ModifyDomain - Web Application Firewall - Alibaba Cloud Documentation Center

Modifies a domain name that is configured for CNAME access.

Try it now

Try this API in OpenAPI Explorer, no manual signing needed. Successful calls auto-generate SDK code matching your parameters. Download it with built-in credential security for local usage.

Test

RAM authorization

The table below describes the authorization required to call this API. You can define it in a Resource Access Management (RAM) policy. The table's columns are detailed below:

Action: The actions can be used in the Action element of RAM permission policy statements to grant permissions to perform the operation.
API: The API that you can call to perform the action.
Access level: The predefined level of access granted for each API. Valid values: create, list, get, update, and delete.
Resource type: The type of the resource that supports authorization to perform the action. It indicates if the action supports resource-level permission. The specified resource must be compatible with the action. Otherwise, the policy will be ineffective.
- For APIs with resource-level permissions, required resource types are marked with an asterisk (*). Specify the corresponding Alibaba Cloud Resource Name (ARN) in the Resource element of the policy.
- For APIs without resource-level permissions, it is shown as All Resources. Use an asterisk (*) in the Resource element of the policy.
Condition key: The condition keys defined by the service. The key allows for granular control, applying to either actions alone or actions associated with specific resources. In addition to service-specific condition keys, Alibaba Cloud provides a set of common condition keys applicable across all RAM-supported services.
Dependent action: The dependent actions required to run the action. To complete the action, the RAM user or the RAM role must have the permissions to perform all dependent actions.

