After the protection engine upgraded in Web Application Firewall, the API is completely updated. The version is upgraded to 2019-09-10, and the APIs and parameters are changed.

  • If your Web Application Firewall instances are upgraded to the new protection engine version, see API references for new engine documents to call the API service.

    For more information about the new protection engine, see Protection engine is upgraded.

  • If you have not upgraded to the new protection engine and are still using the previous version of the API, see API references for legacy engine documents to call the API service.
    Note You can log in the Web Application Firewall console, go to the System Management > Product Information page to check the protection engine version of your instance.
    • If the software version is earlier than 5.0.0.0 (for example, 4.5.1.1), the current instance is an legacy version.
    • If the software version number does not appear on the Product Information page, the instance is upgraded to the new version.

Compared with version 2018-01-17, this version has the following differences.

Note Changes have been made to both request and response parameters. For more information, see the related topics describing API operations.
API (2019-09-10) API (2018-01-17) Description
instance information
DescribeInstanceInfo DescribePayInfo Queries the information of a WAF instance.
DescribeInstanceSpecInfo None New operation. Queries the specification of a WAF instance.
None DescribeRegions Not supported. Version 2019-09-10 automatically recognizes the region based on the endpoint of the API operation.
None DescribeWafSourceIpSegment Not supported. We recommend that you view the back-to-origin CIDR block of a WAF instance in the WAF console.
Domain configurations
CreateDomain CreateDomainConfig Specifies the information about a domain and adds the domain to a WAF instance.
DescribeDomain DescribeDomainConfig Updated. In the 2019-09-10 version, this operation obtains more information about domains added to a WAF instance.
ModifyDomain ModifyDomainConfig Modifies the configurations of a specific domain.
DeleteDomain DeleteDomainConfig Deletes the configuration of a specific domain.
DescribeDomainNames DescribeDomainNames Obtains a list of domains that are added to a WAF instance.
ModifyLogServiceStatus None New operation. Enables or disables log collection for the real-time log query and analysis feature of a specific domain.
ModifyLogRetrievalStatus None New operation. Enables or disables log retrieval for a specific domain.
DescribeDomainBasicConfigs None New operation. Queries the protection status in the domain configurations.
DescribeDomainAdvanceConfigs None Obtains detailed configurations of a domain.
CreateCertificate CreateCertAndKey Uploads the certificate and private key of a protected domain.
CreateCertificateByCertificateId None New operation. Upload a certificate for the specified domain name based on the certificate ID.
DescribeCertMatchStatus None New operation. Checks whether the information about the uploaded certificate of a domain matches the private key.
DescribeCertificates None New operation. Queries the available certificate of a specific domain.
Protection configurations
Note Changes have been made to the overall design logic of API operations related to protection configurations. You can use common API operations to enable and disable protection modules, and manage configuration rules. The previous module-specific API operations are no longer supported.
ModifyDomainIpv6Status None New operation. Enables or disables IPv6 protection for a specific domain.
DescribeProtectionModuleStatus None New operation. You can query the status of WAF protection modules, including Web intrusion prevention, data security, advanced protection, Bot management, and access control or throttling.
ModifyProtectionModuleStatus None New operation. You can enable or disable the specified WAF feature, which includes the web intrusion prevention, data security, advanced protection, Bot management, and access control or throttling modules.
DescribeProtectionModuleMode None New operation. This can be used to query the protection features of WAF for a specified domain, including the regular expression engine, big data deep learning engine, HTTP flood protection, data risk control, and active defense. The current prevention mode.
ModifyProtectionModuleMode None New operation. You can call this operation to modify the configurations of rules in the following protection modules: WAF regular expression protection engine, big data deep learning engine, HTTP flood protection, data risk control, and active defense.
DescribeProtectionModuleRules None New operation. You can call this operation to query the configuration records of rules in a specific protection module, such as Web intrusion prevention, data security, Bot management, access control and throttling, and website whitelist.
CreateProtectionModuleRule None New operation. You can call this operation to create configuration rules in a specified WAF protection module, including Web intrusion prevention, data security, advanced protection, Bot management, and access control and traffic throttling.
ModifyProtectionModuleRule None New operation. You can call this operation to modify the configuration rules in a specified WAF feature, including Web intrusion prevention, data security, advanced protection, Bot management, access control or throttling, and whitelist.
ModifyProtectionRuleStatus ModifyProtectionRuleStatus Updated. You can call this operation to enable or disable the WAF protection feature for a specified domain, including website tamper-proofing, legitimate crawlers, crawler threat intelligence, custom protection policies, and the whitelist of websites. The specified rule in the Ram user SDK.
DescribeDomainRuleGroup None New operation. Queries the ID of the protection rule group of the RegEx protection engine configured for a specific domain.
SetDomainRuleGroup None New operation. Selects a protection rule group for the RegEx protection engine used by a specific domain. The system provides three default protection rule groups. You can also choose a custom rule group.
ModifyProtectionRuleCacheStatus ModifyProtectionRuleCacheStatus Updates cached pages of a specific domain protected by tamper protection rules.