Use DescribeHybridCloudResources to query domain names in a hybrid cloud - Web Application Firewall

Queries the domain names that are added to Web Application Firewall (WAF) in hybrid cloud mode.

Try it now

Try this API in OpenAPI Explorer, no manual signing needed. Successful calls auto-generate SDK code matching your parameters. Download it with built-in credential security for local usage.

Test

RAM authorization

The table below describes the authorization required to call this API. You can define it in a Resource Access Management (RAM) policy. The table's columns are detailed below:

Action: The actions can be used in the Action element of RAM permission policy statements to grant permissions to perform the operation.
API: The API that you can call to perform the action.
Access level: The predefined level of access granted for each API. Valid values: create, list, get, update, and delete.
Resource type: The type of the resource that supports authorization to perform the action. It indicates if the action supports resource-level permission. The specified resource must be compatible with the action. Otherwise, the policy will be ineffective.
- For APIs with resource-level permissions, required resource types are marked with an asterisk (*). Specify the corresponding Alibaba Cloud Resource Name (ARN) in the Resource element of the policy.
- For APIs without resource-level permissions, it is shown as All Resources. Use an asterisk (*) in the Resource element of the policy.
Condition key: The condition keys defined by the service. The key allows for granular control, applying to either actions alone or actions associated with specific resources. In addition to service-specific condition keys, Alibaba Cloud provides a set of common condition keys applicable across all RAM-supported services.
Dependent action: The dependent actions required to run the action. To complete the action, the RAM user or the RAM role must have the permissions to perform all dependent actions.

Action

Access level

Resource type

Condition key

Dependent action

yundun-waf:DescribeHybridCloudResources

get

*All Resource

*

None

Request parameters

Parameter	Type	Required	Description	Example
InstanceId	string	Yes	The ID of the WAF instance. Note You can call the DescribeInstance operation to query the ID of the WAF instance.	waf_v3prepaid_public_cn-***********
Domain	string	No	The domain name that you want to query.	www.aliyundoc.com
Backend	string	No	The IP address or domain name of the origin server for back-to-origin.	1.1.XX.XX
PageNumber	integer	No	The page number of the page to return. Default value: 1.	1
PageSize	integer	No	The number of entries to return on each page. Default value: 10.	10
CnameEnabled	boolean	No	Indicates whether public cloud disaster recovery is enabled. Valid values: true false	true
RegionId	string	No	The region ID of the WAF instance. Valid values: cn-hangzhou: the Chinese mainland. ap-southeast-1: outside the Chinese mainland.	cn-hangzhou
ResourceManagerResourceGroupId	string	No	The ID of the resource group.	rg-acfmvtc5z52****

