All Products
Search
Document Center

Server Load Balancer:DescribeLoadBalancerHTTPSListenerAttribute

Last Updated:Mar 14, 2024

Queries the configurations of an HTTPS listener.

Operation description

Debugging

OpenAPI Explorer automatically calculates the signature value. For your convenience, we recommend that you call this operation in OpenAPI Explorer.

Authorization information

The following table shows the authorization information corresponding to the API. The authorization information can be used in the Action policy element to grant a RAM user or RAM role the permissions to call this API operation. Description:

  • Operation: the value that you can use in the Action element to specify the operation on a resource.
  • Access level: the access level of each operation. The levels are read, write, and list.
  • Resource type: the type of the resource on which you can authorize the RAM user or the RAM role to perform the operation. Take note of the following items:
    • The required resource types are displayed in bold characters.
    • If the permissions cannot be granted at the resource level, All Resources is used in the Resource type column of the operation.
  • Condition Key: the condition key that is defined by the cloud service.
  • Associated operation: other operations that the RAM user or the RAM role must have permissions to perform to complete the operation. To complete the operation, the RAM user or the RAM role must have the permissions to perform the associated operations.
OperationAccess levelResource typeCondition keyAssociated operation
slb:DescribeLoadBalancerHTTPSListenerAttributeREAD
  • loadbalancer
    acs:slb:{#regionId}:{#accountId}:loadbalancer/{#loadbalancerId}
  • slb:tag
none

Request parameters

ParameterTypeRequiredDescriptionExample
RegionIdstringNo

The region ID of the CLB instance.

cn-hangzhou
LoadBalancerIdstringYes

The CLB instance ID.

lb-bp1mxu5r8lau****
ListenerPortintegerYes

The frontend port that is used by the CLB instance.

Valid values: 1 to 65535.

80

Response parameters

ParameterTypeDescriptionExample
object
AclTypestring

The type of the access control list (ACL). Valid values:

  • white: a whitelist. Only requests from the IP addresses or CIDR blocks in the ACL are forwarded. Whitelists apply to scenarios where you want to allow only specific IP addresses to access an application. Your service may be adversely affected if the whitelist is not properly configured. If a whitelist is configured, only requests from IP addresses that are added to the whitelist are forwarded by the listener.

If you enable a whitelist but do not add an IP address to the ACL, the listener forwards all requests.

  • black: a blacklist. All requests from the IP addresses or CIDR blocks in the network ACL are rejected. Blacklists apply to scenarios where you want to block access from specified IP addresses to an application.

If a blacklist is configured for a listener but no IP address is added to the blacklist, the listener forwards all requests.

Note This parameter is required when AclStatus is set to on.
white
XForwardedFor_ClientCertClientVerifystring

Indicates whether the XForwardedFor_ClientCertClientVerify header is used to retrieve the verification result of the client certificate. Valid values:

  • on
  • off
off
CACertificateIdstring

The ID of the certification authority (CA) certificate.

idkp-234-cn-test-0**
RequestIdstring

The request ID.

365F4154-92F6-4AE4-92F8-7FF3********
HealthCheckConnectPortinteger

The port that is used for health checks.

Note This parameter is required when HealthCheck is set to on.
8080
BackendServerPortinteger

The backend port that is used by the CLB instance.

8080
CookieTimeoutinteger

The timeout period of a cookie.

500
HealthCheckDomainstring

The domain name that you want to use for health checks.

www.test.com
XForwardedForstring

Indicates whether the X-Forwarded-For header is used to retrieve client IP addresses. Valid values:

  • on
  • off
on
XForwardedFor_ClientCertFingerprintstring

Indicates whether the XForwardedFor_ClientCertFingerprint header is used to retrieve the fingerprint of the client certificate. Valid values:

  • on
  • off
off
IdleTimeoutinteger

The timeout period of an idle connection. Valid values: 1 to 60. Default value: 15. Unit: seconds.

If no request is received within the specified timeout period, CLB closes the connection. When a request is received, CLB establishes a new connection.

