This product(
waf-openapi/2021-10-01) OpenAPI adopts RPC Signature style. See signature details in Description of the signature mechanism. We have packaged SDKs for common programming languages for developers. Developers can directly call the OpenAPI of this product by downloading the SDK without paying attention to the technical details. If the existing SDK cannot meet the usage requirements, you can connect through the signature mechanism. It will take about 5 working days. Therefore, it is recommended to join our DingTalk service group (11370001915) and sign under the guidance of experts. Before using the API, you need to prepare your identity account and access key (AccessKey) to effectively access the API through client tools (SDK, CLI, etc.). For details see getAccessKey.
Instance information
| API | Title | Description |
|---|---|---|
| CreatePostpaidInstance | CreatePostpaidInstance | Creates a pay-as-you-go Web Application Firewall (WAF) 3.0 instance. |
| DescribeInstance | DescribeInstance | Queries the details of a Web Application Firewall (WAF) instance within the current Alibaba Cloud account. |
Website Configuration
| API | Title | Description |
|---|---|---|
| Cloud Native | Cloud Native | |
| SyncProductInstance | SyncProductInstance | Synchronizes Elastic Compute Service (ECS) instances and Classic Load Balancer (CLB) instances to Web Application Firewall (WAF). |
| DescribeCloudResources | DescribeCloudResources | Queries cloud service resources that are added to Web Application Firewall (WAF). |
| DescribeProductInstances | DescribeProductInstances | Queries the cloud service instances to be added to Web Application Firewall (WAF) in transparent proxy mode. |
| DescribeResourceSupportRegions | DescribeResourceSupportRegions | Queries the region IDs of Classic Load Balancer (CLB) and Elastic Compute Service (ECS) instances that can be added to Web Application Firewall (WAF) in transparent proxy mode. |
| DescribeResourceRegionId | DescribeResourceRegionId | Queries the region IDs of the resources that are added to Web Application Firewall (WAF) in cloud native mode. The resources include Application Load Balancer (ALB) instances, Microservices Engine (MSE) instances, and custom domain names bound to web applications in Function Compute. |
| DescribeResourceInstanceCerts | DescribeResourceInstanceCerts | Queries the certificates that are used in cloud service instances. The certificates returned include the certificates within the delegated administrator account and the certificates within members to which specific instances belong. For example, the delegated administrator account has certificate 1, instance lb-xx-1 belongs to member B, and member B has certificate 2. If you specify instance lb-xx-1 in the request, certificate 1 and certificate 2 are returned. |
| CNAME Record | CNAME Record | |
| DescribePunishedDomains | DescribePunishedDomains | Queries a list of domain names that are added to Web Application Firewall (WAF) and penalized for failing to obtain an Internet Content Provider (ICP) filing. |
| ModifyDomainPunishStatus | ModifyDomainPunishStatus | Re-adds a domain name that is penalized for failing to obtain an Internet Content Provider (ICP) filing to Web Application Firewall (WAF). |
| DescribeCertDetail | DescribeCertDetail | Queries the details of a certificate, such as the certificate name, expiration time, issuance time, and associated domain name. |
| CreateDomain | CreateDomain | Adds a domain name to Web Application Firewall (WAF). |
| ModifyDomain | ModifyDomain | Modifies the configurations of a domain name that is added to Web Application Firewall (WAF) in CNAME record mode. |
| DeleteDomain | DeleteDomain | Deletes a domain name that is added to Web Application Firewall (WAF). |
| DescribeDomainDetail | DescribeDomainDetail | Queries the details of a domain name that is added to Web Application Firewall (WAF). |
| DescribeDomains | DescribeDomains | Queries the domain names that are added to Web Application Firewall (WAF). |
| DescribeCerts | DescribeCerts | Queries the certificates issued for your domain names that are added to Web Application Firewall (WAF). |
| DescribeWafSourceIpSegment | DescribeWafSourceIpSegment | Queries the back-to-origin CIDR blocks of a Web Application Firewall (WAF) instance. |
| DescribeDomainDNSRecord | DescribeDomainDNSRecord | Checks whether the Domain Name System (DNS) settings of a domain name are properly configured. |
| Hybrid Cloud | Hybrid Cloud | |
