DescribeWebRules - Anti-DDoS - Alibaba Cloud Documentation Center

Queries the configurations of website forwarding rules.

Operation description

This operation queries the configurations of your website forwarding rules and returns the results by page. These configurations include forwarding protocols, origin server addresses, HTTPS settings, and IP address blacklist settings.

Before calling this operation, you must call CreateWebRule to create a website forwarding rule.

QPS limit

The queries per second (QPS) limit for this operation is 50 for each user. If you exceed this limit, API calls are throttled, which may affect your business. Plan your calls accordingly.

Try it now

Try this API in OpenAPI Explorer, no manual signing needed. Successful calls auto-generate SDK code matching your parameters. Download it with built-in credential security for local usage.

Test

RAM authorization

The table below describes the authorization required to call this API. You can define it in a Resource Access Management (RAM) policy. The table's columns are detailed below:

Action: The actions can be used in the Action element of RAM permission policy statements to grant permissions to perform the operation.
API: The API that you can call to perform the action.
Access level: The predefined level of access granted for each API. Valid values: create, list, get, update, and delete.
Resource type: The type of the resource that supports authorization to perform the action. It indicates if the action supports resource-level permission. The specified resource must be compatible with the action. Otherwise, the policy will be ineffective.
- For APIs with resource-level permissions, required resource types are marked with an asterisk (*). Specify the corresponding Alibaba Cloud Resource Name (ARN) in the Resource element of the policy.
- For APIs without resource-level permissions, it is shown as All Resources. Use an asterisk (*) in the Resource element of the policy.
Condition key: The condition keys defined by the service. The key allows for granular control, applying to either actions alone or actions associated with specific resources. In addition to service-specific condition keys, Alibaba Cloud provides a set of common condition keys applicable across all RAM-supported services.
Dependent action: The dependent actions required to run the action. To complete the action, the RAM user or the RAM role must have the permissions to perform all dependent actions.

Action

Access level

Resource type

Condition key

Dependent action

yundun-ddoscoo:DescribeWebRules

list

*All Resource

*

None

Request parameters

Parameter	Type	Required	Description	Example
ResourceGroupId	string	No	The ID of the resource group to which the Anti-DDoS instance belongs in Resource Management. If you do not set this parameter, the instance belongs to the default resource group.	rg-acfm2pz25js****
Domain	string	No	The domain name of the website that you want to query. Note A website forwarding rule must be configured for the domain name. To query all domain names that have a website forwarding rule, call DescribeDomains.	example.com
Cname	string	No	The CNAME that is assigned to the domain name by Anti-DDoS.	kzmk7b8tt351**.aliyunddos1014**
QueryDomainPattern	string	No	The query mode. Valid values: fuzzy (default): fuzzy query. exact: exact match.	exact
PageNumber	integer	No	The number of the page to return. Default value: 1.	1
PageSize	integer	No	The number of forwarding rules to return on each page. Valid values: 1 to 10.	10
InstanceIds	array	No	A list of IDs of the Anti-DDoS instances that you want to query.	ddoscoo-cn-mp91j1ao****
	string	No	The ID of the Anti-DDoS instance that you want to query. You can specify up to 200 instance IDs. Separate multiple IDs with commas (,). Note To query the IDs of all your Anti-DDoS instances, call DescribeInstanceIds.	ddoscoo-cn-i7m27nf3****

In addition to the preceding request parameters, you must specify common request parameters. For more information, see Common parameters.

For more information about the format of a request, see the "Examples" section of this topic.