23
ListenerPortinteger

The frontend port that is used by the CLB instance.

80
HealthCheckURIstring

The URL path that is used for health checks.

/test/index.html
XForwardedFor_SLBPORTstring

Indicates whether the XForwardedFor_SLBPORT header is used to retrieve the listening port. Valid values:

  • on
  • off
off
StickySessionTypestring

The method that is used to handle a cookie.

Valid values: insert and server.

  • insert: inserts a cookie.

    CLB inserts a cookie (SERVERID) into the first HTTP or HTTPS response packet that is sent to a client. The next request from the client will contain this cookie, and the listener will distribute this request to the recorded backend server.

  • server: rewrites a cookie.

    When CLB detects a user-defined cookie, it overwrites the original cookie with the user-defined cookie. The next request from the client carries the user-defined cookie, and the listener will distribute the request to the recorded backend server.

insert
Schedulerstring

The routing algorithm. Valid values: wrr and rr.

  • wrr: Backend servers that have higher weights receive more requests than backend servers that have lower weights.
  • rr: Requests are distributed to backend servers in sequence.
wrr
XForwardedFor_protostring

Indicates whether the X-Forwarded-Proto header is used to retrieve the listener protocol. Valid values:

  • on
  • off
on
HealthCheckMethodstring

The health check method used by HTTP listeners. Valid values: head and get.

Note This parameter is available only when HealthCheck is set to on.
get
TLSCipherPolicystring

The Transport Layer Security (TLS) security policy for a high-performance CLB instance.

Each security policy contains TLS protocol versions and cipher suites available for HTTPS. Valid values:

  • tls_cipher_policy_1_0:

    Supported TLS versions: TLS 1.0, TLS 1.1, and TLS 1.2

    Supported cipher suites: ECDHE-RSA-AES128-GCM-SHA256, ECDHE-RSA-AES256-GCM-SHA384, ECDHE-RSA-AES128-SHA256, ECDHE-RSA-AES256-SHA384, AES128-GCM-SHA256, AES256-GCM-SHA384, AES128-SHA256, AES256-SHA256, ECDHE-RSA-AES128-SHA, ECDHE-RSA-AES256-SHA, AES128-SHA, AES256-SHA, and DES-CBC3-SHA

  • tls_cipher_policy_1_1:

    Supported TLS versions: TLS 1.1 and TLS 1.2

    Supported cipher suites: ECDHE-RSA-AES128-GCM-SHA256, ECDHE-RSA-AES256-GCM-SHA384, ECDHE-RSA-AES128-SHA256, ECDHE-RSA-AES256-SHA384, AES128-GCM-SHA256, AES256-GCM-SHA384, AES128-SHA256, AES256-SHA256, ECDHE-RSA-AES128-SHA, ECDHE-RSA-AES256-SHA, AES128-SHA, AES256-SHA, and DES-CBC3-SHA

  • tls_cipher_policy_1_2

    Supported TLS version: TLS 1.2

    Supported cipher suites: ECDHE-RSA-AES128-GCM-SHA256, ECDHE-RSA-AES256-GCM-SHA384, ECDHE-RSA-AES128-SHA256, ECDHE-RSA-AES256-SHA384, AES128-GCM-SHA256, AES256-GCM-SHA384, AES128-SHA256, AES256-SHA256, ECDHE-RSA-AES128-SHA, ECDHE-RSA-AES256-SHA, AES128-SHA, AES256-SHA, and DES-CBC3-SHA

  • tls_cipher_policy_1_2_strict

    Supported TLS version: TLS 1.2

    Supported cipher suites: ECDHE-RSA-AES128-GCM-SHA256, ECDHE-RSA-AES256-GCM-SHA384, ECDHE-RSA-AES128-SHA256, ECDHE-RSA-AES256-SHA384, ECDHE-RSA-AES128-SHA, and ECDHE-RSA-AES256-SHA

