CreateWebRule - Anti-DDoS - Alibaba Cloud Documentation Center

Creates a forwarding rule for a website.

Try it now

Try this API in OpenAPI Explorer, no manual signing needed. Successful calls auto-generate SDK code matching your parameters. Download it with built-in credential security for local usage.

Test

RAM authorization

The table below describes the authorization required to call this API. You can define it in a Resource Access Management (RAM) policy. The table's columns are detailed below:

Action: The actions can be used in the Action element of RAM permission policy statements to grant permissions to perform the operation.
API: The API that you can call to perform the action.
Access level: The predefined level of access granted for each API. Valid values: create, list, get, update, and delete.
Resource type: The type of the resource that supports authorization to perform the action. It indicates if the action supports resource-level permission. The specified resource must be compatible with the action. Otherwise, the policy will be ineffective.
- For APIs with resource-level permissions, required resource types are marked with an asterisk (*). Specify the corresponding Alibaba Cloud Resource Name (ARN) in the Resource element of the policy.
- For APIs without resource-level permissions, it is shown as All Resources. Use an asterisk (*) in the Resource element of the policy.
Condition key: The condition keys defined by the service. The key allows for granular control, applying to either actions alone or actions associated with specific resources. In addition to service-specific condition keys, Alibaba Cloud provides a set of common condition keys applicable across all RAM-supported services.
Dependent action: The dependent actions required to run the action. To complete the action, the RAM user or the RAM role must have the permissions to perform all dependent actions.

Action

Access level

Resource type

Condition key

Dependent action

yundun-ddoscoo:CreateWebRule

create

*All Resource

*

None

Request parameters

Parameter	Type	Required	Description	Example
ResourceGroupId	string	No	The ID of the resource group to which the Anti-DDoS Proxy instance belongs in Resource Management. If you leave this parameter empty, the instance belongs to the default resource group. For more information about resource groups, see Create a resource group.	rg-acfm2pz25js****
Domain	string	Yes	The domain name of the website to add to the Anti-DDoS Proxy instance for protection.	example.aliyundoc.com
RsType	integer	Yes	The address type of the origin server. Valid values: 0: IP address. 1: domain name. This value is typically used when a proxy service, such as Web Application Firewall (WAF), is deployed between the origin server and the Anti-DDoS Proxy instance. The domain name is the back-to-origin address of the proxy service, such as the canonical name (CNAME) of WAF.	0
Rules	string	Yes	The details of the forwarding rule, in a JSON string format. The value is an array of objects. Each object contains the following fields: ProxyRules: This field is a JSON array. Required. The information about the origin server, including the port number and server address. Each object in the array contains the following fields: ProxyPort: This field is an integer. Required. The port number that is used by the protocol. RealServers: This field is a string array. Required. The addresses of the origin servers. ProxyType: This field is a string. Required. The protocol of the website. Valid values: http, https, websocket, and websockets.	[{"ProxyRules":[{"ProxyPort":443,"RealServers":["192.1.XX.XX"]}],"ProxyType":"https"}]
HttpsExt	string	No	The advanced HTTPS settings. This parameter takes effect only when the value of ProxyType includes https. This parameter is a JSON string. The value is a JSON object that contains the following fields: Http2https: This field is an integer. Optional. Specifies whether to forcibly redirect HTTP requests to HTTPS requests. Valid values: 0 (disabled) and 1 (enabled). The default value is 0. This setting is available when your website supports both HTTP and HTTPS. If you enable this setting, all HTTP requests are redirected to HTTPS requests over port 443. Https2http: This field is an integer. Optional. Specifies whether to enable HTTP back-to-origin. Valid values: 0 (disabled) and 1 (enabled). The default value is 0. This setting applies to websites that do not support HTTPS back-to-origin. If you enable this setting, all HTTPS requests are sent to the origin server over HTTP on port 80 by default. All WebSockets requests are sent to the origin server over WebSocket. Http2: This field is an integer. Optional. Specifies whether to enable HTTP/2. Valid values: 0 (disabled) and 1 (enabled). The default value is 0. If you enable this setting, HTTP/2 is used.	{"Http2":1,"Http2https":1,"Https2http":1}
DefenseId	string	No	The ID of the protection rule to associate. This parameter is used when an Alibaba Cloud service, such as Object Storage Service (OSS), is integrated with an Anti-DDoS instance. Note This parameter is for internal use. Do not use this parameter. For example, if your OSS is integrated with an Anti-DDoS Proxy instance, the instance allocates a resource pool of IP addresses to the OSS tenant account. Each IP address has a unique protection ID. The protection ID is a CNAME that resolves to the IP address of the Anti-DDoS instance by default. You can resolve the CNAME to an IP address. This lets you reuse the IP address for flexible scheduling. Note You cannot specify both InstanceIds and DefenseId.	testid
InstanceIds	array	No	The IDs of the Anti-DDoS Proxy instances to associate.	ddoscoo-cn-mp91j1ao****
	string	No	The ID of the Anti-DDoS Proxy instance to associate. You must specify either this parameter or DefenseId. Note Call the DescribeInstanceIds operation to query the IDs of all Anti-DDoS instances.	ddoscoo-cn-i7m27nf3****

In addition to the request parameters described in this topic, you must specify common request parameters. For more information about common request parameters, see Common parameters.

For more information about the request format, see the request example in the Examples section of this topic.

Response elements

Element	Type	Description	Example
	object
RequestId	string	The ID of the request. This ID is generated by Alibaba Cloud and is unique for each request. You can use this ID to troubleshoot issues.	9EC62E89-BD30-4FCD-9CB8-FA53865FF0D7

Examples

Success response

JSON format

{
  "RequestId": "9EC62E89-BD30-4FCD-9CB8-FA53865FF0D7"
}

Error codes

See Error Codes for a complete list.

Release notes

See Release Notes for a complete list.