Queries the configurations of the forwarding rules for a website.

Usage notes

You can call the DescribeWebRules operation to query the configurations of the forwarding rules that you create for a website by page. The configurations include the protocol type, origin server address, HTTPS configuration, and IP address blacklist.

Before you call this operation, you must have created forwarding rules by calling the CreateWebRule operation.

Limits

You can call this operation up to 50 times per second per account. If the number of the calls per second exceeds the limit, throttling is triggered. As a result, your business may be affected. We recommend that you take note of the limit when you call this operation.

Debugging

OpenAPI Explorer automatically calculates the signature value. For your convenience, we recommend that you call this operation in OpenAPI Explorer. OpenAPI Explorer dynamically generates the sample code of the operation for different SDKs.

Request parameters

Parameter Type Required Example Description
Action String Yes DescribeWebRules

The operation that you want to perform. Set the value to DescribeWebRules.

RegionId String No cn-hangzhou

The region ID of the instance. Valid values:

  • cn-hangzhou: Chinese mainland, which indicates Anti-DDoS Pro instances. This is the default value.
  • ap-southeast-1: outside the Chinese mainland, which indicates Anti-DDoS Premium instances.
ResourceGroupId String No rg-acfm2pz25js****

The ID of the resource group to which the Anti-DDoS Premium instance belongs in Resource Management.

If you do not specify this parameter, the instance belongs to the default resource group.

Domain String No example.com

The domain name of the website to query.

Note A forwarding rule must be configured for the domain name. You can call the DescribeDomains operation to query the domain names for which forwarding rules are configured.
Cname String No kzmk7b8tt351****.aliyunddos1014****

The CNAME to query.

QueryDomainPattern String No exact

The match mode. Valid values:

  • fuzzy: fuzzy match. This is the default value.
  • exact: exact match.
PageNumber Integer No 1

The number of the page to return. Default value: 1.

PageSize Integer Yes 10

The number of entries to return on each page.

InstanceIds.N String No ddoscoo-cn-i7m27nf3****

The ID of instance N to query. The maximum value of N is 200. You can specify up to 200 instances. Separate the IDs of multiple instances with commas (,).

Note You can call the DescribeInstanceIds operation to query the IDs of all instances.

All Alibaba Cloud API operations must include common request parameters. For more information about common request parameters, see Common parameters.

For more information about sample requests, see the "Examples" section of this topic.

Response parameters

Parameter Type Example Description
TotalCount Long 1

The total number of forwarding rules.

RequestId String 0F5B72DD-96F4-423A-B12B-A5151DD746B8

The ID of the request, which is used to locate and troubleshoot issues.

WebRules Array of WebRule

An array that consists of the configurations of the forwarding rule.

Domain String example.com

The domain name of the website.

Http2HttpsEnable Boolean true

Indicates whether Enable HTTPS Routing is turned on. Valid values:

  • true: Enable HTTPS Routing is turned on.
  • false: Enable HTTPS Routing is turned off.
SslProtocols String tls1.1

The version of the Transport Layer Security (TLS) protocol. Valid values:

  • tls1.0: TLS 1.0 or later
  • tls1.1: TLS 1.1 or later
  • tls1.2: TLS 1.2 or later
PunishReason Integer 1

The reason why the domain name is invalid. Valid values:

  • 1: No ICP filing is completed for the domain name.
  • 2: The business for which you registered the domain name does not meet regulatory requirements.

If the two reasons are both involved, the value 2 is returned.

