Use DescribeDefenseResources to query protected objects - Web Application Firewall

Queries a list of protected objects.

Try it now

Try this API in OpenAPI Explorer, no manual signing needed. Successful calls auto-generate SDK code matching your parameters. Download it with built-in credential security for local usage.

Test

RAM authorization

The table below describes the authorization required to call this API. You can define it in a Resource Access Management (RAM) policy. The table's columns are detailed below:

Action: The actions can be used in the Action element of RAM permission policy statements to grant permissions to perform the operation.
API: The API that you can call to perform the action.
Access level: The predefined level of access granted for each API. Valid values: create, list, get, update, and delete.
Resource type: The type of the resource that supports authorization to perform the action. It indicates if the action supports resource-level permission. The specified resource must be compatible with the action. Otherwise, the policy will be ineffective.
- For APIs with resource-level permissions, required resource types are marked with an asterisk (*). Specify the corresponding Alibaba Cloud Resource Name (ARN) in the Resource element of the policy.
- For APIs without resource-level permissions, it is shown as All Resources. Use an asterisk (*) in the Resource element of the policy.
Condition key: The condition keys defined by the service. The key allows for granular control, applying to either actions alone or actions associated with specific resources. In addition to service-specific condition keys, Alibaba Cloud provides a set of common condition keys applicable across all RAM-supported services.
Dependent action: The dependent actions required to run the action. To complete the action, the RAM user or the RAM role must have the permissions to perform all dependent actions.

Action

Access level

Resource type

Condition key

Dependent action

yundun-waf:DescribeDefenseResources

list

*DefenseResource

acs:yundun-waf:{#regionId}:{#accountId}:defenseresource/*

None

Request parameters

Parameter	Type	Required	Description	Example
InstanceId	string	Yes	The ID of the Web Application Firewall (WAF) instance. Note Call the DescribeInstance operation to query the ID of the WAF instance.	waf_cdnsdf3****
PageNumber	integer	No	The number of the page to return. Default value: 1.	1
PageSize	integer	No	The number of entries to return on each page. Default value: 10.	10
Query	string	No	The query conditions. This parameter is a JSON string. Note The query results vary based on the query conditions. For more information, see Query parameter details.	{\"product\":\"waf\"}
Tag	array<object>	No	A list of resource tags. You can specify up to 20 tags.
	object	No	The resource tag, which consists of a tag key and a tag value.
Value	string	No	The tag value.	TagValue1
Key	string	No	The tag key.	Tagkey1
ResourceManagerResourceGroupId	string	No	The ID of the Alibaba Cloud resource group.	rg-acfm***q
RegionId	string	No	The region where the WAF instance resides. Valid values: cn-hangzhou: the Chinese mainland. ap-southeast-1: outside the Chinese mainland.	cn-hangzhou

Query parameter details

Description

Name	Type	Required	Example	Description
product	String	No	waf	The type of the asset. Valid values: - waf: The asset is added to WAF using a CNAME record or another method. - alb: The asset is added using Application Load Balancer (ALB). - clb: The asset is added using Classic Load Balancer (CLB). - ecs: The asset is added using Elastic Compute Service (ECS). - mse: The asset is added using Microservices Engine (MSE). - fc: The asset is added using Function Compute (FC).
resourceLike	String	No	example.aliyundoc.c	The name of the protected object. This parameter supports fuzzy searches for protected objects that are added to WAF.
resource	String	No	example.aliyundoc.com-waf	The name of the protected object. This parameter supports exact searches for protected objects that are added to WAF.
resourceIn	String	No	example1.aliyundoc.com,example2.aliyundoc.com	The protected objects that you want to query. You can set this parameter to query multiple protected objects that are added to WAF. Separate multiple protected objects with commas (,).
instanceId	String	No	alb-nifa24****	The instance ID of the protected object. This parameter supports exact searches for the instance IDs of protected objects that are added to WAF.
domain	String	No	example.aliyundoc.com	The domain name of the protected object. This parameter supports exact searches for the domain names of protected objects that are added to WAF.
resourceGroup	String	No	group1	The protected object group that you want to query.
inGroup	Boolean	No	true	Specifies whether the protected object is added to the protected object group.
ownerUserId	String	No	135********23	The account to which the asset of the protected object belongs. You can set this parameter to perform an exact search for WAF protected objects that belong to a specific account in a multi-account scenario.
orderBy	String	No	resource	The sorting method for the protected objects. Valid values: - resource: Sorts by protected object name. - gmtModified: Sorts by modification time.
desc	Boolean	No	true	The sorting order. Valid values: - false: ascending order. - true: descending order.

