All Products
Search
Document Center

Web Application Firewall:DescribeDomainDetail

Last Updated:Jul 07, 2026

Queries the Website Config details.

Try it now

Try this API in OpenAPI Explorer, no manual signing needed. Successful calls auto-generate SDK code matching your parameters. Download it with built-in credential security for local usage.

Test

RAM authorization

The table below describes the authorization required to call this API. You can define it in a Resource Access Management (RAM) policy. The table's columns are detailed below:

  • Action: The actions can be used in the Action element of RAM permission policy statements to grant permissions to perform the operation.

  • API: The API that you can call to perform the action.

  • Access level: The predefined level of access granted for each API. Valid values: create, list, get, update, and delete.

  • Resource type: The type of the resource that supports authorization to perform the action. It indicates if the action supports resource-level permission. The specified resource must be compatible with the action. Otherwise, the policy will be ineffective.

    • For APIs with resource-level permissions, required resource types are marked with an asterisk (*). Specify the corresponding Alibaba Cloud Resource Name (ARN) in the Resource element of the policy.

    • For APIs without resource-level permissions, it is shown as All Resources. Use an asterisk (*) in the Resource element of the policy.

  • Condition key: The condition keys defined by the service. The key allows for granular control, applying to either actions alone or actions associated with specific resources. In addition to service-specific condition keys, Alibaba Cloud provides a set of common condition keys applicable across all RAM-supported services.

  • Dependent action: The dependent actions required to run the action. To complete the action, the RAM user or the RAM role must have the permissions to perform all dependent actions.

Action

Access level

Resource type

Condition key

Dependent action

yundun-waf:DescribeDomainDetail

get

DefenseResource

acs:yundun-waf:{#regionId}:{#accountId}:defenseresource/{#Resource}

DefenseResource

acs:yundun-waf:{#regionId}:{#accountId}:defenseresource/{#Resource}-waf

None None

Request parameters

Parameter

Type

Required

Description

Example

InstanceId

string

Yes

The ID of the WAF instance.

Note

You can call DescribeInstance to query the ID of the WAF instance.

waf_cdnsdf3****

DomainId

string

No

The domain name ID.

www.aliyundoc.com-waf

Domain

string

No

The domain name to query.

www.aliyundoc.com

RegionId

string

No

The region where the WAF instance is deployed. Valid values:

  • cn-hangzhou: the Chinese mainland.

  • ap-southeast-1: outside the Chinese mainland.

cn-hangzhou

Response elements

Element

Type

Description

Example

object

The CNAME details.

RequestId

string

The request ID.

BAEF9CA9-66A0-533E-BD09-5D5D7AA8****

Domain

string

The domain name.

www.aliyundoc.com

DomainId

string

The domain name ID.

www.aliyundoc.com-waf

Status

integer

The status of the domain name. Valid values:

  • 1: The domain name is in a normal state.

  • 2: The domain name is being created.

  • 3: The domain name is being modified.

  • 4: The domain name is being released.

  • 5: The domain name has stopped forwarding traffic.

1

Cname

string

The CNAME assigned by WAF to the domain name.

xxxxxcvdaf.****.com

Listen

object

The listener configuration.

HttpPorts

array

The listening ports for the HTTP protocol.

integer

The listening ports for the HTTP protocol.

80

HttpsPorts

array

The listening ports for the HTTPS protocol.

integer

The listening ports for the HTTPS protocol.

443

Http2Enabled

boolean

Indicates whether HTTP/2 is enabled. Valid values:

  • true: HTTP/2 is enabled.

  • false: HTTP/2 is not enabled.

true

CertId

string

The certificate ID.

123

TLSVersion

string

The TLS version. Valid values:

  • tlsv1

  • tlsv1.1

  • tlsv1.2

tlsv1.2

EnableTLSv3

boolean

Indicates whether TLS 1.3 is supported. Valid values:

  • true: TLS 1.3 is supported.

  • false: TLS 1.3 is not supported.

true

CipherSuite

integer

The type of the cipher suite. Valid values:

  • 1: all cipher suites are added.

  • 2: strong cipher suites are added.

  • 99: custom cipher suites are added.