  • tls_cipher_policy_1_2_strict_with_1_3

    Supported TLS versions: TLS 1.2 and TLS 1.3

    Supported cipher suites: TLS_AES_128_GCM_SHA256, TLS_AES_256_GCM_SHA384, TLS_CHACHA20_POLY1305_SHA256, TLS_AES_128_CCM_SHA256, TLS_AES_128_CCM_8_SHA256, ECDHE-ECDSA-AES128-GCM-SHA256, ECDHE-ECDSA-AES256-GCM-SHA384, ECDHE-ECDSA-AES128-SHA256, ECDHE-ECDSA-AES256-SHA384, ECDHE-RSA-AES128-GCM-SHA256, ECDHE-RSA-AES256-GCM-SHA384, ECDHE-RSA-AES128-SHA256, ECDHE-RSA-AES256-SHA384, ECDHE-ECDSA-AES128-SHA, ECDHE-ECDSA-AES256-SHA, ECDHE-RSA-AES128-SHA, and ECDHE-RSA-AES256-SHA

tls_cipher_policy_1_0
Statusstring

The status of the listener. Valid values:

  • running
  • stopped
stopped
VServerGroupIdstring

The ID of the associated server group.

rsp-cige6j5e********
XForwardedFor_ClientSrcPortstring

Indicates whether the XForwardedFor_ClientSrcPort header is used to retrieve the client port. Valid values:

  • on
  • off
off
Cookiestring

The cookie that is configured on the server.

B490B5EBF6F3CD402E515D22BCDA1598
Gzipstring

Indicates whether Gzip compression is enabled. Valid values:

  • on
  • off
on
EnableHttp2string

Indicates whether HTTP/2 is used. Valid values:

  • on
  • off
off
Bandwidthinteger

The maximum bandwidth of the listener. Unit: Mbit/s.

-1
Descriptionstring

The name of the listener.

test
HealthCheckTimeoutinteger

The maximum timeout period of a health check. Unit: seconds.

3
AclStatusstring

Indicates whether access control is enabled. Valid values:

  • on
  • off
off
UnhealthyThresholdinteger

The unhealthy threshold.

4
XForwardedFor_SLBIDstring

Indicates whether the SLB-ID header is used to retrieve the ID of the ALB instance. Valid values:

  • on
  • off
on
XForwardedFor_ClientCertSubjectDNstring

Indicates whether the XForwardedFor_ClientCertSubjectDN header is used to retrieve information about the owner of the client certificate. Valid values:

  • on
  • off
off
SecurityStatusstring

Indicates whether the listener is in the Secure state. Valid values:

  • on
  • off
on
HealthCheckHttpCodestring

The HTTP status code for a successful health check.

http_2xx,http_3xx
RequestTimeoutinteger

The timeout period of a request. Valid values: 1 to 180. Default value: 60. Unit: seconds.

If no response is received from a backend server within the specified timeout period, CLB returns the HTTP 504 status code to the client.

43
HealthCheckIntervalinteger

The interval at which health checks are performed. Unit: seconds.

5
ServerCertificateIdstring

The ID of the server certificate.

idkp-123-cn-test-0**
AclIdstring

The ID of the network ACL that is associated with a listener.

Note This parameter is required when AclStatus is set to on.
nacl-a2do9e413e0spzasx****
XForwardedFor_ClientCertIssuerDNstring

Indicates whether the XForwardedFor_ClientCertIssuerDN header is used to retrieve information about the authority that issues the client certificate. Valid values:

  • on
  • off
off
HealthyThresholdinteger

The healthy threshold.

4
XForwardedFor_SLBIPstring

Indicates whether the SLB-IP header is used to retrieve the virtual IP address requested by the client. Valid values:

  • on
  • off
on
StickySessionstring

Indicates whether session persistence is enabled. Valid values:

  • on
  • off
on
HealthCheckstring

Indicates whether the health check feature is enabled. Valid values:

  • on
  • off
on
Rulesobject []

The list of forwarding rules that are associated with the listener.