Example

{
    "product": "waf",
    "resource": "example.aliyundoc.com-waf",
    "domain": "example.aliyundoc.com",
    "resourceLike": "example.aliyundoc.c",
    "InstanceId": "waf_cn****",
    "resourceIn": "example1.aliyundoc.com,example2.aliyundoc.com",
    "ownerUserId": "135**********41"
}

Response elements

Element	Type	Description	Example
	object	The response structure.
TotalCount	integer	The total number of returned entries.	73
RequestId	string	The request ID.	618F2626-DB27-5187-8C6C-4E61A491****
Resources	array<object>	The list of protected objects.
	array<object>	The details of the protected object.
Pattern	string	The protection mode of the protected object.	domain
Description	string	The description of the protected object.	test
XffStatus	integer	Indicates whether the X-Forwarded-For (XFF) proxy is enabled for the protected object.	1
GmtModified	integer	The time when the protected object was modified. This value is a UNIX timestamp. Unit: milliseconds.	1665633032000
Resource	string	The name of the protected object.	alb-rencs***
AcwV3SecureStatus	integer	Indicates whether the secure attribute of the slider CAPTCHA cookie is enabled. 0: disabled. 1: enabled.	0
Product	string	The type of cloud service to which the protected object belongs.	alb
AcwCookieStatus	integer	Indicates whether the tracking cookie feature is enabled. 0: disabled. 1: enabled.	1
AcwSecureStatus	integer	Indicates whether the secure attribute of the tracking cookie is enabled. 0: disabled. 1: enabled.	0
ResourceManagerResourceGroupId	string	The ID of the Alibaba Cloud resource group.	rg-acfm***q
GmtCreate	integer	The time when the protected object was created. This value is a UNIX timestamp. Unit: milliseconds.	1652149203187
OwnerUserId	string	The account to which the asset of the protected object belongs. This parameter is returned in a multi-account management scenario.	135*********46
ResourceOrigin	string	The source of the protected object.	custom
ResourceGroup	string	The name of the protected object group to which the protected object is added.	test
Detail	object	The details of the protected object. The key-value pairs vary by product type.	{"domain":"eou.eleme.cn","uri":"/"}
CustomHeaders	array	The custom XFF header that is used to obtain the real IP address of a client. If `XffStatus` is set to 1 and this parameter is left empty, the first IP address in the XFF header is used as the client IP address.
	string	The custom header field.	afbfbajf
ResponseHeaders	array<object>	The custom response headers configured for the protected object.
	object	The custom response header.
Key	string	The key of the custom response header.	Header-Key
Value	string	The value of the custom response header.	Header-Value
InstanceId	string	The ID of the WAF instance.

Examples

Success response

JSON format

{
  "TotalCount": 73,
  "RequestId": "618F2626-DB27-5187-8C6C-4E61A491****",
  "Resources": [
    {
      "Pattern": "domain",
      "Description": "test",
      "XffStatus": 1,
      "GmtModified": 1665633032000,
      "Resource": "alb-rencs***",
      "AcwV3SecureStatus": 0,
      "Product": "alb",
      "AcwCookieStatus": 1,
      "AcwSecureStatus": 0,
      "ResourceManagerResourceGroupId": "rg-acfm***q",
      "GmtCreate": 1652149203187,
      "OwnerUserId": "135*********46",
      "ResourceOrigin": "custom",
      "ResourceGroup": "test",
      "Detail": {
        "domain": "eou.eleme.cn",
        "uri": "/"
      },
      "CustomHeaders": [
        "afbfbajf"
      ],
      "ResponseHeaders": [
        {
          "Key": "Header-Key",
          "Value": "Header-Value"
        }
      ],
      "InstanceId": ""
    }
  ]
}

Error codes

See Error Codes for a complete list.

Release notes

See Release Notes for a complete list.