DescribeWebRules - Anti-DDoS - Alibaba Cloud Documentation Center

Queries the configurations of a forwarding rule.

Operation Description

You can call the DescribeWebRules operation to query the configurations of the forwarding rules that you create for a website by page. The configurations include the protocol type, origin server address, HTTPS configuration, and IP address blacklist.

Before you call this operation, you must have created forwarding rules by calling the CreateWebRule operation.

Limits

You can call this operation up to 50 times per second per account. If the number of the calls per second exceeds the limit, throttling is triggered. As a result, your business may be affected. We recommend that you take note of the limit when you call this operation.

Authorization information

There is currently no authorization information disclosed in the API.

Request parameters

Parameter	Type	Required	Description	Example
ResourceGroupId	string	No	The ID of the resource group to which the instance belongs in Resource Management. If you do not configure this parameter, the instance belongs to the default resource group.	rg-acfm2pz25js****
Domain	string	No	The domain name of the website that you want to query. NoteA forwarding rule must be configured for the domain name. You can call the DescribeDomains operation to query the domain names for which forwarding rules are configured.	example.com
Cname	string	No	The CNAME to query.	kzmk7b8tt351**.aliyunddos1014**
QueryDomainPattern	string	No	The match mode. Valid values: fuzzy: fuzzy match. This is the default value. exact: exact match.	exact
PageNumber	integer	No	The number of the page to return. Default value: 1.	1
PageSize	integer	Yes	The number of entries to return on each page.	10
InstanceIds	array	No	An array that consists of the IDs of instances to query.
	string	No	The ID of instance N to query. The maximum value of N is 200. You can specify up to 200 instances. Separate the IDs of multiple instances with commas (,). NoteYou can call the DescribeInstanceIds operation to query the IDs of all instances.	ddoscoo-cn-i7m27nf3****

All Alibaba Cloud API operations must include common request parameters. For more information about common request parameters, see Common parameters.

For more information about sample requests, see the "Examples" section of this topic.

