DescribeDomainDetail - Web Application Firewall - Alibaba Cloud Documentation Center

Retrieves the details of a domain name that is added to WAF.

Try it now

Try this API in OpenAPI Explorer, no manual signing needed. Successful calls auto-generate SDK code matching your parameters. Download it with built-in credential security for local usage.

Test

RAM authorization

The table below describes the authorization required to call this API. You can define it in a Resource Access Management (RAM) policy. The table's columns are detailed below:

Action: The actions can be used in the Action element of RAM permission policy statements to grant permissions to perform the operation.
API: The API that you can call to perform the action.
Access level: The predefined level of access granted for each API. Valid values: create, list, get, update, and delete.
Resource type: The type of the resource that supports authorization to perform the action. It indicates if the action supports resource-level permission. The specified resource must be compatible with the action. Otherwise, the policy will be ineffective.
- For APIs with resource-level permissions, required resource types are marked with an asterisk (*). Specify the corresponding Alibaba Cloud Resource Name (ARN) in the Resource element of the policy.
- For APIs without resource-level permissions, it is shown as All Resources. Use an asterisk (*) in the Resource element of the policy.
Condition key: The condition keys defined by the service. The key allows for granular control, applying to either actions alone or actions associated with specific resources. In addition to service-specific condition keys, Alibaba Cloud provides a set of common condition keys applicable across all RAM-supported services.
Dependent action: The dependent actions required to run the action. To complete the action, the RAM user or the RAM role must have the permissions to perform all dependent actions.

Action

Access level

Resource type

Condition key

Dependent action

yundun-waf:DescribeDomainDetail

get

DefenseResource

acs:yundun-waf:{#regionId}:{#accountId}:defenseresource/{#Resource}

DefenseResource

acs:yundun-waf:{#regionId}:{#accountId}:defenseresource/{#Resource}-waf

None

Request parameters

Parameter	Type	Required	Description	Example
InstanceId	string	Yes	The ID of the Web Application Firewall (WAF) instance. Note Call DescribeInstance to query the ID of the current WAF instance.	waf_cdnsdf3****
DomainId	string	No	The ID of the domain name.	www.aliyundoc.com-waf
Domain	string	No	The domain name that you want to query.	www.aliyundoc.com
RegionId	string	No	The region where the WAF instance resides. Valid values: cn-hangzhou: the Chinese mainland. ap-southeast-1: outside the Chinese mainland.	cn-hangzhou