2

CustomCiphers

array

The custom cipher suites.

string

The custom cipher suites.

xxx

FocusHttps

boolean

Indicates whether HTTPS forced redirect is enabled. Valid values:

  • true: HTTPS forced redirect is enabled.

  • false: HTTPS forced redirect is not enabled.

true

SM2Enabled

boolean

Indicates whether the China Encryption Standard (SM) certificate is enabled. Valid values:

  • true: The SM certificate is enabled.

  • false: The SM certificate is not enabled.

true

SM2CertId

string

The ID of the SM certificate to add. This parameter is used only when SM2Enable is set to true.

123-cn-hangzhou

SM2AccessOnly

boolean

Indicates whether only SM-compliant clients can access the domain name. This parameter is used only when SM2Enable is set to true.

  • true: Only SM-compliant clients can access the domain name.

  • false: Both SM-compliant and non-SM-compliant clients can access the domain name.

true

XffHeaderMode

integer

The method that WAF uses to obtain the originating IP address of the client. Valid values:

  • 0: No Layer 7 proxy is deployed in front of WAF.

  • 1: WAF reads the first value of the X-Forwarded-For (XFF) header field as the client IP address.

  • 2: WAF reads the value of a custom header field that you specify as the client IP address.

2

XffHeaders

array

The list of custom header fields used to obtain the client IP address.

string

The list of custom header fields used to obtain the client IP address.

Client-ip

IPv6Enabled

boolean

Indicates whether IPv6 is enabled. Valid values:

  • true: IPv6 is enabled.

  • false: IPv6 is not enabled.

true

ProtectionResource

string

The type of protection resource to use. Valid values:

  • share: shared cluster.

  • gslb: shared cluster with intelligent load balancing.

share

ExclusiveIp

boolean

Indicates whether an exclusive IP address is enabled. Valid values:

  • true: An exclusive IP address is enabled.

  • false: An exclusive IP address is not enabled.

true

HstsIncludeSubDomain

boolean

Indicates whether HSTS includes subdomains. Valid values:

  • true: Enabled.

  • false: Not enabled.

HstsPreload

boolean

Indicates whether HSTS preloading is enabled. This feature is disabled by default. Valid values:

  • true: Enabled.

  • false: Disabled.

false

HstsMaxAge

integer

The HSTS expiration time. Unit: seconds.

365000

Redirect

object

The forwarding configuration.

Backends deprecated

array<object>

The back-to-origin addresses of the domain name.

Note

This parameter will be deprecated. Use BackendList instead.

object

The IP address or domain name of the origin server.

Backend

string

The IP address or domain name of the origin server.

1.1.XX.XX

Loadbalance

string

The load balancing algorithm used for back-to-origin. Valid values:

  • iphash: IP hash algorithm.

  • roundRobin: round-robin algorithm.

  • leastTime: least-time back-to-origin algorithm.

iphash

FocusHttpBackend

boolean

Indicates whether forced HTTP back-to-origin is enabled. Valid values:

  • true: Forced HTTP back-to-origin is enabled.

  • false: Forced HTTP back-to-origin is not enabled.

true

SniEnabled

boolean

Indicates whether back-to-origin SNI is enabled. Valid values:

  • true: Back-to-origin SNI is enabled.

  • false (default): Back-to-origin SNI is not enabled.

true

SniHost

string

The value of the custom SNI extension field.

www.aliyundoc.com

RequestHeaders

array<object>

The traffic tag fields and values of the domain name, which are used to mark traffic processed by WAF.

object

The traffic tag fields and values of the domain name, which are used to mark traffic processed by WAF.

Key

string

The key of the custom header field.

aaa

Value

string

The value of the custom header field.

bbb

ConnectTimeout

integer

The connection timeout period. Unit: seconds. Valid values: 5 to 120.

120

WriteTimeout

integer

The write timeout period. Unit: seconds. Valid values: 5 to 1800.

200

ReadTimeout

integer

The read timeout period. Unit: seconds. Valid values: 5 to 1800.

200

Keepalive

boolean

Indicates whether persistent connections are enabled. Valid values:

  • true (default): Persistent connections are enabled.

  • false: Persistent connections are not enabled.

true

Retry

boolean

Indicates whether WAF retries when back-to-origin fails. Valid values:

  • true (default): WAF retries.

