DescribeDomainDetail - Web Application Firewall - Alibaba Cloud Documentation Center

Queries the configuration details of a domain name.

Try it now

Try this API in OpenAPI Explorer, no manual signing needed. Successful calls auto-generate SDK code matching your parameters. Download it with built-in credential security for local usage.

Test

RAM authorization

The table below describes the authorization required to call this API. You can define it in a Resource Access Management (RAM) policy. The table's columns are detailed below:

Action: The actions can be used in the Action element of RAM permission policy statements to grant permissions to perform the operation.
API: The API that you can call to perform the action.
Access level: The predefined level of access granted for each API. Valid values: create, list, get, update, and delete.
Resource type: The type of the resource that supports authorization to perform the action. It indicates if the action supports resource-level permission. The specified resource must be compatible with the action. Otherwise, the policy will be ineffective.
- For APIs with resource-level permissions, required resource types are marked with an asterisk (*). Specify the corresponding Alibaba Cloud Resource Name (ARN) in the Resource element of the policy.
- For APIs without resource-level permissions, it is shown as All Resources. Use an asterisk (*) in the Resource element of the policy.
Condition key: The condition keys defined by the service. The key allows for granular control, applying to either actions alone or actions associated with specific resources. In addition to service-specific condition keys, Alibaba Cloud provides a set of common condition keys applicable across all RAM-supported services.
Dependent action: The dependent actions required to run the action. To complete the action, the RAM user or the RAM role must have the permissions to perform all dependent actions.

Action

Access level

Resource type

Condition key

Dependent action

yundun-waf:DescribeDomainDetail

get

*All Resource

*

None

Request parameters

Parameter	Type	Required	Description	Example
InstanceId	string	Yes	The ID of the WAF instance. Note Call DescribeInstance to query the ID of your WAF instance.	waf_cdnsdf3****
DomainId	string	No	The ID of the domain name.	www.aliyundoc.com-waf
Domain	string	No	The domain name that you want to query.	www.aliyundoc.com
RegionId	string	No	The region where the WAF instance resides. Valid values: cn-hangzhou: the Chinese mainland. ap-southeast-1: outside the Chinese mainland.	cn-hangzhou

