWEICLOUD_SDK_AK");
String sk = System.getenv("HUAWEICLOUD_SDK_SK");
BasicCredentials auth = new BasicCredentials().withAk(ak).withSk(sk);
4.3 初始化防火墙客户端
Copied!
CfwClient client = CfwClient.newBuilder().withCredential(auth).withRegion(KafkaRegion.valueOf("<REGION ID>")).build();
4.4 开启eip的ips防护并使用
此节4.4.1-4.4.5示范了在console界面上如何操作,4.4.6示范了代码如何实现上述操作。
4.4.1 通过查询防护eip列表查询到一条防护eip的地址
![ips-1]()
4.4.2 开启eip防护
![ips-2]()
4.4.3 开启ips防护
![ips-3]()
4.4.4 设置ips防护模式为严格
![ips-4]()
4.4.5 查询攻击日志,获得攻击日志
![ips-5]()
4.4.6 示例代码
Copied!
public static void main(String[] args) {
String ak = System.getenv("HUAWEICLOUD_SDK_AK");
String sk = System.getenv("HUAWEICLOUD_SDK_SK");
BasicCredentials auth = new BasicCredentials().withAk(ak).withSk(sk);
CfwClient client = CfwClient.newBuilder().withCredential(auth).withRegion(CfwRegion.valueOf("<REGION ID>")).build();
try {
EipResource eipResource = queryEip(client);
String publicEIp = eipResource.getPublicIp();
String id = eipResource.getId();
System.out.println(publicEIp);
System.out.println(id);
changeEipProtectionStatus(client,id,publicEIp);
changeIpsStatus(client);
changeIpsMode(client);
queryAttackLogs(client,publicEIp);
} catch (ConnectionException e) {
System.out.println(e.getMessage());
} catch (RequestTimeoutException e) {
System.out.println(e.getMessage());
} catch (ServiceResponseException e) {
System.out.println(e.getHttpStatusCode());
System.out.println(e.getErrorCode());
System.out.println(e.getErrorMsg());
}
}
private static void queryAttackLogs(CfwClient client,String publicEIp) {
ListAttackLogsRequest listAttackLogsRequest = new ListAttackLogsRequest();
listAttackLogsRequest.setDstIp(publicEIp);
listAttackLogsRequest.setFwInstanceId("<YOUR FirewallInstanceId>");
listAttackLogsRequest.setStartTime(1670427589817L);
listAttackLogsRequest.setEndTime(1670431189817L);
listAttackLogsRequest.setLimit(10);
ListAttackLogsResponse listAttackLogsResponse = client.listAttackLogs(listAttackLogsRequest);
System.out.println(listAttackLogsResponse.toString());
}
private static void changeIpsMode(CfwClient client) {
IpsProtectDTO ipsProtectDTO = new IpsProtectDTO();
ipsProtectDTO.setObjectId("<YOUR ObjectId>");
ipsProtectDTO.setMode(1);
ChangeIpsProtectModeUsingPostRequest changeIpsProtectModeUsingPostRequest = new ChangeIpsProtectModeUsingPostRequest();
changeIpsProtectModeUsingPostRequest.setBody(ipsProtectDTO);
ChangeIpsProtectModeUsingPostResponse changeIpsProtectModeUsingPostResponse = client.changeIpsProtectModeUsingPost(changeIpsProtectModeUsingPostRequest);
System.out.println(changeIpsProtectModeUsingPostResponse.toString());
}
private static void changeIpsStatus(CfwClient client) {
IpsSwitchDTO ipsSwitchDTO = new IpsSwitchDTO();
ipsSwitchDTO.setIpsType(IpsSwitchDTO.IpsTypeEnum.NUMBER_1);
ipsSwitchDTO.setObjectId("<YOUR ObjectId>");
ipsSwitchDTO.setStatus(1);
ChangeIpsSwitchUsingPostRequest changeIpsSwitchUsingPostRequest = new ChangeIpsSwitchUsingPostRequest();
changeIpsSwitchUsingPostRequest.setBody(ipsSwitchDTO);
