Use the DescribeDomain operation to query the configurations of a domain name protected by WAF - Web Application Firewall

Queries the configuration of a domain name added to Web Application Firewall (WAF).

Debugging

OpenAPI Explorer automatically calculates the signature value. For your convenience, we recommend that you call this operation in OpenAPI Explorer. OpenAPI Explorer dynamically generates the sample code of the operation for different SDKs.

Request parameters

Parameter	Type	Required	Example	Description
Action	String	Yes	DescribeDomain	The operation to perform. Set the value to DescribeDomain.
Domain	String	Yes	www.example.com	The domain name to query. To get the domain names added to WAF, call the DescribeDomainNames operation.
InstanceId	String	Yes	waf-cn-7pp26f1****	The ID of the WAF instance. To get the instance ID, call the DescribeInstanceInfo operation.

All Alibaba Cloud API requests must include common request parameters. For more information, see Common request parameters.

Response elements

Parameter	Type	Example	Description
RequestId	String	D827FCFE-90A7-4330-9326-D33C8B4C7726	The request ID.
Domain	Struct		The domain name configuration.

Domain

Parameter	Type	Example	Description
AccessHeaderMode	Integer	1	The method used to obtain the actual client IP address. Valid values: 0: WAF reads the first value of the X-Forwarded-For (XFF) header. 1: WAF reads the value of a custom header field. Returned only when IsAccessProduct is 1.
AccessHeaders	List	["X-Client-IP"]	The custom header field used to obtain the actual client IP address. Returned only when AccessHeaderMode is 1.
AccessType	String	waf-cloud-dns	The mode used to add the domain name to WAF. Valid values: waf-cloud-dns: CNAME record mode. waf-cloud-native: transparent proxy mode.
ClusterType	Integer	0	The type of the WAF protection cluster. Valid values: 0: shared cluster. 1: exclusive cluster. Returned only when AccessType is waf-cloud-dns.
Cname	String	kdmqyi3ck7xogegxpiyfpb0fj21mgkxn.****.com	The CNAME assigned by WAF to the domain name. Returned only when AccessType is waf-cloud-dns.
ConnectionTime	Integer	5	The connection timeout period for WAF clusters. Unit: seconds. Returned only when AccessType is waf-cloud-dns.
Http2Port	List	[443,8443]	The HTTP/2 ports. Returned only when AccessType is waf-cloud-dns and HttpsPort is specified.
HttpPort	List	[80]	The HTTP ports. Returned only when AccessType is waf-cloud-dns.
HttpToUserIp	Integer	0	Specifies whether HTTPS-to-HTTP redirection for back-to-origin requests is enabled. Valid values: 0: disabled. 1: enabled. Returned only when AccessType is waf-cloud-dns and HttpsPort is specified.
HttpsPort	List	[443,8443]	The HTTPS ports. Returned only when AccessType is waf-cloud-dns.
HttpsRedirect	Integer	0	Specifies whether HTTP-to-HTTPS redirection is enabled. Valid values: 0: disabled. 1: enabled. Returned only when AccessType is waf-cloud-dns and HttpsPort is specified.
IpFollowStatus	Integer	1	Specifies whether WAF forwards requests to the origin server using the same IP address type as the request. Valid values: 0: disabled. 1: enabled. Returned only when AccessType is waf-cloud-dns.
IsAccessProduct	Integer	1	Specifies whether a Layer 7 proxy is configured in front of WAF. Layer 7 proxies include Anti-DDoS Pro, Anti-DDoS Premium, and Alibaba Cloud CDN. Valid values: 0: no Layer 7 proxy is configured. 1: a Layer 7 proxy is configured.
Keepalive	Boolean	true	Specifies whether persistent connections are enabled. Valid values: true (default). false.
KeepaliveRequests	Integer	1000	The maximum number of requests per persistent connection. Valid values: 60 to 1000.
KeepaliveTimeout	Integer	15	The idle timeout period for persistent connections. Unit: seconds. Valid values: 1 to 60. Default value: 15.
LoadBalancing	Integer	2	The load balancing algorithm for forwarding requests to the origin server. Valid values: 0: IP hash. 1: round-robin. 2: least time. Returned only when AccessType is waf-cloud-dns.
ReadTime	Integer	120	The read connection timeout period for WAF clusters. Unit: seconds. Returned only when AccessType is waf-cloud-dns.
ResourceGroupId	String	rg-acfm2mkrunv****	The ID of the resource group to which the WAF instance belongs.
Retry	Boolean	true	Specifies whether WAF retries forwarding requests to the origin server after a forwarding failure. Valid values: true (default). false.
SniHost	String	waf.example.com	The custom Server Name Indication (SNI) field value. If empty, the value of the Host header is used. Returned only when SniStatus is 1.
SniStatus	Integer	1	Specifies whether origin SNI is enabled. Origin SNI is the domain name used to establish an HTTPS connection during the TLS handshake when WAF forwards requests to the origin server. Valid values: 0: disabled. 1: enabled. Returned only when AccessType is waf-cloud-dns and HttpsPort is specified.
SourceIps	List	["39.XX.XX.197"]	The origin server IP addresses. Returned only when AccessType is waf-cloud-dns.
Version	Long	40	The version number of the domain name configuration.
WriteTime	Integer	120	The write connection timeout period for WAF clusters. Unit: seconds. Returned only when AccessType is waf-cloud-dns.

