How to add a domain name to a WAF instance - Web Application Firewall

Adds a domain name to a Web Application Firewall (WAF) instance.

Debugging

OpenAPI Explorer automatically calculates the signature value. For your convenience, we recommend that you call this operation in OpenAPI Explorer. OpenAPI Explorer dynamically generates the sample code of the operation for different SDKs.

Request parameters

Parameter	Type	Required	Example	Description
Action	String	Yes	CreateDomain	The operation that you want to perform. Set the value to CreateDomain.
InstanceId	String	Yes	waf-cn-7pp26f1****	The ID of the WAF instance. Note You can call the DescribeInstanceInfo operation to obtain the ID of the WAF instance.
Domain	String	Yes	www.example.com	The domain name that you want to add to WAF.
IsAccessProduct	Integer	Yes	0	Specifies whether a Layer 7 proxy is configured in front of WAF. A Layer 7 proxy is used to filter inbound traffic before the traffic reaches the WAF instance. Layer 7 proxies include Anti-DDoS Pro, Anti-DDoS Premium, and Alibaba Cloud CDN. Valid values: 0 No Layer 7 proxy is configured in front of WAF. 1: A Layer 7 proxy is configured in front of WAF.
AccessHeaderMode	Integer	No	0	The method that you want WAF to use to obtain the actual IP address of a client. Valid values: 0: WAF reads the first value of the X-Forwarded-For (XFF) header field as the actual IP address of a client. This is the default value. 1: WAF reads the value of a custom header field as the actual IP address of a client. Note This parameter is required only if you set IsAccessProduct to 1.
AccessHeaders	String	No	["X-Client-IP"]	The custom header fields that you want WAF to use to obtain the actual IP address of a client. Specify the value in the `["header1","header2",...]` format. Note This parameter is required only if you set AccessHeaderMode to 1.
LogHeaders	String	No	[{"k":"ALIWAF-TAG","v":"Yes"}]	The key-value pairs that you want to use to label the requests that pass through the WAF instance. Specify the key-value pair in the `[{"k":"_key_","v":"_value_"}]` format. `_key_` is the custom header field, and `_value_` is the value of the custom header field. WAF automatically adds the key-value pairs to request headers. This way, the backend service can identify requests that pass through WAF. Note If requests contain the custom header field, WAF overwrites the original value of the field with the specified value.
ResourceGroupId	String	No	rg-atstuj3rtop****	The ID of the resource group to which the WAF instance belongs in Resource Management. By default, this parameter is empty, which specifies that the instance belongs to the default resource group. For information about resource groups, see Create a resource group.
AccessType	String	No	waf-cloud-dns	The mode in which you want to add the domain name to WAF. Valid values: waf-cloud-dns: CNAME record mode. This is the default value. waf-cloud-native: transparent proxy mode.
HttpPort	String	No	[80]	The HTTP ports. Specify the value in the `["port1","port2",...]` format. Note This parameter is required only if you set AccessType to waf-cloud-dns. If you specify this parameter, your website uses HTTP. You must specify HttpPort or HttpsPort.
HttpsPort	String	No	[443]	The HTTPS ports. Specify the value in the `["port1","port2",...]` format. Note This parameter is required only if you set AccessType to waf-cloud-dns. If you specify this parameter, your website uses HTTPS. You must specify HttpPort or HttpPort.
HttpsRedirect	Integer	No	0	Specifies whether to enable HTTP to HTTPS redirection. If you enable HTTP to HTTPS redirection, requests are sent over HTTPS. The default port is 443. Valid values: 0: disables HTTP to HTTPS redirection. 1: enables HTTP to HTTPS redirection. Note This parameter is required only if you set AccessType to waf-cloud-dns and specify HttpsPort.
Http2Port	String	No	[443]	The HTTP/2 ports. Specify the value in the `["port1","port2",...]` format. Note This parameter is required only if you set AccessType to waf-cloud-dns and specify HttpsPort.
HttpToUserIp	Integer	No	0	Specifies whether to enable HTTPS to HTTP redirection for back-to-origin requests. If you enable HTTPS to HTTP redirection for back-to-origin requests, WAF forwards requests to the origin server over HTTP. The default port is 80. Valid values: 0: disables HTTPS to HTTP redirection for back-to-origin requests. This is the default value. 1: enables HTTPS to HTTP redirection for back-to-origin requests. Note This parameter is required only if you set AccessType to waf-cloud-dns and specify HttpsPort.
IpFollowStatus	Integer	No	1	Specifies whether to enable the feature of forwarding requests to the origin servers that use the IP address type that is specified in the requests. If you enable the feature, WAF forwards requests from IPv4 addresses to origin servers that use IPv4 addresses and requests from IPv6 addresses to origin servers that use IPv6 addresses. Valid values: 0: disables the feature of forwarding requests to the origin servers that use the IP address type that is specified in the requests. 1: enables the feature of forwarding requests to the origin servers that use the IP address type that is specified in the requests. Note This parameter is required only if you set AccessType to waf-cloud-dns.
SourceIps	String	No	["39.XX.XX.197"]	The IP address or domain name of the origin server. You can specify only one type of address. If you use an IP address, specify the value in the `["ip1","ip2",...]` format. You can specify up to 20 IP addresses. If you use a domain name, specify the value in the `["domain"]` format. You can enter only one domain name. Note This parameter is required only if you set AccessType to waf-cloud-dns.
LoadBalancing	Integer	No	0	The load balancing algorithm that you want WAF to use to forward requests to the origin server. Valid values: 0: the IP hash algorithm. 1: the round-robin algorithm. 2: the least time algorithm. Note This parameter is required only if you set AccessType to waf-cloud-dns.
ClusterType	Integer	No	0	The type of WAF protection cluster. Valid values: 0: shared cluster. This is the default value. 1: exclusive cluster. Note This parameter is required only if you set AccessType to waf-cloud-dns.
ConnectionTime	Integer	No	5	The timeout period for connections of WAF exclusive clusters. Unit: seconds. Note This parameter is required only if you set AccessType to waf-cloud-dns and ClusterType to 1.
ReadTime	Integer	No	120	The timeout period for read connections of WAF exclusive clusters. Unit: seconds. Note This parameter is required only if you set AccessType to waf-cloud-dns and ClusterType to 1.
WriteTime	Integer	No	120	The timeout period for write connections of WAF exclusive clusters. Unit: seconds. Note This parameter is required only if you set AccessType to waf-cloud-dns and ClusterType to 1.
CloudNativeInstances	String	No	[{"ProtocolPortConfigs":[{"Ports":[80],"Protocol":"http"}],"RedirectionTypeName":"ALB","InstanceId":"alb-s65nua68wdedsp****","IPAddressList":["182.XX.XX.113"],"CloudNativeProductName":"ALB"}]	The list of server and port configurations for the transparent proxy mode. Set the value to a string that consists of JSON arrays. Each element in a JSON array is a JSON struct that contains the following fields: ProtocolPortConfigs: the list of protocol and port configurations. This field is required. Data type: array. Each element in a JSON array is a JSON struct that contains the following fields: Ports: the list of ports. This field is required. Data type: array. Specify the value in the `[port1,port2,……]` format. Protocol: the protocol. This field is required. Data type: string. Valid values: http and https. CloudNativeProductName: the type of the cloud service instance. This field is required. Data type: string. Valid values: ECS, SLB, and ALB. RedirectionTypeName: the type of traffic redirection port. This field is required. Data type: string. Valid values: ECS, SLB-L4, SLB-L7, and ALB. InstanceId: the ID of the cloud service instance. This field is required. Data type: string. IPAddressList: the list of public IP addresses of the cloud service instance. This field is required. Data type: array. The value is in the `["ip1","ip2",...]` format. Note This parameter is required only if you set AccessType to waf-cloud-native.
SniStatus	Integer	No	1	Specifies whether to enable origin Server Name Indication (SNI). Origin SNI specifies the domain name with which an HTTPS connection must be established at the start of the handshaking process when WAF forwards requests to the origin server. If the origin server hosts multiple domain names, you must enable this feature. Valid values: 0: disables origin SNI. 1: enables origin SNI. By default, origin SNI is disabled for WAF instances in the Chinese mainland and enabled for WAF instances outside the Chinese mainland. Note This parameter is required only if you set AccessType to waf-cloud-dns and specify HttpsPort.
SniHost	String	No	waf.example.com	The value of the custom SNI field. If you do not specify this parameter, the value of the Host field in the request header is automatically used as the value of the SNI field. If you want WAF to use an SNI field value that is different from the Host field value in back-to-origin requests, you can specify a custom value for the SNI field. Note This parameter is required only if you set SniStatus to 1.
Retry	Boolean	No	true	Specifies whether WAF retries to forward requests when the requests fail to be forwarded to the origin server. Valid values: true (default) false
Keepalive	Boolean	No	true	Specifies whether to enable the persistent connection feature. Valid values: true (default) false
KeepaliveRequests	Integer	No	1000	The number of reused persistent connections. Valid values: 60 to 1000. Note The number of reused persistent connections after the persistent connection feature is enabled.
KeepaliveTimeout	Integer	No	15	The timeout period of persistent connections that are in the Idle state. Unit: seconds. Valid values: 1 to 60. Default value: 15. Note The period of time during which a reused persistent connection can remain in the Idle state before the persistent connection is released.

