Use DescribeLoadBalancerHTTPSListenerAttribute to query HTTPS listener attributes - Server Load Balancer

Queries the configurations of an HTTPS listener.

Operation description

A Classic Load Balancer instance is created. For more information, see CreateLoadBalancer.
An HTTPS listener is created. For more information, see CreateLoadBalancerHTTPSListener.

Try it now

Try this API in OpenAPI Explorer, no manual signing needed. Successful calls auto-generate SDK code matching your parameters. Download it with built-in credential security for local usage.

Test

RAM authorization

The table below describes the authorization required to call this API. You can define it in a Resource Access Management (RAM) policy. The table's columns are detailed below:

Action: The actions can be used in the Action element of RAM permission policy statements to grant permissions to perform the operation.
API: The API that you can call to perform the action.
Access level: The predefined level of access granted for each API. Valid values: create, list, get, update, and delete.
Resource type: The type of the resource that supports authorization to perform the action. It indicates if the action supports resource-level permission. The specified resource must be compatible with the action. Otherwise, the policy will be ineffective.
- For APIs with resource-level permissions, required resource types are marked with an asterisk (*). Specify the corresponding Alibaba Cloud Resource Name (ARN) in the Resource element of the policy.
- For APIs without resource-level permissions, it is shown as All Resources. Use an asterisk (*) in the Resource element of the policy.
Condition key: The condition keys defined by the service. The key allows for granular control, applying to either actions alone or actions associated with specific resources. In addition to service-specific condition keys, Alibaba Cloud provides a set of common condition keys applicable across all RAM-supported services.
Dependent action: The dependent actions required to run the action. To complete the action, the RAM user or the RAM role must have the permissions to perform all dependent actions.

Action

Access level

Resource type

Condition key

Dependent action

slb:DescribeLoadBalancerHTTPSListenerAttribute

get

*loadbalancer

acs:slb:{#regionId}:{#accountId}:loadbalancer/{#loadbalancerId}

slb:tag
slb:tag
slb:tag

None

Request parameters

Parameter	Type	Required	Description	Example
RegionId	string	No	The region ID of the Classic Load Balancer instance.	cn-hangzhou
LoadBalancerId	string	Yes	The ID of the Classic Load Balancer instance.	lb-bp1mxu5r8lau****
ListenerPort	integer	Yes	The port used by the frontend of the instance. Valid values: 1 to 65535.	80

