Web Application Firewall:DescribeDomainDetail - Web Application Firewall

Retrieves the access configuration details of a domain name onboarded to Web Application Firewall (WAF).

Try it now

Try this API in OpenAPI Explorer, no manual signing needed. Successful calls auto-generate SDK code matching your parameters. Download it with built-in credential security for local usage.

Test

RAM authorization

The table below describes the authorization required to call this API. You can define it in a Resource Access Management (RAM) policy. The table's columns are detailed below:

Action: The actions can be used in the Action element of RAM permission policy statements to grant permissions to perform the operation.
API: The API that you can call to perform the action.
Access level: The predefined level of access granted for each API. Valid values: create, list, get, update, and delete.
Resource type: The type of the resource that supports authorization to perform the action. It indicates if the action supports resource-level permission. The specified resource must be compatible with the action. Otherwise, the policy will be ineffective.
- For APIs with resource-level permissions, required resource types are marked with an asterisk (*). Specify the corresponding Alibaba Cloud Resource Name (ARN) in the Resource element of the policy.
- For APIs without resource-level permissions, it is shown as All Resources. Use an asterisk (*) in the Resource element of the policy.
Condition key: The condition keys defined by the service. The key allows for granular control, applying to either actions alone or actions associated with specific resources. In addition to service-specific condition keys, Alibaba Cloud provides a set of common condition keys applicable across all RAM-supported services.
Dependent action: The dependent actions required to run the action. To complete the action, the RAM user or the RAM role must have the permissions to perform all dependent actions.

Action

Access level

Resource type

Condition key

Dependent action

yundun-waf:DescribeDomainDetail

get

DefenseResource

acs:yundun-waf:{#regionId}:{#accountId}:defenseresource/{#Resource}

DefenseResource

acs:yundun-waf:{#regionId}:{#accountId}:defenseresource/{#Resource}-waf

None

Request parameters

Parameter	Type	Required	Description	Example
InstanceId	string	Yes	The ID of the WAF instance. Note Call the DescribeInstance operation to query the ID of the WAF instance.	waf_cdnsdf3****
DomainId	string	No	The ID of the domain name that is onboarded to WAF.	www.aliyundoc.com-waf
Domain	string	No	The domain name that you want to query.	www.aliyundoc.com
RegionId	string	No	The region where the WAF instance resides. Valid values: cn-hangzhou: the Chinese mainland. ap-southeast-1: outside the Chinese mainland.	cn-hangzhou

