Lindungi Traffic ECS dan CLB dengan WAF melalui Integrasi Resource Cloud - Web Application Firewall - Alibaba Cloud - Web Application Firewall

Mengintegrasikan produk cloud dengan Web Application Firewall (WAF). Saat ini, hanya Elastic Compute Service (ECS) dan Classic Load Balancer (CLB) yang didukung.

Coba sekarang

Coba API ini di OpenAPI Explorer tanpa perlu penandatanganan manual. Panggilan yang berhasil akan secara otomatis menghasilkan contoh kode SDK sesuai dengan parameter Anda. Unduh kode tersebut dengan kredensial bawaan yang aman untuk penggunaan lokal.

Test

RAM authorization

Tabel berikut menjelaskan otorisasi yang diperlukan untuk memanggil API ini. Anda dapat menentukannya dalam kebijakan Resource Access Management (RAM). Kolom pada tabel dijelaskan sebagai berikut:

Action: Aksi yang dapat digunakan dalam elemen Action pada pernyataan kebijakan izin RAM untuk memberikan izin guna melakukan operasi tersebut.
API: API yang dapat Anda panggil untuk melakukan aksi tersebut.
Access level: Tingkat akses yang telah ditentukan untuk setiap API. Nilai yang valid: create, list, get, update, dan delete.
Resource type: Jenis resource yang mendukung otorisasi untuk melakukan aksi tersebut. Ini menunjukkan apakah aksi tersebut mendukung izin tingkat resource. Resource yang ditentukan harus kompatibel dengan aksi tersebut. Jika tidak, kebijakan tersebut tidak akan berlaku.
- Untuk API dengan izin tingkat resource, jenis resource yang diperlukan ditandai dengan tanda bintang (*). Tentukan Nama Sumber Daya Alibaba Cloud (ARN) yang sesuai dalam elemen Resource pada kebijakan.
- Untuk API tanpa izin tingkat resource, ditampilkan sebagai All Resources. Gunakan tanda bintang (*) dalam elemen Resource pada kebijakan.
Condition key: Kunci kondisi yang didefinisikan oleh layanan. Kunci ini memungkinkan kontrol granular, berlaku baik hanya untuk aksi maupun untuk aksi yang terkait dengan resource tertentu. Selain kunci kondisi spesifik layanan, Alibaba Cloud menyediakan serangkaian common condition keys yang berlaku di semua layanan yang didukung RAM.
Dependent action: Aksi dependen yang diperlukan untuk menjalankan aksi tersebut. Untuk menyelesaikan aksi tersebut, pengguna RAM atau role RAM harus memiliki izin untuk melakukan semua aksi dependen.

