DescribeDomainDetail - Web Application Firewall - Alibaba Cloud Documentation Center

Describes the details of a website configuration.

Try it now

Try this API in OpenAPI Explorer, no manual signing needed. Successful calls auto-generate SDK code matching your parameters. Download it with built-in credential security for local usage.

Test

RAM authorization

No authorization for this operation. If you encounter issues with this operation, contact technical support.

Request parameters

Parameter	Type	Required	Description	Example
InstanceId	string	Yes	The ID of the WAF instance. Note You can call DescribeInstance to query the ID of the WAF instance.	waf_cdnsdf3****
DomainId	string	No	The ID of the domain name.	www.aliyundoc.com-waf
Domain	string	No	The domain name that you want to query.	www.aliyundoc.com
RegionId	string	No	The region where the WAF instance resides. Valid values: cn-hangzhou: the Chinese mainland. ap-southeast-1: outside the Chinese mainland.	cn-hangzhou

Response elements

Element	Type	Description	Example
	object	The details of the domain name.
RequestId	string	The request ID.	BAEF9CA9-66A0-533E-BD09-5D5D7AA8****
Domain	string	The domain name.	www.aliyundoc.com
DomainId	string	The ID of the domain name.	www.aliyundoc.com-waf
Status	integer	The status of the domain name. Valid values: 1: The domain name is in a normal state. 2: The domain name is being created. 3: The domain name is being modified. 4: The domain name is being released. 5: Forwarding is disabled for the domain name.	1
Cname	string	The CNAME that is assigned to the domain name by WAF.	xxxxxcvdaf.****.com
Listen	object	The listener configuration.
HttpPorts	array	The HTTP listener ports.
	integer	The HTTP listener port.	80
HttpsPorts	array	The HTTPS listener ports.
	integer	The HTTPS listener port.	443
Http2Enabled	boolean	Indicates whether HTTP/2 is enabled. Valid values: true: HTTP/2 is enabled. false: HTTP/2 is disabled.	true
CertId	string	The ID of the certificate.	123
TLSVersion	string	The TLS version. Valid values: tlsv1 tlsv1.1 tlsv1.2	tlsv1.2
EnableTLSv3	boolean	Indicates whether TLS 1.3 is supported. Valid values: true: TLS 1.3 is supported. false: TLS 1.3 is not supported.	true
CipherSuite	integer	The type of the cipher suite. Valid values: 1: All cipher suites are added. 2: Strong cipher suites are added. 99: Custom cipher suites are added.	2
CustomCiphers	array	The custom cipher suites.
	string	The custom cipher suite.	xxx
FocusHttps	boolean	Indicates whether HTTPS force redirect is enabled. Valid values: true: HTTPS force redirect is enabled. false: HTTPS force redirect is disabled.	true
SM2Enabled	boolean	Indicates whether the SM certificate is enabled. Valid values: true: The SM certificate is enabled. false: The SM certificate is disabled.	true
SM2CertId	string	The ID of the SM certificate to add. This parameter is used only when SM2Enable is set to true.	123-cn-hangzhou
SM2AccessOnly	boolean	Indicates whether only clients that use the SM certificate can access the domain name. This parameter is used only when SM2Enable is set to true. true: Only clients that use the SM certificate can access the domain name. false: All clients can access the domain name.	true
XffHeaderMode	integer	The method that WAF uses to obtain the real IP address of a client. Valid values: 0: No Layer 7 proxies are deployed before WAF. 1: WAF reads the first value of the X-Forwarded-For (XFF) header field as the client IP address. 2: WAF reads the value of a custom header field as the client IP address.	2
XffHeaders	array	The list of custom header fields that are used to obtain the client IP address.
	string	A custom header field that is used to obtain the client IP address.	Client-ip
IPv6Enabled	boolean	Indicates whether IPv6 is enabled. Valid values: true: IPv6 is enabled. false: IPv6 is disabled.	true
ProtectionResource	string	The type of the protection resource. Valid values: share: shared cluster. gslb: shared cluster-based intelligent load balancing.	share
ExclusiveIp	boolean	Indicates whether exclusive IP addresses are enabled. Valid values: true: Exclusive IP addresses are enabled. false: Exclusive IP addresses are disabled.	true
Redirect	object	The forwarding configuration.
Backends `deprecated`	array<object>	The origin URLs of the domain name. Note This parameter is deprecated. We recommend that you use BackendList to obtain the related information.
	object	The IP address or domain name of the origin server.
Backend	string	The IP address or domain name of the origin server for the domain name.	1.1.XX.XX
Loadbalance	string	The load balancing algorithm for origin fetch. Valid values: iphash: IP hash. roundRobin: round-robin. leastTime: least time.	iphash
FocusHttpBackend	boolean	Indicates whether force HTTP back-to-origin is enabled. Valid values: true: Force HTTP back-to-origin is enabled. false: Force HTTP back-to-origin is disabled.	true
SniEnabled	boolean	Indicates whether back-to-origin SNI is enabled. Valid values: true: Back-to-origin SNI is enabled. false (default): Back-to-origin SNI is disabled.	true
SniHost	string	The value of the custom SNI extension field.	www.aliyundoc.com
RequestHeaders	array<object>	The custom header field and value that are used to mark the traffic that is processed by WAF.
	object	The custom header field and value that are used to mark the traffic that is processed by WAF.
Key	string	The custom request header field.	aaa
Value	string	The value of the custom request header field.	bbb