  • false: WAF does not retry.

true

KeepaliveRequests

integer

The number of requests that can reuse a persistent connection. Valid values: 60 to 1000.

Note

After persistent connections are enabled, this parameter specifies how many persistent connections can be reused.

1000

KeepaliveTimeout

integer

The idle timeout period for persistent connections. Valid values: 1 to 60. Default value: 15. Unit: seconds.

Note

Specifies how long an idle persistent connection can remain open before it is released.

15

XffProto

boolean

Indicates whether the X-Forward-For-Proto header is used to pass the protocol used by WAF. Valid values:

  • true (default): The protocol used by WAF is passed.

  • false: The protocol used by WAF is not passed.

true

BackupBackends deprecated

array<object>

The secondary back-to-origin addresses of the domain name.

Note

This parameter will be deprecated. Use BackUpBackendList instead.

object

The IP address or domain name of the origin server.

Backend

string

The backup IP address or domain name of the origin server.

[ "1.1.XX.XX", "2.2.XX.XX" ]

XClientIp

boolean

Indicates whether WAF is allowed to overwrite the X-Client-IP header. Valid values:

  • true (default): WAF is allowed to overwrite the header.

  • false: WAF is not allowed to overwrite the header.

true

XTrueIp

boolean

Indicates whether WAF is allowed to overwrite the X-True-IP header. Valid values:

  • true (default): WAF is allowed to overwrite the header.

  • false: WAF is not allowed to overwrite the header.

true

WebServerType

boolean

Indicates whether WAF is allowed to overwrite the Web-Server-Type header. Valid values:

  • true (default): WAF is allowed to overwrite the header.

  • false: WAF is not allowed to overwrite the header.

true

WLProxyClientIp

boolean

Indicates whether WAF is allowed to overwrite the WL-Proxy-Client-IP header. Valid values:

  • true (default): WAF is allowed to overwrite the header.

  • false: WAF is not allowed to overwrite the header.

true

MaxBodySize

integer

The maximum request body size. Valid values: 2 to 10. Default value: 2. Unit: GB.

Note

Only Ultimate Edition supports this feature.

2

Http2Origin

boolean

The HTTP/2 back-to-origin setting.

true

Http2OriginMaxConcurrency

integer

The maximum number of concurrent connections for HTTP/2 back-to-origin.

128

ProxyProtocol

boolean

Indicates whether the client source IP preservation feature is enabled.

  • true: The client source IP preservation feature is enabled. After this feature is enabled, the backend service can view the originating IP address of the client.

  • false: The client source IP preservation feature is not enabled.

false

BackendList

array

The list of origin server IP addresses or back-to-origin domain names for the domain name.

string

The IP address or domain name of the origin server for the domain name.

1.1.XX.XX

BackUpBackendList

array

The list of secondary origin server IP addresses or back-to-origin domain names for the domain name.

string

The IP address or domain name of the secondary origin server for the domain name.

2.2.XX.XX

BackendPorts

array<object>

The custom port configuration. By default, this is the same as the listening port.

object

The custom port configuration. By default, this is the same as the listening port.

ListenPort

integer

The listener port.

80

BackendPort

integer

The back-to-origin port.

80

Protocol

string

The protocol of the back-to-origin port. Valid values:

  • http: HTTP.

  • https: HTTPS.

http

ResourceManagerResourceGroupId

string

The Alibaba Cloud resource group ID.

rg-acfm***q

CertDetail

object

The SSL certificate details.

Name

string

The certificate name.

test-cert-name

Id

string

The SSL certificate ID.

123-cn-hangzhou

StartTime

integer

The effective period of the certificate. The value is in the format of a UNIX timestamp (UTC). Unit: milliseconds.

1677772800000

EndTime

integer

The time when the certificate expires. The value is a UNIX timestamp in UTC. Unit: milliseconds.

1685590400000

CommonName

string

The common name (CN).

test.aliyundoc.com

Sans

array

All domain names bound to the certificate.

string

All domain names bound to the certificate.

www.aliyundoc.com

SM2CertDetail

object

The SM certificate information.

Name

string

The certificate name.

test-sm2-cert-name

Id

string

The SSL certificate ID.

