Queries the Website Config details.
Try it now
Test
RAM authorization
|
Action |
Access level |
Resource type |
Condition key |
Dependent action |
|
yundun-waf:DescribeDomainDetail |
get |
DefenseResource
DefenseResource
|
None | None |
Request parameters
|
Parameter |
Type |
Required |
Description |
Example |
| InstanceId |
string |
Yes |
The ID of the WAF instance. Note
You can call DescribeInstance to query the ID of the WAF instance. |
waf_cdnsdf3**** |
| DomainId |
string |
No |
The domain name ID. |
www.aliyundoc.com-waf |
| Domain |
string |
No |
The domain name to query. |
www.aliyundoc.com |
| RegionId |
string |
No |
The region where the WAF instance is deployed. Valid values:
|
cn-hangzhou |
Response elements
|
Element |
Type |
Description |
Example |
|
object |
The CNAME details. |
||
| RequestId |
string |
The request ID. |
BAEF9CA9-66A0-533E-BD09-5D5D7AA8**** |
| Domain |
string |
The domain name. |
www.aliyundoc.com |
| DomainId |
string |
The domain name ID. |
www.aliyundoc.com-waf |
| Status |
integer |
The status of the domain name. Valid values:
|
1 |
| Cname |
string |
The CNAME assigned by WAF to the domain name. |
xxxxxcvdaf.****.com |
| Listen |
object |
The listener configuration. |
|
| HttpPorts |
array |
The listening ports for the HTTP protocol. |
|
|
integer |
The listening ports for the HTTP protocol. |
80 |
|
| HttpsPorts |
array |
The listening ports for the HTTPS protocol. |
|
|
integer |
The listening ports for the HTTPS protocol. |
443 |
|
| Http2Enabled |
boolean |
Indicates whether HTTP/2 is enabled. Valid values:
|
true |
| CertId |
string |
The certificate ID. |
123 |
| TLSVersion |
string |
The TLS version. Valid values:
|
tlsv1.2 |
| EnableTLSv3 |
boolean |
Indicates whether TLS 1.3 is supported. Valid values:
|
true |
| CipherSuite |
integer |
The type of the cipher suite. Valid values:
|
2 |
| CustomCiphers |
array |
The custom cipher suites. |
|
|
string |
The custom cipher suites. |
xxx |
|
| FocusHttps |
boolean |
Indicates whether HTTPS forced redirect is enabled. Valid values:
|
true |
| SM2Enabled |
boolean |
Indicates whether the China Encryption Standard (SM) certificate is enabled. Valid values:
|
true |
| SM2CertId |
string |
The ID of the SM certificate to add. This parameter is used only when SM2Enable is set to true. |
123-cn-hangzhou |
| SM2AccessOnly |
boolean |
Indicates whether only SM-compliant clients can access the domain name. This parameter is used only when SM2Enable is set to true.
|
true |
| XffHeaderMode |
integer |
The method that WAF uses to obtain the originating IP address of the client. Valid values:
|
2 |
| XffHeaders |
array |
The list of custom header fields used to obtain the client IP address. |
|
|
string |
The list of custom header fields used to obtain the client IP address. |
Client-ip |
|
| IPv6Enabled |
boolean |
Indicates whether IPv6 is enabled. Valid values:
|
true |
| ProtectionResource |
string |
The type of protection resource to use. Valid values:
|
share |
| ExclusiveIp |
boolean |
Indicates whether an exclusive IP address is enabled. Valid values:
|
true |
| HstsIncludeSubDomain |
boolean |
Indicates whether HSTS includes subdomains. Valid values:
|
|
| HstsPreload |
boolean |
Indicates whether HSTS preloading is enabled. This feature is disabled by default. Valid values:
|
false |
| HstsMaxAge |
integer |
The HSTS expiration time. Unit: seconds. |
365000 |
| Redirect |
object |
The forwarding configuration. |
|
Backends
deprecated
|
array<object> |
The back-to-origin addresses of the domain name. Note
This parameter will be deprecated. Use BackendList instead. |
|
|
object |
The IP address or domain name of the origin server. |
||
| Backend |
string |
The IP address or domain name of the origin server. |
1.1.XX.XX |
| Loadbalance |
string |
The load balancing algorithm used for back-to-origin. Valid values:
|
iphash |
| FocusHttpBackend |
boolean |
Indicates whether forced HTTP back-to-origin is enabled. Valid values:
|
true |
| SniEnabled |
boolean |
Indicates whether back-to-origin SNI is enabled. Valid values:
|
true |
| SniHost |
string |
The value of the custom SNI extension field. |
www.aliyundoc.com |
| RequestHeaders |
array<object> |
The traffic tag fields and values of the domain name, which are used to mark traffic processed by WAF. |
|
|
object |
The traffic tag fields and values of the domain name, which are used to mark traffic processed by WAF. |
||
| Key |
string |
The key of the custom header field. |
aaa |
| Value |
string |
The value of the custom header field. |
bbb |
| ConnectTimeout |
integer |
The connection timeout period. Unit: seconds. Valid values: 5 to 120. |
120 |
| WriteTimeout |
integer |
The write timeout period. Unit: seconds. Valid values: 5 to 1800. |
200 |
| ReadTimeout |
integer |
The read timeout period. Unit: seconds. Valid values: 5 to 1800. |
200 |
| Keepalive |
boolean |
Indicates whether persistent connections are enabled. Valid values:
|
true |
| Retry |
boolean |
Indicates whether WAF retries when back-to-origin fails. Valid values:
|
true |
| KeepaliveRequests |
integer |
The number of requests that can reuse a persistent connection. Valid values: 60 to 1000. Note
After persistent connections are enabled, this parameter specifies how many persistent connections can be reused. |
1000 |
| KeepaliveTimeout |
integer |
The idle timeout period for persistent connections. Valid values: 1 to 60. Default value: 15. Unit: seconds. Note
Specifies how long an idle persistent connection can remain open before it is released. |
15 |
| XffProto |
boolean |
Indicates whether the X-Forward-For-Proto header is used to pass the protocol used by WAF. Valid values:
|
true |
BackupBackends
deprecated
|
array<object> |
The secondary back-to-origin addresses of the domain name. Note
This parameter will be deprecated. Use BackUpBackendList instead. |
|
|
object |
The IP address or domain name of the origin server. |
||
| Backend |
string |
The backup IP address or domain name of the origin server. |
[ "1.1.XX.XX", "2.2.XX.XX" ] |
| XClientIp |
boolean |
Indicates whether WAF is allowed to overwrite the X-Client-IP header. Valid values:
|
true |
| XTrueIp |
boolean |
Indicates whether WAF is allowed to overwrite the X-True-IP header. Valid values:
|
true |
| WebServerType |
boolean |
Indicates whether WAF is allowed to overwrite the Web-Server-Type header. Valid values:
|
true |
| WLProxyClientIp |
boolean |
Indicates whether WAF is allowed to overwrite the WL-Proxy-Client-IP header. Valid values:
|
true |
| MaxBodySize |
integer |
The maximum request body size. Valid values: 2 to 10. Default value: 2. Unit: GB. Note
Only Ultimate Edition supports this feature. |
2 |
| Http2Origin |
boolean |
The HTTP/2 back-to-origin setting. |
true |
| Http2OriginMaxConcurrency |
integer |
The maximum number of concurrent connections for HTTP/2 back-to-origin. |
128 |
| ProxyProtocol |
boolean |
Indicates whether the client source IP preservation feature is enabled.
|
false |
| BackendList |
array |
The list of origin server IP addresses or back-to-origin domain names for the domain name. |
|
|
string |
The IP address or domain name of the origin server for the domain name. |
1.1.XX.XX |
|
| BackUpBackendList |
array |
The list of secondary origin server IP addresses or back-to-origin domain names for the domain name. |
|
|
string |
The IP address or domain name of the secondary origin server for the domain name. |
2.2.XX.XX |
|
| BackendPorts |
array<object> |
The custom port configuration. By default, this is the same as the listening port. |
|
|
object |
The custom port configuration. By default, this is the same as the listening port. |
||
| ListenPort |
integer |
The listener port. |
80 |
| BackendPort |
integer |
The back-to-origin port. |
80 |
| Protocol |
string |
The protocol of the back-to-origin port. Valid values:
|
http |
| ResourceManagerResourceGroupId |
string |