Response elements

Element	Type	Description	Example
	object
TotalCount	integer	The total number of website forwarding rules.	1
RequestId	string	The ID of the request. This ID is a unique identifier generated by Alibaba Cloud for the request. You can use this ID to troubleshoot issues.	0F5B72DD-96F4-423A-B12B-A5151DD746B8
WebRules	array<object>	The configurations of the website forwarding rules.
	object
Domain	string	The domain name of the website.	example.com
Http2HttpsEnable	boolean	Indicates whether HTTPS force redirect is enabled. Valid values: true: enabled. false: disabled.	true
SslProtocols	string	The supported TLS protocol version. Valid values: tls1.0: supports TLS 1.0 and later. tls1.1: supports TLS 1.1 and later. tls1.2: supports TLS 1.2 and later.	tls1.1
PunishReason	integer	The reason why the domain name is penalized. Valid values: 1: The domain name has no ICP filing. 2: The service that is provided by the domain name is non-compliant. If the domain name is penalized for both reasons, 2 is returned.	1
CcTemplate	string	The mode of the Frequency Control policy. Valid values: default: Normal gf_under_attack: Emergency gf_sos_verify: Strict gf_sos_enhance: Super Strict	default
CcEnabled	boolean	Indicates whether Frequency Control is enabled. Valid values: true: enabled. false: disabled.	true
SslCiphers	string	The type of the cipher suite. Valid values: default: Custom cipher suite. all: All cipher suites. This includes strong and weak cipher suites. strong: Strong cipher suites.	default
Ssl13Enabled	boolean	Indicates whether TLS 1.3 is enabled. Valid values: true: enabled. false: disabled.	false
CcRuleEnabled	boolean	Indicates whether custom Frequency Control rules are enabled. Valid values: true: enabled. false: disabled.	false
OcspEnabled	boolean	Indicates whether Online Certificate Status Protocol (OCSP) is enabled. Valid values: true: enabled. false: disabled.	false
PunishStatus	boolean	Indicates whether the domain name is penalized. Valid values: true: The domain name is penalized. You can find the reason in the PunishReason parameter. false: The domain name is not penalized.	true
ProxyEnabled	boolean	Indicates whether website traffic forwarding is enabled. Valid values: true: enabled. false: disabled.	true
CertName	string	The name of the certificate.	testcert
PolicyMode	string	The type of the load balancing algorithm. Valid values: ip_hash: the IP Hash algorithm. This algorithm uses the source IP address of a request for a HASH mapping to redirect all requests from the same IP address to the same origin server. rr: the round-robin algorithm. This algorithm redirects all requests to different origin servers in turn. least_time: the Least Time algorithm. This algorithm uses smart DNS to minimize the latency between the node that receives the request and the origin server.	ip_hash
Cname	string	The CNAME that is assigned to the domain name by Anti-DDoS.	kzmk7b8tt351**.aliyunddos1014**
Http2Enable	boolean	Indicates whether HTTP 2.0 is enabled. Valid values: true: enabled. false: disabled.	true
Https2HttpEnable	boolean	Indicates whether HTTP back-to-origin is enabled. Valid values: true: enabled. false: disabled.	true
ProxyTypes	array<object>	The configurations for forwarding protocols and ports.
	object
ProxyType	string	The type of the forwarding protocol. Valid values: http: HTTP. https: HTTPS. websocket: WebSocket. websockets: WebSockets.	https
ProxyPorts	array	A list of ports.
	string	The port.	443
RealServers	array<object>	Information about the origin servers.
	object
RsType	integer	The type of the origin server address. Valid values: 0: IP address. 1: domain name. This value is typically used when a proxy service, such as Web Application Firewall (WAF), is deployed between the origin server and the Anti-DDoS instance. The value indicates the redirect address of the proxy service, such as the CNAME for WAF.	0
RealServer	string	The address of the origin server.	192.0.XX.XX
WhiteList	array	The list of IP addresses in the whitelist for the domain name.
	string	An IP address in the whitelist for the domain name. Note This parameter is returned only if an IP address whitelist is configured for the domain name. To configure an IP address whitelist or blacklist for a domain name, call ConfigWebIpSet.	192.168.XX.XX
BlackList	array	The list of IP addresses in the blacklist for the domain name.
	string	An IP address in the blacklist for the domain name. Note This parameter is returned only if an IP address blacklist is configured for the domain name. To configure an IP address whitelist or blacklist for a domain name, call ConfigWebIpSet.	192.0.XX.XX
CustomCiphers	array	The list of custom cipher suites.
	string	A custom cipher suite.	ECDHE-ECDSA-AES128-GCM-SHA256
GmCert	object	The SM certificate configurations.
CertId	string	The ID of the SM certificate.	725****
GmEnable	integer	Indicates whether SM certificate-based verification is enabled. 0: disabled 1: enabled	1
GmOnly	integer	Indicates whether to allow access only from clients that use SM certificates. 0: disabled 1: enabled	1
CertRegion	string	The region of the certificate. Valid values: cn-hangzhou: Chinese mainland (default) ap-southeast-1: regions outside the Chinese mainland.	cn-hangzhou
UserCertName	string	The name of the certificate that you uploaded to Certificate Management Service.	test
Tls13CustomCiphers	array
	string
CertExpireTime	integer

Examples

Success response

JSON format

{
  "TotalCount": 1,
  "RequestId": "0F5B72DD-96F4-423A-B12B-A5151DD746B8",
  "WebRules": [
    {
      "Domain": "example.com",
      "Http2HttpsEnable": true,
      "SslProtocols": "tls1.1",
      "PunishReason": 1,
      "CcTemplate": "default",
      "CcEnabled": true,
      "SslCiphers": "default",
      "Ssl13Enabled": false,
      "CcRuleEnabled": false,
      "OcspEnabled": false,
      "PunishStatus": true,
      "ProxyEnabled": true,
      "CertName": "testcert",
      "PolicyMode": "ip_hash",
      "Cname": "kzmk7b8tt351****.aliyunddos1014****",
      "Http2Enable": true,
      "Https2HttpEnable": true,
      "ProxyTypes": [
        {
          "ProxyType": "https",
          "ProxyPorts": [
            "443"
          ]
        }
      ],
      "RealServers": [
        {
          "RsType": 0,
          "RealServer": "192.0.XX.XX"
        }
      ],
      "WhiteList": [
        "192.168.XX.XX"
      ],
      "BlackList": [
        "192.0.XX.XX"
      ],
      "CustomCiphers": [
        "ECDHE-ECDSA-AES128-GCM-SHA256"
      ],
      "GmCert": {
        "CertId": "725****",
        "GmEnable": 1,
        "GmOnly": 1
      },
      "CertRegion": "cn-hangzhou",
      "UserCertName": "test",
      "Tls13CustomCiphers": [
        ""
      ],
      "CertExpireTime": 0
    }
  ]
}

Error codes

See Error Codes for a complete list.

Release notes

See Release Notes for a complete list.