Response elements

Element	Type	Description	Example
	object	The details of the canonical name (CNAME).
RequestId	string	The request ID.	BAEF9CA9-66A0-533E-BD09-5D5D7AA8****
Domain	string	The domain name.	www.aliyundoc.com
DomainId	string	The ID of the domain name.	www.aliyundoc.com-waf
Status	integer	The status of the domain name. Valid values: 1: The domain name is in a normal state. 2: The domain name is being created. 3: The domain name is being modified. 4: The domain name is being released. 5: Traffic forwarding is disabled for the domain name.	1
Cname	string	The canonical name (CNAME) that is assigned to the domain name by WAF.	xxxxxcvdaf.****.com
Listen	object	The listener configuration.
HttpPorts	array	The HTTP listener ports.
	integer	The HTTP listener port.	80
HttpsPorts	array	The HTTPS listener ports.
	integer	The HTTPS listener port.	443
Http2Enabled	boolean	Indicates whether HTTP/2 is enabled. Valid values: true: HTTP/2 is enabled. false: HTTP/2 is disabled.	true
CertId	string	The ID of the certificate.	123
TLSVersion	string	The Transport Layer Security (TLS) version. Valid values: tlsv1 tlsv1.1 tlsv1.2	tlsv1.2
EnableTLSv3	boolean	Indicates whether TLS 1.3 is supported. Valid values: true: TLS 1.3 is supported. false: TLS 1.3 is not supported.	true
CipherSuite	integer	The type of the cipher suite. Valid values: 1: all cipher suites. 2: strong cipher suites. 99: custom cipher suites.	2
CustomCiphers	array	The custom cipher suites.
	string	The custom cipher suite.	xxx
FocusHttps	boolean	Indicates whether HTTPS force redirect is enabled. Valid values: true: HTTPS force redirect is enabled. false: HTTPS force redirect is disabled.	true
SM2Enabled	boolean	Indicates whether the SM2 certificate is enabled. Valid values: true: The SM2 certificate is enabled. false: The SM2 certificate is disabled.	true
SM2CertId	string	The ID of the SM2 certificate. This parameter is used only when SM2Enabled is set to true.	123-cn-hangzhou
SM2AccessOnly	boolean	Indicates whether only SM2 clients can access the website. This parameter is used only when SM2Enabled is set to true. true: Only SM2 clients can access the website. false: Both SM2 and non-SM2 clients can access the website.	true
XffHeaderMode	integer	The method that WAF uses to obtain the real IP address of a client. Valid values: 0: No Layer 7 proxy is deployed before WAF. 1: WAF reads the first value of the X-Forwarded-For (XFF) header field to obtain the client IP address. 2: WAF reads the value of a custom header field to obtain the client IP address.	2
XffHeaders	array	The custom header fields that are used to obtain the client IP address.
	string	The custom header field that is used to obtain the client IP address.	Client-ip
IPv6Enabled	boolean	Indicates whether IPv6 is enabled. Valid values: true: IPv6 is enabled. false: IPv6 is disabled.	true
ProtectionResource	string	The type of the protection resource. Valid values: share: shared cluster. gslb: shared cluster-based intelligent load balancing.	share
ExclusiveIp	boolean	Indicates whether an exclusive IP address is enabled. Valid values: true: An exclusive IP address is enabled. false: An exclusive IP address is disabled.	true
Redirect	object	The forwarding configuration.
Backends `deprecated`	array<object>	The origin URLs of the domain name. Note This parameter is deprecated. Use BackendList to obtain the related information.
	object	The IP address or domain name of the origin server.
Backend	string	The IP address or domain name of the origin server that is associated with the domain name.	1.1.XX.XX
Loadbalance	string	The load balancing algorithm for origin fetch. Valid values: iphash: IP Hash. roundRobin: round-robin. leastTime: least time.	iphash
FocusHttpBackend	boolean	Indicates whether to enable force HTTP back-to-origin. Valid values: true: Force HTTP back-to-origin is enabled. false: Force HTTP back-to-origin is disabled.	true
SniEnabled	boolean	Indicates whether to enable back-to-origin Server Name Indication (SNI). Valid values: true: Back-to-origin SNI is enabled. false (default): Back-to-origin SNI is disabled.	true
SniHost	string	The value of the custom SNI extension field.	www.aliyundoc.com
RequestHeaders	array<object>	The custom header field and its value, which are used to mark the traffic that is processed by WAF.
	object	The custom header field and its value, which are used to mark the traffic that is processed by WAF.
Key	string	The custom request header field.	aaa
Value	string	The value of the custom request header field.	bbb
ConnectTimeout	integer	The connection timeout. Unit: seconds. Valid values: 5 to 120.	120
WriteTimeout	integer	The write timeout. Unit: seconds. Valid values: 5 to 1800.	200
ReadTimeout	integer	The read timeout. Unit: seconds. Valid values: 5 to 1800.	200
Keepalive	boolean	Indicates whether to enable persistent connections. Valid values: true (default): Enable persistent connections. false: Disable persistent connections.	true
Retry	boolean	Indicates whether to retry when an origin fetch fails. Valid values: true (default): Retry. false: Do not retry.	true
KeepaliveRequests	integer	The number of requests that can be reused in a persistent connection. Valid values: 60 to 1000. Note This parameter specifies the number of reused persistent connections after you enable persistent connections.	1000
KeepaliveTimeout	integer	The timeout period for an idle persistent connection. Valid values: 1 to 60. Default value: 15. Unit: seconds. Note This parameter specifies the period of time after which a reused persistent connection is released if the connection is idle.	15
XffProto	boolean	Indicates whether to use the X-Forward-For-Proto header to pass the protocol that is used by WAF. Valid values: true (default): Pass the protocol. false: Do not pass the protocol.	true
BackupBackends `deprecated`	array<object>	The backup origin URLs of the domain name. Note This parameter is deprecated. Use BackUpBackendList to obtain the related information.
	object	The IP address or domain name of the origin server.
Backend	string	The IP address or domain name of the backup origin server that is associated with the domain name.	[ "1.1.XX.XX", "2.2.XX.XX" ]
XClientIp	boolean	Indicates whether WAF is allowed to overwrite the X-Client-IP header. Valid values: true (default): WAF is allowed to overwrite the header. false: WAF is not allowed to overwrite the header.	true
XTrueIp	boolean	Indicates whether WAF is allowed to overwrite the X-True-IP header. Valid values: true (default): WAF is allowed to overwrite the header. false: WAF is not allowed to overwrite the header.	true
WebServerType	boolean	Indicates whether WAF is allowed to overwrite the Web-Server-Type header. Valid values: true (default): WAF is allowed to overwrite the header. false: WAF is not allowed to overwrite the header.	true
WLProxyClientIp	boolean	Indicates whether WAF is allowed to overwrite the WL-Proxy-Client-IP header. Valid values: true (default): WAF is allowed to overwrite the header. false: WAF is not allowed to overwrite the header.	true
MaxBodySize	integer	The maximum request body size. Valid values: 2 to 10. Default value: 2. Unit: GB. Note This feature is available only for the Ultimate edition.	2
Http2Origin	boolean	Indicates whether to enable HTTP/2 for origin fetch.	true
Http2OriginMaxConcurrency	integer	The number of concurrent connections for HTTP/2 origin fetch.	128
BackendList	array	The list of IP addresses or domain names of the origin servers for the domain name.
	string	The IP address or domain name of the origin server.	1.1.XX.XX
BackUpBackendList	array	The list of IP addresses or domain names of the backup origin servers for the domain name.
	string	The IP address or domain name of the backup origin server.	2.2.XX.XX
BackendPorts	array<object>	The custom port configuration. By default, the port is the same as the listener port.
	object	The custom port configuration. By default, the port is the same as the listener port.
ListenPort	integer	The listener port.	80
BackendPort	integer	The back-to-origin port.	80
Protocol	string	The protocol of the listener port. Valid values: http: HTTP https: HTTPS	http
ResourceManagerResourceGroupId	string	The ID of the resource group.	rg-acfm***q
CertDetail	object	The details of the SSL certificate.
Name	string	The name of the certificate.	test-cert-name
Id	string	The ID of the SSL certificate.	123-cn-hangzhou
StartTime	integer	The time when the certificate becomes effective. This value is a UNIX timestamp. Unit: milliseconds.	1677772800000
EndTime	integer	The time when the certificate expires. This value is a UNIX timestamp. Unit: milliseconds.	1685590400000
CommonName	string	The common name (CN) of the certificate.	test.aliyundoc.com
Sans	array	All domain names that are bound to the certificate.
	string	The domain names that are associated with the certificate.	www.aliyundoc.com
SM2CertDetail	object	The information about the SM2 certificate.
Name	string	The name of the certificate.	test-sm2-cert-name
Id	string	The ID of the SSL certificate.	123-cn-hangzhou
StartTime	integer	The time when the certificate becomes effective. This value is a UNIX timestamp. Unit: milliseconds.	1657551525000
EndTime	integer	The time when the certificate expires. This value is a UNIX timestamp. Unit: milliseconds.	1665590400000
CommonName	string	The common name (CN) of the certificate.	test.aliyundoc.com
Sans	array	All domain names that are bound to the certificate.
	string	The domain names that are attached to the certificate.	www.aliyundoc.com