| DescribeHybridCloudResources | DescribeHybridCloudResources | Queries the domain names that are added to a Web Application Firewall (WAF) instance in hybrid cloud mode. |
| DescribeResourcePort | DescribeResourcePort | Queries the ports of a cloud service instance that are added to Web Application Firewall (WAF). |
Protection Configurations
| API | Title | Description |
|---|---|---|
| Protected objects | Protected objects | |
| CreateDefenseResourceGroup | CreateDefenseResourceGroup | Creates a protected object group. |
| ModifyDefenseResourceGroup | ModifyDefenseResourceGroup | Modifies the configurations of a protected object group. |
| DeleteDefenseResourceGroup | DeleteDefenseResourceGroup | Deletes a protected object group. |
| DescribeDefenseResourceGroup | DescribeDefenseResourceGroup | Queries the information about a protected object group. |
| DescribeDefenseResourceGroups | DescribeDefenseResourceGroups | Performs a pagination query to retrieve the information about protected object groups. |
| DescribeDefenseResourceGroupNames | DescribeDefenseResourceGroupNames | Queries the names of protected object groups. |
| DescribeDefenseResource | DescribeDefenseResource | Queries the information about a protected object. |
| DescribeDefenseResources | DescribeDefenseResources | Queries protected objects by page. |
| DescribeDefenseResourceNames | DescribeDefenseResourceNames | Performs a pagination query to retrieve the names of protected objects. |
| ModifyDefenseResourceXff | ModifyDefenseResourceXff | Modifies the cookie settings of a protected object and the method to identify the originating IP addresses of clients. |
| Protection rules | Protection rules | |
| ModifyDefenseRuleCache | ModifyDefenseRuleCache | Updates the cached page of a website that is protected based on a website tamper-proofing rule. |
| DescribeDefenseResourceTemplates | DescribeDefenseResourceTemplates | Queries the protection templates that are associated with a protected object or protected object group. |
| DescribeDefenseTemplateValidGroups | DescribeDefenseTemplateValidGroups | Queries the names of protected object groups for which a protection template can take effect. |
| DescribeDefenseTemplates | DescribeDefenseTemplates | Performs a paging query to retrieve protection templates. |
| CreateDefenseTemplate | CreateDefenseTemplate | Creates a protection rule template. |
| CopyDefenseTemplate | CopyDefenseTemplate | Creates a new protection template from the copy. |
| ModifyDefenseTemplate | ModifyDefenseTemplate | Modifies the configurations of a protection rule template. |
| DescribeDefenseTemplate | DescribeDefenseTemplate | Queries a protection rule template. |
| ModifyDefenseTemplateStatus | ModifyDefenseTemplateStatus | Changes the status of a protection rule template. |
| DeleteDefenseTemplate | DeleteDefenseTemplate | Deletes a protection rule template. |
| CreateDefenseRule | CreateDefenseRule | Creates a protection rule. |
| ModifyDefenseRule | ModifyDefenseRule | Modifies the configurations of a protection rule. |
| ModifyDefenseRuleStatus | ModifyDefenseRuleStatus | Changes the status of a protection rule. |
| DeleteDefenseRule | DeleteDefenseRule | Deletes a protection rule. |
| DescribeDefenseRule | DescribeDefenseRule | Queries a protection rule. |
| DescribeDefenseRules | DescribeDefenseRules | Queries protection rules by page. |
| ModifyTemplateResources | ModifyTemplateResources | Associates or disassociates a protection resource with or from a protection rule template. |
| DescribeTemplateResources | DescribeTemplateResources | Queries the resources that are associated to a protection rule template. |
| DescribeTemplateResourceCount | DescribeTemplateResourceCount | Queries the number of protected resources for which a protection template takes effect. |
| DescribeRuleGroups | DescribeRuleGroups | Queries regular expression rule groups by page. |
| Protection for Major Events | Protection for Major Events | |
| CreateMajorProtectionBlackIp | CreateMajorProtectionBlackIp | Creates an IP address blacklist for major event protection. |
| ModifyMajorProtectionBlackIp | ModifyMajorProtectionBlackIp | Modifies an IP address blacklist for major event protection. |
| DeleteMajorProtectionBlackIp | DeleteMajorProtectionBlackIp | Deletes an IP address blacklist for major event protection. |
| ClearMajorProtectionBlackIp | ClearMajorProtectionBlackIp | Clears an IP address blacklist for major event protection. |
| DescribeMajorProtectionBlackIps | DescribeMajorProtectionBlackIps | Queries IP addresses in an IP address blacklist for major event protection by page. |