Response elements

Element	Type	Description	Example
	object	The response structure.
RequestId	string	The request ID.	BAEF9CA9-66A0-533E-BD09-5D5D7AA8****
Domain	string	The domain name that is onboarded to WAF.	www.aliyundoc.com
DomainId	string	The ID of the domain name that is onboarded to WAF.	www.aliyundoc.com-waf
Status	integer	The status of the domain name. Valid values: 1: The domain name is in normal status. 2: The domain name is being created. 3: The domain name is being modified. 4: The domain name is being released. 5: The domain name stops forwarding traffic.	1
Cname	string	The CNAME assigned by WAF to the domain name.	xxxxxcvdaf.****.com
Listen	object	The listener configurations.
HttpPorts	array	The HTTP listener ports.
	integer	The HTTP listener port.	80
HttpsPorts	array	The HTTPS listener ports.
	integer	The HTTPS listener port.	443
Http2Enabled	boolean	Indicates whether HTTP/2 is enabled. Valid values: true: HTTP/2 is enabled. false: HTTP/2 is not enabled.	true
CertId	string	The ID of the certificate.	123
TLSVersion	string	The version of the Transport Layer Security (TLS) protocol. Valid values: tlsv1 tlsv1.1 tlsv1.2	tlsv1.2
EnableTLSv3	boolean	Indicates whether TLS 1.3 is supported. Valid values: true: TLS 1.3 is supported. false: TLS 1.3 is not supported.	true
CipherSuite	integer	The type of cipher suite. Valid values: 1: all cipher suites. 2: strong cipher suites. 99: custom cipher suites.	2
CustomCiphers	array	The custom cipher suites.
	string	The custom cipher suite.	xxx
FocusHttps	boolean	Indicates whether HTTP to HTTPS redirection is enabled for the domain name. Valid values: true: HTTP to HTTPS redirection is enabled for the domain name. false: HTTP to HTTPS redirection is not enabled for the domain name.	true
SM2Enabled	boolean	Indicates whether SM certificate-based verification is enabled. Valid values: true: SM certificate-based verification is enabled. false: SM certificate-based verification is not enabled.	true
SM2CertId	string	The ID of the SM certificate. This parameter is available only if you set SM2Enabled to true.	123-cn-hangzhou
SM2AccessOnly	boolean	Indicates whether only SM certificate-based clients can access the domain name. This parameter is available only if you set SM2Enabled to true. Valid values: true: Only SM certificate-based clients can access the domain name. false: Both SM certificate-based and non-SM certificate-based clients can access the domain name.	true
XffHeaderMode	integer	The method that WAF uses to obtain the originating IP address of a client. Valid values: 0: The client traffic is not forwarded by a Layer 7 proxy before the traffic reaches WAF. 1: WAF reads the first value of the X-Forwarded-For (XFF) field in the request header as the client IP address. 2: WAF reads the value of a custom field that you specify in the request header as the client IP address.	2
XffHeaders	array	The custom header fields used to obtain the actual IP address of a client.
	string	The custom header field used to obtain the actual IP address of a client.	Client-ip
IPv6Enabled	boolean	Indicates whether IPv6 is enabled. Valid values: true: IPv6 is enabled. false: IPv6 is not enabled.	true
ProtectionResource	string	The type of the protection resource. Valid values: share: shared cluster. gslb: intelligent load balancing for shared clusters.	share
ExclusiveIp	boolean	Indicates whether an exclusive IP address is enabled for the domain name. Valid values: true: An exclusive IP address is enabled for the domain name. false: An exclusive IP address is not enabled for the domain name.	true
HstsIncludeSubDomain	boolean	Indicates whether HSTS includes subdomains. Valid values: true: HSTS includes subdomains. false: HSTS does not include subdomains.
HstsPreload	boolean	Indicates whether HSTS preload is enabled. Default value: false. Valid values: true: HSTS preload is enabled. false: HSTS preload is disabled.
HstsMaxAge	integer	The maximum age value of the HSTS policy. Unit: seconds.
Redirect	object	The forwarding configurations.
Backends `deprecated`	array<object>	The addresses of origin servers. Note This parameter will be deprecated. We recommend that you use BackendList instead.
	object	The IP address or domain name of the origin server.
Backend	string	The IP address or domain name of the origin server.	1.1.XX.XX
Loadbalance	string	The load balancing algorithm used when WAF forwards requests to the origin server. Valid values: iphash: the IP hash algorithm. roundRobin: the round-robin algorithm. leastTime: the least time algorithm.	iphash
FocusHttpBackend	boolean	Indicates whether back-to-origin requests are forced to use HTTP. Valid values: true: Requests are forced to use HTTP. false: Requests are not forced to use HTTP.	true
SniEnabled	boolean	Indicates whether origin Server Name Indication (SNI) is enabled. Valid values: true: Origin SNI is enabled. false (default): Origin SNI is not enabled.	true
SniHost	string	The value of the SNI field.	www.aliyundoc.com
RequestHeaders	array<object>	The custom header fields used to mark requests that pass through WAF.
	object	The custom header field used to mark requests that pass through WAF.
Key	string	The key of the custom header field.	aaa
Value	string	The value of the custom header field.	bbb
ConnectTimeout	integer	The timeout period for connections. Unit: seconds. Valid values: 5 to 120.	120