Response elements

Element	Type	Description	Example
	object	Details about the CNAME record.
RequestId	string	The request ID.	BAEF9CA9-66A0-533E-BD09-5D5D7AA8****
Domain	string	The domain name.	www.aliyundoc.com
DomainId	string	The ID of the domain name.	www.aliyundoc.com-waf
Status	integer	The domain name status. Valid values: 1: The domain name is in normal status. 2: The domain name is being created. 3: The domain name is being modified. 4: The domain name is being released. 5: The domain name stops forwarding traffic.	1
Cname	string	The CNAME assigned by WAF to the domain name.	xxxxxcvdaf.****.com
Listen	object	The listener configurations.
HttpPorts	array	The HTTP listener ports.
	integer	The HTTP listener port.	80
HttpsPorts	array	The HTTPS listener ports.
	integer	The HTTPS listener port.	443
Http2Enabled	boolean	Indicates whether HTTP/2 is enabled. Valid values: true: HTTP/2 is enabled. false: HTTP/2 is not enabled.	true
CertId	string	The ID of the certificate.	123
TLSVersion	string	The version of the Transport Layer Security (TLS) protocol. Valid values: tlsv1 tlsv1.1 tlsv1.2	tlsv1.2
EnableTLSv3	boolean	Indicates whether TLS 1.3 is supported. Valid values: true: TLS 1.3 is supported. false: TLS 1.3 is not supported.	true
CipherSuite	integer	The type of the cipher suite. Valid values: 1: All cipher suites are added. 2: Strong cipher suites are added. 99: Custom cipher suites are added.	2
CustomCiphers	array	The custom cipher suites.
	string	The custom cipher suite.	xxx
FocusHttps	boolean	Indicates whether HTTP to HTTPS redirection is enabled for the domain name. Valid values: true: HTTP to HTTPS redirection is enabled for the domain name. false: HTTP to HTTPS redirection is not enabled for the domain name.	true
SM2Enabled	boolean	Indicates whether SM certificate-based verification is enabled. Valid values: true: SM certificate-based verification is enabled. false: SM certificate-based verification is not enabled.	true
SM2CertId	string	The ID of the SM certificate that you want to add. This parameter is available only if you set SM2Enabled to true.	123-cn-hangzhou
SM2AccessOnly	boolean	Indicates whether only SM certificate-based clients can access the domain name. This parameter is available only if you set SM2Enabled to true. true: Only SM certificate-based clients can access the domain name. false: Both SM certificate-based and non-SM certificate-based clients can access the domain name.	true
XffHeaderMode	integer	The method that WAF uses to obtain the originating IP address of a client. Valid values: 0: The client traffic is not forwarded by a Layer 7 proxy before the traffic reaches WAF. 1: WAF reads the first value of the X-Forwarded-For (XFF) field in the request header as the client IP address. 2: WAF reads the value of a custom field that you specify in the request header as the client IP address.	2
XffHeaders	array	The custom header fields used to obtain the actual IP address of a client.
	string	The custom header field used to obtain the actual IP address of a client.	Client-ip
IPv6Enabled	boolean	Indicates whether IPv6 is enabled. Valid values: true: IPv6 is enabled. false: IPv6 is not enabled.	true
ProtectionResource	string	The type of protection resource used. Valid values: share: Shared cluster. gslb: Intelligent load balancing for shared clusters.	share
ExclusiveIp	boolean	Indicates whether an exclusive IP address is enabled for the domain name. Valid values: true: An exclusive IP address is enabled for the domain name. false: An exclusive IP address is not enabled for the domain name.	true
HstsIncludeSubDomain	boolean	Indicates whether HSTS includes subdomains. Valid values: true: HSTS includes subdomains. false: HSTS does not include subdomains.
HstsPreload	boolean	Indicates whether HSTS preload is enabled. Default value: false. Valid values: true: HSTS preload is enabled. false: HSTS preload is disabled.
HstsMaxAge	integer	The time-to-live (TTL) for HSTS. Unit: seconds.
Redirect	object	The forwarding configurations.
Backends `deprecated`	array<object>	An array of addresses of origin servers. Note This parameter will be deprecated. We recommend that you use BackendList instead.
	object	The IP address or domain name of the origin server.
Backend	string	The IP address or domain name of the origin server.	1.1.XX.XX
Loadbalance	string	The load balancing algorithm used when WAF forwards requests to the origin server. Valid values: iphash: IP hash algorithm. roundRobin: Round-robin algorithm. leastTime: Least time algorithm.	iphash
FocusHttpBackend	boolean	Specifies whether to force back-to-origin requests to use HTTP. Valid values: true: Requests are forced to use HTTP. false: Requests are not forced to use HTTP.	true
SniEnabled	boolean	Indicates whether origin Server Name Indication (SNI) is enabled. Valid values: true: Origin SNI is enabled. false (default): Origin SNI is not enabled.	true
SniHost	string	The value of the SNI field.	www.aliyundoc.com
RequestHeaders	array<object>	An array of key-value pairs used to mark the requests that pass through the WAF instance.
	object	The key-value pair used to mark the requests that pass through WAF.
Key	string	The key of the custom header field.	aaa
Value	string	The value of the custom header field.	bbb
ConnectTimeout	integer	The timeout period for connections. Unit: seconds. Valid values: 5 to 120.	120