CcTemplate String default

The mode of the Frequency Control policy. Valid values:

  • default: the Normal mode
  • gf_under_attack: the Emergency mode
  • gf_sos_verify: the Strict mode
  • gf_sos_verify: the Super Strict mode
CcEnabled Boolean true

Indicates whether the Frequency Control policy is enabled. Valid values:

  • true: The policy is enabled.
  • false: The policy is disabled.
SslCiphers String default

The type of the cipher suite. Valid values:

  • default: custom cipher suite
  • all: all cipher suites, which contain strong and weak cipher suites
  • strong: strong cipher suites
Ssl13Enabled Boolean false

Indicates whether TLS 1.3 is supported. Valid values:

  • true: TLS 1.3 is supported.
  • false: TLS 1.3 is not supported.
CcRuleEnabled Boolean false

Indicates whether the Custom Rule switch of the Frequency Control policy is turned on. Valid values:

  • true: The switch is turned on.
  • false: The switch is turned off.
OcspEnabled Boolean false

Indicates whether the Online Certificate Status Protocol (OCSP) feature is enabled. Valid values:

  • true: The feature is enabled.
  • false: The feature is disabled.
PunishStatus Boolean true

Indicates whether the domain name is invalid. Valid values:

  • true: The domain name is invalid. You can view the specific reasons from the PunishReason parameter.
  • false: The domain name is valid.
ProxyEnabled Boolean true

Indicates whether the forwarding rule is enabled. Valid values:

  • true: The forwarding rule is enabled.
  • false: The forwarding rule is disabled.
CertName String testcert

The name of the certificate.

PolicyMode String ip_hash

The scheduling algorithm for back-to-origin traffic. Valid values:

  • ip_hash: the IP hash algorithm. This algorithm is used to redirect the requests from the same IP address to the same origin server.
  • rr: the round-robin algorithm. This algorithm is used to redirect requests to origin servers in turn.
  • least_time: the least response time algorithm. This algorithm is used to minimize the latency when requests are forwarded from Anti-DDoS Pro or Anti-DDoS Premium instances to origin servers based on the intelligent DNS resolution feature.
Cname String kzmk7b8tt351****.aliyunddos1014****

The CNAME provided by the Anti-DDoS Pro or Anti-DDoS Premium instance to which the domain name is added.

Http2Enable Boolean true

Indicates whether Enable HTTP/2 is turned on. Valid values:

  • true: Enable HTTP/2 is turned on.
  • false: Enable HTTP/2 is turned off.
Https2HttpEnable Boolean true

Indicates whether Enable HTTP is turned on. Valid values:

  • true: Enable HTTP is turned on.
  • false: Enable HTTP is turned off.
ProxyTypes Array of ProxyConfig

The details of the protocol type and port number.

ProxyType String https

The type of the protocol. Valid values:

  • http
  • https
  • websocket
  • websockets
ProxyPorts Array of String 443

The port number.

RealServers Array of RealServer

The details of the origin server address.

RsType Integer 0

The type of the origin server address. Valid values:

  • 0: IP address.
  • 1: domain name. The domain name of the origin server is returned if you deploy proxies, such as Web Application Firewall (WAF), between the origin server and the instance. In this case, the address of the proxy, such as the CNAME provided by WAF, is returned.
RealServer String 192.0.XX.XX

The address of the origin server.

WhiteList Array of String 192.168.XX.XX

The IP addresses in the whitelist for the domain name.

Note This parameter is returned only when the IP address whitelist is configured for the domain name. You can call the ConfigWebIpSet operation to configure the IP address whitelist and the IP address blacklist for the domain name.
BlackList Array of String 192.0.XX.XX

The IP addresses in the blacklist for the domain name.

Note This parameter is returned only when the IP address blacklist is configured for the domain name. You can call the ConfigWebIpSet operation to configure the IP address whitelist and the IP address blacklist for the domain name.
CustomCiphers Array of String ECDHE-ECDSA-AES128-GCM-SHA256

The custom cipher suite.

GmCert Object

The SM certificate settings.

CertId String 725****

The ID of the SM certificate.

GmEnable Long 1

Indicates whether Enable SM Certificate-based Verification is turned on.

  • 0: Enable SM Certificate-based Verification is turned off.
  • 1: Enable SM Certificate-based Verification is turned on.
GmOnly Long 1

Indicates whether Allow Access Only from SM Certificates-based Clients is turned on.

  • 0: Allow Access Only from SM Certificates-based Clients is turned off.
  • 1: Allow Access Only from SM Certificates-based Clients is turned on.

