All Products
Search
Document Center

Web Application Firewall:ModifyDomain

Last Updated:May 31, 2024

Modifies the configurations of a domain name that is added to Web Application Firewall (WAF).

Debugging

OpenAPI Explorer automatically calculates the signature value. For your convenience, we recommend that you call this operation in OpenAPI Explorer. OpenAPI Explorer dynamically generates the sample code of the operation for different SDKs.

Request parameters

Parameter

Type

Required

Example

Description

Action

String

Yes

ModifyDomain

The operation that you want to perform. Set the value to ModifyDomain.

InstanceId

String

Yes

waf-cn-7pp26f1****

The ID of the WAF instance.

Note

You can call the DescribeInstanceInfo operation to query the ID of the WAF instance.

Domain

String

Yes

www.example.com

The domain name whose configurations you want to modify.

Note

You can call the DescribeDomainNames operation to query the domain names that are added to WAF.

SourceIps

String

No

["39.XX.XX.197"]

The IP address or domain name of the origin server. You can specify only one type of address.

  • If you use the IP address type, specify the value in the ["ip1","ip2",...] format. You can specify up to 20 IP addresses.

  • If you use the domain name type, specify the value in the ["domain"] format. You can enter only one domain name.

Note

You need to specify this parameter only if you set AccessType to waf-cloud-dns.

LoadBalancing

Integer

No

0

The load balancing algorithm that you want WAF to use to forward requests to the origin server. Valid values:

  • 0: IP hash.

  • 1: round-robin.

  • 2: least time.

Note

You need to specify this parameter only if you set AccessType to waf-cloud-dns.

HttpPort

String

No

[80]

The HTTP ports. Specify the value in the ["port1","port2",...] format.

Note

You need to specify this parameter only if you set AccessType to waf-cloud-dns. If you specify this parameter, your website uses HTTP. You must specify at least one of HttpPort and HttpsPort.

HttpsPort

String

No

[443]

The HTTPS ports. Specify the value in the ["port1","port2",...] format.

Note

You need to specify this parameter only if you set AccessType to waf-cloud-dns. If you specify this parameter, your website uses HTTPS. You must specify at least one of HttpPort and HttpsPort.

Http2Port

String

No

[443]

The HTTP/2 ports. Specify the value in the ["port1","port2",...] format.

Note

You need to specify this parameter only if you set AccessType to waf-cloud-dns and specify HttpsPort. If you specify HttpsPort, your website uses HTTPS.

HttpsRedirect

Integer

No

0

Specifies whether to enable HTTP to HTTPS redirection. If you enable HTTP to HTTPS redirection, HTTP requests are automatically redirected to HTTPS requests on port 443. Valid values:

  • 0 (default): disables HTTP to HTTPS redirection.

  • 1: enables HTTP to HTTPS redirection.

Note

You need to specify this parameter only if you set AccessType to waf-cloud-dns and specify HttpsPort. If you specify HttpsPort, your website uses HTTPS.

HttpToUserIp

Integer

No

0

Specifies whether to enable HTTPS to HTTP redirection for back-to-origin requests. If you enable HTTPS to HTTP redirection for back-to-origin requests, WAF uses HTTP to forward HTTPS requests to the origin server. By default, port 80 is used. Valid values:

  • 0 (default): disables HTTPS to HTTP redirection for back-to-origin requests.

  • 1: enables HTTPS to HTTP redirection for back-to-origin requests.

Note

You need to specify this parameter only if you set AccessType to waf-cloud-dns and specify HttpsPort. If you specify HttpsPort, your website uses HTTPS.

IsAccessProduct

Integer

Yes

0

Specifies whether a Layer 7 proxy, such as Anti-DDoS Proxy or Alibaba Cloud CDN, is deployed in front of WAF. A Layer 7 proxy is used to filter inbound traffic before the traffic reaches the WAF instance. Valid values:

  • 0: no.

  • 1: yes.

AccessHeaderMode

Integer

No

0

The method that you want WAF to use to obtain the originating IP address of a client. Valid values:

  • 0 (default): WAF reads the first value of the X-Forwarded-For (XFF) header field as the originating IP address of the client.

  • 1: WAF reads the value of a custom header field as the originating IP address of the client.

Note

You need to specify this parameter only if you set IsAccessProduct to 1.

AccessHeaders

String

No

["X-Client-IP"]

The custom header fields that are used to obtain the originating IP address of a client. Specify the value in the ["header1","header2",...] format.

Note

You need to specify this parameter only if you set AccessHeaderMode to 1.

LogHeaders

String

No

[{"k":"ALIWAF-TAG","v":"Yes"}]

The key-value pairs that you want to use to label the requests that pass through the WAF instance.

Specify the key-value pair in the [{"k":"_key_","v":"_value_"}] format. _key_ specifies a header field in a custom request. _value_ specifies the value of the field.

WAF automatically adds the key-value pair to the headers of requests. This way, the requests that pass through WAF are identified.

Note

If requests contain the custom header field, WAF overwrites the original value of the field with the specified value.

ClusterType

Integer

No

0

The type of WAF protection cluster. Valid values:

  • 0 (default): shared cluster.

  • 1: exclusive cluster.

Note

You need to specify this parameter only if you set AccessType to waf-cloud-dns.

ConnectionTime

Integer

No

5

The timeout period for connections of WAF exclusive clusters. Unit: seconds.

Note

You need to specify this parameter only if you set AccessType to waf-cloud-dns and ClusterType to 1.

ReadTime

Integer

No

120

The timeout period for read connections of WAF exclusive clusters. Unit: seconds.

Note

You need to specify this parameter only if you set AccessType to waf-cloud-dns and ClusterType to 1.