ConnectTimeout	integer	The connection timeout period. Unit: seconds. Valid values: 5 to 120.	120
WriteTimeout	integer	The write timeout period. Unit: seconds. Valid values: 5 to 1800.	200
ReadTimeout	integer	The read timeout period. Unit: seconds. Valid values: 5 to 1800.	200
Keepalive	boolean	Indicates whether to enable persistent connections. Valid values: true (default): Persistent connections are enabled. false: Persistent connections are disabled.	true
Retry	boolean	Indicates whether to retry forwarding requests to the origin server when the requests fail. Valid values: true (default): WAF retries forwarding the requests. false: WAF does not retry forwarding the requests.	true
KeepaliveRequests	integer	The number of requests that can be reused in a persistent connection. Valid values: 60 to 1000. Note This parameter specifies the number of requests that can be reused after persistent connections are enabled.	1000
KeepaliveTimeout	integer	The timeout period of an idle persistent connection. Valid values: 1 to 60. Default value: 15. Unit: seconds. Note This parameter specifies the period of time after which an idle persistent connection is closed.	15
XffProto	boolean	Indicates whether to use the X-Forward-For-Proto header to pass the protocol that is used by WAF. Valid values: true (default): The protocol is passed. false: The protocol is not passed.	true
BackupBackends `deprecated`	array<object>	The backup origin URLs of the domain name. Note This parameter is deprecated. We recommend that you use BackUpBackendList to obtain the related information.
	object	The IP address or domain name of the origin server.
Backend	string	The IP address or domain name of the backup origin server for the domain name.	[ "1.1.XX.XX", "2.2.XX.XX" ]
XClientIp	boolean	Indicates whether WAF is allowed to overwrite the X-Client-IP header. Valid values: true (default): WAF is allowed to overwrite the header. false: WAF is not allowed to overwrite the header.	true
XTrueIp	boolean	Indicates whether WAF is allowed to overwrite the X-True-IP header. Valid values: true (default): WAF is allowed to overwrite the header. false: WAF is not allowed to overwrite the header.	true
WebServerType	boolean	Indicates whether WAF is allowed to overwrite the Web-Server-Type header. Valid values: true (default): WAF is allowed to overwrite the header. false: WAF is not allowed to overwrite the header.	true
WLProxyClientIp	boolean	Indicates whether WAF is allowed to overwrite the WL-Proxy-Client-IP header. Valid values: true (default): WAF is allowed to overwrite the header. false: WAF is not allowed to overwrite the header.	true
MaxBodySize	integer	The maximum size of a request body. Valid values: 2 to 10. Default value: 2. Unit: GB. Note This parameter is supported only by the Ultimate edition.	2
Http2Origin	boolean	Indicates whether to enable HTTP/2 for back-to-origin.	true
Http2OriginMaxConcurrency	integer	The number of concurrent connections for HTTP/2 back-to-origin.	128
BackendList	array	The list of IP addresses or domain names of the origin servers for the domain name.
	string	The IP address or domain name of the origin server for the domain name.	1.1.XX.XX
BackUpBackendList	array	The list of IP addresses or domain names of the backup origin servers for the domain name.
	string	The IP address or domain name of the backup origin server for the domain name.	2.2.XX.XX
BackendPorts	array<object>	The custom port configuration. By default, the port is the same as the listener port.
	object	The custom port configuration. By default, the port is the same as the listener port.
ListenPort	integer	The listener port.	80
BackendPort	integer	The back-to-origin port.	80
Protocol	string	The protocol of the listener port. Valid values: http: HTTP. https: HTTPS.	http
ResourceManagerResourceGroupId	string	The ID of the Alibaba Cloud resource group.	rg-acfm***q
CertDetail	object	The details of the SSL certificate.
Name	string	The name of the certificate.	test-cert-name
Id	string	The ID of the SSL certificate.	123-cn-hangzhou
StartTime	integer	The effective time of the certificate. This value is a UNIX timestamp representing the number of milliseconds that have elapsed since the epoch time January 1, 1970, 00:00:00 UTC.	1677772800000
EndTime	integer	The expiration time of the certificate. This value is a UNIX timestamp representing the number of milliseconds that have elapsed since the epoch time January 1, 1970, 00:00:00 UTC.	1685590400000
CommonName	string	The common name (CN).	test.aliyundoc.com
Sans	array	All domain names that are bound to the certificate.
	string	A domain name that is bound to the certificate.	www.aliyundoc.com
SM2CertDetail	object	The information about the SM certificate.
Name	string	The name of the certificate.	test-sm2-cert-name
Id	string	The ID of the SSL certificate.	123-cn-hangzhou
StartTime	integer	The effective time of the certificate. This value is a UNIX timestamp representing the number of milliseconds that have elapsed since the epoch time January 1, 1970, 00:00:00 UTC.	1657551525000
EndTime	integer	The expiration time of the certificate. This value is a UNIX timestamp representing the number of milliseconds that have elapsed since the epoch time January 1, 1970, 00:00:00 UTC.	1665590400000
CommonName	string	The common name (CN).	test.aliyundoc.com
Sans	array	All domain names that are bound to the certificate.
	string	A domain name that is bound to the certificate.	www.aliyundoc.com

