Use CreateDomain to add a domain name configuration and add your domain name to a WAF instance for protection - Web Application Firewall

Adds a domain name to a Web Application Firewall (WAF) instance.

Debugging

OpenAPI Explorer automatically calculates the signature value. For your convenience, we recommend that you call this operation in OpenAPI Explorer. OpenAPI Explorer dynamically generates the sample code of the operation for different SDKs.

Request parameters

Parameter	Type	Required	Example	Description
Action	String	Yes	CreateDomain	The operation to perform. Set the value to CreateDomain.
InstanceId	String	Yes	waf-cn-7pp26f1****	The ID of the WAF instance. To get the instance ID, call the DescribeInstanceInfo operation.
Domain	String	Yes	www.example.com	The domain name to add to WAF.
IsAccessProduct	Integer	Yes	0	Specifies whether a Layer 7 proxy is configured in front of WAF. Layer 7 proxies include Anti-DDoS Pro, Anti-DDoS Premium, and Alibaba Cloud CDN. Valid values: 0: No Layer 7 proxy is configured. 1: A Layer 7 proxy is configured.
AccessHeaderMode	Integer	No	0	The method WAF uses to get the actual client IP address. Valid values: 0 (default): WAF reads the first value of the X-Forwarded-For (XFF) header. 1: WAF reads a custom header field. Important Required only when IsAccessProduct is set to 1.
AccessHeaders	String	No	["X-Client-IP"]	The custom header fields WAF uses to get the actual client IP address. Format: `["header1","header2",...]`. Important Required only when AccessHeaderMode is set to 1.
LogHeaders	String	No	[{"k":"ALIWAF-TAG","v":"Yes"}]	The key-value pairs used to label requests that pass through the WAF instance. Format: `[{"k":"_key_","v":"_value_"}]`. WAF adds these key-value pairs to request headers so that the backend service can identify WAF-protected requests. If a request already contains the custom header field, WAF overwrites the original value.
ResourceGroupId	String	No	rg-atstuj3rtop****	The ID of the resource group to which the WAF instance belongs. By default, the instance belongs to the default resource group.
AccessType	String	No	waf-cloud-dns	The mode for adding the domain name to WAF. Valid values: waf-cloud-dns (default): CNAME record mode. waf-cloud-native: transparent proxy mode.
HttpPort	String	No	[80]	The HTTP ports. Format: `["port1","port2",...]`. Important Required only when AccessType is set to waf-cloud-dns. Specifies that the website uses HTTP. You must specify HttpPort or HttpsPort.
HttpsPort	String	No	[443]	The HTTPS ports. Format: `["port1","port2",...]`. Important Required only when AccessType is set to waf-cloud-dns. Specifies that the website uses HTTPS. You must specify HttpPort or HttpsPort.
HttpsRedirect	Integer	No	0	Specifies whether to enable HTTP-to-HTTPS redirection. When enabled, requests are sent over HTTPS on port 443. Valid values: 0 (default): disabled. 1: enabled. Important Required only when AccessType is set to waf-cloud-dns and HttpsPort is specified.
Http2Port	String	No	[443]	The HTTP/2 ports. Format: `["port1","port2",...]`. Important Required only when AccessType is set to waf-cloud-dns and HttpsPort is specified.
HttpToUserIp	Integer	No	0	Specifies whether to enable HTTPS-to-HTTP redirection for back-to-origin requests. When enabled, WAF forwards requests to the origin server over HTTP on port 80. Valid values: 0 (default): disabled. 1: enabled. Important Required only when AccessType is set to waf-cloud-dns and HttpsPort is specified.
IpFollowStatus	Integer	No	1	Specifies whether WAF forwards requests to origin servers based on the IP address type in the request. When enabled, IPv4 requests are forwarded to IPv4 origin servers and IPv6 requests to IPv6 origin servers. Valid values: 0: disabled. 1: enabled. Important Required only when AccessType is set to waf-cloud-dns.
SourceIps	String	No	["39.XX.XX.197"]	The IP address or domain name of the origin server. Specify only one type. IP address format: `["ip1","ip2",...]`. Up to 20 IP addresses. Domain name format: `["domain"]`. Only one domain name. Important Required only when AccessType is set to waf-cloud-dns.
LoadBalancing	Integer	No	0	The load balancing algorithm WAF uses to forward requests to the origin server. Valid values: 0: IP hash algorithm. 1: round-robin algorithm. 2: least time algorithm. Important Required only when AccessType is set to waf-cloud-dns.
ClusterType	Integer	No	0	The type of WAF protection cluster. Valid values: 0 (default): shared cluster. 1: exclusive cluster. Important Required only when AccessType is set to waf-cloud-dns.
ConnectionTime	Integer	No	5	The connection timeout period for WAF exclusive clusters. Unit: seconds. Important Required only when AccessType is set to waf-cloud-dns and ClusterType is set to 1.
ReadTime	Integer	No	120	The read connection timeout period for WAF exclusive clusters. Unit: seconds. Important Required only when AccessType is set to waf-cloud-dns and ClusterType is set to 1.
WriteTime	Integer	No	120	The write connection timeout period for WAF exclusive clusters. Unit: seconds. Important Required only when AccessType is set to waf-cloud-dns and ClusterType is set to 1.
CloudNativeInstances	String	No	[{"ProtocolPortConfigs":[{"Ports":[80],"Protocol":"http"}],"RedirectionTypeName":"ALB","InstanceId":"alb-s65nua68wdedsp****","IPAddressList":["182.XX.XX.113"],"CloudNativeProductName":"ALB"}]	The server and port configurations for transparent proxy mode. Specify as a JSON array string. Each element contains the following fields: ProtocolPortConfigs (required): the protocol and port configurations. Each element contains: Ports (required): the ports, in `[port1,port2,...]` format. Protocol (required): the protocol. Valid values: http, https. CloudNativeProductName (required): the cloud service instance type. Valid values: ECS, SLB, ALB. RedirectionTypeName (required): the traffic redirection port type. Valid values: ECS, SLB-L4, SLB-L7, ALB. InstanceId (required): the cloud service instance ID. IPAddressList (required): the public IP addresses of the cloud service instance, in `["ip1","ip2",...]` format. Important Required only when AccessType is set to waf-cloud-native.
SniStatus	Integer	No	1	Specifies whether to enable origin Server Name Indication (SNI). Origin SNI specifies the domain name for HTTPS handshakes when WAF forwards requests to the origin server. Enable this when the origin server hosts multiple domain names. Valid values: 0: disabled. 1: enabled. By default, origin SNI is disabled for WAF instances in the Chinese mainland and enabled for instances outside the Chinese mainland. Important Required only when AccessType is set to waf-cloud-dns and HttpsPort is specified.
SniHost	String	No	waf.example.com	The custom SNI field value for back-to-origin requests. If not specified, WAF uses the value of the Host header. Specify a custom value when the SNI field must differ from the Host header value. Important Required only when SniStatus is set to 1.
Retry	Boolean	No	true	Specifies whether WAF retries forwarding requests when forwarding fails. Valid values: true (default), false.
Keepalive	Boolean	No	true	Specifies whether to enable persistent connections. Valid values: true (default), false.
KeepaliveRequests	Integer	No	1000	The number of reused persistent connections. Valid values: 60 to 1000.
KeepaliveTimeout	Integer	No	15	The idle timeout period for persistent connections. Unit: seconds. Valid values: 1 to 60. Default value: 15.