Examples

Sample requests

http(s)://[Endpoint]/?Action=DescribeWebRules
&ResourceGroupId=rg-acfm2pz25js****
&Domain=example.com
&Cname=kzmk7b8tt351****.aliyunddos1014****
&QueryDomainPattern=exact
&PageNumber=1
&PageSize=10
&InstanceIds=["ddoscoo-cn-i7m27nf3****"]
&<Common request parameters>

Sample success responses

XML format 

HTTP/1.1 200 OK
Content-Type:application/xml

<DescribeWebRulesResponse>
    <TotalCount>1</TotalCount>
    <RequestId>0F5B72DD-96F4-423A-B12B-A5151DD746B8</RequestId>
    <WebRules>
        <Domain>example.com</Domain>
        <Http2HttpsEnable>true</Http2HttpsEnable>
        <SslProtocols>tls1.1</SslProtocols>
        <PunishReason>1</PunishReason>
        <CcTemplate>default</CcTemplate>
        <CcEnabled>true</CcEnabled>
        <SslCiphers>default</SslCiphers>
        <Ssl13Enabled>false</Ssl13Enabled>
        <CcRuleEnabled>false</CcRuleEnabled>
        <OcspEnabled>false</OcspEnabled>
        <PunishStatus>true</PunishStatus>
        <ProxyEnabled>true</ProxyEnabled>
        <CertName>testcert</CertName>
        <PolicyMode>ip_hash</PolicyMode>
        <Cname>kzmk7b8tt351****.aliyunddos1014****</Cname>
        <Http2Enable>true</Http2Enable>
        <Https2HttpEnable>true</Https2HttpEnable>
        <ProxyTypes>
            <ProxyType>https</ProxyType>
            <ProxyPorts>443</ProxyPorts>
        </ProxyTypes>
        <RealServers>
            <RsType>0</RsType>
            <RealServer>192.0.XX.XX</RealServer>
        </RealServers>
        <WhiteList>192.168.XX.XX</WhiteList>
        <BlackList>192.0.XX.XX</BlackList>
        <CustomCiphers>ECDHE-ECDSA-AES128-GCM-SHA256</CustomCiphers>
        <GmCert>
            <CertId>725****</CertId>
            <GmEnable>1</GmEnable>
            <GmOnly>1</GmOnly>
        </GmCert>
    </WebRules>
</DescribeWebRulesResponse>

JSON format 

HTTP/1.1 200 OK
Content-Type:application/json

{
  "TotalCount" : 1,
  "RequestId" : "0F5B72DD-96F4-423A-B12B-A5151DD746B8",
  "WebRules" : [ {
    "Domain" : "example.com",
    "Http2HttpsEnable" : true,
    "SslProtocols" : "tls1.1",
    "PunishReason" : 1,
    "CcTemplate" : "default",
    "CcEnabled" : true,
    "SslCiphers" : "default",
    "Ssl13Enabled" : false,
    "CcRuleEnabled" : false,
    "OcspEnabled" : false,
    "PunishStatus" : true,
    "ProxyEnabled" : true,
    "CertName" : "testcert",
    "PolicyMode" : "ip_hash",
    "Cname" : "kzmk7b8tt351****.aliyunddos1014****",
    "Http2Enable" : true,
    "Https2HttpEnable" : true,
    "ProxyTypes" : [ {
      "ProxyType" : "https",
      "ProxyPorts" : [ "443" ]
    } ],
    "RealServers" : [ {
      "RsType" : 0,
      "RealServer" : "192.0.XX.XX"
    } ],
    "WhiteList" : [ "192.168.XX.XX" ],
    "BlackList" : [ "192.0.XX.XX" ],
    "CustomCiphers" : [ "ECDHE-ECDSA-AES128-GCM-SHA256" ],
    "GmCert" : {
      "CertId" : "725****",
      "GmEnable" : 1,
      "GmOnly" : 1
    }
  } ]
}

Error codes

For a list of error codes, visit the API Error Center.