CloudNativeInstances (returned only when AccessType is waf-cloud-native)

Parameter	Type	Example	Description
CloudNativeProductName	String	ALB	The type of cloud service instance. Valid values: SLB: Classic Load Balancer (CLB) instance, formerly known as Server Load Balancer (SLB). ECS: Elastic Compute Service (ECS) instance. ALB: Application Load Balancer (ALB) instance.
IPAddressList	String	["39.XX.XX.197"]	The public IP addresses of the cloud service instance.
InstanceId	String	alb-s65nua68wdedsp****	The ID of the cloud service instance.

ProtocolPortConfigs (within CloudNativeInstances)

Parameter	Type	Example	Description
Ports	String	[80]	The ports.
Protocol	String	http	The protocol. Valid values: http. https.
RedirectionTypeName	String	ALB	The type of traffic redirection port. Valid values: SLB-L4: Layer 4 listening ports of the CLB instance. SLB-L7: Layer 7 listening ports of the CLB instance. ECS: listening ports of ECS instances. ALB: HTTP and HTTPS listening ports of ALB instances.

LogHeaders (returned only when traffic marking is enabled for the domain name)

Parameter	Type	Example	Description
k	String	ALIWAF-TAG	The name of the custom header field.
v	String	Yes	The value of the custom header field.

Examples

Sample requests

http(s)://[Endpoint]/?Action=DescribeDomain
&Domain=www.example.com
&InstanceId=waf-cn-7pp26f1****
&<Common request parameters>

Sample success responses

XML format

<DescribeDomainResponse>
      <RequestId>D827FCFE-90A7-4330-9326-D33C8B4C7726</RequestId>
      <Domain>
            <HttpToUserIp>0</HttpToUserIp>
            <HttpPort>80</HttpPort>
            <IsAccessProduct>1</IsAccessProduct>
            <AccessHeaderMode>1</AccessHeaderMode>
            <ResourceGroupId>rg-acfm2mkrunv****</ResourceGroupId>
            <AccessHeaders>X-Client-IP</AccessHeaders>
            <ReadTime>120</ReadTime>
            <SourceIps>39.XX.XX.197</SourceIps>
            <IpFollowStatus>1</IpFollowStatus>
            <ClusterType>0</ClusterType>
            <LoadBalancing>2</LoadBalancing>
            <Cname>kdmqyi3ck7xogegxpiyfpb0fj21mgkxn.****.com</Cname>
            <LogHeaders>
                  <v>Yes</v>
                  <k>ALIWAF-TAG</k>
            </LogHeaders>
            <WriteTime>120</WriteTime>
            <Http2Port>443</Http2Port>
            <Http2Port>8443</Http2Port>
            <Version>40</Version>
            <HttpsRedirect>0</HttpsRedirect>
            <ConnectionTime>5</ConnectionTime>
            <AccessType>waf-cloud-dns</AccessType>
            <HttpsPort>443</HttpsPort>
            <HttpsPort>8443</HttpsPort>
            <Keepalive>true</Keepalive>
            <KeepaliveTimeout>15</KeepaliveTimeout>
            <Retry>true</Retry>
            <KeepaliveRequests>1000</KeepaliveRequests>
      </Domain>
</DescribeDomainResponse>

JSON format

{
  "RequestId": "D827FCFE-90A7-4330-9326-D33C8B4C7726",
  "Domain": {
    "HttpToUserIp": 0,
    "HttpPort": [
      80
    ],
    "IsAccessProduct": 1,
    "AccessHeaderMode": 1,
    "ResourceGroupId": "rg-acfm2mkrunv****",
    "AccessHeaders": [
      "X-Client-IP"
    ],
    "ReadTime": 120,
    "SourceIps": [
      "39.XX.XX.197"
    ],
    "IpFollowStatus": 1,
    "ClusterType": 0,
    "LoadBalancing": 2,
    "Cname": "kdmqyi3ck7xogegxpiyfpb0fj21mgkxn.****.com",
    "LogHeaders": [
      {
        "v": "Yes",
        "k": "ALIWAF-TAG"
      }
    ],
    "WriteTime": 120,
    "Http2Port": [
      443,
      8443
    ],
    "Version": 40,
    "HttpsRedirect": 0,
    "ConnectionTime": 5,
    "AccessType": "waf-cloud-dns",
    "HttpsPort": [
      443,
      8443
    ],
    "Keepalive": true,
    "KeepaliveTimeout": 15,
    "SniStatus": 0,
    "Retry": true,
    "KeepaliveRequests": 1000
  }
}

Error codes

For a list of error codes, see Service error codes.