Action

Access level

Resource type

Condition key

Dependent action

yundun-waf:ModifyDomain

update

DefenseResource

acs:yundun-waf:{#regionId}:{#accountId}:defenseresource/{#Resource}

DefenseResource

acs:yundun-waf:{#regionId}:{#accountId}:defenseresource/{#Domain}-waf

None

Request parameters

Parameter	Type	Required	Description	Example
InstanceId	string	Yes	The ID of the WAF instance. Note You can call DescribeInstance to query the ID of your WAF instance.	waf_cdnsdf3****
Domain	string	No	The domain name to modify.	www.aliyundoc.com
DomainId	string	No	The domain ID.	www.aliyundoc.com-waf
Listen	object	Yes	Configure listener settings.
HttpsPorts	array	No	The HTTPS listener ports, in the format [port1,port2,…].
	integer	No	An HTTPS listener port.	443
HttpPorts	array	No	The HTTP listener ports, in the format [port1,port2,…].
	integer	No	An HTTP listener port.	80
Http2Enabled	boolean	No	Whether to enable HTTP/2. Use this parameter only when HttpsPorts is not empty (indicating that the domain uses HTTPS). Valid values: true: Enable HTTP/2. false (default): Disable HTTP/2.	true
CertId	string	No	The ID of the certificate to add.	123
SM2Enabled	boolean	No	Whether to enable SM certificates.	true
SM2CertId	string	No	The ID of the SM certificate to add. Use this parameter only when SM2Enabled is set to true.	123-cn-hangzhou
SM2AccessOnly	boolean	No	Whether only SM clients can access the domain. Use this parameter only when SM2Enabled is set to true. Valid values: true: Only SM clients can access. false: Both SM and non-SM clients can access.	true
TLSVersion	string	No	The TLS version to use. Use this parameter only when HttpsPorts is not empty (indicating that the domain uses HTTPS). Valid values: tlsv1 tlsv1.1 tlsv1.2	tlsv1
EnableTLSv3	boolean	No	Whether to support TLS 1.3. Use this parameter only when HttpsPorts is not empty (indicating that the domain uses HTTPS). Valid values: true: Support TLS 1.3. false: Do not support TLS 1.3.	true
CipherSuite	integer	No	The cipher suite type to use. Use this parameter only when HttpsPorts is not empty (indicating that the domain uses HTTPS). Valid values: 1: Use all cipher suites. 2: Use strong cipher suites. This value is valid only when TLSVersion is set to tlsv1.2. 99: Use a custom cipher suite.	2
CustomCiphers	array	No	The specific custom cipher suites to add. Use this parameter only when CipherSuite is set to 99.
	string	No	A custom cipher suite.	["xxx","ffas"]
FocusHttps	boolean	No	Whether to enable forced HTTPS redirection. Use this parameter only when HttpsPorts is not empty (indicating that the domain uses HTTPS) and HttpPorts is empty (indicating that the domain does not use HTTP). Valid values: true: Enable forced HTTPS redirection. false: Disable forced HTTPS redirection.	true
XffHeaderMode	integer	No	How WAF retrieves the real client IP address. Valid values: 0 (default): Client traffic reaches WAF without passing through another Layer 7 proxy. 1: WAF reads the first value in the X-Forwarded-For (XFF) request header as the client IP. 2: WAF reads the value from a custom request header field you specify as the client IP.	2
XffHeaders	array	No	The list of custom request header fields used to retrieve the client IP, in the format ["header1","header2",…]. Note Set this parameter only when XffHeaderMode is set to 2 (indicating that WAF reads the client IP from a custom request header field you specify).
	string	No	A custom request header field used to retrieve the client IP.	Client-ip
IPv6Enabled	boolean	No	Whether to enable IPv6. Valid values: true: Enable IPv6. false (default): Disable IPv6.	true
ProtectionResource	string	No	The protection resource type to use. Valid values: share (default): Use a shared cluster. gslb: Use intelligent load balancing with a shared cluster.	share
ExclusiveIp	boolean	No	Whether to enable an exclusive IP address. Use this parameter only when IPv6Enabled is false (indicating that IPv6 is disabled) and ProtectionResource is set to share (indicating that a shared cluster is used). Valid values: true: Enable an exclusive IP address. false (default): Disable an exclusive IP address.	true
Redirect	object	Yes	Configure forwarding settings.
Backends	array	No	The origin server IP addresses or origin domain names for the domain. You can specify either origin server IP addresses or an origin domain name, but not both. If you specify an origin domain name, only IPv4 is supported (IPv6 is not supported): To specify origin server IP addresses, use the format ["ip1","ip2",…]. You can add up to 20 IP addresses. To specify an origin domain name, use the format ["domain"]. You can add up to 20 domain names.
	string	No	An origin server IP address or origin domain name.	1.1.XX.XX
Loadbalance	string	Yes	The load balancing algorithm used during back-to-origin requests. Valid values: iphash: IP hash algorithm. roundRobin: Round-robin algorithm. leastTime: Least time algorithm. This value is valid only when ProtectionResource is set to gslb (indicating that intelligent load balancing with a shared cluster is used).	iphash
FocusHttpBackend	boolean	No	Whether to force HTTP back-to-origin requests. Use this parameter only when HttpsPorts is not empty (indicating that the domain uses HTTPS). Valid values: true: Force HTTP back-to-origin requests. false: Do not force HTTP back-to-origin requests.	true
SniEnabled	boolean	No	Whether to enable back-to-origin SNI. Use this parameter only when HttpsPorts is not empty (indicating that the domain uses HTTPS). Valid values: true: Enable back-to-origin SNI. false (default): Disable back-to-origin SNI.	true
SniHost	string	No	The value for the custom SNI extension field. If you do not set this parameter, WAF uses the value of the Host field in the request header as the SNI extension field by default. Note Set this parameter only when SniEnabled is set to true (indicating that custom back-to-origin SNI is enabled).	www.aliyundoc.com
RequestHeaders	array<object>	No	The traffic marking fields and values for the domain, used to mark traffic processed by WAF. By specifying custom request header fields and their corresponding values, WAF automatically adds these custom fields to the request headers when traffic for the domain passes through WAF. This helps your backend services track relevant information.
	object	No	The parameter value format is [*{"k":"key","v":"value"}]. Here, key* is the custom request header field, and value is the value assigned to that field. Note If the request already contains the specified custom header field, WAF overwrites its value with the traffic marking value you set.
Key	string	No	The custom request header field.	aaa
Value	string	No	The value assigned to the custom request header field.	bbb
ConnectTimeout	integer	No	The connection timeout in seconds. Valid values range from 1 to 3600. The default value is 5.	120
ReadTimeout	integer	No	Specifies the read timeout period in seconds. Valid values: 1 to 3600. Default value: 120	200
WriteTimeout	integer	No	Specifies the write timeout in seconds. The value must be an integer from 1 to 3600. The default value is 120.	200
CnameEnabled	boolean	No	Whether to enable public cloud disaster recovery. Valid values: true: Enable public cloud disaster recovery. false (default): Disable public cloud disaster recovery.	true
RoutingRules	string	No	The hybrid cloud forwarding rules, represented as a JSON array string. Each element in the JSON array is a struct containing the following fields: rs: Array \| The list of back-to-origin IP addresses or CNAMEs. backupRs: Array \| The list of backup back-to-origin IP addresses or CNAMEs. This field is required. Use [] if no backup is configured. location: String \| The name of the protection node. locationId: Long \| The ID of the protection node.	[ { "rs": [ "1.1.XX.XX" ], "backupRs": [ "2.2.XX.XX" ], "locationId": 535, "location": "test1111" } ]
Keepalive	boolean	No	Whether to maintain persistent connections. Valid values: true (default): Maintain persistent connections. false: Do not maintain persistent connections.	true
Retry	boolean	No	Whether WAF retries on back-to-origin failure. Valid values: true (default): Retry. false: Do not retry.	true
KeepaliveRequests	integer	No	The number of requests to reuse per persistent connection. Valid values: 60 to 1000. Default value: 1000. Unit: requests. Note When persistent connections are enabled, this parameter specifies how many requests each connection can handle before being reused.	1000
KeepaliveTimeout	integer	No	The idle timeout for persistent connections. Valid values: 1 to 60. Default value: 15. Unit: seconds. Note This parameter specifies how long an idle persistent connection remains open before being released.	15
XffProto	boolean	No	Whether to pass the WAF protocol via X-Forwarded-Proto. Valid values: true (default): Pass the WAF protocol. false: Do not pass the WAF protocol.	true
BackupBackends	array	No	The backup origin server IP addresses or origin domain names for the domain.
	string	No	The backup origin server IP addresses or origin domain names for the domain. You can specify either origin server IP addresses or an origin domain name, but not both. If you specify an origin domain name, only IPv4 is supported (IPv6 is not supported): To specify origin server IP addresses, use the format ["ip1","ip2",…]. You can add up to 20 IP addresses. To specify an origin domain name, use the format ["domain"]. You can add up to 20 domain names.	[ "1.1.XX.XX", "2.2.XX.XX" ]
XClientIp	boolean	No	Whether to allow WAF to overwrite X-Client-IP. Valid values: true (default): Allow WAF to overwrite. false: Do not allow WAF to overwrite.	true
XTrueIp	boolean	No	Whether to allow WAF to overwrite X-True-IP. Valid values: true (default): Allow WAF to overwrite. false: Do not allow WAF to overwrite.	true
WebServerType	boolean	No	Whether to allow WAF to overwrite Web-Server-Type. Valid values: true (default): Allow WAF to overwrite. false: Do not allow WAF to overwrite.	true
WLProxyClientIp	boolean	No	Whether to allow WAF to overwrite WL-Proxy-Client-IP. Valid values: true (default): Allow WAF to overwrite. false: Do not allow WAF to overwrite.	true
MaxBodySize	integer	No	The maximum request body size. Valid values: 2 to 10. Default value: 2. Unit: GB. Note Supported only in the Ultimate edition.	2
Http2Origin	boolean	No	HTTP/2 back-to-origin. Valid values: true: Enable HTTP/2 back-to-origin. false: Disable HTTP/2 back-to-origin.	true
Http2OriginMaxConcurrency	integer	No	The maximum concurrency for HTTP/2 back-to-origin requests. Valid values: 1 to 512. Default value: 2. Unit: requests.	128
BackendPorts	array<object>	No	Custom port configuration.
	object	No	Custom port configuration.
ListenPort	integer	No	The listener port.	80
BackendPort	integer	No	The back-to-origin port.	80
Protocol	string	No	The protocol for the listener port. Valid values: http: HTTP protocol. https: HTTPS protocol.	http
RegionId	string	Yes	The region where the WAF instance is deployed. Valid values: cn-hangzhou: The Chinese mainland. ap-southeast-1: Outside the Chinese mainland.	cn-hangzhou
AccessType	string	No	The access type of the WAF instance. Valid values: share (default): CNAME access. hybrid_cloud_cname: Hybrid cloud CNAME access.	share