Response elements

Element	Type	Description	Example
	object
AclType	string	Access control type: white: Forwards requests only from the IP addresses or CIDR blocks specified in the selected access control policy group. A whitelist applies to scenarios where only specific IP addresses can access the SLB listener. Setting a whitelist carries certain business risks. Once a whitelist is set, only the IP addresses in the whitelist can access the SLB listener. If whitelist access is enabled but no IP addresses are added to the access control policy group, the SLB listener forwards all requests. black: All requests from the IP addresses or CIDR blocks specified in the selected access control policy group are not forwarded. A blacklist applies to scenarios where only specific IP addresses are restricted from access. If blacklist access is enabled but no IP addresses are added to the access control policy group, the SLB listener forwards all requests. Note This parameter is required when the value of the AclStatus parameter is on.	white
XForwardedFor_ClientCertClientVerify	string	Indicates whether to use the `XForwardedFor_ClientCertClientVerify` header to obtain the verification result of the client certificate that accesses the Server Load Balancer instance. Valid values: on: Yes. off: No.	off
CACertificateId	string	The ID of the CA certificate.	idkp-234-cn-test-0**
RequestId	string	The request ID.	365F4154-92F6-4AE4-92F8-7FF3********
HealthCheckConnectPort	integer	The port for health checks. Note This parameter is valid only when HealthCheck is set to on.	8080
BackendServerPort	integer	The port used by the backend of the instance.	8080
CookieTimeout	integer	The cookie timeout period.	500
HealthCheckDomain	string	The domain name for health checks.	www.test.com
XForwardedFor	string	Indicates whether to use the `X-Forwarded-For` header to obtain the real IP address of the client. Valid values: on: Yes. off: No.	on
XForwardedFor_ClientCertFingerprint	string	Indicates whether to use the `XForwardedFor_ClientCertFingerprint` header to obtain the fingerprint of the client certificate that accesses the Server Load Balancer instance. Valid values: on: Yes. off: No.	off
IdleTimeout	integer	Specify the connection idle timeout period. Valid values: 1 to 60. Default value: 15. Unit: seconds. If no access requests are received within the timeout period, Server Load Balancer temporarily interrupts the current connection. A new connection is established when the next request arrives.	23
ListenerPort	integer	The port used by the frontend of the instance.	80
HealthCheckURI	string	The URI for health checks.	/test/index.html
XForwardedFor_SLBPORT	string	Indicates whether to use the `XForwardedFor_SLBPORT` header to obtain the listening port of the Server Load Balancer instance. Valid values: on: Yes. off: No.	off
StickySessionType	string	The cookie handling method. Valid values: insert or server. insert: Inserts a cookie. When a client accesses the Server Load Balancer for the first time, Server Load Balancer inserts a cookie into the response. When the client carries this cookie in subsequent requests, Server Load Balancer forwards the requests to the previously recorded backend server. server: Rewrites a cookie. If Server Load Balancer detects a user-defined cookie, it rewrites the original cookie. When the client carries the new cookie in subsequent requests, Server Load Balancer forwards the requests to the previously recorded backend server.	insert
Scheduler	string	The scheduling algorithm. Valid values: wrr or rr. wrr: Backend servers with higher weights are more likely to receive requests. rr: Distributes external requests to backend servers in a round-robin manner based on the access order.	wrr
XForwardedFor_proto	string	Indicates whether to use the `X-Forwarded-Proto` header to obtain the listening protocol of the Server Load Balancer instance. Valid values: on: Yes. off: No.	on
HealthCheckMethod	string	The health check method for HTTP health checks. Valid values: head or get. Note This parameter is displayed only when HealthCheck is set to on.	get
TLSCipherPolicy	string	Only guaranteed-performance instances can specify the TLSCipherPolicy parameter. Each policy defines a security policy. A security policy includes optional TLS protocol versions and cipher suites for HTTPS. tls_cipher_policy_1_0: Supported TLS versions: TLSv1.0, TLSv1.1, and TLSv1.2. Supported cipher suites: ECDHE-RSA-AES128-GCM-SHA256, ECDHE-RSA-AES256-GCM-SHA384, ECDHE-RSA-AES128-SHA256, ECDHE-RSA-AES256-SHA384, AES128-GCM-SHA256, AES256-GCM-SHA384, AES128-SHA256, AES256-SHA256, ECDHE-RSA-AES128-SHA, ECDHE-RSA-AES256-SHA, AES128-SHA, AES256-SHA, and DES-CBC3-SHA. tls_cipher_policy_1_1: Supported TLS versions: TLSv1.1 and TLSv1.2. Supported cipher suites: ECDHE-RSA-AES128-GCM-SHA256, ECDHE-RSA-AES256-GCM-SHA384, ECDHE-RSA-AES128-SHA256, ECDHE-RSA-AES256-SHA384, AES128-GCM-SHA256, AES256-GCM-SHA384, AES128-SHA256, AES256-SHA256, ECDHE-RSA-AES128-SHA, ECDHE-RSA-AES256-SHA, AES128-SHA, AES256-SHA, and DES-CBC3-SHA. tls_cipher_policy_1_2 Supported TLS versions: TLSv1.2. Supported cipher suites: ECDHE-RSA-AES128-GCM-SHA256, ECDHE-RSA-AES256-GCM-SHA384, ECDHE-RSA-AES128-SHA256, ECDHE-RSA-AES256-SHA384, AES128-GCM-SHA256, AES256-GCM-SHA384, AES128-SHA256, AES256-SHA256, ECDHE-RSA-AES128-SHA, ECDHE-RSA-AES256-SHA, AES128-SHA, AES256-SHA, and DES-CBC3-SHA. tls_cipher_policy_1_2_strict Supported TLS versions: TLSv1.2. Supported cipher suites: ECDHE-RSA-AES128-GCM-SHA256, ECDHE-RSA-AES256-GCM-SHA384, ECDHE-RSA-AES128-SHA256, ECDHE-RSA-AES256-SHA384, ECDHE-RSA-AES128-SHA, and ECDHE-RSA-AES256-SHA. tls_cipher_policy_1_2_strict_with_1_3 Supported TLS versions: TLSv1.2 and TLSv1.3. Supported cipher suites: TLS_AES_128_GCM_SHA256, TLS_AES_256_GCM_SHA384, TLS_CHACHA20_POLY1305_SHA256, TLS_AES_128_CCM_SHA256, TLS_AES_128_CCM_8_SHA256, ECDHE-ECDSA-AES128-GCM-SHA256, ECDHE-ECDSA-AES256-GCM-SHA384, ECDHE-ECDSA-AES128-SHA256, ECDHE-ECDSA-AES256-SHA384, ECDHE-RSA-AES128-GCM-SHA256, ECDHE-RSA-AES256-GCM-SHA384, ECDHE-RSA-AES128-SHA256, ECDHE-RSA-AES256-SHA384, ECDHE-ECDSA-AES128-SHA, ECDHE-ECDSA-AES256-SHA, ECDHE-RSA-AES128-SHA, and ECDHE-RSA-AES256-SHA.	tls_cipher_policy_1_0
Status	string	The status of the current listener. Valid values: running: Running. stopped: Stopped.	stopped
VServerGroupId	string	The ID of the attached server group.	rsp-cige6j5e********
XForwardedFor_ClientSrcPort	string	Indicates whether to use the `XForwardedFor_ClientSrcPort` header to obtain the client port that accesses the Server Load Balancer instance. Valid values: on: Yes. off: No.	off
Cookie	string	The cookie configured on the server.	testCookie
Gzip	string	Indicates whether Gzip compression is enabled. Valid values: on: Yes. off: No.	on
EnableHttp2	string	Indicates whether the HTTP/2 feature is enabled. Valid values: on: Yes. off: No.	off
Bandwidth	integer	The peak bandwidth of the listener. Unit: Mbps.	10
Description	string	The custom listener name.	HTTPS_443
HealthCheckTimeout	integer	The maximum timeout period for each health check response. Unit: seconds.	3
AclStatus	string	Indicates whether access control is enabled. Valid values: on: Yes. off: No.	off
UnhealthyThreshold	integer	The unhealthy threshold for health checks.	4
XForwardedFor_SLBID	string	Indicates whether to use the `SLB-ID` header to obtain the Server Load Balancer instance ID. Valid values: on: Yes. off: No.	on
XForwardedFor_ClientCertSubjectDN	string	Indicates whether to use the `XForwardedFor_ClientCertSubjectDN` header to obtain the subject DN of the client certificate that accesses the Server Load Balancer instance. Valid values: on: Yes. off: No.	off
SecurityStatus	string	Indicates whether the listener is in a secure state. Valid values: on: Yes. off: No.	on
HealthCheckHttpCode	string	The HTTP status codes for healthy health checks.	http_2xx,http_3xx
RequestTimeout	integer	Specify the request timeout period. Valid values: 1 to 180. Default value: 60. Unit: seconds. If the backend server does not respond within the timeout period, Server Load Balancer stops waiting and returns an HTTP 504 error code to the client.	43
HealthCheckInterval	integer	The interval for health checks. Unit: seconds.	5
ServerCertificateId	string	The ID of the server certificate.	idkp-123-cn-test-0**
AclId	string	The ID of the access control policy group bound to the listener. Note This parameter is required when the value of the AclStatus parameter is on.	acl-a2do9e413e0spzasx****
XForwardedFor_ClientCertIssuerDN	string	Indicates whether to use the `XForwardedFor_ClientCertIssuerDN` header to obtain the issuer DN of the client certificate that accesses the Server Load Balancer instance. Valid values: on: Yes. off: No.	off
HealthyThreshold	integer	The healthy threshold for health checks.	4
XForwardedFor_SLBIP	string	Indicates whether to use the `SLB-IP` header to obtain the virtual IP address (VIP) of the client request. Valid values: on: Yes. off: No.	on
StickySession	string	Indicates whether session persistence is enabled. Valid values: on: Enabled. off: Disabled.	on
HealthCheck	string	Indicates whether health checks are enabled. Valid values: on: Yes. off: No.	on
AclIds	object
AclId	array	The ID of the access control policy group bound to the listener.