WriteTimeout	integer	The timeout period for write operations. Unit: seconds. Valid values: 5 to 1,800.	200
ReadTimeout	integer	The timeout period for read operations. Unit: seconds. Valid values: 5 to 1,800.	200
Keepalive	boolean	Indicates whether persistent connections are enabled. Valid values: true (default): Persistent connections are enabled. false: Persistent connections are disabled.	true
Retry	boolean	Indicates whether WAF retries forwarding requests to the origin server upon failure. Valid values: true (default): WAF retries. false: WAF does not retry.	true
KeepaliveRequests	integer	The maximum number of requests that reuse a persistent connection. Valid values: 60 to 1,000. Note The number of reused persistent connections after the persistent connection feature is enabled.	1000
KeepaliveTimeout	integer	The timeout period for idle persistent connections. Valid values: 1 to 60. Default value: 15. Unit: seconds. Note The period of time during which a reused persistent connection is allowed to remain idle before the connection is closed.	15
XffProto	boolean	Indicates whether the X-Forward-For-Proto header is included in back-to-origin requests to pass the protocol used by WAF. Valid values: true (default): The X-Forward-For-Proto header is included. false: The X-Forward-For-Proto header is not included.	true
BackupBackends `deprecated`	array<object>	The addresses of backup origin servers. Note This parameter will be deprecated. We recommend that you use BackUpBackendList instead.
	object	The IP address or domain name of the origin server.
Backend	string	The backup IP address or domain name of the origin server.	1.1.XX.XX
XClientIp	boolean	Indicates whether the X-Client-IP header is included in back-to-origin requests. Valid values: true (default): The X-Client-IP header is included. false: The X-Client-IP header is not included.	true
XTrueIp	boolean	Indicates whether the X-True-IP header is included in back-to-origin requests. Valid values: true (default): The X-True-IP header is included. false: The X-True-IP header is not included.	true
WebServerType	boolean	Indicates whether the Web-Server-Type header is included in back-to-origin requests. Valid values: true (default): The Web-Server-Type header is included. false: The Web-Server-Type header is not included.	true
WLProxyClientIp	boolean	Indicates whether the WL-Proxy-Client-IP header is included in back-to-origin requests. Valid values: true (default): The WL-Proxy-Client-IP header is included. false: The WL-Proxy-Client-IP header is not included.	true
MaxBodySize	integer	The maximum size of a request body. Valid values: 2 to 10. Default value: 2. Unit: GB. Note This feature is available only for the Ultimate edition.	2
Http2Origin	boolean	Indicates whether HTTP/2 is enabled for back-to-origin requests.	true
Http2OriginMaxConcurrency	integer	The maximum number of concurrent connections for HTTP/2 back-to-origin requests.	128
ProxyProtocol	boolean	Indicates whether the Proxy Protocol feature is enabled for back-to-origin requests. Valid values: true: The Proxy Protocol feature is enabled. false: The Proxy Protocol feature is disabled.
BackendList	array	The list of IP addresses or domain names of the origin servers for the domain name.
	string	The IP address or domain name of the origin server.	1.1.XX.XX
BackUpBackendList	array	The list of IP addresses or domain names of the backup origin servers for the domain name.
	string	The IP address or domain name of the backup origin server.	2.2.XX.XX
BackendPorts	array<object>	The custom back-to-origin port mappings. By default, the back-to-origin port is the same as the listener port.
	object	The custom back-to-origin port mapping. By default, the back-to-origin port is the same as the listener port.
ListenPort	integer	The listener port.	80
BackendPort	integer	The back-to-origin port.	80
Protocol	string	The protocol of the back-to-origin port. Valid values: http: HTTP. https: HTTPS.	http
ResourceManagerResourceGroupId	string	The ID of the Alibaba Cloud resource group.	rg-acfm***q
CertDetail	object	The details of the SSL certificate.
Name	string	The name of the SSL certificate.	test-cert-name
Id	string	The ID of the SSL certificate.	123-cn-hangzhou
StartTime	integer	The beginning of the validity period of the SSL certificate. This value is a UNIX timestamp. Unit: milliseconds.	1677772800000
EndTime	integer	The end of the validity period of the SSL certificate. This value is a UNIX timestamp. Unit: milliseconds.	1685590400000
CommonName	string	The common name of the SSL certificate.	test.aliyundoc.com
Sans	array	The domain names that are bound to the certificate.
	string	The domain name that is bound to the certificate.	www.aliyundoc.com
SM2CertDetail	object	The details of the SM certificate.
Name	string	The name of the SM certificate.	test-sm2-cert-name
Id	string	The ID of the SM certificate.	123-cn-hangzhou
StartTime	integer	The beginning of the validity period of the SM certificate. This value is a UNIX timestamp. Unit: milliseconds.	1657551525000
EndTime	integer	The end of the validity period of the SM certificate. This value is a UNIX timestamp. Unit: milliseconds.	1665590400000
CommonName	string	The common name of the SM certificate.	test.aliyundoc.com
Sans	array	The domain names that are bound to the SM certificate.
	string	The domain name that is bound to the SM certificate.	www.aliyundoc.com