The Alibaba Cloud resource group ID. |
rg-acfm***q |
| CertDetail |
object |
The SSL certificate details. |
|
| Name |
string |
The certificate name. |
test-cert-name |
| Id |
string |
The SSL certificate ID. |
123-cn-hangzhou |
| StartTime |
integer |
The effective period of the certificate. The value is in the format of a UNIX timestamp (UTC). Unit: milliseconds. |
1677772800000 |
| EndTime |
integer |
The time when the certificate expires. The value is a UNIX timestamp in UTC. Unit: milliseconds. |
1685590400000 |
| CommonName |
string |
The common name (CN). |
test.aliyundoc.com |
| Sans |
array |
All domain names bound to the certificate. |
|
|
string |
All domain names bound to the certificate. |
www.aliyundoc.com |
|
| SM2CertDetail |
object |
The SM certificate information. |
|
| Name |
string |
The certificate name. |
test-sm2-cert-name |
| Id |
string |
The SSL certificate ID. |
123-cn-hangzhou |
| StartTime |
integer |
The effective period of the certificate. The value is in the format of a UNIX timestamp (UTC). Unit: milliseconds. |
1657551525000 |
| EndTime |
integer |
The time when the certificate expires. The value is a UNIX timestamp in UTC. Unit: milliseconds. |
1665590400000 |
| CommonName |
string |
The common name (CN). |
test.aliyundoc.com |
| Sans |
array |
All domain names bound to the certificate. |
|
|
string |
All domain names bound to the certificate. |
www.aliyundoc.com |
Examples
Success response
JSON format
{
"RequestId": "BAEF9CA9-66A0-533E-BD09-5D5D7AA8****",
"Domain": "www.aliyundoc.com",
"DomainId": "www.aliyundoc.com-waf",
"Status": 1,
"Cname": "xxxxxcvdaf.****.com",
"Listen": {
"HttpPorts": [
80
],
"HttpsPorts": [
443
],
"Http2Enabled": true,
"CertId": "123",
"TLSVersion": "tlsv1.2",
"EnableTLSv3": true,
"CipherSuite": 2,
"CustomCiphers": [
"xxx"
],
"FocusHttps": true,
"SM2Enabled": true,
"SM2CertId": "123-cn-hangzhou",
"SM2AccessOnly": true,
"XffHeaderMode": 2,
"XffHeaders": [
"Client-ip"
],
"IPv6Enabled": true,
"ProtectionResource": "share",
"ExclusiveIp": true,
"HstsIncludeSubDomain": false,
"HstsPreload": false,
"HstsMaxAge": 365000
},
"Redirect": {
"Backends": [
{
"Backend": "1.1.XX.XX"
}
],
"Loadbalance": "iphash",
"FocusHttpBackend": true,
"SniEnabled": true,
"SniHost": "www.aliyundoc.com",
"RequestHeaders": [
{
"Key": "aaa",
"Value": "bbb"
}
],
"ConnectTimeout": 120,
"WriteTimeout": 200,
"ReadTimeout": 200,
"Keepalive": true,
"Retry": true,
"KeepaliveRequests": 1000,
"KeepaliveTimeout": 15,
"XffProto": true,
"BackupBackends": [
{
"Backend": "[\n \"1.1.XX.XX\",\n \"2.2.XX.XX\"\n]\n"
}
],
"XClientIp": true,
"XTrueIp": true,
"WebServerType": true,
"WLProxyClientIp": true,
"MaxBodySize": 2,
"Http2Origin": true,
"Http2OriginMaxConcurrency": 128,
"ProxyProtocol": false,
"BackendList": [
"1.1.XX.XX"
],
"BackUpBackendList": [
"2.2.XX.XX"
],
"BackendPorts": [
{
"ListenPort": 80,
"BackendPort": 80,
"Protocol": "http"
}
]
},
"ResourceManagerResourceGroupId": "rg-acfm***q",
"CertDetail": {
"Name": "test-cert-name",
"Id": "123-cn-hangzhou",
"StartTime": 1677772800000,
"EndTime": 1685590400000,
"CommonName": "test.aliyundoc.com",
"Sans": [
"www.aliyundoc.com"
]
},
"SM2CertDetail": {
"Name": "test-sm2-cert-name",
"Id": "123-cn-hangzhou",
"StartTime": 1657551525000,
"EndTime": 1665590400000,
"CommonName": "test.aliyundoc.com\n",
"Sans": [
"www.aliyundoc.com\n"
]
}
}
Error codes
|
HTTP status code |
Error code |
Error message |
Description |
|---|---|---|---|
| 400 | Waf.Pullin.DomainAndDomainIdBothEmpty | domain and domainId cannot be empty at the same time. | The domain name and domain name ID cannot be empty at the same time. |
| 400 | Waf.Pullin.DomainAndDomainIdNotMatch | domain and domainId do not match. | The input parameters Domain and DomainId do not match. |
| 400 | Waf.Pullin.DomainIdIsIllegal | The input parameter, the domainId is illegal. | Illegal entry DomainId |
See Error Codes for a complete list.
Release notes
See Release Notes for a complete list.