VServerGroupIdstring

The ID of the server group that is associated with the forwarding rule.

12
Urlstring

The request path.

/example
Domainstring

The endpoint.

www.example.com
RuleNamestring

The name of the forwarding rule.

example
RuleIdstring

The ID of the forwarding rule.

23
DomainExtensionsobject []

A list of additional certificates.

ServerCertificateIdstring

The ID of the server certificate that is associated with the domain name.

13344444****
Domainstring

The endpoint.

www.example.com
DomainExtensionIdstring

The ID of the additional domain name.

12
LoadBalancerIdstring

The CLB instance ID.

lb-bp1mxu5r8lau****
Tagsobject []

The tags.

TagKeystring

The key of tag N. Valid values of N: 1 to 20. The tag key cannot be an empty string. The tag key can be up to 64 characters in length, and cannot start with aliyun or acs:. The tag key cannot contain http:// or https://.

TestKey
TagValuestring

The value of tag N. Valid values of N: 1 to 20. The tag value can be an empty string. The tag value can be up to 128 characters in length, and cannot start with acs:. The tag value cannot contain http:// or https://.

TestValue

Examples

Sample success responses

JSONformat

{
  "AclType": "white",
  "XForwardedFor_ClientCertClientVerify": "off",
  "CACertificateId": "idkp-234-cn-test-0**",
  "RequestId": "365F4154-92F6-4AE4-92F8-7FF3********",
  "HealthCheckConnectPort": 8080,
  "BackendServerPort": 8080,
  "CookieTimeout": 500,
  "HealthCheckDomain": "www.test.com",
  "XForwardedFor": "on",
  "XForwardedFor_ClientCertFingerprint": "off",
  "IdleTimeout": 23,
  "ListenerPort": 80,
  "HealthCheckURI": "/test/index.html",
  "XForwardedFor_SLBPORT": "off",
  "StickySessionType": "insert",
  "Scheduler": "wrr",
  "XForwardedFor_proto": "on",
  "HealthCheckMethod": "get",
  "TLSCipherPolicy": "tls_cipher_policy_1_0",
  "Status": "stopped",
  "VServerGroupId": "rsp-cige6j5e********",
  "XForwardedFor_ClientSrcPort": "off",
  "Cookie": "B490B5EBF6F3CD402E515D22BCDA1598",
  "Gzip": "on",
  "EnableHttp2": "off",
  "Bandwidth": -1,
  "Description": "test",
  "HealthCheckTimeout": 3,
  "AclStatus": "off",
  "UnhealthyThreshold": 4,
  "XForwardedFor_SLBID": "on",
  "XForwardedFor_ClientCertSubjectDN": "off",
  "SecurityStatus": "on",
  "HealthCheckHttpCode": "http_2xx,http_3xx",
  "RequestTimeout": 43,
  "HealthCheckInterval": 5,
  "ServerCertificateId": "idkp-123-cn-test-0**",
  "AclId": "nacl-a2do9e413e0spzasx****",
  "XForwardedFor_ClientCertIssuerDN": "off",
  "HealthyThreshold": 4,
  "XForwardedFor_SLBIP": "on",
  "StickySession": "on",
  "HealthCheck": "on",
  "Rules": {
    "Rule": [
      {
        "VServerGroupId": "12",
        "Url": "/example",
        "Domain": "www.example.com",
        "RuleName": "example",
        "RuleId": "23"
      }
    ]
  },
  "DomainExtensions": {
    "DomainExtension": [
      {
        "ServerCertificateId": "13344444****",
        "Domain": "www.example.com",
        "DomainExtensionId": "12"
      }
    ]
  },
  "LoadBalancerId": "lb-bp1mxu5r8lau****",
  "Tags": {
    "Tag": [
      {
        "TagKey": "TestKey",
        "TagValue": "TestValue"
      }
    ]
  }
}

Error codes

For a list of error codes, visit the Service error codes.

Change history

Change timeSummary of changesOperation
No change history