ConfigWebCCRuleV2 - Anti-DDoS - Alibaba Cloud Documentation Center

Try it now

Try this API in OpenAPI Explorer, no manual signing needed. Successful calls auto-generate SDK code matching your parameters. Download it with built-in credential security for local usage.

Test

RAM authorization

The table below describes the authorization required to call this API. You can define it in a Resource Access Management (RAM) policy. The table's columns are detailed below:

Action: The actions can be used in the Action element of RAM permission policy statements to grant permissions to perform the operation.
API: The API that you can call to perform the action.
Access level: The predefined level of access granted for each API. Valid values: create, list, get, update, and delete.
Resource type: The type of the resource that support authorization to perform the action. It indicates if the action supports resource-level permission. The specified resource must be compatible with the action. Otherwise, the policy will be ineffective.
- For APIs with resource-level permissions, required resource types are marked with an asterisk (*). Specify the corresponding Alibaba Cloud Resource Name (ARN) in the Resource element of the policy.
- For APIs without resource-level permissions, it is shown as All Resources. Use an asterisk (*) in the Resource element of the policy.
Condition key: The condition keys defined by the service. The key allows for granular control, applying to either actions alone or actions associated with specific resources. In addition to service-specific condition keys, Alibaba Cloud provides a set of common condition keys applicable across all RAM-supported services.
Dependent action: The dependent actions required to run the action. To complete the action, the RAM user or the RAM role must have the permissions to perform all dependent actions.

Action

Access level

Resource type

Condition key

Dependent action

yundun-ddoscoo:ConfigWebCCRuleV2

update

*All Resource

*

None

Request parameters

Parameter	Type	Required	Description	Example
Domain	string	Yes	The domain name of the website. Note The domain name must have website forwarding rules configured. You can call DescribeDomains to query all domain names.	www.example.com
RuleList	string	Yes	The configuration of frequency control rules, expressed as a JSON string with the following structure. action: String type, required, matching action. Valid values: block: Block challenge: JavaScript Challenge watch: Observation name: String type, required, rule name. condition: Map type, required, matching conditions. The structure is as follows. Note If multiple matching conditions are set, the relationship between them is AND. field: String type, required, matching field. match_method: String type, required, matching method. Note For the values of field and match_method, see the supplementary description below the request parameter table. header_name: String type, optional, custom HTTP header field name. Note This parameter is valid only when field is set to header. content: String type, required, matching content. ratelimit: String type, optional, frequency control field, which can perform frequency statistics based on IP or custom Header. The structure is as follows. interval: Integer type, required, statistics duration (seconds). ttl: Integer type, required, action duration (seconds). threshold: Integer type, required, threshold (times). subkey: String type, optional, field name (set only when the statistics source is header). target: String type, required, statistics source, supports ip and header. status_code: String type, optional, frequency control field, which can perform statistics based on the number or frequency of status codes. The structure is as follows. enabled: Boolean type, required, whether to enable status code statistics. code: Integer type, required, status code, value range 100~599. use_ratio: Boolean type, required, use ratio when set to true. ratio_threshold: Integer type, optional, status code occurrence ratio. When using ratio, the action is triggered only when the corresponding status code reaches ratio_threshold, value range 1~100. count_threshold: Integer type, optional, status code occurrence count. When not using ratio, the action is triggered only when the corresponding status code reaches count_threshold, value range 2~50000. statistics: String type, optional, deduplicate statistics, can be omitted (default is not to deduplicate statistics). The structure is as follows. mode: String type, required, whether to enable status code statistics. Valid values: count: No deduplication statistics distinct: Deduplicate statistics field: String type, required, statistics source, deduplicate statistics only supports ip, header, and uri. header_name: String type, optional, field name, set only when the statistics source is header.	[{"action":"block","name":"trdsss","ratelimit":{"interval":60,"ttl":300,"threshold":70,"target":"ip"},"condition":[{"field":"ip","match_method":"belong","content":"1.1.1.1"}]}]
Expires	integer	No	The validity period of the rule. Unit: seconds. Note This parameter takes effect when the matching action of the rule is block (action is block), blocking access requests during the validity period. If this parameter is not specified, the rule is permanently effective.	600

Values and corresponding relationships of field and match_method

Matching field (field)	Description	Applicable logical operators (match_method)
ip	Source IP address of the access request.	belong: Belongs to nbelong: Does not belong to
uri	URI address of the access request.	contain: Contains ncontain: Does not contain equal: Equals nequal: Does not equal lless: Length less than lequal: Length equals lgreat: Length greater than prefix: Prefix match
referer	Source URL of the access request, indicating which page the access request was redirected from.	contain: Contains ncontain: Does not contain equal: Equals nequal: Does not equal lless: Length less than lequal: Length equals lgreat: Length greater than nexist: Does not exist
user-agent	Browser-related information of the client that initiated the access request, including the identifier of the browser, rendering engine, and version information.	contain: Contains ncontain: Does not contain equal: Equals nequal: Does not equal lless: Length less than lequal: Length equals lgreat: Length greater than
params	Parameter part in the URL address of the access request, typically referring to the part after "?" in the URL. For example, `action=login` in `demo.aliyundoc.com/index.html?action=login` is the parameter part.	contain: Contains ncontain: Does not contain equal: Equals nequal: Does not equal lless: Length less than lequal: Length equals lgreat: Length greater than
cookie	Cookie information in the access request.	contain: Contains ncontain: Does not contain equal: Equals nequal: Does not equal lless: Length less than lequal: Length equals lgreat: Length greater than nexist: Does not exist
content-type	HTTP content type specified by the access request, which is the Multipurpose Internet Mail Extensions (MIME) type information.	contain: Contains ncontain: Does not contain equal: Equals nequal: Does not equal lless: Length less than lequal: Length equals lgreat: Length greater than
x-forwarded-for	Real client IP address of the access request. X-Forwarded-For (XFF) is an HTTP request header field used to identify the original IP address of a client accessing through an HTTP proxy or Server Load Balancer. Only access requests forwarded through an HTTP proxy or Server Load Balancer server contain this field.	contain: Contains ncontain: Does not contain equal: Equals nequal: Does not equal lless: Length less than lequal: Length equals lgreat: Length greater than nexist: Does not exist
content-length	Number of bytes contained in the access request.	vless: Value less than vequal: Value equals vgreat: Value greater than
post-body	Content information of the access request.	contain: Contains ncontain: Does not contain equal: Equals nequal: Does not equal
http-method	Method of the access request, such as GET, POST, etc.	equal: Equals nequal: Does not equal
header	Header information of the access request, used for custom HTTP header fields.	contain: Contains ncontain: Does not contain equal: Equals nequal: Does not equal lless: Length less than lequal: Length equals lgreat: Length greater than nexist: Does not exist

Response parameters

Parameter	Type	Description	Example
	object
RequestId	string	The ID of this request, which is a unique identifier generated by Alibaba Cloud for the request and can be used for troubleshooting and problem locating.	0bcf28g5-d57c-11e7-9bs0-d89d6717dxbc

Examples

Success response

JSON format

{
  "RequestId": "0bcf28g5-d57c-11e7-9bs0-d89d6717dxbc"
}

Error codes

See Error Codes for a complete list.

Release notes

See Release Notes for a complete list.