ChangeIpsSwitchUsingPostResponse changeIpsSwitchUsingPostResponse = client.changeIpsSwitchUsingPost(changeIpsSwitchUsingPostRequest);
System.out.println(changeIpsSwitchUsingPostResponse.toString());
}
private static void changeEipProtectionStatus(CfwClient client,String id,String publicEIp) {
ChangeProtectEipRequest changeProtectEipRequest = new ChangeProtectEipRequest();
EipOperateProtectReq eipOperateProtectReq = new EipOperateProtectReq();
eipOperateProtectReq.setObjectId("<YOUR ObjectId>");
eipOperateProtectReq.setStatus(0);
List<EipOperateProtectReqIpInfos> ipsInfos = new ArrayList<>();
EipOperateProtectReqIpInfos eipOperateProtectReqIpInfos = new EipOperateProtectReqIpInfos();
eipOperateProtectReqIpInfos.setId(id);
eipOperateProtectReqIpInfos.setPublicIp(publicEIp);
ipsInfos.add(eipOperateProtectReqIpInfos);
eipOperateProtectReq.setIpInfos(ipsInfos);
changeProtectEipRequest.setBody(eipOperateProtectReq);
ChangeProtectEipResponse changeProtectEipResponse = client.changeProtectEip(changeProtectEipRequest);
System.out.println(changeProtectEipResponse.toString());
}
private static EipResource queryEip(CfwClient client) {
ListEipResourcesRequest listEipResourcesRequest = new ListEipResourcesRequest();
listEipResourcesRequest.setObjectId("<YOUR ObjectId>");
listEipResourcesRequest.setLimit(10);
listEipResourcesRequest.setOffset(0);
listEipResourcesRequest.setSync(ListEipResourcesRequest.SyncEnum.NUMBER_1);
ListEipResourcesResponse listEipResourcesResponse = client.listEipResources(listEipResourcesRequest);
EipResource eipResource = listEipResourcesResponse.getData().getRecords().get(0);
return eipResource;
}
5.FAQ
5.1 ObjectId是什么,如何获取
ObjectId是创建云防火墙后用于区分互联网边界防护和VPC边界防护的标志id,可通过调用API Explorer 查询防火墙实例 获取防护对象id(ObjectId),注意type为0的为互联网边界防护,type为1的为VPC边界防护。
![list-firewallinstance-2]()
5.2 FirewallInstanceId是什么,如何获取
FirewallInstanceId是创建云防火墙后用于标志防火墙由系统自动生成的标志id,可通过调用API Explorer 查询防火墙实例 获取防火墙id(FirewallInstanceId)
![list-firewallinstance-1]()
0.版本说明
本示例基于华为云SDK V3.0版本开发。
1.简介
华为云提供了CFW服务端SDK,您可以直接集成服务端SDK来调用CFW的相关API,从而实现对CFW的快速操作。 该示例展示如何通过CFW服务对已防护的eip采用访问控制进行防护,选择ips防护模式为打开,ips防护模式设定为严格模式,同时查询因此生成的攻击日志。
2.开发前准备
3.安装sdk
您可以通过Maven方式获取和安装SDK,首先需要在您的操作系统中下载并安装Maven ,安装完成后您只需要在Java项目的pom.xml文件中加入相应的依赖项即可。
使用服务端SDK前,您需要安装“huaweicloud-sdk-cfw”,具体的SDK版本号请参见 SDK开发中心 。
<dependency> <groupId>com.huaweicloud.sdk</groupId> <artifactId>huaweicloud-sdk-cfw</artifactId> <version>3.1.14</version> </dependency>4.开始使用
4.1 导入依赖模块
import com.huaweicloud.sdk.cfw.v1.CfwClient; import com.huaweicloud.sdk.cfw.v1.model.ChangeIpsProtectModeUsingPostRequest; import com.huaweicloud.sdk.cfw.v1.model.ChangeIpsProtectModeUsingPostResponse; import com.huaweicloud.sdk.cfw.v1.model.ChangeIpsSwitchUsingPostRequest; import com.huaweicloud.sdk.cfw.v1.model.ChangeIpsSwitchUsingPostResponse; import com.huaweicloud.sdk.cfw.v1.model.ChangeProtectEipRequest; import com.huaweicloud.sdk.cfw.v1.model.ChangeProtectEipResponse; import com.huaweicloud.sdk.cfw.v1.model.EipOperateProtectReq; import com.huaweicloud.sdk.cfw.v1.model.EipOperateProtectReqIpInfos; import com.huaweicloud.sdk.cfw.v1.model.EipResource; import