All Products
Search
Document Center

Web Application Firewall:DescribeHybridCloudResources

Last Updated:Sep 13, 2024

Queries the domain names that are added to a Web Application Firewall (WAF) instance in hybrid cloud mode.

Debugging

OpenAPI Explorer automatically calculates the signature value. For your convenience, we recommend that you call this operation in OpenAPI Explorer.

Authorization information

The following table shows the authorization information corresponding to the API. The authorization information can be used in the Action policy element to grant a RAM user or RAM role the permissions to call this API operation. Description:

  • Operation: the value that you can use in the Action element to specify the operation on a resource.
  • Access level: the access level of each operation. The levels are read, write, and list.
  • Resource type: the type of the resource on which you can authorize the RAM user or the RAM role to perform the operation. Take note of the following items:
    • The required resource types are displayed in bold characters.
    • If the permissions cannot be granted at the resource level, All Resources is used in the Resource type column of the operation.
  • Condition Key: the condition key that is defined by the cloud service.
  • Associated operation: other operations that the RAM user or the RAM role must have permissions to perform to complete the operation. To complete the operation, the RAM user or the RAM role must have the permissions to perform the associated operations.
OperationAccess levelResource typeCondition keyAssociated operation
yundun-waf:DescribeHybridCloudResourcesget
  • All Resources
    *
    none
none

Request parameters

ParameterTypeRequiredDescriptionExample
InstanceIdstringYes

The ID of the WAF instance.

Note You can call the DescribeInstance operation to obtain the ID of the WAF instance.
waf_v3prepaid_public_cn-***********
DomainstringNo

The domain name that you want to query.

www.aliyundoc.com
BackendstringNo

The back-to-origin IP address or domain name.

1.1.XX.XX
PageNumberlongNo

The page number. Default value: 1.

1
PageSizelongNo

The number of entries per page. Default value: 10.

10
CnameEnabledbooleanNo

Specifies whether the public cloud disaster recovery feature is enabled for the domain name. Valid values:

  • true
  • false
true
ResourceManagerResourceGroupIdstringNo

The ID of the resource group.

rg-acfmvtc5z52****
RegionIdstringNo

The region ID of the WAF instance. Valid values:

  • cn-hangzhou: the Chinese mainland.
  • ap-southeast-1: outside the Chinese mainland.
cn-hangzhou

Response parameters

ParameterTypeDescriptionExample
object
RequestIdstring

The ID of the request.

98D2AA9A-5959-5CCD-83E3-B6606232A2BE
TotalCountlong

The total number of entries that are returned.

24
Domainsarray<object>

The domain names.

object

The access configurations of the domain name.

Idlong

The access ID.

1
Uidstring

The user ID.

130715431409****
Domainstring

The domain name.

www.aliyundoc.com
Statusinteger

The status of the domain name. Valid values:

  • 1: The domain name is in a normal state.
  • 2: The domain name is being created.
  • 3: The domain name is being modified.
  • 4: The domain name is being released.
  • 5: WAF no longer forwards the traffic of the domain name.
1
Cnamestring

The CNAME assigned by WAF.

Note This parameter is returned only if the value of CnameEnabled is true.
50fqmu1ci7g0xtiyxnrhgx6qdhmn****.yundunwaf5.com
Listenobject

The listeners.

HttpPortsarray

The HTTP listener ports.

long

The HTTP listener port.

80
HttpsPortsarray

The HTTPS listener ports.

long

The HTTPS listener port.

443
Http2Enabledboolean

Indicates whether HTTP/2 is enabled. Valid values:

  • true
  • false
false
CertIdstring

The ID of the certificate.

72***76-cn-hangzhou
TLSVersionstring

The version of the Transport Layer Security (TLS) protocol. Valid values:

  • tlsv1
  • tlsv1.1
  • tlsv1.2
tlsv1.2
EnableTLSv3boolean

Indicates whether TLS 1.3 is supported. Valid values:

  • true
  • false
true
CipherSuiteinteger

The types of cipher suites that are added. Valid values:

  • 1: all cipher suites.
  • 2: strong cipher suites.
  • 99: custom cipher suites.
1
CustomCiphersarray

The custom cipher suites.

Note This parameter is returned only if the value of CipherSuite is 99.
string

The custom cipher suite.

ECDHE-ECDSA-AES128-GCM-SHA256
FocusHttpsboolean

Indicates whether the HTTP to HTTPS redirection feature is enabled for the domain name. Valid values:

  • true
  • false
false
XffHeaderModeinteger

The method that is used to obtain the actual IP address of a client. Valid values:

  • 0: No Layer 7 proxies are deployed in front of WAF.
  • 1: WAF reads the first value of the X-Forwarded-For (XFF) header field as the actual IP address of the client.
  • 2: WAF reads the value of a custom header field as the actual IP address of the client.
0
XffHeadersarray

The custom header fields that are used to obtain the actual IP addresses of clients. The value is in the ["header1","header2",...] format.

Note This parameter is returned only if the value of XffHeaderMode is 2.
string

The custom header field that is used to obtain the actual IP address of a client.

Client-ip
IPv6Enabledboolean

Specifies whether to enable IPv6. Valid values:

  • true
  • false
false
ProtectionResourcestring

The type of the protection resource. Valid values:

  • share: shared cluster.
  • gslb: shared cluster-based intelligent load balancing.
share
ExclusiveIpboolean

Indicates whether exclusive IP addresses are supported. Valid values:

  • true
  • false
true
Redirectobject

The configurations of the forwarding rule.

