DescribeDomainResource

Updated at:
Copy as MD

Describes the forwarding rule configuration for a web service.

Operation description

This API returns a paginated list of detailed configurations for your website forwarding rules, such as website domain name, protocol, HTTPS settings, and CC attack protection configuration.

This API integrates with Terraform. For more information about Terraform, see What is Terraform?.

QPS limit

The per-user QPS limit for this API is 50 calls per second. If you exceed this limit, API calls are throttled, which may affect your business. Plan your API calls accordingly.

Try it now

Try this API in OpenAPI Explorer, no manual signing needed. Successful calls auto-generate SDK code matching your parameters. Download it with built-in credential security for local usage.

Test

RAM authorization

The table below describes the authorization required to call this API. You can define it in a Resource Access Management (RAM) policy. The table's columns are detailed below:

  • Action: The actions can be used in the Action element of RAM permission policy statements to grant permissions to perform the operation.

  • API: The API that you can call to perform the action.

  • Access level: The predefined level of access granted for each API. Valid values: create, list, get, update, and delete.

  • Resource type: The type of the resource that supports authorization to perform the action. It indicates if the action supports resource-level permission. The specified resource must be compatible with the action. Otherwise, the policy will be ineffective.

    • For APIs with resource-level permissions, required resource types are marked with an asterisk (*). Specify the corresponding Alibaba Cloud Resource Name (ARN) in the Resource element of the policy.

    • For APIs without resource-level permissions, it is shown as All Resources. Use an asterisk (*) in the Resource element of the policy.

  • Condition key: The condition keys defined by the service. The key allows for granular control, applying to either actions alone or actions associated with specific resources. In addition to service-specific condition keys, Alibaba Cloud provides a set of common condition keys applicable across all RAM-supported services.

  • Dependent action: The dependent actions required to run the action. To complete the action, the RAM user or the RAM role must have the permissions to perform all dependent actions.

Action

Access level

Resource type

Condition key

Dependent action

yundun-ddoscoo:DescribeDomainResource

list

*All Resource

*

None None

Request parameters

Parameter

Type

Required

Description

Example

Domain

string

No

The domain name to query.

www.example.com

QueryDomainPattern

string

No

The matching pattern for the query. Valid values:

  • fuzzy (default): Specifies a fuzzy search.

  • exact: Specifies an exact match.

fuzzy

PageNumber

integer

No

The number of the page to return. The default value is 1.

1

PageSize

integer

No

The number of forwarding rules per page.

10

InstanceIds

array

No

The IDs of the Anti-DDoS Pro instances to query.

string

No

The ID of the Anti-DDoS Pro instance.

Note

You can call the DescribeInstanceIds operation to query all Anti-DDoS Pro instance IDs.

ddoscoo-cn-mp91j1ao****

When calling an API, include the Alibaba Cloud common request parameters along with the request parameters for this API. For more information about common request parameters, see common parameters.

Refer to the request example in the example section for the request format.

Response elements

Element

Type

Description

Example

object

TotalCount

integer

The total number of web rules returned.

1

RequestId

string

The request ID.

39499F01-19D9-4EA4-A0E9-C6014BA5CDBE

WebRules

array<object>

An array of web rule configurations.

array<object>

Domain

string

The domain name.

www.example.com

Http2HttpsEnable

boolean

Whether forced HTTPS redirect is enabled. Valid values:

  • true: Enabled.

  • false: Disabled.

false

SslProtocols

string

The minimum TLS protocol version. Valid values:

  • tls1.0: TLS 1.0 and later versions.

  • tls1.1: TLS 1.1 and later versions.

  • tls1.2: TLS 1.2 and later versions.

tls1.0

PunishReason

integer

The reason the domain is penalized. Valid values:

  • 1: The domain does not have an ICP filing.

  • 2: The business hosted on the domain does not meet regulatory requirements.

If both reasons apply, this parameter returns 2.

1

CcTemplate

string

The CC protection mode. Valid values:

  • default: normal mode

  • gf_under_attack: Emergency mode

  • gf_sos_verify: Strict mode

  • gf_sos_enhance: Super Strict mode

default

HttpsExt

string

The advanced HTTPS settings, formatted as a JSON string. These settings apply only when the domain uses HTTPS (the ProxyType value includes https). The string contains the following fields:

  • Http2https: integer. Specifies whether to enable forced HTTPS redirect. Valid values: 0 (disabled) and 1 (enabled).

  • Https2http: integer. Specifies whether to enable HTTP back-to-source. Valid values: 0 (disabled) and 1 (enabled).

  • Http2: integer. Specifies whether to enable HTTP/2. Valid values: 0 (disabled) and 1 (enabled).

{"Https2http":0,"Http2":0,"Http2https":0}

CcEnabled

boolean

Whether CC protection is enabled. Valid values:

  • true: Enabled.

  • false: Disabled.

true

SslCiphers

string

The cipher suite configuration type. Valid values:

  • default: Custom

  • all: All

  • strong: Strong

  • improved: Improved

default

CcRuleEnabled

boolean

Whether custom CC protection rules are enabled. Valid values:

  • true: Enabled.

  • false: Disabled.

true

Ssl13Enabled

boolean

Whether TLS 1.3 is enabled. Valid values:

  • true: Enabled.

  • false: Disabled.

false

RsType

integer

The address type of the origin server. Valid values:

  • 0: IP address

  • 1: domain

0

PunishStatus

boolean

Whether the domain is penalized. Valid values:

  • true: The domain is penalized. For more information, see the PunishReason parameter.