Examples

Success response

JSON format

{
  "RequestId": "BAEF9CA9-66A0-533E-BD09-5D5D7AA8****",
  "Domain": "www.aliyundoc.com",
  "DomainId": "www.aliyundoc.com-waf",
  "Status": 1,
  "Cname": "xxxxxcvdaf.****.com",
  "Listen": {
    "HttpPorts": [
      80
    ],
    "HttpsPorts": [
      443
    ],
    "Http2Enabled": true,
    "CertId": "123",
    "TLSVersion": "tlsv1.2",
    "EnableTLSv3": true,
    "CipherSuite": 2,
    "CustomCiphers": [
      "xxx"
    ],
    "FocusHttps": true,
    "SM2Enabled": true,
    "SM2CertId": "123-cn-hangzhou",
    "SM2AccessOnly": true,
    "XffHeaderMode": 2,
    "XffHeaders": [
      "Client-ip"
    ],
    "IPv6Enabled": true,
    "ProtectionResource": "share",
    "ExclusiveIp": true
  },
  "Redirect": {
    "Backends": [
      {
        "Backend": "1.1.XX.XX"
      }
    ],
    "Loadbalance": "iphash",
    "FocusHttpBackend": true,
    "SniEnabled": true,
    "SniHost": "www.aliyundoc.com",
    "RequestHeaders": [
      {
        "Key": "aaa",
        "Value": "bbb"
      }
    ],
    "ConnectTimeout": 120,
    "WriteTimeout": 200,
    "ReadTimeout": 200,
    "Keepalive": true,
    "Retry": true,
    "KeepaliveRequests": 1000,
    "KeepaliveTimeout": 15,
    "XffProto": true,
    "BackupBackends": [
      {
        "Backend": "[\n    \"1.1.XX.XX\",\n    \"2.2.XX.XX\"\n]\n"
      }
    ],
    "XClientIp": true,
    "XTrueIp": true,
    "WebServerType": true,
    "WLProxyClientIp": true,
    "MaxBodySize": 2,
    "Http2Origin": true,
    "Http2OriginMaxConcurrency": 128,
    "BackendList": [
      "1.1.XX.XX"
    ],
    "BackUpBackendList": [
      "2.2.XX.XX"
    ],
    "BackendPorts": [
      {
        "ListenPort": 80,
        "BackendPort": 80,
        "Protocol": "http"
      }
    ]
  },
  "ResourceManagerResourceGroupId": "rg-acfm***q",
  "CertDetail": {
    "Name": "test-cert-name",
    "Id": "123-cn-hangzhou",
    "StartTime": 1677772800000,
    "EndTime": 1685590400000,
    "CommonName": "test.aliyundoc.com",
    "Sans": [
      "www.aliyundoc.com"
    ]
  },
  "SM2CertDetail": {
    "Name": "test-sm2-cert-name",
    "Id": "123-cn-hangzhou",
    "StartTime": 1657551525000,
    "EndTime": 1665590400000,
    "CommonName": "test.aliyundoc.com\n",
    "Sans": [
      "www.aliyundoc.com\n"
    ]
  }
}

Error codes

HTTP status code	Error code	Error message
400	Waf.Pullin.DomainAndDomainIdBothEmpty	domain and domainId cannot be empty at the same time.
400	Waf.Pullin.DomainAndDomainIdNotMatch	domain and domainId do not match.
400	Waf.Pullin.DomainIdIsIllegal	The input parameter, the domainId is illegal.

See Error Codes for a complete list.

Release notes

See Release Notes for a complete list.