All Alibaba Cloud API requests must include common request parameters. For more information about common request parameters, see Common request parameters.

To view sample requests, see the "Examples" section of this topic.

Response parameters

Parameter	Type	Example	Description
Cname	String	mmspx7qhfvnfzggheh1g2wnbhog66vcv.****.com	The CNAME that is assigned by WAF to the domain name. Note This parameter is returned only if you set AccessType to waf-cloud-dns.
RequestId	String	D7861F61-5B61-46CE-A47C-6B19160D5EB0	The ID of the request.

Examples

Sample requests

http(s)://[Endpoint]/?Action=CreateDomain
&InstanceId=waf-cn-7pp26f1****
&Domain=www.example.com
&IsAccessProduct=0
&HttpPort=[\"80\"]
&SourceIps=[\"39.XX.XX.197\"]
&<Common request parameters>

Sample success responses

XML format

<CreateDomainResponse>
	  <Cname>mmspx7qhfvnfzggheh1g2wnbhog66vcv.****.com</Cname>
	  <RequestId>D7861F61-5B61-46CE-A47C-6B19160D5EB0</RequestId>
</CreateDomainResponse>

JSON format

{
	"Cname": "mmspx7qhfvnfzggheh1g2wnbhog66vcv.****.com",
	"RequestId": "D7861F61-5B61-46CE-A47C-6B19160D5EB0"
}

Error codes

For a list of error codes, see Service error codes.