DescribeHybridCloudResources - Web Application Firewall - Alibaba Cloud Documentation Center

Queries the domain names in a hybrid cloud.

Try it now

Try this API in OpenAPI Explorer, no manual signing needed. Successful calls auto-generate SDK code matching your parameters. Download it with built-in credential security for local usage.

Test

RAM authorization

The table below describes the authorization required to call this API. You can define it in a Resource Access Management (RAM) policy. The table's columns are detailed below:

Action: The actions can be used in the Action element of RAM permission policy statements to grant permissions to perform the operation.
API: The API that you can call to perform the action.
Access level: The predefined level of access granted for each API. Valid values: create, list, get, update, and delete.
Resource type: The type of the resource that supports authorization to perform the action. It indicates if the action supports resource-level permission. The specified resource must be compatible with the action. Otherwise, the policy will be ineffective.
- For APIs with resource-level permissions, required resource types are marked with an asterisk (*). Specify the corresponding Alibaba Cloud Resource Name (ARN) in the Resource element of the policy.
- For APIs without resource-level permissions, it is shown as All Resources. Use an asterisk (*) in the Resource element of the policy.
Condition key: The condition keys defined by the service. The key allows for granular control, applying to either actions alone or actions associated with specific resources. In addition to service-specific condition keys, Alibaba Cloud provides a set of common condition keys applicable across all RAM-supported services.
Dependent action: The dependent actions required to run the action. To complete the action, the RAM user or the RAM role must have the permissions to perform all dependent actions.

Action

Access level

Resource type

Condition key

Dependent action

yundun-waf:DescribeHybridCloudResources

get

*All Resource

*

None

Request parameters

Parameter	Type	Required	Description	Example
InstanceId	string	Yes	The ID of the WAF instance. Note You can call the DescribeInstance operation to query the ID of the current WAF instance.	waf_v3prepaid_public_cn-***********
Domain	string	No	The domain name that you want to query.	www.aliyundoc.com
Backend	string	No	The back-to-origin IP address or domain name of the origin server.	1.1.XX.XX
PageNumber	integer	No	The page number of the page to return. Default value: 1.	1
PageSize	integer	No	The number of entries to return on each page. Default value: 10.	10
CnameEnabled	boolean	No	Specifies whether to enable public cloud disaster recovery. Valid values: true: enables public cloud disaster recovery. false: does not enable public cloud disaster recovery.	true
RegionId	string	No	The region where the WAF instance resides. Valid values: cn-hangzhou: the Chinese mainland. ap-southeast-1: outside the Chinese mainland.	cn-hangzhou
ResourceManagerResourceGroupId	string	No	The ID of the Alibaba Cloud resource group.	rg-acfmvtc5z52****

