DescribeWebRules - Anti-DDoS - Alibaba Cloud Documentation Center

Queries the configurations of website forwarding rules.

Operation description

This operation performs a paged query of your configured website forwarding rules, such as the forwarding protocol, origin server address, HTTPS settings, and IP address blacklist configuration.

Before you call this operation, you must create a website forwarding rule by calling the CreateWebRule operation.

QPS limit

The queries-per-second (QPS) limit for this operation is 50 per user. Calls that exceed this limit are subject to rate limiting, which may affect your business.

Try it now

Try this API in OpenAPI Explorer, no manual signing needed. Successful calls auto-generate SDK code matching your parameters. Download it with built-in credential security for local usage.

Test

RAM authorization

No authorization for this operation. If you encounter issues with this operation, contact technical support.

Request parameters

Parameter	Type	Required	Description	Example
ResourceGroupId	string	No	The resource group ID of the DDoS protection instance in Resource Management. If you do not specify this parameter, the default resource group is used.	rg-acfm2pz25js****
Domain	string	No	The domain name to query. Note The domain must already have a website forwarding rule configured. You can call DescribeDomains to list all domains with configured website forwarding rules.	example.com
Cname	string	No	The CNAME address to query.	kzmk7b8tt351**.aliyunddos1014**
QueryDomainPattern	string	No	The query matching pattern. Valid values: fuzzy (default): fuzzy query. exact: term query.	exact
PageNumber	integer	No	The page number to return in a paged query. Default value: 1.	1
PageSize	integer	No	The number of forwarding rules to return per page in a paged query. Valid values: 1 to 10.	10
InstanceIds	array	No	A list of DDoS protection instance IDs to query.	ddoscoo-cn-mp91j1ao****
	string	No	The ID of a DDoS protection instance to query. You can specify up to 200 instance IDs, separated by commas (,). Note You can call DescribeInstanceIds to query all DDoS protection instance IDs.	ddoscoo-cn-i7m27nf3****

In addition to the request parameters described in this topic, you must specify the common request parameters. For more information, see Common parameters.

For the request format, see the request example in the Examples section of this topic.