Rules	object
Rule	array<object>	The list of forwarding rules under the listener.
	object	The list of forwarding rules under the listener.
VServerGroupId	string	The ID of the target server group for the forwarding rule.	rsp-cige6j5e********
Url	string	The access path.	/example
Domain	string	The domain name.	www.example.com
RuleName	string	The name of the forwarding rule.	example
RuleId	string	The ID of the forwarding rule.	23
DomainExtensions	object
DomainExtension	array<object>	The list of domain extensions.
	object	The list of domain extensions.
ServerCertificateId	string	The certificate ID corresponding to the domain name.	13344444****
Domain	string	The domain name.	www.example.com
DomainExtensionId	string	The domain extension ID.	12
LoadBalancerId	string	The ID of the Classic Load Balancer instance.	lb-bp1mxu5r8lau****
Tags	object
Tag	array<object>	The list of tags.
	object	The list of tags.
TagKey	string	The tag key of the listener. N is in the range of 1 to 20. If this value is passed, it cannot be an empty string. It can contain up to 64 characters and cannot start with `aliyun` or `acs:`. It cannot contain `http://` or `https://`.	TestKey
TagValue	string	The tag value of the listener. N is in the range of 1 to 20. If this value is passed, it can be an empty string. It can contain up to 128 characters and cannot start with `acs:`. It cannot contain `http://` or `https://`.	TestValue

