Modifies the configurations of a service that is added to Web Application Firewall (WAF).
Debugging
Authorization information
The following table shows the authorization information corresponding to the API. The authorization information can be used in the Action
policy element to grant a RAM user or RAM role the permissions to call this API operation. Description:
- Operation: the value that you can use in the Action element to specify the operation on a resource.
- Access level: the access level of each operation. The levels are read, write, and list.
- Resource type: the type of the resource on which you can authorize the RAM user or the RAM role to perform the operation. Take note of the following items:
- The required resource types are displayed in bold characters.
- If the permissions cannot be granted at the resource level,
All Resources
is used in the Resource type column of the operation.
- Condition Key: the condition key that is defined by the cloud service.
- Associated operation: other operations that the RAM user or the RAM role must have permissions to perform to complete the operation. To complete the operation, the RAM user or the RAM role must have the permissions to perform the associated operations.
Operation | Access level | Resource type | Condition key | Associated operation |
---|---|---|---|---|
yundun-waf:ModifyCloudResource | update | *All Resources * |
| none |
Request parameters
Parameter | Type | Required | Description | Example |
---|---|---|---|---|
InstanceId | string | Yes | The ID of the WAF instance. Note
You can call the DescribeInstance operation to query the ID of the WAF instance.
| waf_v3prepaid_public_cn-*** |
ResourceManagerResourceGroupId | string | No | The ID of the Alibaba Cloud resource group. | rg-acfm***q |
Listen | object | Yes | The configurations of the listeners. | |
TLSVersion | string | No | The Transport Layer Security (TLS) version. This parameter is available only if you specify HttpsPorts. Valid values:
| tlsv1.2 |
EnableTLSv3 | boolean | No | Specifies whether to support TLS 1.3. This parameter is available only if you specify HttpsPorts. Valid values:
| true |
CipherSuite | integer | No | The type of the cipher suites that you want to add. This parameter is available only if you specify HttpsPorts. Valid values:
| 1 |
CustomCiphers | array | No | An array of custom cipher suites. | |
string | No | The custom cipher suites that you want to add. This parameter is available only if you set CipherSuite to 99. | ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-GCM-SHA384 | |
ResourceProduct | string | Yes | The cloud service. Valid values:
| clb7 |
ResourceInstanceId | string | Yes | The ID of the resource. | lb-*** |
Port | integer | Yes | The port of the resource that you want to add to WAF. | 80 |
Protocol | string | Yes | The type of the protocol. Valid values:
| http |
Certificates | array<object> | No | An array of certificates. | |
object | No | The certificate information. | ||
CertificateId | string | No | The ID of the certificate. | 123-cn-hangzhou |
AppliedType | string | No | The type of the HTTPS certificate. Valid values:
| default |
Http2Enabled | boolean | No | Specifies whether to enable HTTP/2. This parameter is available only if you specify HttpsPorts. Valid values:
| true |
Redirect | object | No | The configurations of the forwarding rule. | |
RequestHeaders | array<object> | No | The custom header field that you want to use to label requests that are processed by WAF. | |
object | No | Specify the value in the [{"k":"key","v":"value"}] format. key specifies the key of the custom header field. value specifies the value of the custom header field. Note
If the request contains the custom header field, WAF overwrites the original value of the field with the specified value.
| ||
Key | string | No | The key of the custom header field. | key1 |
Value | string | No | The value of the custom header field. | value1 |
XffHeaderMode | integer | No | The method that WAF uses to obtain the originating IP address of a client. Valid values:
| 0 |
XffHeaders | array | No | The custom header field that is used to obtain the originating IP address of a client. Specify the value in the ["header1","header2",...] format. Note
This parameter is required only if you set XffHeaderMode to 2.
| |
string | No | The custom header field that is used to obtain the originating IP address of a client. Specify the value in the ["header1","header2",...] format. Note
This parameter is required only if you set XffHeaderMode to 2.
| header1 | |
ReadTimeout | integer | No | The timeout period for read connections. Unit: seconds. Valid values: 1 to 3600. | 1 |
WriteTimeout | integer | No | The timeout period for write connections. Unit: seconds. Valid values: 1 to 3600. | 1 |
Keepalive | boolean | No | Specifies whether to enable the persistent connection feature. Valid values:
| true |
KeepaliveRequests | integer | No | The number of requests that reuse persistent connections. Valid values: 60 to 1000. Note
This parameter specifies the number of requests that can reuse persistent connections after you enable the persistent connection feature.
| 1000 |
KeepaliveTimeout | integer | No | The timeout period for idle persistent connections. Valid values: 10 to 3600. Default value: 3600. Unit: seconds. Note
If no new requests are initiated over the idle persistent connection within the specified timeout period, the connection is closed.
| 15 |
XffProto | boolean | No | Specifies whether to use the X-Forward-For-Proto header to identify the protocol used by WAF to forward requests to the origin server. Valid values:
| true |
RegionId | string | Yes | The region in which the WAF instance is deployed. Valid values:
| cn-hangzhou |
Response parameters
Examples
Sample success responses
JSON
format
{
"RequestId": "D7861F61-5B61-46CE-A47C-***",
"CloudResource": "lb-xxx-80-clb7"
}
Error codes
For a list of error codes, visit the Service error codes.
Change history
Change time | Summary of changes | Operation |
---|---|---|
2024-10-10 | The internal configuration of the API is changed, but the call is not affected | View Change Details |