Response parameters

Parameter	Type	Description	Example
	object
TotalCount	long	The total number of forwarding rules.	1
RequestId	string	The ID of the request, which is used to locate and troubleshoot issues.	0F5B72DD-96F4-423A-B12B-A5151DD746B8
WebRules	array	An array that consists of the configurations of the forwarding rule.
	object
Domain	string	The domain name of the website.	example.com
Http2HttpsEnable	boolean	Indicates whether Enable HTTPS Routing is turned on. Valid values: true: yes false: no	true
SslProtocols	string	The version of the Transport Layer Security (TLS) protocol. Valid values: tls1.0: TLS 1.0 or later tls1.1: TLS 1.1 or later tls1.2: TLS 1.2 or later	tls1.1
PunishReason	integer	The reason why the domain name is invalid. Valid values: 1: No ICP filing is completed for the domain name. 2: The business for which you registered the domain name does not meet regulatory requirements. If the two reasons are both involved, the value 2 is returned.	1
CcTemplate	string	The mode of the Frequency Control policy. Valid values: default: the Normal mode gf_under_attack: the Emergency mode gf_sos_verify: the Strict mode gf_sos_verify: the Super Strict mode	default
CcEnabled	boolean	Indicates whether the Frequency Control policy is enabled. Valid values: true: yes false: no	true
SslCiphers	string	The type of the cipher suite. Valid values: default: custom cipher suite all: all cipher suites, which contain strong and weak cipher suites strong: strong cipher suites	default
Ssl13Enabled	boolean	Indicates whether TLS 1.3 is supported. Valid values: true: yes false: no	false
CcRuleEnabled	boolean	Indicates whether the Custom Rule switch of the Frequency Control policy is turned on. Valid values: true: yes false: no	false
OcspEnabled	boolean	Indicates whether the Online Certificate Status Protocol (OCSP) feature is enabled. Valid values: true: yes false: no	false
PunishStatus	boolean	Indicates whether the domain name is invalid. Valid values: true: The domain name is invalid. You can view the specific reasons from the PunishReason parameter. false: The domain name is valid.	true
ProxyEnabled	boolean	Indicates whether the forwarding rule is enabled. Valid values: true: yes false: no	true
CertName	string	The name of the certificate.	testcert
PolicyMode	string	The scheduling algorithm for back-to-origin traffic. Valid values: ip_hash: the IP hash algorithm. This algorithm is used to redirect the requests from the same IP address to the same origin server. rr: the round-robin algorithm. This algorithm is used to redirect requests to origin servers in turn. least_time: the least response time algorithm. This algorithm is used to minimize the latency when requests are forwarded from Anti-DDoS Pro or Anti-DDoS Premium instances to origin servers based on the intelligent DNS resolution feature.	ip_hash
Cname	string	The CNAME provided by the Anti-DDoS Pro or Anti-DDoS Premium instance to which the domain name is added.	kzmk7b8tt351**.aliyunddos1014**
Http2Enable	boolean	Indicates whether Enable HTTP/2 is turned on. Valid values: true: yes false: no	true
Https2HttpEnable	boolean	Indicates whether Enable HTTP is turned on. Valid values: true: yes false: no	true
ProxyTypes	array	An array that consists of the details of the protocol type and port number.
	object
ProxyType	string	The type of the protocol. Valid values: http https websocket websockets	https
ProxyPorts	array	An array that consists of ports.
	string	The port.	443
RealServers	array	An array that consists of the details of the origin server address.
	object
RsType	integer	The type of the origin server address. Valid values: 0: IP address 1: domain name The domain name of the origin server is returned if you deploy proxies, such as Web Application Firewall (WAF), between the origin server and the instance. In this case, the address of the proxy, such as the CNAME provided by WAF, is returned.	0
RealServer	string	The address of the origin server.	192.0.XX.XX
WhiteList	array	An array that consists of the IP addresses in the whitelist for the domain name.
	string	The IP addresses in the whitelist for the domain name. NoteThis parameter is returned only when the IP address whitelist is configured for the domain name. You can call the ConfigWebIpSet operation to configure the IP address whitelist and the IP address blacklist for the domain name.	192.168.XX.XX
BlackList	array	An array that consists of the IP addresses in the blacklist for the domain name.
	string	The IP addresses in the blacklist for the domain name. NoteThis parameter is returned only when the IP address blacklist is configured for the domain name. You can call the ConfigWebIpSet operation to configure the IP address whitelist and the IP address blacklist for the domain name.	192.0.XX.XX
CustomCiphers	array	An array that consists of custom cipher suites.
	string	The custom cipher suite.	ECDHE-ECDSA-AES128-GCM-SHA256
GmCert	object	The SM certificate settings.
CertId	string	The ID of the SM certificate.	725****
GmEnable	long	Indicates whether Enable SM Certificate-based Verification is turned on. 0: no 1: yes	1
GmOnly	long	Indicates whether Allow Access Only from SM Certificates-based Clients is turned on. 0: no 1: yes	1

Examples

Sample success responses

JSONformat

{
  "TotalCount": 1,
  "RequestId": "0F5B72DD-96F4-423A-B12B-A5151DD746B8",
  "WebRules": [
    {
      "Domain": "example.com",
      "Http2HttpsEnable": true,
      "SslProtocols": "tls1.1",
      "PunishReason": 1,
      "CcTemplate": "default",
      "CcEnabled": true,
      "SslCiphers": "default",
      "Ssl13Enabled": false,
      "CcRuleEnabled": false,
      "OcspEnabled": false,
      "PunishStatus": true,
      "ProxyEnabled": true,
      "CertName": "testcert",
      "PolicyMode": "ip_hash",
      "Cname": "kzmk7b8tt351****.aliyunddos1014****",
      "Http2Enable": true,
      "Https2HttpEnable": true,
      "ProxyTypes": [
        {
          "ProxyType": "https",
          "ProxyPorts": [
            "443"
          ]
        }
      ],
      "RealServers": [
        {
          "RsType": 0,
          "RealServer": "192.0.XX.XX"
        }
      ],
      "WhiteList": [
        "192.168.XX.XX"
      ],
      "BlackList": [
        "192.0.XX.XX"
      ],
      "CustomCiphers": [
        "ECDHE-ECDSA-AES128-GCM-SHA256"
      ],
      "GmCert": {
        "CertId": "725****",
        "GmEnable": 1,
        "GmOnly": 1
      }
    }
  ]
}

Error codes

For a list of error codes, visit the Service error codes.