All Alibaba Cloud API requests must include common request parameters. For more information, see Common request parameters.

Response elements

Parameter	Type	Example	Description
Cname	String	mmspx7qhfvnfzggheh1g2wnbhog66vcv.****.com	The CNAME assigned by WAF to the domain name. Returned only when AccessType is set to waf-cloud-dns.
RequestId	String	D7861F61-5B61-46CE-A47C-6B19160D5EB0	The request ID.

Examples

Sample requests

http(s)://[Endpoint]/?Action=CreateDomain
&InstanceId=waf-cn-7pp26f1****
&Domain=www.example.com
&IsAccessProduct=0
&HttpPort=["80"]
&SourceIps=["39.XX.XX.197"]
&<Common request parameters>

Sample success responses

XML format

<CreateDomainResponse>
    <Cname>mmspx7qhfvnfzggheh1g2wnbhog66vcv.****.com</Cname>
    <RequestId>D7861F61-5B61-46CE-A47C-6B19160D5EB0</RequestId>
</CreateDomainResponse>

JSON format

{
    "Cname": "mmspx7qhfvnfzggheh1g2wnbhog66vcv.****.com",
    "RequestId": "D7861F61-5B61-46CE-A47C-6B19160D5EB0"
}

Error codes

For a list of error codes, visit the API Error Center.