Report information
| API | Title | Description |
|---|---|---|
| DescribeFlowChart | DescribeFlowChart | Queries the traffic statistics of requests that are forwarded to Web Application Firewall (WAF). |
| DescribePeakTrend | DescribePeakTrend | Queries the queries per second (QPS) statistics of a WAF instance. |
| DescribeResponseCodeTrendGraph | DescribeResponseCodeTrendGraph | Queries the trend of the number of error codes that are returned to clients or Web Application Firewall (WAF). The error codes include 302, 405, 444, 499, and 5XX. |
| DescribeVisitUas | DescribeVisitUas | Queries the top 10 user agents that are used to initiate requests. |
| DescribeVisitTopIp | DescribeVisitTopIp | Queries the top 10 IP addresses from which requests are sent. |
| DescribeRuleHitsTopResource | DescribeRuleHitsTopResource | Queries the top 10 protected objects that trigger protection rules. |
| DescribeRuleHitsTopRuleId | DescribeRuleHitsTopRuleId | Queries the IDs of the top 10 protection rules that are matched by requests. |
| DescribeRuleHitsTopTuleType | DescribeRuleHitsTopTuleType | Queries the top 10 protection modules that are matched. |
| DescribeRuleHitsTopUrl | DescribeRuleHitsTopUrl | Queries the top 10 URLs that trigger protection rules. |
| DescribeRuleHitsTopClientIp | DescribeRuleHitsTopClientIp | Queries the top 10 IP addresses from which attacks are initiated. |
| DescribeFlowTopResource | DescribeFlowTopResource | Queries the top 10 protected objects that receive requests. |
| DescribeRuleHitsTopUa | DescribeRuleHitsTopUa | Queries the top 10 user agents that are used to initiate attacks. |
| DescribeFlowTopUrl | DescribeFlowTopUrl | Queries the top 10 URLs that are used to initiate requests. |
Log configurations
| API | Title | Description |
|---|---|---|
| DescribeUserSlsLogRegions | DescribeUserSlsLogRegions | Queries available regions for log storage. |
| DescribeUserWafLogStatus | DescribeUserWafLogStatus | Queries the status, region ID, and status modification time of Web Application Firewall (WAF) logs. |
| DescribeSlsAuthStatus | DescribeSlsAuthStatus | Queries whether Web Application Firewall (WAF) is authorized to access Logstores. |
| DescribeSlsLogStoreStatus | DescribeSlsLogStoreStatus | Queries the status of a Simple Log Service Logstore. |
| DescribeSlsLogStore | DescribeSlsLogStore | Queries information about a Logstore, such as the total capacity, storage duration, and used capacity. |
| ModifyResourceLogStatus | ModifyResourceLogStatus | Enables or disables the log collection feature for a protected object. |
| DescribeResourceLogStatus | DescribeResourceLogStatus | Queries whether the log collection feature is enabled for a protected object. |
Hybrid Cloud Cluster Management
| API | Title | Description |
|---|---|---|
| ModifyHybridCloudClusterBypassStatus | ModifyHybridCloudClusterBypassStatus | Enables or disables manual bypass for a hybrid cloud cluster of the SDK-based traffic mirroring mode. |
| DescribeHybridCloudUser | DescribeHybridCloudUser | Queries the HTTP and HTTPS ports that you can use when you add a domain name to Web Application Firewall (WAF) in hybrid cloud mode. |
| DescribeHybridCloudGroups | DescribeHybridCloudGroups | Queries the hybrid cloud node groups that are added to Web Application Firewall (WAF). |
Multi Account Management
| API | Title | Description |
|---|---|---|
| CreateMemberAccounts | CreateMemberAccounts | Adds members to use the multi-account management feature of Web Application Firewall (WAF). |
| ModifyMemberAccount | ModifyMemberAccount | Modifies the information about members that are added for multi-account management. |
| DeleteMemberAccount | DeleteMemberAccount | Removes the members that are added for multi-account management in Web Application Firewall (WAF). |
| DescribeAccountDelegatedStatus | DescribeAccountDelegatedStatus | Queries whether an Alibaba Cloud account is the delegated administrator account of a Web Application Firewall (WAF) instance. |
| DescribeMemberAccounts | DescribeMemberAccounts | Queries information about members. |
Tag Management
| API | Title | Description |
|---|---|---|
| TagResources | TagResources | Adds tags to resources. |
| ListTagKeys | ListTagKeys | Queries tag keys. |
| UntagResources | UntagResources | Removes tags from resources and then deletes the tags. |
| ListTagResources | ListTagResources | Queries the tags that are added to a resource. |
| ListTagValues | ListTagValues | Queries the tag values of a tag key. |