  • false: The domain is not penalized.

false

ProxyEnabled

boolean

Whether Anti-DDoS Pro forwards traffic for the domain. Valid values:

  • true: Forwarding is enabled.

  • false: Forwarding is disabled.

true

CertName

string

The name of the SSL certificate used by the domain.

49944XX.pem

PolicyMode

string

The back-to-source load balancing algorithm. This algorithm determines how traffic is distributed to origin servers. Valid values:

  • ip_hash: IP Hash. This algorithm hashes the source IP address and routes all requests from the same IP address to the same origin server.

  • rr: Round Robin. This algorithm distributes requests across origin servers in turn.

  • least_time: Least Time. This algorithm uses intelligent DNS resolution to minimize end-to-end latency from the protection node to the origin server.

ip_hash

Cname

string

The CNAME assigned to the domain by Anti-DDoS Pro.

0ekb69x3j9wvXXXX.aliyunddosXXXX.com

OcspEnabled

boolean

Whether Online Certificate Status Protocol (OCSP) is enabled. Valid values:

  • true: Enabled.

  • false: Disabled.

false

Http2Enable

boolean

Whether HTTP/2 is enabled. Valid values:

  • true: Enabled.

  • false: Disabled.

false

Https2HttpEnable

boolean

Whether HTTP back-to-source is enabled. Valid values:

  • true: Enabled.

  • false: Disabled.

false

ProxyTypes

array<object>

An array of proxy configurations for the domain, each specifying a protocol and its associated ports.

object

ProxyType

string

The proxy protocol. Valid values:

  • http: HTTP

  • https: HTTPS

  • websocket: WebSocket

  • websockets: WebSockets

http

ProxyPorts

array

The array of ports associated with the protocol.

string

A port.

80

InstanceIds

array

An array of IDs for the Anti-DDoS Pro instances associated with the domain.

string

The ID of an Anti-DDoS Pro instance associated with the domain.

ddoscoo-cn-st21zbyq****

CustomCiphers

array

An array of custom cipher suites.

string

A custom cipher suite for TLS versions earlier than 1.3.

Note

You must select at least one cipher suite for TLS versions earlier than 1.3.

  • ECDHE-ECDSA-AES128-GCM-SHA256

  • ECDHE-ECDSA-AES256-GCM-SHA384

  • ECDHE-ECDSA-AES128-SHA256

  • ECDHE-ECDSA-AES256-SHA384

  • ECDHE-RSA-AES128-GCM-SHA256

  • ECDHE-RSA-AES256-GCM-SHA384

  • ECDHE-RSA-AES128-SHA256

  • ECDHE-RSA-AES256-SHA384

  • AES128-GCM-SHA256

  • AES256-GCM-SHA384

  • AES128-SHA256

  • AES256-SHA256

  • ECDHE-ECDSA-AES128-SHA

  • ECDHE-ECDSA-AES256-SHA

  • ECDHE-RSA-AES128-SHA

  • ECDHE-RSA-AES256-SHA

  • AES128-SHA

  • AES256-SHA

  • DES-CBC3-SHA

ECDHE-RSA-AES256-SHA384

WhiteList

array

An array of IP addresses on the allowlist for the domain.

string

An IP address in the allowlist for the domain.

Note

This parameter is returned only if you have configured an IP allowlist (for domains) for the domain. You can call the ConfigWebIpSet operation to configure an IP allowlist/blocklist for a domain.

3.XX.XX.3

BlackList

array

An array of IP addresses on the blocklist for the domain.

string

An IP address in the blocklist for the domain.

Note

This parameter is returned only if you have configured an IP blocklist (for domains) for the domain. You can call the ConfigWebIpSet operation to configure an IP allowlist/blocklist for a domain.

2.XX.XX.2

RealServers

array

An array of origin server addresses.

string

An origin server address.

1.XX.XX.1

Examples

Success response

JSON format

{
  "TotalCount": 1,
  "RequestId": "39499F01-19D9-4EA4-A0E9-C6014BA5CDBE",
  "WebRules": [
    {
      "Domain": "www.example.com",
      "Http2HttpsEnable": false,
      "SslProtocols": "tls1.0",
      "PunishReason": 1,
      "CcTemplate": "default",
      "HttpsExt": "{\"Https2http\":0,\"Http2\":0,\"Http2https\":0}",
      "CcEnabled": true,
      "SslCiphers": "default",
      "CcRuleEnabled": true,
      "Ssl13Enabled": false,
      "RsType": 0,
      "PunishStatus": false,
      "ProxyEnabled": true,
      "CertName": "49944XX.pem",
      "PolicyMode": "ip_hash",
      "Cname": "0ekb69x3j9wvXXXX.aliyunddosXXXX.com",
      "OcspEnabled": false,
      "Http2Enable": false,
      "Https2HttpEnable": false,
      "ProxyTypes": [
        {
          "ProxyType": "http",
          "ProxyPorts": [
            "80"
          ]
        }
      ],
      "InstanceIds": [
        "ddoscoo-cn-st21zbyq****"
      ],
      "CustomCiphers": [
        "ECDHE-RSA-AES256-SHA384"
      ],
      "WhiteList": [
        "3.XX.XX.3"
      ],
      "BlackList": [
        "2.XX.XX.2"
      ],
      "RealServers": [
        "1.XX.XX.1"
      ]
    }
  ]
}

Error codes

See Error Codes for a complete list.

Release notes

See Release Notes for a complete list.