Response elements

Element	Type	Description	Example
	object
TotalCount	integer	The total number of website forwarding rules returned by the query.	1
RequestId	string	The ID of the request. Alibaba Cloud generates a unique identifier for each request to help troubleshoot issues.	0F5B72DD-96F4-423A-B12B-A5151DD746B8
WebRules	array<object>	The configuration of website forwarding rules.
	array<object>
Domain	string	The domain name.	example.com
Http2HttpsEnable	boolean	Indicates whether HTTPS force redirect is enabled. Valid values: true: enabled. false: disabled.	true
SslProtocols	string	The supported TLS protocol versions. Valid values: tls1.0: TLS 1.0 and later. tls1.1: TLS 1.1 and later. tls1.2: TLS 1.2 and later.	tls1.1
PunishReason	integer	The reason for regulatory penalty on the domain. Valid values: 1: The domain lacks an ICP filing. 2: The domain's business violates regulatory requirements. If both reasons apply, this parameter returns 2.	1
CcTemplate	string	The mode for rate limiting (CC protection). Valid values: default: normal mode. gf_under_attack: emergency attack mode. gf_sos_verify: strict mode. gf_sos_enhance: super strict mode.	default
CcEnabled	boolean	Indicates whether rate limiting (CC protection) is enabled. Valid values: true: enabled. false: disabled.	true
SslCiphers	string	The cipher suite type. Valid values: default: custom cipher suite. all: all cipher suites, including strong and weak ones. strong: strong cipher suites only.	default
Ssl13Enabled	boolean	Indicates whether TLS 1.3 support is enabled. Valid values: true: enabled. false: disabled.	false
CcRuleEnabled	boolean	Indicates whether custom rate limiting (CC protection) is enabled. Valid values: true: enabled. false: disabled.	false
OcspEnabled	boolean	Indicates whether OCSP (Online Certificate Status Protocol) is enabled. Valid values: true: enabled. false: disabled.	false
PunishStatus	boolean	Indicates whether the domain has been penalized for violations. Valid values: true: penalized. Check PunishReason for details. false: not penalized.	true
ProxyEnabled	boolean	Indicates whether website forwarding is enabled. Valid values: true: enabled. false: disabled.	true
CertName	string	The certificate name.	testcert
PolicyMode	string	The load balancing algorithm for back-to-origin traffic. Valid values: ip_hash: IP hash algorithm. Requests from the same source IP are directed to the same origin server. rr: round-robin algorithm. Requests are distributed evenly across origin servers. least_time: least time algorithm. Uses intelligent DNS resolution to minimize latency from the edge node to the origin server.	ip_hash
Cname	string	The DDoS protection CNAME address for the domain.	kzmk7b8tt351**.aliyunddos1014**
Http2Enable	boolean	Indicates whether HTTP/2 support is enabled. Valid values: true: enabled. false: disabled.	true
Https2HttpEnable	boolean	Indicates whether HTTP back-to-origin is enabled. Valid values: true: enabled. false: disabled.	true
ProxyTypes	array<object>	The forwarding protocol and port configuration.
	object
ProxyType	string	The forwarding protocol type. Valid values: http: HTTP protocol. https: HTTPS protocol. websocket: WebSocket protocol. websockets: WebSockets protocol.	https
ProxyPorts	array	A list of ports.
	string	A port.	443
RealServers	array<object>	Origin server address information.
	object
RsType	integer	The type of origin server address. Valid values: 0: IP address of the origin server. 1: domain name of the origin server. This is typically used when another proxy service (such as WAF) sits between the origin and DDoS protection. In this case, specify the proxy service's redirect address (for example, the WAF CNAME address).	0
RealServer	string	The origin server address.	192.0.XX.XX
WhiteList	array	A list of IP address whitelists for the domain.
	string	A whitelist IP address for the domain. Note This field appears only if you have configured an IP address whitelist for the domain. You can call ConfigWebIpSet to configure IP blacklists and whitelists for a domain.	192.168.XX.XX
BlackList	array	A list of IP address blacklists for the domain.
	string	A blacklist IP address for the domain. Note This field appears only if you have configured an IP address blacklist for the domain. You can call ConfigWebIpSet to configure IP blacklists and whitelists for a domain.	192.0.XX.XX
CustomCiphers	array	A list of custom cipher suites.
	string	A custom cipher suite.	ECDHE-ECDSA-AES128-GCM-SHA256
GmCert	object	National cryptography (GM) related configuration.
CertId	string	The ID of the GM standard certificate.	725****
GmEnable	integer	Indicates whether GM validation is enabled. 0: disabled 1: enabled	1
GmOnly	integer	Indicates whether access is restricted to GM-compliant clients only. 0: disabled 1: enabled	1
CertRegion	string	The certificate region. Valid values: cn-hangzhou: the Chinese mainland (default) ap-southeast-1: outside the Chinese mainland.	cn-hangzhou
UserCertName	string	The name of the certificate uploaded to the certificate center.	test
Tls13CustomCiphers	array	A list of cipher suites used for TLS 1.3.
	string	A cipher suite used for TLS 1.3.	ECDHE-RSA-AES128-GCM-SHA256
CertExpireTime	integer	The expiration timestamp of the associated certificate.	1765959120

Examples

Success response

JSON format

{
  "TotalCount": 1,
  "RequestId": "0F5B72DD-96F4-423A-B12B-A5151DD746B8",
  "WebRules": [
    {
      "Domain": "example.com",
      "Http2HttpsEnable": true,
      "SslProtocols": "tls1.1",
      "PunishReason": 1,
      "CcTemplate": "default",
      "CcEnabled": true,
      "SslCiphers": "default",
      "Ssl13Enabled": false,
      "CcRuleEnabled": false,
      "OcspEnabled": false,
      "PunishStatus": true,
      "ProxyEnabled": true,
      "CertName": "testcert",
      "PolicyMode": "ip_hash",
      "Cname": "kzmk7b8tt351****.aliyunddos1014****",
      "Http2Enable": true,
      "Https2HttpEnable": true,
      "ProxyTypes": [
        {
          "ProxyType": "https",
          "ProxyPorts": [
            "443"
          ]
        }
      ],
      "RealServers": [
        {
          "RsType": 0,
          "RealServer": "192.0.XX.XX"
        }
      ],
      "WhiteList": [
        "192.168.XX.XX"
      ],
      "BlackList": [
        "192.0.XX.XX"
      ],
      "CustomCiphers": [
        "ECDHE-ECDSA-AES128-GCM-SHA256"
      ],
      "GmCert": {
        "CertId": "725****",
        "GmEnable": 1,
        "GmOnly": 1
      },
      "CertRegion": "cn-hangzhou",
      "UserCertName": "test",
      "Tls13CustomCiphers": [
        "ECDHE-RSA-AES128-GCM-SHA256"
      ],
      "CertExpireTime": 1765959120
    }
  ]
}

Error codes

See Error Codes for a complete list.

Release notes

See Release Notes for a complete list.