Action

Access level

Resource type

Condition key

Dependent action

yundun-waf:CreateCloudResource

create

*全部资源

*

None

Parameter permintaan

Parameter	Type	Required	Description	Example
InstanceId	string	Yes	ID Instans WAF. Catatan Panggil DescribeInstance untuk mengkueri ID Instans WAF saat ini.	waf_v3prepaid_public_cn-***
ResourceManagerResourceGroupId	string	No	ID kelompok sumber daya Alibaba Cloud.	rg-acfm***q
Listen	object	Yes	Konfigurasi daftar Pendengar.
TLSVersion	string	No	The TLS version to add. This parameter is used only when HttpsPorts is not empty, which indicates that the domain name uses HTTPS. Valid values: tlsv1 tlsv1.1 tlsv1.2	tlsv1
EnableTLSv3	boolean	No	Specifies whether to support TLS 1.3. This parameter is used only when HttpsPorts is not empty, which indicates that the domain name uses HTTPS. Valid values: true: TLS 1.3 is supported. false: TLS 1.3 is not supported.	true
CipherSuite	integer	No	The type of cipher suite to add. This parameter is used only when HttpsPorts is not empty, which indicates that the domain name uses HTTPS. Valid values: 1: Adds all cipher suites. 2: Adds strong cipher suites. You can select this value only when TLSVersion is set to tlsv1.2. 99: Adds custom cipher suites.	1
CustomCiphers	array	No	The custom cipher suites to add. This parameter is used only when CipherSuite is set to 99.
	string	No	The custom cipher suites to add. This parameter is used only when CipherSuite is set to 99.	ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-ECDSA-AES256-SHA384
ResourceProduct	string	Yes	The type of the cloud product. Valid values: clb4: Layer 4 CLB instance. clb7: Layer 7 CLB instance. ecs: ECS instance. nlb: Network Load Balancer (NLB) instance.	clb4
Port	integer	Yes	The port of the cloud product that is added to WAF.	80
ResourceInstanceId	string	Yes	The ID of the cloud product instance.	lb-bp1*****
Protocol	string	Yes	The protocol type. Valid values: http: HTTP. https: HTTPS.	http
Certificates	array<object>	No	The list of certificate IDs.
	object	No	The certificate information.
CertificateId	string	No	The ID of the certificate to add. Catatan Call DescribeResourceInstanceCerts to query the IDs of all SSL certificates that are associated with the cloud product instance.	123-cn-hangzhou
AppliedType	string	No	The type of the certificate for the HTTPS protocol. Valid values: default: the default certificate. extension: the additional certificate.	default
Http2Enabled	boolean	No	Specifies whether to enable HTTP/2. This parameter is used only when HttpsPorts is not empty, which indicates that the domain name uses HTTPS. Valid values: true: enables HTTP/2. false (default): disables HTTP/2.	true
ResourceRegionId	string	No	The region ID of the cloud product. Catatan This parameter is required if the ID of the instance that you want to add has not been synchronized to WAF.	cn-hangzhou
Domain	string	No
Redirect	object	No	Konfigurasi penerusan.
RequestHeaders	array<object>	No	The value of this parameter is in the `[{"k":"key","v":"value"}]` format. key indicates the custom request header field. value indicates the value of the field. Catatan If the custom header field already exists in the request, the system overwrites the value of the custom header field with the specified value.
	object	No	The value of this parameter is in the `[{"k":"key","v":"value"}]` format. key indicates the custom request header field. value indicates the value of the field.
Key	string	No	The custom request header field.	key1
Value	string	No	The value of the custom request header field.	value1
XffHeaderMode	integer	No	The method that WAF uses to obtain the real IP address of a client. Valid values: 0: No Layer 7 proxy is deployed before WAF. 1: WAF reads the first value of the XFF header field to obtain the client IP address. 2: WAF reads the value of a custom header field to obtain the client IP address.	1
XffHeaders	array	No	The list of custom header fields that are used to obtain the client IP address. The value is in the `["header1","header2",...]` format. Catatan This parameter is required only when XffHeaderMode is set to 2, which indicates that WAF reads the value of a custom header field to obtain the client IP address.
	string	No	The list of custom header fields that are used to obtain the client IP address. The value is in the `["header1","header2",...]` format. Catatan This parameter is required only when XffHeaderMode is set to 2, which indicates that WAF reads the value of a custom header field to obtain the client IP address.	header1
ReadTimeout	integer	No	The read timeout period. Unit: seconds. Valid values: 1 to 3600.	1
WriteTimeout	integer	No	The write timeout period. Unit: seconds. Valid values: 1 to 3600.	1
Keepalive	boolean	No	Specifies whether to enable persistent connections. Valid values: true (default): enables persistent connections. false: disables persistent connections.	true
KeepaliveRequests	integer	No	The number of requests that can be reused in a persistent connection. Valid values: 60 to 1000. Catatan The number of requests that are reused over a persistent connection.	1000
KeepaliveTimeout	integer	No	The timeout period for an idle persistent connection. Valid values: 10 to 3600. Default value: 3600. Unit: seconds. Catatan The period of time after which an idle persistent connection is released.	3600
XffProto	boolean	No	Specifies whether to use the X-Forwarded-Proto header to pass the WAF protocol. Valid values: true (default): passes the WAF protocol. false: does not pass the WAF protocol.	true
MaxBodySize	integer	No	The maximum size of a request body. Valid values: 2 to 10. Default value: 2. Unit: GB. Catatan This feature is available only for the WAF Ultimate edition.	2
Tag	array<object>	No	Daftar tag. Anda dapat menambahkan hingga 20 tag.
	object	No
Key	string	No	The tag key.	TagKey1
Value	string	No	The tag value.	TagValue1
RegionId	string	Yes	Wilayah tempat Instans WAF berada. Nilai valid: cn-hangzhou: Tiongkok daratan. ap-southeast-1: di luar Tiongkok daratan.	cn-hangzhou
OwnerUserId	string	No	ID akun Alibaba Cloud pemilik Sumber daya.	123

Elemen respons

Element	Type	Description	Example
	object
RequestId	string	The request ID.	66A98669-ER12-WE34-23PO-301469*****E
CloudResourceId	string	The ID of the added resource. This ID is automatically generated by WAF.	lb-***

Contoh

Respons sukses

JSONformat

{
  "RequestId": "66A98669-ER12-WE34-23PO-301469*****E",
  "CloudResourceId": "lb-***"
}

Kode kesalahan

HTTP status code	Error code	Error message	Description
400	Waf.Pullin.CertNotExist	Certificate does not exist in SSL Certificate Center, certificate type:%s, certificate ID:%s.
400	Waf.Pullin.CertExpired	Certificate expired, certificate ID:%s .

Lihat Error Codes untuk daftar lengkap.

Catatan rilis

Lihat Release Notes untuk daftar lengkap.