ModifyCloudResource - Web Application Firewall - Alibaba Cloud Documentation Center

Modifies the configurations of a product that is protected by WAF.

Try it now

Try this API in OpenAPI Explorer, no manual signing needed. Successful calls auto-generate SDK code matching your parameters. Download it with built-in credential security for local usage.

Test

RAM authorization

No authorization for this operation. If you encounter issues with this operation, contact technical support.

Request parameters

Parameter	Type	Required	Description	Example
InstanceId	string	Yes	The ID of the WAF instance. Note You can call the DescribeInstance operation to query the ID of the WAF instance.	waf_v3prepaid_public_cn-***
ResourceManagerResourceGroupId	string	No	The ID of the Alibaba Cloud resource group.	rg-acfm***q
Listen	object	Yes	The listener configuration.
TLSVersion	string	No	The Transport Layer Security (TLS) version to add. This parameter is available only when the domain name uses the HTTPS protocol. Valid values: tlsv1 tlsv1.1 tlsv1.2	tlsv1.2
EnableTLSv3	boolean	No	Specifies whether to support TLS 1.3. This parameter is available only when the domain name uses the HTTPS protocol. Valid values: true: TLS 1.3 is supported. false: TLS 1.3 is not supported.	true
CipherSuite	integer	No	The type of the cipher suite to add. This parameter is available only when the domain name uses the HTTPS protocol. Valid values: 1: adds all cipher suites. 2: adds strong cipher suites. You can select this value only when you set TLSVersion to tlsv1.2. 99: adds custom cipher suites.	1
CustomCiphers	array	No	The custom cipher suites.
	string	No	The custom cipher suites to add. This parameter is available only when you set CipherSuite to 99.	ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-GCM-SHA384
ResourceProduct `deprecated`	string	No	The type of the cloud service. Valid values: clb4: Layer 4 Classic Load Balancer (CLB). clb7: Layer 7 CLB. ecs: Elastic Compute Service (ECS). nlb: Network Load Balancer (NLB).	clb7
ResourceInstanceId `deprecated`	string	No	The ID of the resource instance.	lb-***
Port `deprecated`	integer	No	The port of the cloud service that is added to WAF.	80
Protocol	string	Yes	The protocol type. Valid values: http: HTTP. https: HTTPS.	http
Certificates	array<object>	No	The certificate information.
	object	No	The certificate information.
CertificateId	string	No	The ID of the certificate.	123-cn-hangzhou
AppliedType	string	No	The type of the certificate for the HTTPS protocol. Valid values: default: the default certificate. extension: the extension certificate.	default
Http2Enabled	boolean	No	Specifies whether to enable HTTP/2. This parameter is available only when the domain name uses the HTTPS protocol. Valid values: true: enables HTTP/2. false (default): disables HTTP/2.	true
Redirect	object	No	The forwarding configuration.
RequestHeaders	array<object>	No	The custom header field and value that are used to mark the traffic of a domain name. This marks the traffic that is processed by WAF.
	object	No	The value of this parameter is in the `[{"k":"key","v":"value"}]` format. `key` indicates the custom request header field and `value` indicates the value of the field. Note If a request already contains the custom header field, the system overwrites the value of the field with the specified value.
Key	string	No	The custom request header field.	key1
Value	string	No	The value of the custom request header field.	value1
XffHeaderMode	integer	No	The method that WAF uses to obtain the real IP address of a client. Valid values: 0: The client traffic is not forwarded to WAF by a Layer 7 proxy. 1: WAF reads the first value of the X-Forwarded-For (XFF) header field as the client IP address. 2: WAF reads the value of a custom header field as the client IP address.	0
XffHeaders	array	No	The list of custom header fields that are used to obtain the client IP address. The value is in the `["header1","header2",...]` format. Note This parameter is required only when you set XffHeaderMode to 2. This indicates that WAF reads the value of a custom header field as the client IP address.
	string	No	The list of custom header fields that are used to obtain the client IP address. The value is in the `["header1","header2",...]` format. Note This parameter is required only when you set XffHeaderMode to 2. This indicates that WAF reads the value of a custom header field as the client IP address.	header1
ReadTimeout	integer	No	The read timeout period. Unit: seconds. Valid values: 1 to 3600.	1
WriteTimeout	integer	No	The write timeout period. Unit: seconds. Valid values: 1 to 3600.	1
Keepalive	boolean	No	Specifies whether to enable persistent connections. Valid values: true (default): enables persistent connections. false: disables persistent connections.	true
KeepaliveRequests	integer	No	The number of requests that can be reused in a persistent connection. Valid values: 60 to 1000. Note The number of requests that are reused in a persistent connection.	1000
KeepaliveTimeout	integer	No	The timeout period of an idle persistent connection. Valid values: 10 to 3600. Default value: 3600. Unit: seconds. Note The period after which an idle persistent connection is released.	15
XffProto	boolean	No	Specifies whether to use the X-Forward-For-Proto header to pass the protocol used by WAF. Valid values: true (default): passes the protocol used by WAF. false: does not pass the protocol used by WAF.	true
MaxBodySize	integer	No	The maximum size of a request body. Valid values: 2 to 10. Default value: 2. Unit: GB.	2
RegionId	string	Yes	The region where the WAF instance resides. Valid values: cn-hangzhou: the Chinese mainland. ap-southeast-1: outside the Chinese mainland.	cn-hangzhou
CloudResourceId	string	No	The ID of the resource that is added to WAF. The ID is automatically generated by WAF when you add the resource to WAF in cloud native mode. Note After you add a resource by calling the CreateCloudResource operation, you can view the resource ID in the response.	lb-***-80-clb7

Response elements

Element	Type	Description	Example
	object
RequestId	string	The ID of the request.	D7861F61-5B61-46CE-A47C-***
CloudResource	string	The ID of the added resource.	lb-xxx-80-clb7

Examples

Success response

JSON format

{
  "RequestId": "D7861F61-5B61-46CE-A47C-***",
  "CloudResource": "lb-xxx-80-clb7"
}

Error codes

HTTP status code	Error code	Error message	Description
400	Waf.Pullin.CertExpired	Certificate expired, certificate ID:%s .
400	Waf.Pullin.CertNotExist	Certificate does not exist in SSL Certificate Center, certificate type:%s, certificate ID:%s.	Certificate does not exist in SSL Certificate Center, certificate type:%s, certificate ID:%s.
400	Waf.Pullin.OnlyBeOneDefaultCert	There can be only one default certificate.	There can be only one default certificate.
400	Waf.Control.CloudProductInfoNotMartch	The value of the cloud product, port, instance, and input parameter to which the resource ID of the cloud product is connected to WAF does not match.	The value of the cloud product, port, instance, and input parameter to which the resource ID of the cloud product is connected to WAF does not match.
400	Waf.Control.CloudProductInfoEmpty	The resource Id of the cloud product accessing WAF is null or null values exist in the three input parameters of the cloud product name, port, and cloud product instance.	The resource Id of the cloud product accessing WAF is null or null values exist in the three input parameters of the cloud product name, port, and cloud product instance.
400	Waf.Control.DefenseResourceEmpty	CloudResourceId parameter is illegal.	CloudResourceId parameter is illegal

See Error Codes for a complete list.

Release notes

See Release Notes for a complete list.