WriteTimeout	integer	The timeout period for write operations. Unit: seconds. Valid values: 5 to 1,800.	200
ReadTimeout	integer	The timeout period for read operations. Unit: seconds. Valid values: 5 to 1,800.	200
Keepalive	boolean	Indicates whether the persistent connection feature is enabled. Valid values: true (default): The persistent connection feature is enabled. false: The persistent connection feature is not enabled.	true
Retry	boolean	Specifies whether WAF retries if it fails to forward requests to the origin server. Valid values: true (default): WAF retries. false: WAF does not retry.	true
KeepaliveRequests	integer	The number of requests that reuse persistent connections. Valid values: 60 to 1,000. Note The number of reused persistent connections after the persistent connection feature is enabled.	1000
KeepaliveTimeout	integer	The timeout period for idle persistent connections. Valid values: 1 to 60. Default value: 15. Unit: seconds. Note The period of time during which a reused persistent connection can remain in the Idle state before the persistent connection is released.	15
XffProto	boolean	Indicates whether X-Forward-For-Proto passes the WAF protocol. Valid values: true (default): X-Forward-For-Proto passes the WAF protocol. false: X-Forward-For-Proto does not pass the WAF protocol.	true
BackupBackends `deprecated`	array<object>	An array of backup addresses of origin servers. Note This parameter will be deprecated. We recommend that you use BackUpBackendList instead.
	object	The IP address or domain name of the origin server.
Backend	string	The backup IP address or domain name of the origin server.	[ "1.1.XX.XX", "2.2.XX.XX" ]
XClientIp	boolean	Indicates whether WAF is allowed to overwrite the X-Client-IP header. Valid values: true (default): WAF is allowed to overwrite the header. false: WAF is not allowed to overwrite the header.	true
XTrueIp	boolean	Indicates whether WAF is allowed to overwrite the X-True-IP header. Valid values: true (default): WAF is allowed to overwrite the header. false: WAF is not allowed to overwrite the header.	true
WebServerType	boolean	Indicates whether WAF is allowed to overwrite the Web-Server-Type header. Valid values: true (default): WAF is allowed to overwrite the header. false: WAF is not allowed to overwrite the header.	true
WLProxyClientIp	boolean	Indicates whether WAF is allowed to overwrite the WL-Proxy-Client-IP header. Valid values: true (default): WAF is allowed to overwrite the header. false: WAF is not allowed to overwrite the header.	true
MaxBodySize	integer	The maximum request body size. Valid values: 2 to 10. Default value: 2. Unit: GB. Note This feature is available only for the Ultimate edition.	2
Http2Origin	boolean	Indicates whether to enable HTTP/2 for origin fetch.	true
Http2OriginMaxConcurrency	integer	The number of concurrent connections for HTTP/2 origin fetch.	128
ProxyProtocol	boolean	Indicates whether the Proxy Protocol feature is enabled. Valid values: true: The Proxy Protocol feature is enabled. After this feature is enabled, backend services can view the original IP address of the client. false: The Proxy Protocol feature is disabled.
BackendList	array	The list of IP addresses or domain names of the origin servers for the domain name.
	string	The IP address or domain name of the origin server.	1.1.XX.XX
BackUpBackendList	array	The list of IP addresses or domain names of the backup origin servers for the domain name.
	string	The IP address or domain name of the backup origin server.	2.2.XX.XX
BackendPorts	array<object>	The custom port configuration. By default, the port is the same as the listener port.
	object	The custom port configuration. By default, the port is the same as the listener port.
ListenPort	integer	The listener port.	80
BackendPort	integer	The back-to-origin port.	80
Protocol	string	The protocol of the listener port. Valid values: http: HTTP https: HTTPS	http
ResourceManagerResourceGroupId	string	The ID of the resource group.	rg-acfm***q
CertDetail	object	The details of the SSL certificate.
Name	string	The name of the certificate.	test-cert-name
Id	string	The ID of the SSL certificate.	123-cn-hangzhou
StartTime	integer	The beginning of the validity period of the SSL certificate. Specify a Unix timestamp in UTC. Unit: milliseconds.	1677772800000
EndTime	integer	The end of the validity period of the SSL certificate. Specify a Unix timestamp in UTC. Unit: milliseconds.	1685590400000
CommonName	string	The common name.	test.aliyundoc.com
Sans	array	All domain names bound to the certificate.
	string	All domain names bound to the certificate.	www.aliyundoc.com
SM2CertDetail	object	The information about the SM certificate.
Name	string	The name of the certificate.	test-sm2-cert-name
Id	string	The ID of the SSL certificate.	123-cn-hangzhou
StartTime	integer	The beginning of the validity period of the SSL certificate. Specify a Unix timestamp in UTC. Unit: milliseconds.	1657551525000
EndTime	integer	The end of the validity period of the SSL certificate. Specify a Unix timestamp in UTC. Unit: milliseconds.	1665590400000
CommonName	string	The common name.	test.aliyundoc.com
Sans	array	All domain names bound to the certificate.
	string	All domain names bound to the certificate.	www.aliyundoc.com

