Adds a service to Web Application Firewall (WAF). This operation is supported for only the Elastic Compute Service (ECS) and Classic Load Balancer (CLB) services.
Debugging
Authorization information
The following table shows the authorization information corresponding to the API. The authorization information can be used in the Action
policy element to grant a RAM user or RAM role the permissions to call this API operation. Description:
- Operation: the value that you can use in the Action element to specify the operation on a resource.
- Access level: the access level of each operation. The levels are read, write, and list.
- Resource type: the type of the resource on which you can authorize the RAM user or the RAM role to perform the operation. Take note of the following items:
- The required resource types are displayed in bold characters.
- If the permissions cannot be granted at the resource level,
All Resources
is used in the Resource type column of the operation.
- Condition Key: the condition key that is defined by the cloud service.
- Associated operation: other operations that the RAM user or the RAM role must have permissions to perform to complete the operation. To complete the operation, the RAM user or the RAM role must have the permissions to perform the associated operations.
Operation | Access level | Resource type | Condition key | Associated operation |
---|---|---|---|---|
yundun-waf:CreateCloudResource | create |
|
| none |
Request parameters
Parameter | Type | Required | Description | Example |
---|---|---|---|---|
InstanceId | string | Yes | The ID of the WAF instance. Note
You can call the DescribeInstance operation to query the ID of the WAF instance.
| waf_v3prepaid_public_cn-*** |
ResourceManagerResourceGroupId | string | No | The ID of the Alibaba Cloud resource group. | rg-acfm***q |
Listen | object | Yes | The configurations of the listeners. | |
TLSVersion | string | No | The Transport Layer Security (TLS) version. This parameter is available only if you specify HttpsPorts. Valid values:
| tlsv1 |
EnableTLSv3 | boolean | No | Specifies whether to support TLS 1.3. This parameter is available only if you specify HttpsPorts. Valid values:
| true |
CipherSuite | integer | No | The type of the cipher suites that you want to add. This parameter is available only if you specify HttpsPorts. Valid values:
| 1 |
CustomCiphers | array | No | The custom cipher suites that you want to add. This parameter is available only if you set CipherSuite to 99. | |
string | No | The custom cipher suites that you want to add. This parameter is available only if you set CipherSuite to 99. | ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-ECDSA-AES256-SHA384 | |
ResourceProduct | string | Yes | The cloud service. Valid values:
| clb4 |
ResourceInstanceId | string | Yes | The ID of the resource. | lb-bp1***** |
Port | integer | Yes | The port of the resource that you want to add to WAF. | 80 |
Protocol | string | Yes | The type of the protocol. Valid values:
| http |
Certificates | array<object> | No | An array of certificates. | |
object | No | The certificate information. | ||
CertificateId | string | No | The ID of the certificate that you want to add. Note
You can call the DescribeCertificates operation to query the IDs of all SSL certificates that are associated with a domain name.
| 123-cn-hangzhou |
AppliedType | string | No | The type of the HTTPS certificate. Valid values:
| default |
Http2Enabled | boolean | No | Specifies whether to enable HTTP/2. This parameter is available only if you specify HttpsPorts. Valid values:
| true |
Redirect | object | No | The configurations of the forwarding rule. | |
RequestHeaders | array<object> | No | The custom header fields. Specify the value in the [{"k":"key","v":"value"}] format. key specifies the key of the custom header field. value specifies the value of the custom header field. Note
If the request contains the custom header field, WAF overwrites the original value of the field with the specified value.
| |
object | No | The custom header fields. Specify the value in the [{"k":"key","v":"value"}] format. key specifies the key of the custom header field. value specifies the value of the custom header field. | ||
Key | string | No | The key of the custom header field. | key1 |
Value | string | No | The value of the custom header field. | value1 |
XffHeaderMode | integer | No | The method that WAF uses to obtain the originating IP address of a client. Valid values:
| 1 |
XffHeaders | array | No | The custom header fields that are used to obtain the originating IP address of a client. Specify the value in the ["header1","header2",...] format. Note
This parameter is required only if you set XffHeaderMode to 2.
| |
string | No | The custom header fields that are used to obtain the originating IP address of a client. Specify the value in the ["header1","header2",...] format. Note
This parameter is required only if you set XffHeaderMode to 2.
| header1 | |
ReadTimeout | integer | No | The timeout period for read connections. Unit: seconds. Valid values: 1 to 3600. | 1 |
WriteTimeout | integer | No | The timeout period for write connections. Unit: seconds. Valid values: 1 to 3600. | 1 |
Keepalive | boolean | No | Specifies whether to enable the persistent connection feature. Valid values:
| true |
KeepaliveRequests | integer | No | The number of requests that reuse persistent connections. Valid values: 60 to 1000. Note
This parameter specifies the number of requests that can reuse persistent connections after you enable the persistent connection feature.
| 1000 |
KeepaliveTimeout | integer | No | The timeout period for idle persistent connections. Valid values: 10 to 3600. Default value: 3600. Unit: seconds. Note
If no new requests are initiated over the idle persistent connection within the specified timeout period, the connection is closed
| 15 |
XffProto | boolean | No | Specifies whether to use the X-Forward-For-Proto header to identify the protocol used by WAF to forward requests to the origin server. Valid values:
| true |
RegionId | string | Yes | The region in which the WAF instance is deployed. Valid values:
| cn-hangzhou |
OwnerUserId | string | No | The ID of the Alibaba Cloud account to which the resource belongs. | 123 |
Response parameters
Examples
Sample success responses
JSON
format
{
"RequestId": "66A98669-ER12-WE34-23PO-301469*****E",
"CloudResourceId": "lb-***"
}
Error codes
For a list of error codes, visit the Service error codes.