com.huaweicloud.sdk.cfw.v1.model.IpsProtectDTO; import com.huaweicloud.sdk.cfw.v1.model.IpsSwitchDTO; import com.huaweicloud.sdk.cfw.v1.model.ListAttackLogsRequest; import com.huaweicloud.sdk.cfw.v1.model.ListAttackLogsResponse; import com.huaweicloud.sdk.cfw.v1.model.ListEipResourcesRequest; import com.huaweicloud.sdk.cfw.v1.model.ListEipResourcesResponse; import com.huaweicloud.sdk.cfw.v1.region.CfwRegion; import com.huaweicloud.sdk.core.auth.BasicCredentials; import com.huaweicloud.sdk.core.exception.ConnectionException; import com.huaweicloud.sdk.core.exception.RequestTimeoutException; import com.huaweicloud.sdk.core.exception.ServiceResponseException; import java.util.ArrayList; import java.util.List;4.2 初始化认证信息
// 认证用的ak和sk直接写到代码中有很大的安全风险,建议在配置文件或者环境变量中密文存放,使用时解密,确保安全; // 本示例以ak和sk保存在环境变量中来实现身份验证为例,运行本示例前请先在本地环境中设置环境变量HUAWEICLOUD_SDK_AK和HUAWEICLOUD_SDK_SK。 String ak = System.getenv("HUAWEICLOUD_SDK_AK"); String sk = System.getenv("HUAWEICLOUD_SDK_SK"); BasicCredentials auth = new BasicCredentials().withAk(ak).withSk(sk);4.3 初始化防火墙客户端
CfwClient client = CfwClient.newBuilder().withCredential(auth).withRegion(KafkaRegion.valueOf("<REGION ID>")).build();4.4 开启eip的ips防护并使用
此节4.4.1-4.4.5示范了在console界面上如何操作,4.4.6示范了代码如何实现上述操作。
4.4.1 通过查询防护eip列表查询到一条防护eip的地址
4.4.2 开启eip防护
4.4.3 开启ips防护
4.4.4 设置ips防护模式为严格
4.4.5 查询攻击日志,获得攻击日志
4.4.6 示例代码
public static void main(String[] args) { // 认证用的ak和sk硬编码到代码中或者明文存储都有很大的安全风险,建议在配置文件或者环境变量中密文存放,使用时解密,确保安全; // 本示例以ak和sk保存在环境变量中来实现身份认证为例,运行示例前请先在本地环境中设置环境变量HUAWEICLOUD_SDK_AK和HUAWEICLOUD_SDK_SK。 String ak = System.getenv("HUAWEICLOUD_SDK_AK"); String sk = System.getenv("HUAWEICLOUD_SDK_SK"); BasicCredentials auth = new BasicCredentials().withAk(ak).withSk(sk); CfwClient client = CfwClient.newBuilder().withCredential(auth).withRegion(CfwRegion.valueOf("<REGION ID>")).build(); try { /* 4.4.1 通过查询防护eip列表查询到一条防护eip的地址 */ EipResource eipResource = queryEip(client); String publicEIp = eipResource.getPublicIp(); String id = eipResource.getId(); System.out.println(publicEIp); System.out.println(id); /* 4.4.2 开启eip防护 */ changeEipProtectionStatus(client,id,publicEIp); /* 4.4.3 开启ips防护 */ changeIpsStatus(client); /* 4.4.4 设置ips防护模式为严格 */ changeIpsMode(client); /* 4.4.5 查询攻击日志,获得攻击日志 */ queryAttackLogs(client,publicEIp); } catch (ConnectionException e) { System.out.println(e.getMessage()); } catch (RequestTimeoutException e) { System.out.println(e.getMessage()); } catch (ServiceResponseException e) { System.out.println(e.getHttpStatusCode()); System.out.println(e.getErrorCode()); System.out.println(e.getErrorMsg()); } } private static void queryAttackLogs(CfwClient client,String publicEIp) { ListAttackLogsRequest listAttackLogsRequest = new ListAttackLogsRequest(); listAttackLogsRequest.setDstIp(publicEIp); listAttackLogsRequest.setFwInstanceId("<YOUR FirewallInstanceId>"); listAttackLogsRequest.setStartTime(1670427589817L); listAttackLogsRequest.setEndTime(1670431189817L); listAttackLogsRequest.setLimit(10); ListAttackLogsResponse listAttackLogsResponse = client.listAttackLogs(listAttackLogsRequest); System.out.println(listAttackLogsResponse.toString()); } private static void changeIpsMode(CfwClient client) { IpsProtectDTO ipsProtectDTO = new IpsProtectDTO(); ipsProtectDTO.setObjectId("<YOUR ObjectId>"); ipsProtectDTO.setMode(1); ChangeIpsProtectModeUsingPostRequest changeIpsProtectModeUsingPostRequest = new ChangeIpsProtectModeUsingPostRequest(); changeIpsProtectModeUsingPostRequest.setBody(ipsProtectDTO); ChangeIpsProtectModeUsingPostResponse changeIpsProtectModeUsingPostResponse = client.changeIpsProtectModeUsingPost(changeIpsProtectModeUsingPostRequest); System.out.println(changeIpsProtectModeUsingPostResponse.toString()); } private static void changeIpsStatus(CfwClient client) { IpsSwitchDTO ipsSwitchDTO = new IpsSwitchDTO(); ipsSwitchDTO.setIpsType(IpsSwitchDTO.IpsTypeEnum.NUMBER_1); ipsSwitchDTO.setObjectId("<YOUR ObjectId>"); ipsSwitchDTO.setStatus(1); ChangeIpsSwitchUsingPostRequest changeIpsSwitchUsingPostRequest = new ChangeIpsSwitchUsingPostRequest(); changeIpsSwitchUsingPostRequest.setBody(ipsSwitchDTO); ChangeIpsSwitchUsingPostResponse changeIpsSwitchUsingPostResponse = client.changeIpsSwitchUsingPost(changeIpsSwitchUsingPostRequest); System.out.println(changeIpsSwitchUsingPostResponse.toString()); } private static void changeEipProtectionStatus(CfwClient client,String id,String publicEIp) { ChangeProtectEipRequest changeProtectEipRequest = new ChangeProtectEipRequest(); EipOperateProtectReq eipOperateProtectReq = new EipOperateProtectReq(); eipOperateProtectReq.setObjectId("<YOUR ObjectId>"); eipOperateProtectReq.setStatus(0); List<EipOperateProtectReqIpInfos> ipsInfos = new ArrayList<>(); EipOperateProtectReqIpInfos eipOperateProtectReqIpInfos = new EipOperateProtectReqIpInfos(); eipOperateProtectReqIpInfos.setId(id); eipOperateProtectReqIpInfos.setPublicIp(publicEIp); ipsInfos.add(eipOperateProtectReqIpInfos); eipOperateProtectReq.setIpInfos(ipsInfos); changeProtectEipRequest.setBody(eipOperateProtectReq); ChangeProtectEipResponse changeProtectEipResponse = client.changeProtectEip(changeProtectEipRequest); System.out.println(changeProtectEipResponse.toString()); } private static EipResource queryEip(CfwClient client) { ListEipResourcesRequest listEipResourcesRequest = new ListEipResourcesRequest(); listEipResourcesRequest.setObjectId("<YOUR ObjectId>"); listEipResourcesRequest.setLimit(10); listEipResourcesRequest.setOffset(0); listEipResourcesRequest.setSync(ListEipResourcesRequest.SyncEnum.NUMBER_1); ListEipResourcesResponse listEipResourcesResponse = client.listEipResources(listEipResourcesRequest); EipResource eipResource = listEipResourcesResponse.getData().getRecords().get(0); return eipResource; }5.FAQ
5.1 ObjectId是什么,如何获取
ObjectId是创建云防火墙后用于区分互联网边界防护和VPC边界防护的标志id,可通过调用API Explorer 查询防火墙实例 获取防护对象id(ObjectId),注意type为0的为互联网边界防护,type为1的为VPC边界防护。![list-firewallinstance-2]()
5.2 FirewallInstanceId是什么,如何获取
FirewallInstanceId是创建云防火墙后用于标志防火墙由系统自动生成的标志id,可通过调用API Explorer 查询防火墙实例 获取防火墙id(FirewallInstanceId)![list-firewallinstance-1]()
6.参考
更多信息请参考API Explorer
7.修订记录