Examples

Success response

JSON format

{
  "RequestId": "BAEF9CA9-66A0-533E-BD09-5D5D7AA8****",
  "Domain": "www.aliyundoc.com",
  "DomainId": "www.aliyundoc.com-waf",
  "Status": 1,
  "Cname": "xxxxxcvdaf.****.com",
  "Listen": {
    "HttpPorts": [
      80
    ],
    "HttpsPorts": [
      443
    ],
    "Http2Enabled": true,
    "CertId": "123",
    "TLSVersion": "tlsv1.2",
    "EnableTLSv3": true,
    "CipherSuite": 2,
    "CustomCiphers": [
      "xxx"
    ],
    "FocusHttps": true,
    "SM2Enabled": true,
    "SM2CertId": "123-cn-hangzhou",
    "SM2AccessOnly": true,
    "XffHeaderMode": 2,
    "XffHeaders": [
      "Client-ip"
    ],
    "IPv6Enabled": true,
    "ProtectionResource": "share",
    "ExclusiveIp": true,
    "HstsIncludeSubDomain": false,
    "HstsPreload": false,
    "HstsMaxAge": 0
  },
  "Redirect": {
    "Backends": [
      {
        "Backend": "1.1.XX.XX"
      }
    ],
    "Loadbalance": "iphash",
    "FocusHttpBackend": true,
    "SniEnabled": true,
    "SniHost": "www.aliyundoc.com",
    "RequestHeaders": [
      {
        "Key": "aaa",
        "Value": "bbb"
      }
    ],
    "ConnectTimeout": 120,
    "WriteTimeout": 200,
    "ReadTimeout": 200,
    "Keepalive": true,
    "Retry": true,
    "KeepaliveRequests": 1000,
    "KeepaliveTimeout": 15,
    "XffProto": true,
    "BackupBackends": [
      {
        "Backend": "[\n    \"1.1.XX.XX\",\n    \"2.2.XX.XX\"\n]\n"
      }
    ],
    "XClientIp": true,
    "XTrueIp": true,
    "WebServerType": true,
    "WLProxyClientIp": true,
    "MaxBodySize": 2,
    "Http2Origin": true,
    "Http2OriginMaxConcurrency": 128,
    "ProxyProtocol": false,
    "BackendList": [
      "1.1.XX.XX"
    ],
    "BackUpBackendList": [
      "2.2.XX.XX"
    ],
    "BackendPorts": [
      {
        "ListenPort": 80,
        "BackendPort": 80,
        "Protocol": "http"
      }
    ]
  },
  "ResourceManagerResourceGroupId": "rg-acfm***q",
  "CertDetail": {
    "Name": "test-cert-name",
    "Id": "123-cn-hangzhou",
    "StartTime": 1677772800000,
    "EndTime": 1685590400000,
    "CommonName": "test.aliyundoc.com",
    "Sans": [
      "www.aliyundoc.com"
    ]
  },
  "SM2CertDetail": {
    "Name": "test-sm2-cert-name",
    "Id": "123-cn-hangzhou",
    "StartTime": 1657551525000,
    "EndTime": 1665590400000,
    "CommonName": "test.aliyundoc.com\n",
    "Sans": [
      "www.aliyundoc.com\n"
    ]
  }
}

Error codes

HTTP status code	Error code	Error message
400	Waf.Pullin.DomainAndDomainIdBothEmpty	domain and domainId cannot be empty at the same time.
400	Waf.Pullin.DomainAndDomainIdNotMatch	domain and domainId do not match.
400	Waf.Pullin.DomainIdIsIllegal	The input parameter, the domainId is illegal.

See Error Codes for a complete list.

Release notes

See Release Notes for a complete list.