123-cn-hangzhou

StartTime

integer

The effective period of the certificate. The value is in the format of a UNIX timestamp (UTC). Unit: milliseconds.

1657551525000

EndTime

integer

The time when the certificate expires. The value is a UNIX timestamp in UTC. Unit: milliseconds.

1665590400000

CommonName

string

The common name (CN).

test.aliyundoc.com

Sans

array

All domain names bound to the certificate.

string

All domain names bound to the certificate.

www.aliyundoc.com

Examples

Success response

JSON format

{
  "RequestId": "BAEF9CA9-66A0-533E-BD09-5D5D7AA8****",
  "Domain": "www.aliyundoc.com",
  "DomainId": "www.aliyundoc.com-waf",
  "Status": 1,
  "Cname": "xxxxxcvdaf.****.com",
  "Listen": {
    "HttpPorts": [
      80
    ],
    "HttpsPorts": [
      443
    ],
    "Http2Enabled": true,
    "CertId": "123",
    "TLSVersion": "tlsv1.2",
    "EnableTLSv3": true,
    "CipherSuite": 2,
    "CustomCiphers": [
      "xxx"
    ],
    "FocusHttps": true,
    "SM2Enabled": true,
    "SM2CertId": "123-cn-hangzhou",
    "SM2AccessOnly": true,
    "XffHeaderMode": 2,
    "XffHeaders": [
      "Client-ip"
    ],
    "IPv6Enabled": true,
    "ProtectionResource": "share",
    "ExclusiveIp": true,
    "HstsIncludeSubDomain": false,
    "HstsPreload": false,
    "HstsMaxAge": 365000
  },
  "Redirect": {
    "Backends": [
      {
        "Backend": "1.1.XX.XX"
      }
    ],
    "Loadbalance": "iphash",
    "FocusHttpBackend": true,
    "SniEnabled": true,
    "SniHost": "www.aliyundoc.com",
    "RequestHeaders": [
      {
        "Key": "aaa",
        "Value": "bbb"
      }
    ],
    "ConnectTimeout": 120,
    "WriteTimeout": 200,
    "ReadTimeout": 200,
    "Keepalive": true,
    "Retry": true,
    "KeepaliveRequests": 1000,
    "KeepaliveTimeout": 15,
    "XffProto": true,
    "BackupBackends": [
      {
        "Backend": "[\n    \"1.1.XX.XX\",\n    \"2.2.XX.XX\"\n]\n"
      }
    ],
    "XClientIp": true,
    "XTrueIp": true,
    "WebServerType": true,
    "WLProxyClientIp": true,
    "MaxBodySize": 2,
    "Http2Origin": true,
    "Http2OriginMaxConcurrency": 128,
    "ProxyProtocol": false,
    "BackendList": [
      "1.1.XX.XX"
    ],
    "BackUpBackendList": [
      "2.2.XX.XX"
    ],
    "BackendPorts": [
      {
        "ListenPort": 80,
        "BackendPort": 80,
        "Protocol": "http"
      }
    ]
  },
  "ResourceManagerResourceGroupId": "rg-acfm***q",
  "CertDetail": {
    "Name": "test-cert-name",
    "Id": "123-cn-hangzhou",
    "StartTime": 1677772800000,
    "EndTime": 1685590400000,
    "CommonName": "test.aliyundoc.com",
    "Sans": [
      "www.aliyundoc.com"
    ]
  },
  "SM2CertDetail": {
    "Name": "test-sm2-cert-name",
    "Id": "123-cn-hangzhou",
    "StartTime": 1657551525000,
    "EndTime": 1665590400000,
    "CommonName": "test.aliyundoc.com\n",
    "Sans": [
      "www.aliyundoc.com\n"
    ]
  }
}

Error codes

HTTP status code

Error code

Error message

Description

400 Waf.Pullin.DomainAndDomainIdBothEmpty domain and domainId cannot be empty at the same time. The domain name and domain name ID cannot be empty at the same time.
400 Waf.Pullin.DomainAndDomainIdNotMatch domain and domainId do not match. The input parameters Domain and DomainId do not match.
400 Waf.Pullin.DomainIdIsIllegal The input parameter, the domainId is illegal. Illegal entry DomainId

See Error Codes for a complete list.

Release notes

See Release Notes for a complete list.