WriteTime

Integer

No

120

The timeout period for write connections of WAF exclusive clusters. Unit: seconds.

Note

You need to specify this parameter only if you set AccessType to waf-cloud-dns and ClusterType to 1.

AccessType

String

No

waf-cloud-dns

The mode in which you want to add the domain name to WAF. Valid values:

  • waf-cloud-dns (default): CNAME record mode.

  • waf-cloud-native: transparent proxy mode.

CloudNativeInstances

String

No

[{"ProtocolPortConfigs":[{"Ports":[80],"Protocol":"http"}],"RedirectionTypeName":"ALB","InstanceId":"alb-s65nua68wdedsp****","IPAddressList":["182.XX.XX.113"],"CloudNativeProductName":"ALB"}]

The list of server and port configurations for the transparent proxy mode. Set this parameter to a string that consists of JSON arrays. Each element in a JSON array is a JSON struct that contains the following fields:

  • ProtocolPortConfigs: the list of protocol and port configurations. This field is required. Data type: array. Each element in a JSON array is a JSON struct that contains the following fields:

    • Ports: the list of ports. This field is required. Data type: array. Specify the value in the [port1,port2,……] format.

    • Protocol: the protocol. This field is required. Data type: string. Valid values: http and https.

  • CloudNativeProductName: the type of the cloud service instance. This field is required. Data type: string. Valid values: ECS, SLB, and ALB.

  • RedirectionTypeName: the type of traffic redirection port. This field is required. Data type: string. Valid values: ECS, SLB-L4, SLB-L7, and ALB.

  • InstanceId: the ID of the cloud service instance. This field is required. Data type: string.

  • IPAddressList: the list of public IP addresses of the cloud service instance. This field is required. Data type: array. Specify the value in the ["ip1","ip2",...] format.

Note

You need to specify this parameter only if you set AccessType to waf-cloud-native.

IpFollowStatus

Integer

No

0

Specifies whether to enable the feature of forwarding requests to the origin servers that use the IP address type specified in the requests. If you enable the feature, WAF forwards requests from IPv4 addresses to origin servers that use IPv4 addresses and requests from IPv6 addresses to origin servers that use IPv6 addresses. Valid values:

  • 0 (default): disables the feature.

  • 1: enables the feature.

Note

You need to specify this parameter only if you set AccessType to waf-cloud-dns.

SniStatus

Integer

No

1

Specifies whether to enable origin Server Name Indication (SNI). Origin SNI specifies the domain name to which an HTTPS connection must be established at the start of the TLS handshake process when WAF forwards requests to the origin server. If the origin server hosts multiple domain names, you must enable this feature. Valid values:

  • 0: disables origin SNI.

  • 1: enables origin SNI.

By default, origin SNI is disabled for WAF instances in the Chinese mainland and enabled for WAF instances outside the Chinese mainland.

Note

You need to specify this parameter only if you set AccessType to waf-cloud-dns and specify HttpsPort. If you specify HttpsPort, your website uses HTTPS.

SniHost

String

No

waf.example.com

The value of the custom SNI field. If you do not specify this parameter, the Host field value in the request header is used.

If you want WAF to use an SNI field value that is different from the value of the Host field in back-to-origin requests, you can specify a custom value for the SNI field.

Note

You need to specify this parameter only if you set SniStatus to 1.

Retry

Boolean

No

true

Specifies whether WAF retries if WAF fails to forward requests to the origin server. Valid values:

  • true (default)

  • false

Keepalive

Boolean

No

true

Specifies whether to enable the persistent connection feature. Valid values:

  • true (default)

  • false

KeepaliveRequests

Integer

No

1000

The number of reused persistent connections. Valid values: 60 to 1000.

Note

The number of reused persistent connections after the persistent connection feature is enabled.

KeepaliveTimeout

Integer

No

60

The timeout period for idle persistent connections. Valid values: 1 to 60. Default value: 15. Unit: seconds.

Note

This parameter specifies the time for which a reused persistent connection can remain in the Idle state before the persistent connection is closed.

ResourceGroupId

String

No

rg-atstuj3rtop****

The ID of the resource group to which the WAF instance belongs in Resource Management.

If you do not specify this parameter, the WAF instance belongs to the default resource group.

RegionId

String

No

cn-hangzhou

The region in which the WAF instance is deployed. Valid values:

  • cn-hangzhou: Chinese mainland.

  • ap-southeast-1: outside the Chinese mainland.

All Alibaba Cloud API requests must include common request parameters. For more information about common request parameters, see Common request parameters.

For information about sample requests, see the "Examples" section of this topic.

Response parameters

Parameter

Type

Example

Description

RequestId

String

D7861F61-5B61-46CE-A47C-6B19****5EB0

The ID of the request.

Examples

Sample requests

http(s)://[Endpoint]/?Action=ModifyDomain
&InstanceId=waf-cn-7pp26f1****
&Domain=www.example.com
&IsAccessProduct=0
&HttpPort=[\"80\"]
&SourceIps=[\"39.XX.XX.197\"]
&<Common request parameters>

Sample success responses

XML format

HTTP/1.1 200 OK
Content-Type:application/xml

<?xml version="1.0" encoding="UTF-8" ?>
<ModifyDomainResponse>
	<RequestId>D7861F61-5B61-46CE-A47C-6B19160D5EB0</RequestId>
</ModifyDomainResponse>

JSON format

HTTP/1.1 200 OK
Content-Type:application/json

{
  "RequestId" : "D7861F61-5B61-46CE-A47C-6B19160D5EB0"
}

Error codes

For a list of error codes, see Service error codes.