Backendsarray

The IP addresses or domain names of the origin server.

string

The IP address or domain name of the origin server.

1.1.XX.XX
FocusHttpBackendboolean

Indicates whether the HTTPS to HTTP redirection feature is enabled for back-to-origin requests. Valid values:

  • true
  • false
true
Loadbalancestring

The load balancing algorithm that is used to forward requests to the origin server. Valid values:

  • iphash
  • roundRobin
  • leastTime
iphash
SniEnabledboolean

Indicates whether the origin Server Name Indication (SNI) feature is enabled. Valid values:

  • true
  • false
true
SniHoststring

The value of the custom SNI field. If the parameter is left empty, the value of the Host field in the request header is automatically used as the value of the SNI field.

Note This parameter is returned only if the value of SniEnabled is true.
www.aliyundoc.com
RequestHeadersarray<object>

The key-value pair that is used to label requests that pass through WAF.

object

The key-value pair that is used to mark the requests that pass through the WAF instance.

Keystring

The key of the custom header field.

aaa
Valuestring

The value of the custom header field.

bbb
ConnectTimeoutlong

The timeout period for connections. Unit: seconds. Valid values: 5 to 120.

120
CnameEnabledboolean

Indicates whether the public cloud disaster recovery feature is enabled. Valid values:

  • true
  • false
true
RoutingRulesstring

The forwarding rules that are configured for the domain name. This parameter is a string that consists of JSON arrays. Each element in a JSON array is a JSON struct that contains the following fields:

  • rs: the back-to-origin IP addresses or CNAMEs. The value is of the ARRAY type.
  • location: the name of the protection node. The value is of the STRING type.
  • locationId: the ID of the protection node. The value is of the LONG type.
[ { "rs": [ "1.1.XX.XX" ], "locationId": 535, "location": "test1111" } ]
Keepaliveboolean

Indicates whether the persistent connection feature is enabled. Valid values:

  • true
  • false
true
KeepaliveRequestslong

The number of reused persistent connections. Valid values: 60 to 1000.

Note This parameter indicates the number of reused persistent connections after the persistent connection feature is enabled.
1000
KeepaliveTimeoutlong

The timeout period for persistent connections that are in the Idle state. Unit: seconds. Valid values: 1 to 60. Default value: 15.

Note This parameter indicates the period of time during which a reused persistent connection can remain in the Idle state before the persistent connection is released.
15
ReadTimeoutlong

The timeout period for read connections. Unit: seconds. Valid values: 5 to 1800.

200
Retryboolean

Indicates whether WAF retries forwarding requests if requests fail to be forwarded to the origin server. Valid values:

  • true
  • false
true
WriteTimeoutlong

The timeout period for write connections. Unit: seconds. Valid values: 5 to 1800.

200
ResourceManagerResourceGroupIdstring

The ID of the Alibaba Cloud resource group.

rg-acfmvtc5z52****

Examples

Sample success responses

JSONformat

{
  "RequestId": "98D2AA9A-5959-5CCD-83E3-B6606232A2BE",
  "TotalCount": 24,
  "Domains": [
    {
      "Id": 1,
      "Uid": "130715431409****",
      "Domain": "www.aliyundoc.com",
      "Status": 1,
      "Cname": "50fqmu1ci7g0xtiyxnrhgx6qdhmn****.yundunwaf5.com",
      "Listen": {
        "HttpPorts": [
          80
        ],
        "HttpsPorts": [
          443
        ],
        "Http2Enabled": false,
        "CertId": "72***76-cn-hangzhou",
        "TLSVersion": "tlsv1.2",
        "EnableTLSv3": true,
        "CipherSuite": 1,
        "CustomCiphers": [
          "ECDHE-ECDSA-AES128-GCM-SHA256"
        ],
        "FocusHttps": false,
        "XffHeaderMode": 0,
        "XffHeaders": [
          "Client-ip"
        ],
        "IPv6Enabled": false,
        "ProtectionResource": "share",
        "ExclusiveIp": true
      },
      "Redirect": {
        "Backends": [
          "1.1.XX.XX"
        ],
        "FocusHttpBackend": true,
        "Loadbalance": "iphash",
        "SniEnabled": true,
        "SniHost": "www.aliyundoc.com",
        "RequestHeaders": [
          {
            "Key": "aaa",
            "Value": "bbb"
          }
        ],
        "ConnectTimeout": 120,
        "CnameEnabled": true,
        "RoutingRules": "[\n      {\n            \"rs\": [\n                  \"1.1.XX.XX\"\n            ],\n            \"locationId\": 535,\n            \"location\": \"test1111\"\n      }\n]",
        "Keepalive": true,
        "KeepaliveRequests": 1000,
        "KeepaliveTimeout": 15,
        "ReadTimeout": 200,
        "Retry": true,
        "WriteTimeout": 200
      },
      "ResourceManagerResourceGroupId": "rg-acfmvtc5z52****"
    }
  ]
}

Error codes

For a list of error codes, visit the Service error codes.

Change history

Change timeSummary of changesOperation
2024-08-29The request parameters of the API has changedView Change Details
2024-02-22The response structure of the API has changedView Change Details
2024-02-20The response structure of the API has changedView Change Details
2023-10-19The response structure of the API has changedView Change Details