DescribeWebRules - Anti-DDoS - Alibaba Cloud Documentation Center

Query Configuration of Website Business Forwarding Rules.

Operation description

This interface is used for paginated querying of the configurations of website business forwarding rules you have created, such as forwarding protocol types, source server addresses, HTTPS configurations, IP blacklist configurations, and more.

Before calling this interface, you must have already called CreateWebRule to create website business forwarding rules.

QPS Limit

The per-user QPS limit for this interface is 50 times/second. Exceeding this limit will result in API calls being throttled, which may impact your business; please use it reasonably.

Debugging

You can run this interface directly in OpenAPI Explorer, saving you the trouble of calculating signatures. After running successfully, OpenAPI Explorer can automatically generate SDK code samples.

Debug

Authorization information

The following table shows the authorization information corresponding to the API. The authorization information can be used in the Action policy element to grant a RAM user or RAM role the permissions to call this API operation. Description:

Operation: the value that you can use in the Action element to specify the operation on a resource.
Access level: the access level of each operation. The levels are read, write, and list.
Resource type: the type of the resource on which you can authorize the RAM user or the RAM role to perform the operation. Take note of the following items:
- The required resource types are displayed in bold characters.
- If the permissions cannot be granted at the resource level, All Resources is used in the Resource type column of the operation.
Condition Key: the condition key that is defined by the cloud service.
Associated operation: other operations that the RAM user or the RAM role must have permissions to perform to complete the operation. To complete the operation, the RAM user or the RAM role must have the permissions to perform the associated operations.

Operation	Access level	Resource type	Condition key	Associated operation
yundun-ddoscoo:DescribeWebRules	list	All Resources *	none	none

Request parameters

Parameter	Type	Required	Description	Example
ResourceGroupId	string	No	The resource group ID of the DDoS protection instance in the resource management service. Not setting this parameter indicates the default resource group.	rg-acfm2pz25js****
Domain	string	No	The domain name of the website to query. Note The domain must have been configured with website business forwarding rules. You can call DescribeDomains to query all domains that have been configured with website business forwarding rules.	example.com
Cname	string	No	The CNAME address to query.	kzmk7b8tt351**.aliyunddos1014**
QueryDomainPattern	string	No	The query matching pattern. Values: fuzzy (default): Indicates fuzzy query. exact: Indicates exact query.	exact
PageNumber	integer	No	The page number. Default value: 1.	1
PageSize	integer	No	The number of entries per page. Valid values: 1 to 10.	10
InstanceIds	array	No	The list of DDoS protection instance IDs to query.
	string	No	The ID of the DDoS protection instance to query. The maximum value of N is 200, meaning up to 200 DDoS protection instances can be configured, with instance IDs separated by a comma (,). Note You can call DescribeInstanceIds to query the IDs of all DDoS protection instances.	ddoscoo-cn-i7m27nf3****