Examples

Success response

JSON format

{
  "RequestId": "BAEF9CA9-66A0-533E-BD09-5D5D7AA8****",
  "Domain": "www.aliyundoc.com",
  "DomainId": "www.aliyundoc.com-waf",
  "Status": 1,
  "Cname": "xxxxxcvdaf.****.com",
  "Listen": {
    "HttpPorts": [
      80
    ],
    "HttpsPorts": [
      443
    ],
    "Http2Enabled": true,
    "CertId": "123",
    "TLSVersion": "tlsv1.2",
    "EnableTLSv3": true,
    "CipherSuite": 2,
    "CustomCiphers": [
      "xxx"
    ],
    "FocusHttps": true,
    "SM2Enabled": true,
    "SM2CertId": "123-cn-hangzhou",
    "SM2AccessOnly": true,
    "XffHeaderMode": 2,
    "XffHeaders": [
      "Client-ip"
    ],
    "IPv6Enabled": true,
    "ProtectionResource": "share",
    "ExclusiveIp": true
  },
  "Redirect": {
    "Backends": [
      {
        "Backend": "1.1.XX.XX"
      }
    ],
    "Loadbalance": "iphash",
    "FocusHttpBackend": true,
    "SniEnabled": true,
    "SniHost": "www.aliyundoc.com",
    "RequestHeaders": [
      {
        "Key": "aaa",
        "Value": "bbb"
      }
    ],
    "ConnectTimeout": 120,
    "WriteTimeout": 200,
    "ReadTimeout": 200,
    "Keepalive": true,
    "Retry": true,
    "KeepaliveRequests": 1000,
    "KeepaliveTimeout": 15,
    "XffProto": true,
    "BackupBackends": [
      {
        "Backend": "[\n    \"1.1.XX.XX\",\n    \"2.2.XX.XX\"\n]\n"
      }
    ],
    "XClientIp": true,
    "XTrueIp": true,
    "WebServerType": true,
    "WLProxyClientIp": true,
    "MaxBodySize": 2,
    "Http2Origin": true,
    "Http2OriginMaxConcurrency": 128,
    "BackendList": [
      "1.1.XX.XX"
    ],
    "BackUpBackendList": [
      "2.2.XX.XX"
    ],
    "BackendPorts": [
      {
        "ListenPort": 80,
        "BackendPort": 80,
        "Protocol": "http"
      }
    ]
  },
  "ResourceManagerResourceGroupId": "rg-acfm***q",
  "CertDetail": {
    "Name": "test-cert-name",
    "Id": "123-cn-hangzhou",
    "StartTime": 1677772800000,
    "EndTime": 1685590400000,
    "CommonName": "test.aliyundoc.com",
    "Sans": [
      "www.aliyundoc.com"
    ]
  },
  "SM2CertDetail": {
    "Name": "test-sm2-cert-name",
    "Id": "123-cn-hangzhou",
    "StartTime": 1657551525000,
    "EndTime": 1665590400000,
    "CommonName": "test.aliyundoc.com\n",
    "Sans": [
      "www.aliyundoc.com\n"
    ]
  }
}

Error codes

HTTP status code	Error code	Error message
400	Waf.Pullin.DomainAndDomainIdBothEmpty	domain and domainId cannot be empty at the same time.
400	Waf.Pullin.DomainAndDomainIdNotMatch	domain and domainId do not match.
400	Waf.Pullin.DomainIdIsIllegal	The input parameter, the domainId is illegal.

See Error Codes for a complete list.

Release notes

See Release Notes for a complete list.