DescribeWebRules

Updated at:
Copy as MD

This topic describes how to configure web forwarding rules.

Operation description

This API runs a paginated query to retrieve the configurations of your web rules, such as the forwarding protocol type, origin server addresses, HTTPS settings, and IP blocklist configuration.

Before calling this API, you must first create a web rule by calling CreateWebRule.

QPS limit

The per-user QPS limit for this API is 50. Calls that exceed this limit are throttled, which can impact your services. Please plan your calls accordingly.

Try it now

Try this API in OpenAPI Explorer, no manual signing needed. Successful calls auto-generate SDK code matching your parameters. Download it with built-in credential security for local usage.

Test

RAM authorization

The table below describes the authorization required to call this API. You can define it in a Resource Access Management (RAM) policy. The table's columns are detailed below:

  • Action: The actions can be used in the Action element of RAM permission policy statements to grant permissions to perform the operation.

  • API: The API that you can call to perform the action.

  • Access level: The predefined level of access granted for each API. Valid values: create, list, get, update, and delete.

  • Resource type: The type of the resource that supports authorization to perform the action. It indicates if the action supports resource-level permission. The specified resource must be compatible with the action. Otherwise, the policy will be ineffective.

    • For APIs with resource-level permissions, required resource types are marked with an asterisk (*). Specify the corresponding Alibaba Cloud Resource Name (ARN) in the Resource element of the policy.

    • For APIs without resource-level permissions, it is shown as All Resources. Use an asterisk (*) in the Resource element of the policy.

  • Condition key: The condition keys defined by the service. The key allows for granular control, applying to either actions alone or actions associated with specific resources. In addition to service-specific condition keys, Alibaba Cloud provides a set of common condition keys applicable across all RAM-supported services.

  • Dependent action: The dependent actions required to run the action. To complete the action, the RAM user or the RAM role must have the permissions to perform all dependent actions.

Action

Access level

Resource type

Condition key

Dependent action

yundun-ddoscoo:DescribeWebRules

list

*All Resource

*

None None

Request parameters

Parameter

Type

Required

Description

Example

ResourceGroupId

string

No

The ID of the resource group to which the Anti-DDoS Pro instance belongs in Resource Management.

If you omit this parameter, the system uses the default resource group.

rg-acfm2pz25js****

Domain

string

No

The domain to query.

Note

The domain must have a web rule configured. You can call DescribeDomains to query all domains that have web rules.

example.com

Cname

string

No

The CNAME to query.

kzmk7b8tt351****.aliyunddos1014****

QueryDomainPattern

string

No

The matching mode for the query. Valid values:

  • fuzzy (default): Fuzzy search.

  • exact: Exact match.

exact

PageNumber

integer

No

The page number to return. Default: 1.

1

PageSize

integer

No

The number of web rules per page. Valid values: 1 to 10.

10

InstanceIds

array

No

An array of Anti-DDoS Pro instance IDs to query.

ddoscoo-cn-mp91j1ao****

string

No

The ID of an Anti-DDoS Pro instance. You can specify up to 200 instance IDs.

Note

You can call DescribeInstanceIds to query the IDs of all Anti-DDoS Pro instances.

ddoscoo-cn-i7m27nf3****

When you call this API, you must include the Alibaba Cloud common request parameters in addition to the parameters described in this topic. For details, see common parameters.

For the request format, see the request example in the Examples section.

Response elements

Element

Type

Description

Example

object

TotalCount

integer

The total number of web forwarding rules returned.

1

RequestId

string

The request ID. Alibaba Cloud generates this unique identifier for each request. You can use this ID to troubleshoot issues.

0F5B72DD-96F4-423A-B12B-A5151DD746B8

WebRules

array<object>

An array of web forwarding rules.

array<object>

Domain

string

The website domain.

example.com

Http2HttpsEnable

boolean

Indicates whether forced HTTPS redirection is enabled. Valid values:

  • true: Enabled.

  • false: Disabled.

true

SslProtocols

string

The supported TLS protocol version. Valid values:

  • tls1.0: TLS 1.0 and later versions are supported.

  • tls1.1: TLS 1.1 and later versions are supported.

  • tls1.2: TLS 1.2 and later versions are supported.

tls1.1

PunishReason

integer

The reason the domain is penalized for non-compliance. Valid values:

  • 1: The domain does not have an ICP filing.

  • 2: The service operated under the domain does not meet regulatory requirements.

If both reasons 1 and 2 apply, this parameter returns 2.

1

CcTemplate

string

The CC protection mode. Valid values:

  • default: Normal

  • gf_under_attack: Emergency

  • gf_sos_verify: Strict

  • gf_sos_enhance: Super Strict

default

CcEnabled

boolean

Indicates whether CC protection is enabled. Valid values:

  • true: Enabled.

  • false: Disabled.

true

SslCiphers

string

The cipher suite type. Valid values:

  • default: Custom cipher suite.

  • all: All cipher suites, including strong and weak cipher suites.

  • strong: Strong cipher suite.

default

Ssl13Enabled

boolean

Indicates whether TLS 1.3 is enabled. Valid values:

  • true: Enabled.

  • false: Disabled.

false

CcRuleEnabled

boolean

Indicates whether custom CC protection is enabled. Valid values:

  • true: Enabled.

  • false: Disabled.

false

OcspEnabled

boolean

Indicates whether OCSP is enabled. Valid values:

  • true: Enabled.