Response elements

Element	Type	Description	Example
	object
Domains	array<object>	The list of domain names.
	object	The details of the domain name configuration.
Status	integer	The status of the domain name. Valid values: 1: The domain name is in a normal state. 2: The domain name is being created. 3: The domain name is being modified. 4: The domain name is being released. 5: Forwarding is disabled for the domain name.	1
ResourceManagerResourceGroupId	string	The ID of the resource group.	rg-acfmvtc5z52****
Uid	string	The ID of the Alibaba Cloud account.	130715431409****
Listen	object	The listener configuration.
HttpsPorts	array	The list of HTTPS ports.
	integer	The HTTPS port.	443
ProtectionResource	string	The type of the protection resource. Valid values: share: shared cluster. gslb: intelligent load balancing for a shared cluster.	share
CustomCiphers	array	The custom cipher suites to be added. Note This parameter is returned only when CipherSuite is set to 99.
	string	The custom cipher suite.	ECDHE-ECDSA-AES128-GCM-SHA256
TLSVersion	string	The TLS version. Valid values: tlsv1 tlsv1.1 tlsv1.2	tlsv1.2
Http2Enabled	boolean	Indicates whether HTTP/2 is enabled. Valid values: true false	false
CertId	string	The ID of the certificate.	72***76-cn-hangzhou
CipherSuite	integer	The type of the cipher suite. Valid values: 1: all cipher suites. 2: strong cipher suites. 99: custom cipher suites.	1
EnableTLSv3	boolean	Indicates whether TLS 1.3 is supported. Valid values: true false	true
IPv6Enabled	boolean	Indicates whether IPv6 is enabled. Valid values: true false	false
FocusHttps	boolean	Indicates whether HTTPS to HTTP redirection is enabled. Valid values: true false	false
XffHeaders	array	The list of custom header fields that are used to obtain the client IP address. The value is in the `["header1","header2",...]` format. Note This parameter is returned only when XffHeaderMode is set to 2.
	string	The custom header field used to obtain the client IP address.	Client-ip
XffHeaderMode	integer	The method that WAF uses to obtain the client IP address. Valid values: 0: No Layer 7 proxies are deployed in front of WAF. 1: WAF reads the first value of the X-Forwarded-For (XFF) header field as the client IP address. 2: WAF reads the value of a custom header field as the client IP address.	0
ExclusiveIp	boolean	Indicates whether an exclusive IP address is used. Valid values: true false	true
HttpPorts	array	The list of HTTP listener ports.
	integer	The HTTP listener port.	80
Id	integer	The ID of the domain name configuration.	12345
Redirect	object	The forwarding configuration.
ConnectTimeout	integer	The connection timeout period. Unit: seconds. Valid values: 5 to 120.	120
Keepalive	boolean	Indicates whether persistent connections are enabled. Valid values: true false	true
SniEnabled	boolean	Indicates whether back-to-origin Server Name Indication (SNI) is enabled. Valid values: true false	true
CnameEnabled	boolean	Indicates whether public cloud disaster recovery is enabled. Valid values: true false	true
KeepaliveTimeout	integer	The timeout period for an idle persistent connection. Valid values: 1 to 60. Default value: 15. Unit: seconds. Note An idle persistent connection is released after the timeout period expires.	15
ReadTimeout	integer	The read timeout period. Unit: seconds. Valid values: 5 to 1800.	200
Backends	array	The IP addresses or domain names of the origin servers for back-to-origin.
	string	The IP address or domain name of an origin server for back-to-origin.	1.1.XX.XX
SniHost	string	The custom value of the SNI extension field. If this parameter is not specified, the value of the Host field in the request header is used as the value of the SNI extension field by default. Note This parameter is returned only when SniEnabled is set to true.	www.aliyundoc.com
FocusHttpBackend	boolean	Indicates whether back-to-origin requests are forcefully sent over HTTP. Valid values: true false	true
WriteTimeout	integer	The write timeout period. Unit: seconds. Valid values: 5 to 1800.	200
RoutingRules	string	The forwarding rules for the hybrid cloud. The value is a string that consists of a JSON array. Each element in the array is a struct that contains the following fields: rs: The back-to-origin IP addresses or CNAMEs. This field is of the Array type. location: The name of the protection node. This field is of the String type. locationId: The ID of the protection node. This field is of the Long type.	[ { "rs": [ "1.1.XX.XX" ], "locationId": 535, "location": "test1111" } ]
Retry	boolean	Indicates whether WAF retries forwarding requests when a back-to-origin request fails. Valid values: true false	true
RequestHeaders	array<object>	The custom header field and value that are used to mark the traffic that is processed by WAF.
	object	The custom header field and value that are used to mark the traffic that is processed by WAF.
Value	string	The value of the custom request header field.	bbb
Key	string	The custom request header field.	aaa
KeepaliveRequests	integer	The maximum number of requests that can be sent over a persistent connection. Valid values: 60 to 1000. Note After the specified number of requests are sent, the persistent connection is closed and a new connection is established.	1000
Loadbalance	string	The load balancing algorithm for back-to-origin requests. Valid values: iphash: the IP hash algorithm. roundRobin: the round-robin algorithm. leastTime: the least time algorithm.	iphash
Domain	string	The domain name.	www.aliyundoc.com
Cname	string	The CNAME that is assigned by WAF to the domain name. Note This parameter is returned only when CnameEnabled is set to true.	50fqmu1ci7g0xtiyxnrhgx6qdhmn****.yundunwaf5.com
TotalCount	integer	The total number of entries returned.	24
RequestId	string	The ID of the request.	98D2AA9A-5959-5CCD-83E3-B6606232A2BE

Examples

Success response

JSON format

{
  "Domains": [
    {
      "Status": 1,
      "ResourceManagerResourceGroupId": "rg-acfmvtc5z52****",
      "Uid": "130715431409****",
      "Listen": {
        "HttpsPorts": [
          443
        ],
        "ProtectionResource": "share",
        "CustomCiphers": [
          "ECDHE-ECDSA-AES128-GCM-SHA256"
        ],
        "TLSVersion": "tlsv1.2",
        "Http2Enabled": false,
        "CertId": "72***76-cn-hangzhou",
        "CipherSuite": 1,
        "EnableTLSv3": true,
        "IPv6Enabled": false,
        "FocusHttps": false,
        "XffHeaders": [
          "Client-ip"
        ],
        "XffHeaderMode": 0,
        "ExclusiveIp": true,
        "HttpPorts": [
          80
        ]
      },
      "Id": 12345,
      "Redirect": {
        "ConnectTimeout": 120,
        "Keepalive": true,
        "SniEnabled": true,
        "CnameEnabled": true,
        "KeepaliveTimeout": 15,
        "ReadTimeout": 200,
        "Backends": [
          "1.1.XX.XX"
        ],
        "SniHost": "www.aliyundoc.com",
        "FocusHttpBackend": true,
        "WriteTimeout": 200,
        "RoutingRules": "[\n      {\n            \"rs\": [\n                  \"1.1.XX.XX\"\n            ],\n            \"locationId\": 535,\n            \"location\": \"test1111\"\n      }\n]",
        "Retry": true,
        "RequestHeaders": [
          {
            "Value": "bbb",
            "Key": "aaa"
          }
        ],
        "KeepaliveRequests": 1000,
        "Loadbalance": "iphash"
      },
      "Domain": "www.aliyundoc.com",
      "Cname": "50fqmu1ci7g0xtiyxnrhgx6qdhmn****.yundunwaf5.com"
    }
  ],
  "TotalCount": 24,
  "RequestId": "98D2AA9A-5959-5CCD-83E3-B6606232A2BE"
}

Error codes

See Error Codes for a complete list.

Release notes

See Release Notes for a complete list.