Response parameters

Parameter	Type	Description	Example
	object
TotalCount	long	The total number of queried website business forwarding rules.	1
RequestId	string	The ID of the request.	0F5B72DD-96F4-423A-B12B-A5151DD746B8
WebRules	array<object>	The configurations of the forwarding rule.
WebRule	object
Domain	string	The domain name of the website.	example.com
Http2HttpsEnable	boolean	Indicates whether Enable HTTPS Redirection was turned on. Valid values: true false	true
SslProtocols	string	The version of the Transport Layer Security (TLS) protocol. Valid values: tls1.0: TLS 1.0 or later tls1.1: TLS 1.1 or later tls1.2: TLS 1.2 or later	tls1.1
PunishReason	integer	The reason why the domain name is invalid. Valid values: 1: No Content Provider (ICP) filing is completed for the domain name. 2: The business for which you registered the domain name does not meet regulatory requirements. If the two reasons are both involved, the value 2 is returned.	1
CcTemplate	string	The mode of the Frequency Control policy. Valid values: default: the Normal mode gf_under_attack: the Emergency mode gf_sos_verify: the Strict mode gf_sos_verify: the Super Strict mode	default
CcEnabled	boolean	Indicates whether the Frequency Control policy is enabled. Valid values: true false	true
SslCiphers	string	The type of the cipher suite. Valid values: default: custom cipher suites all: all cipher suites, which contain strong and weak cipher suites strong: strong cipher suites	default
Ssl13Enabled	boolean	Indicates whether TLS 1.3 is supported. Valid values: true false	false
CcRuleEnabled	boolean	Indicates whether the Custom Rule switch of the Frequency Control policy is turned on. Valid values: true false	false
OcspEnabled	boolean	Indicates whether the Online Certificate Status Protocol (OCSP) feature is enabled. Valid values: true false	false
PunishStatus	boolean	Indicates whether the domain name is invalid. Valid values: true: You can view the specific reasons from the PunishReason parameter. false	true
ProxyEnabled	boolean	Indicates whether the forwarding rule is enabled. Valid values: true false	true
CertName	string	The name of the SSL certificate.	testcert
PolicyMode	string	The load balancing algorithm for back-to-origin traffic. Valid values: ip_hash: the IP hash algorithm. This algorithm is used to redirect the requests from the same IP address to the same origin server. rr: the round-robin algorithm. This algorithm is used to redirect requests to origin servers in turn. least_time: the least response time algorithm. This algorithm is used to minimize the latency when requests are forwarded from Anti-DDoS Pro or Anti-DDoS Premium instances to origin servers based on the intelligent DNS resolution feature.	ip_hash
Cname	string	The CNAME provided by the Anti-DDoS Pro or Anti-DDoS Premium instance to which the domain name is added.	kzmk7b8tt351**.aliyunddos1014**
Http2Enable	boolean	Indicates whether Enable HTTP/2 is turned on. Valid values: true false	true
Https2HttpEnable	boolean	Indicates whether Enable HTTP Redirection of Back-to-origin Requests is turned on. Valid values: true false	true
ProxyTypes	array<object>	The details of the protocol type and port number.
ProxyConfig	object
ProxyType	string	The type of the protocol. Valid values: http https websocket websockets	https
ProxyPorts	array	The ports.
ProxyPort	string	The port number.	443
RealServers	array<object>	The details of the origin server address.
RealServer	object
RsType	integer	The type of the origin server address. Valid values: 0: IP address 1: domain name The domain name of the origin server is returned if you deploy proxies, such as Web Application Firewall (WAF), between the origin server and the instance. In this case, the address of the proxy, such as the CNAME provided by WAF, is returned.	0
RealServer	string	The address of the origin server.	192.0.XX.XX
WhiteList	array	The IP addresses in the whitelist for the domain name.
WhiteItem	string	The IP address in the whitelist for the domain name. Note This parameter is returned only when the IP address whitelist is configured for the domain name. You can call the ConfigWebIpSet operation to configure the IP address whitelist and the IP address blacklist for the domain name.	192.168.XX.XX
BlackList	array	The IP addresses in the blacklist for the domain name.
BlackItem	string	The IP address in the blacklist for the domain name. Note This parameter is returned only when the IP address blacklist is configured for the domain name. You can call the ConfigWebIpSet operation to configure the IP address whitelist and the IP address blacklist for the domain name.	192.0.XX.XX
CustomCiphers	array	The custom cipher suites.
CustomCipher	string	The custom cipher suite.	ECDHE-ECDSA-AES128-GCM-SHA256
GmCert	object	The SM certificate settings.
CertId	string	The ID of the SM certificate.	725****
GmEnable	long	Indicates whether Enable SM Certificate-based Verification is turned on. 0: no 1: yes	1
GmOnly	long	Indicates whether Allow Access Only from SM Certificates-based Clients is turned on. 0: no 1: yes	1
CertRegion	string	The region where the certificate is used. Valid values: cn-hangzhou (default): the Chinese mainland ap-southeast-1: outside the Chinese mainland	cn-hangzhou
UserCertName	string	The name of the certificate uploaded by the user to the certificate center.	test

Examples

Sample success responses

JSONformat

{
  "TotalCount": 1,
  "RequestId": "0F5B72DD-96F4-423A-B12B-A5151DD746B8",
  "WebRules": [
    {
      "Domain": "example.com",
      "Http2HttpsEnable": true,
      "SslProtocols": "tls1.1",
      "PunishReason": 1,
      "CcTemplate": "default",
      "CcEnabled": true,
      "SslCiphers": "default",
      "Ssl13Enabled": false,
      "CcRuleEnabled": false,
      "OcspEnabled": false,
      "PunishStatus": true,
      "ProxyEnabled": true,
      "CertName": "testcert",
      "PolicyMode": "ip_hash",
      "Cname": "kzmk7b8tt351****.aliyunddos1014****",
      "Http2Enable": true,
      "Https2HttpEnable": true,
      "ProxyTypes": [
        {
          "ProxyType": "https",
          "ProxyPorts": [
            "443"
          ]
        }
      ],
      "RealServers": [
        {
          "RsType": 0,
          "RealServer": "192.0.XX.XX"
        }
      ],
      "WhiteList": [
        "192.168.XX.XX"
      ],
      "BlackList": [
        "192.0.XX.XX"
      ],
      "CustomCiphers": [
        "ECDHE-ECDSA-AES128-GCM-SHA256"
      ],
      "GmCert": {
        "CertId": "725****",
        "GmEnable": 1,
        "GmOnly": 1
      },
      "CertRegion": "cn-hangzhou",
      "UserCertName": "test"
    }
  ]
}

Error codes

For a list of error codes, visit the Service error codes.

Change history

Change time	Summary of changes	Operation
2024-08-30	The response structure of the API has changed	View Change Details
2023-07-18	The response structure of the API has changed	View Change Details