Revoke regular security group rules
Updated at:2025-10-16
Description
This API is used to revoke rules in a standard security group.
- Rules within the same security group are uniquely indexed by a 6-tuple of remark, protocol, direction, portRange, sourceIp|destIp, and sourceGroupId|destGroupId. If no rules exist, a 404 error will be triggered;
Request structure
Plain Text
1PUT /v{version}/securityGroup/{securityGroupId}?{action}&clientToken={clientToken}&sgVersion={sgVersion} HTTP/1.1
2Host: bcc.bj.baidubce.com
3Authorization: authorization string
4
5{
6 "rule":
7 {
8 "remark": {remark},
9 "protocol": {protocol},
10 "portRange": {portRange},
11 "direction": {direction},
12 "sourceIp": {sourceIp}
13 }
14}Request headers
There are no special headers required beyond the common headers.
Request parameters
| Parameter name | Types | Required or not | Parameter location | Description |
|---|---|---|---|---|
| version | String | Yes | URL parameter | API version number, with current value being 2 |
| clientToken | String | No | Query | Idempotence Token, which is an ASCII string with a length not exceeding 64 bits, see details in [ClientToken Idempotence](VPC/API Reference/General Description.md#Idempotence). |
| sgVersion | Long | No | Query | Security group version number, which can be obtained from the security group list |
| action | String | Yes | Query | The action to be performed on the security group, with the current value being revokeRule |
| securityGroupId | String | Yes | URL parameter | The ID of the security group for which the security group rule is to be revoked |
| rule | [SecurityGroupRuleModel](VPC/API Reference/Appendix.md#SecurityGroupRuleModel) | Yes | RequestBody | The security group rule to be revoked |
Response headers
No special headers are required beyond the standard ones.
Response parameters
No special response parameters are available.
Error codes
| Error code | Error description | HTTP status code | Chinese explanation |
|---|---|---|---|
| SecurityGroup.RulePortOrderInvalid | The order of security group rule port is incorrect. | 400 | The port order of the security group rule is incorrect |
| SecurityGroup.RulePortRangeInvalid | The value of security group rule port is exceeded. | 400 | The port number of the security group rule is out of the allowed range |
| SecurityGroup.RulePortInvalid | The value of security group rule port must be number. | 400 | The port of the security group rule is non-numeric |
| NoSuchObject | The specified object is not found or resource do not exist. | 404 | The target security group does not exist |
| SecurityGroup.RuleNotExist | The Security group rule is not exist. | 404 | Revoked security group rule does not exist |
| VersionMismatch | The sgVersion is mismatch. | 400 | The specified version number of the security group rule does not match the latest version. If the sgVersion parameter is not included in the request, this error code will not be returned. |
Request example
Plain Text
1PUT /v2/securityGroup/g-nky7qeom?revokeRule&clientToken=be31b98c-5e41-4838-9830-9be700de5a20 HTTP/1.1
2Host: bcc.bj.baidubce.com
3Content-Type: application/json;charset=UTF-8
4Authorization: bce-auth-v1/f81d3b34e48048fbb2634dc7882d7e21/2015-08-11T04:17:29Z/3600/host/74c506f68c65e26c633bfa104c863fffac5190fdec1ec24b7c03eb5d67d2e1de
5
6{
7 "rule":
8 {
9 "remark": "Remarks",
10 "protocol": "tcp",
11 "portRange": "1-65535",
12 "direction": "ingress",
13 "sourceIp": "10.101.151.0/29"
14 }
15}Response example
Plain Text
1HTTP/1.1 200 OK
2x-bce-request-id: 1214cca7-4ad5-451d-9215-71cb844c0a50
3Date: Wed, 03 Dec 2014 06:42:19 GMT
4Content-Type: application/json;charset=UTF-8
5Server: BWS