Response elements

Element	Type	Description	Example
	object
Domains	array<object>	The list of domain names.
	object	The details of the domain name configuration.
Status	integer	The status of the domain name. Valid values: 1: The domain name is in a normal state. 2: The domain name is being created. 3: The domain name is being modified. 4: The domain name is being released. 5: Forwarding is disabled for the domain name.	1
ResourceManagerResourceGroupId	string	The ID of the Alibaba Cloud resource group.	rg-acfmvtc5z52****
Uid	string	The user ID.	130715431409****
Listen	object	The listener configuration.
HttpsPorts	array	The list of HTTPS ports.
	integer	The HTTPS port.	443
ProtectionResource	string	The type of the protection resource to be used. Valid values: share: indicates that a shared cluster is used. gslb: indicates that intelligent load balancing for a shared cluster is used.	share
CustomCiphers	array	The custom cipher suites to be added. Note This parameter is returned only when CipherSuite is set to 99.
	string	The custom cipher suite.	ECDHE-ECDSA-AES128-GCM-SHA256
TLSVersion	string	The TLS version. Valid values: tlsv1 tlsv1.1 tlsv1.2	tlsv1.2
Http2Enabled	boolean	Specifies whether to enable HTTP/2. Valid values: true: enables HTTP/2. false: does not enable HTTP/2.	false
CertId	string	The certificate ID.	72***76-cn-hangzhou
CipherSuite	integer	The type of the cipher suite. Valid values: 1: indicates that all cipher suites are added. 2: indicates that strong cipher suites are added. 99: indicates that custom cipher suites are added.	1
EnableTLSv3	boolean	Specifies whether TLS 1.3 is supported. Valid values: true: TLS 1.3 is supported. false: TLS 1.3 is not supported.	true
IPv6Enabled	boolean	Specifies whether to enable IPv6. Valid values: true: enables IPv6. false: does not enable IPv6.	false
FocusHttps	boolean	Specifies whether to enable force redirect to HTTPS. Valid values: true: enables force redirect to HTTPS. false: does not enable force redirect to HTTPS.	false
XffHeaders	array	The list of custom header fields that are used to obtain the client IP address. The value is in the `["header1","header2",...]` format. Note This parameter is returned only when XffHeaderMode is set to 2. A value of 2 indicates that WAF reads the value of a custom header field as the client IP address.
	string	The list of custom header fields that are used to obtain the client IP address.	Client-ip
XffHeaderMode	integer	The method that WAF uses to obtain the real IP address of a client. Valid values: 0: No Layer 7 proxies are deployed before WAF. 1: WAF reads the first value of the X-Forwarded-For (XFF) header field as the client IP address. 2: WAF reads the value of a custom header field as the client IP address.	0
ExclusiveIp	boolean	Specifies whether to use an exclusive IP address. Valid values: true: An exclusive IP address is used. false: An exclusive IP address is not used.	true
HttpPorts	array	The list of HTTP listener ports.
	integer	The HTTP listener port.	80
Id	integer	The configuration ID.	12345
Redirect	object	The forwarding configuration.
ConnectTimeout	integer	The connection timeout period. Unit: seconds. Valid values: 5 to 120.	120
Keepalive	boolean	Specifies whether to enable persistent connections. Valid values: true: enables persistent connections. false: does not enable persistent connections.	true
SniEnabled	boolean	Specifies whether to enable back-to-origin SNI. Valid values: true: enables back-to-origin SNI. false: does not enable back-to-origin SNI.	true
CnameEnabled	boolean	Specifies whether to enable public cloud disaster recovery. Valid values: true: enables public cloud disaster recovery. false: does not enable public cloud disaster recovery.	true
KeepaliveTimeout	integer	The timeout period for an idle persistent connection. Valid values: 1 to 60. Default value: 15. Unit: seconds. Note An idle persistent connection is released after the timeout period expires.	15
ReadTimeout	integer	The read timeout period. Unit: seconds. Valid values: 5 to 1800.	200
Backends	array	The back-to-origin IP addresses or domain names of the origin server.
	string	The back-to-origin IP address or domain name of the origin server.	1.1.XX.XX
SniHost	string	The custom value of the SNI extension field. If this parameter is not specified, the value of the Host field in the request header is used as the value of the SNI extension field. Note This parameter is returned only when SniEnabled is set to true. A value of true indicates that back-to-origin SNI is enabled.	www.aliyundoc.com
FocusHttpBackend	boolean	Specifies whether to enable force back-to-origin over HTTP. Valid values: true: enables force back-to-origin over HTTP. false: does not enable force back-to-origin over HTTP.	true
WriteTimeout	integer	The write timeout period. Unit: seconds. Valid values: 5 to 1800.	200
RoutingRules	string	The forwarding rules for the hybrid cloud. The value is a string that consists of a JSON array. Each element in the array is a struct that contains the following fields: rs: The back-to-origin IP addresses or CNAMEs. This field is of the Array type. location: The name of the protection node. This field is of the String type. locationId: The ID of the protection node. This field is of the Long type.	[ { "rs": [ "1.1.XX.XX" ], "locationId": 535, "location": "test1111" } ]
Retry	boolean	Specifies whether to retry when a back-to-origin request fails. Valid values: true: retries when a back-to-origin request fails. false: does not retry when a back-to-origin request fails.	true
RequestHeaders	array<object>	The custom header field and value that are used to mark the traffic that is processed by WAF.
	object	The custom header field and value that are used to mark the traffic that is processed by WAF.
Value	string	The value of the custom request header field.	bbb
Key	string	The custom request header field.	aaa
KeepaliveRequests	integer	The number of requests that can be reused in a persistent connection. Valid values: 60 to 1000. Note The number of requests that are reused after a persistent connection is established.	1000
Loadbalance	string	The load balancing algorithm for back-to-origin requests. Valid values: iphash: the IP hash algorithm. roundRobin: the round-robin algorithm. leastTime: the least time algorithm.	iphash
Domain	string	The domain name.	www.aliyundoc.com
Cname	string	The CNAME that is assigned by WAF to the domain name. Note This parameter is returned only when CnameEnabled is set to true. A value of true indicates that public cloud disaster recovery is enabled.	50fqmu1ci7g0xtiyxnrhgx6qdhmn****.yundunwaf5.com
TotalCount	integer	The total number of entries returned.	24
RequestId	string	The ID of the request.	98D2AA9A-5959-5CCD-83E3-B6606232A2BE

Examples

Success response

JSON format

{
  "Domains": [
    {
      "Status": 1,
      "ResourceManagerResourceGroupId": "rg-acfmvtc5z52****",
      "Uid": "130715431409****",
      "Listen": {
        "HttpsPorts": [
          443
        ],
        "ProtectionResource": "share",
        "CustomCiphers": [
          "ECDHE-ECDSA-AES128-GCM-SHA256"
        ],
        "TLSVersion": "tlsv1.2",
        "Http2Enabled": false,
        "CertId": "72***76-cn-hangzhou",
        "CipherSuite": 1,
        "EnableTLSv3": true,
        "IPv6Enabled": false,
        "FocusHttps": false,
        "XffHeaders": [
          "Client-ip"
        ],
        "XffHeaderMode": 0,
        "ExclusiveIp": true,
        "HttpPorts": [
          80
        ]
      },
      "Id": 12345,
      "Redirect": {
        "ConnectTimeout": 120,
        "Keepalive": true,
        "SniEnabled": true,
        "CnameEnabled": true,
        "KeepaliveTimeout": 15,
        "ReadTimeout": 200,
        "Backends": [
          "1.1.XX.XX"
        ],
        "SniHost": "www.aliyundoc.com",
        "FocusHttpBackend": true,
        "WriteTimeout": 200,
        "RoutingRules": "[\n      {\n            \"rs\": [\n                  \"1.1.XX.XX\"\n            ],\n            \"locationId\": 535,\n            \"location\": \"test1111\"\n      }\n]",
        "Retry": true,
        "RequestHeaders": [
          {
            "Value": "bbb",
            "Key": "aaa"
          }
        ],
        "KeepaliveRequests": 1000,
        "Loadbalance": "iphash"
      },
      "Domain": "www.aliyundoc.com",
      "Cname": "50fqmu1ci7g0xtiyxnrhgx6qdhmn****.yundunwaf5.com"
    }
  ],
  "TotalCount": 24,
  "RequestId": "98D2AA9A-5959-5CCD-83E3-B6606232A2BE"
}

Error codes

See Error Codes for a complete list.

Release notes

See Release Notes for a complete list.