Examples

Success response

JSON format

{
  "RequestId": "BAEF9CA9-66A0-533E-BD09-5D5D7AA8****",
  "Domain": "www.aliyundoc.com",
  "DomainId": "www.aliyundoc.com-waf",
  "Status": 1,
  "Cname": "xxxxxcvdaf.****.com",
  "Listen": {
    "HttpPorts": [
      80
    ],
    "HttpsPorts": [
      443
    ],
    "Http2Enabled": true,
    "CertId": "123",
    "TLSVersion": "tlsv1.2",
    "EnableTLSv3": true,
    "CipherSuite": 2,
    "CustomCiphers": [
      "xxx"
    ],
    "FocusHttps": true,
    "SM2Enabled": true,
    "SM2CertId": "123-cn-hangzhou",
    "SM2AccessOnly": true,
    "XffHeaderMode": 2,
    "XffHeaders": [
      "Client-ip"
    ],
    "IPv6Enabled": true,
    "ProtectionResource": "share",
    "ExclusiveIp": true,
    "HstsIncludeSubDomain": false,
    "HstsPreload": false,
    "HstsMaxAge": 0
  },
  "Redirect": {
    "Backends": [
      {
        "Backend": "1.1.XX.XX"
      }
    ],
    "Loadbalance": "iphash",
    "FocusHttpBackend": true,
    "SniEnabled": true,
    "SniHost": "www.aliyundoc.com",
    "RequestHeaders": [
      {
        "Key": "aaa",
        "Value": "bbb"
      }
    ],
    "ConnectTimeout": 120,
    "WriteTimeout": 200,
    "ReadTimeout": 200,
    "Keepalive": true,
    "Retry": true,
    "KeepaliveRequests": 1000,
    "KeepaliveTimeout": 15,
    "XffProto": true,
    "BackupBackends": [
      {
        "Backend": "1.1.XX.XX"
      }
    ],
    "XClientIp": true,
    "XTrueIp": true,
    "WebServerType": true,
    "WLProxyClientIp": true,
    "MaxBodySize": 2,
    "Http2Origin": true,
    "Http2OriginMaxConcurrency": 128,
    "ProxyProtocol": false,
    "BackendList": [
      "1.1.XX.XX"
    ],
    "BackUpBackendList": [
      "2.2.XX.XX"
    ],
    "BackendPorts": [
      {
        "ListenPort": 80,
        "BackendPort": 80,
        "Protocol": "http"
      }
    ]
  },
  "ResourceManagerResourceGroupId": "rg-acfm***q",
  "CertDetail": {
    "Name": "test-cert-name",
    "Id": "123-cn-hangzhou",
    "StartTime": 1677772800000,
    "EndTime": 1685590400000,
    "CommonName": "test.aliyundoc.com",
    "Sans": [
      "www.aliyundoc.com"
    ]
  },
  "SM2CertDetail": {
    "Name": "test-sm2-cert-name",
    "Id": "123-cn-hangzhou",
    "StartTime": 1657551525000,
    "EndTime": 1665590400000,
    "CommonName": "test.aliyundoc.com",
    "Sans": [
      "www.aliyundoc.com"
    ]
  }
}

Error codes

HTTP status code	Error code	Error message
400	Waf.Pullin.DomainAndDomainIdBothEmpty	domain and domainId cannot be empty at the same time.
400	Waf.Pullin.DomainAndDomainIdNotMatch	domain and domainId do not match.
400	Waf.Pullin.DomainIdIsIllegal	The input parameter, the domainId is illegal.

See Error Codes for a complete list.

Release notes

See Release Notes for a complete list.