Examples

Success response

JSON format

{
  "AclType": "white",
  "XForwardedFor_ClientCertClientVerify": "off",
  "CACertificateId": "idkp-234-cn-test-0**",
  "RequestId": "365F4154-92F6-4AE4-92F8-7FF3********",
  "HealthCheckConnectPort": 8080,
  "BackendServerPort": 8080,
  "CookieTimeout": 500,
  "HealthCheckDomain": "www.test.com",
  "XForwardedFor": "on",
  "XForwardedFor_ClientCertFingerprint": "off",
  "IdleTimeout": 23,
  "ListenerPort": 80,
  "HealthCheckURI": "/test/index.html",
  "XForwardedFor_SLBPORT": "off",
  "StickySessionType": "insert",
  "Scheduler": "wrr",
  "XForwardedFor_proto": "on",
  "HealthCheckMethod": "get",
  "TLSCipherPolicy": "tls_cipher_policy_1_0",
  "Status": "stopped",
  "VServerGroupId": "rsp-cige6j5e********",
  "XForwardedFor_ClientSrcPort": "off",
  "Cookie": "testCookie",
  "Gzip": "on",
  "EnableHttp2": "off",
  "Bandwidth": 10,
  "Description": "HTTPS_443",
  "HealthCheckTimeout": 3,
  "AclStatus": "off",
  "UnhealthyThreshold": 4,
  "XForwardedFor_SLBID": "on",
  "XForwardedFor_ClientCertSubjectDN": "off",
  "SecurityStatus": "on",
  "HealthCheckHttpCode": "http_2xx,http_3xx",
  "RequestTimeout": 43,
  "HealthCheckInterval": 5,
  "ServerCertificateId": "idkp-123-cn-test-0**",
  "AclId": "acl-a2do9e413e0spzasx****",
  "XForwardedFor_ClientCertIssuerDN": "off",
  "HealthyThreshold": 4,
  "XForwardedFor_SLBIP": "on",
  "StickySession": "on",
  "HealthCheck": "on",
  "AclIds": {
    "AclId": [
      ""
    ]
  },
  "Rules": {
    "Rule": [
      {
        "VServerGroupId": "rsp-cige6j5e********",
        "Url": "/example",
        "Domain": "www.example.com",
        "RuleName": "example",
        "RuleId": "23"
      }
    ]
  },
  "DomainExtensions": {
    "DomainExtension": [
      {
        "ServerCertificateId": "13344444****",
        "Domain": "www.example.com",
        "DomainExtensionId": "12"
      }
    ]
  },
  "LoadBalancerId": "lb-bp1mxu5r8lau****",
  "Tags": {
    "Tag": [
      {
        "TagKey": "TestKey",
        "TagValue": "TestValue"
      }
    ]
  }
}

Error codes

See Error Codes for a complete list.

Release notes

See Release Notes for a complete list.