  • false: Disabled.

false

PunishStatus

boolean

Indicates whether the domain is penalized. Valid values:

  • true: The domain is penalized. You can view the reason by checking the PunishReason parameter.

  • false: The domain is not penalized.

true

ProxyEnabled

boolean

Indicates whether the web forwarding rule is enabled. Valid values:

  • true: Enabled.

  • false: Disabled.

true

CertName

string

The name of the certificate.

testcert

PolicyMode

string

This parameter is deprecated. For more information, see the DescribeL7RsPolicy operation.

ip_hash

Cname

string

The CNAME address assigned by Anti-DDoS for the website domain.

kzmk7b8tt351****.aliyunddos1014****

Http2Enable

boolean

Indicates whether HTTP/2 support is enabled. Valid values:

  • true: Enabled.

  • false: Disabled.

true

Https2HttpEnable

boolean

Indicates whether HTTP back-to-origin is enabled. Valid values:

  • true: Enabled.

  • false: Disabled.

true

ProxyTypes

array<object>

The forwarding protocol and port settings.

object

ProxyType

string

The forwarding protocol. Valid values:

  • http: HTTP

  • https: HTTPS

  • websocket: WebSocket

  • websockets: WebSockets

https

ProxyPorts

array

A list of ports.

string

The port number.

443

RealServers

array<object>

Details about the origin servers.

object

RsType

integer

The type of the origin server address. Valid values:

  • 0: The IP address of the origin server.

  • 1: A domain name that serves as the origin server address. This value is typically used when a proxy service, such as Web Application Firewall (WAF), is deployed between the Anti-DDoS instance and the origin server. In this case, specify the CNAME address of the proxy service.

0

RealServer

string

The origin server address.

192.0.XX.XX

WhiteList

array

The IP allowlist for the domain.

string

An IP address in the allowlist.

Note

This parameter is returned only if you have configured a domain-level IP allowlist. You can call the ConfigWebIpSet operation to configure an IP allowlist or IP blocklist for a website domain.

192.168.XX.XX

BlackList

array

The IP blocklist for the domain.

string

An IP address in the blocklist.

Note

This parameter is returned only if you have configured a domain-level IP blocklist. You can call the ConfigWebIpSet operation to configure an IP allowlist or IP blocklist for a website domain.

192.0.XX.XX

CustomCiphers

array

A list of custom cipher suites.

string

A custom cipher suite.

ECDHE-ECDSA-AES128-GCM-SHA256

GmCert

object

The GM (Guomi) settings.

CertId

string

The ID of the GM (Guomi) certificate.

725****

GmEnable

integer

Indicates whether GM (Guomi) verification is enabled.

  • 0: Disabled

  • 1: Enabled

1

GmOnly

integer

Indicates whether access is allowed only from clients that support GM (Guomi) cryptography.

  • 0: Disabled

  • 1: Enabled

1

CertRegion

string

The region where the certificate is used. Valid values:

  • cn-hangzhou: Chinese mainland (default)

  • ap-southeast-1: a region outside the Chinese mainland

cn-hangzhou

UserCertName

string

The name of the certificate that you uploaded to Certificate Management Service.

test

Tls13CustomCiphers

array

A list of cipher suites for TLS 1.3.

string

A cipher suite for TLS 1.3.

ECDHE-RSA-AES128-GCM-SHA256

CertExpireTime

integer

The expiration timestamp of the associated certificate.

Note

This parameter is deprecated.

1765959120

WafProtectionEnable

boolean

Examples

Success response

JSON format

{
  "TotalCount": 1,
  "RequestId": "0F5B72DD-96F4-423A-B12B-A5151DD746B8",
  "WebRules": [
    {
      "Domain": "example.com",
      "Http2HttpsEnable": true,
      "SslProtocols": "tls1.1",
      "PunishReason": 1,
      "CcTemplate": "default",
      "CcEnabled": true,
      "SslCiphers": "default",
      "Ssl13Enabled": false,
      "CcRuleEnabled": false,
      "OcspEnabled": false,
      "PunishStatus": true,
      "ProxyEnabled": true,
      "CertName": "testcert",
      "PolicyMode": "ip_hash",
      "Cname": "kzmk7b8tt351****.aliyunddos1014****",
      "Http2Enable": true,
      "Https2HttpEnable": true,
      "ProxyTypes": [
        {
          "ProxyType": "https",
          "ProxyPorts": [
            "443"
          ]
        }
      ],
      "RealServers": [
        {
          "RsType": 0,
          "RealServer": "192.0.XX.XX"
        }
      ],
      "WhiteList": [
        "192.168.XX.XX"
      ],
      "BlackList": [
        "192.0.XX.XX"
      ],
      "CustomCiphers": [
        "ECDHE-ECDSA-AES128-GCM-SHA256"
      ],
      "GmCert": {
        "CertId": "725****",
        "GmEnable": 1,
        "GmOnly": 1
      },
      "CertRegion": "cn-hangzhou",
      "UserCertName": "test",
      "Tls13CustomCiphers": [
        "ECDHE-RSA-AES128-GCM-SHA256"
      ],
      "CertExpireTime": 1765959120,
      "WafProtectionEnable": false
    }
  ]
}

Error codes

See Error Codes for a complete list.

Release notes

See Release Notes for a complete list.