Response elements

Element	Type	Description	Example
	object	The response.
RequestId	string	The request ID.	D7861F61-5B61-46CE-A47C-6B19160D****
DomainInfo	object	The information about the domain name.
Cname	string	The CNAME address assigned by WAF to the domain.	xxxxxcvdaf.****.com
Domain	string	The domain to modify.	www.aliyundoc.com
DomainId	string	The domain ID.	www.aliyundoc.com-waf

Examples

Success response

JSON format

{
  "RequestId": "D7861F61-5B61-46CE-A47C-6B19160D****",
  "DomainInfo": {
    "Cname": "xxxxxcvdaf.****.com",
    "Domain": "www.aliyundoc.com",
    "DomainId": "www.aliyundoc.com-waf"
  }
}

Error codes

HTTP status code	Error code	Error message	Description
400	Waf.Pullin.BusinessViolation	The web services are suspected of violating regulations. If you have any questions, please submit a work order. Violating resource: %s.
400	Waf.Control.DomainAndDomainIdBothEmpty	domain and domainId cannot be empty at the same time.
400	Waf.Control.DomainAndDomainIdNotMatch	domain and domainId do not match.
400	Waf.Control.DomainIdIsIllegal	The input parameter, the domainId is illegal.
400	Waf.Pullin.BackupBackendConflict	The backup backend configuration conflicts.
400	Waf.Pullin.BackendPortIncompatible	The back-to-source port is incompatible with the listening port, listening protocol:%s, listening port:%s, back-to-source port:%s.
400	Waf.Pullin.Http2OriginMustOnKeepaliveEnable	When the HTTP2 origin is turned on, the keepalive must be turned on.	When the HTTP2 origin is turned on, the keepalive must be turned on.
400	Waf.Pullin.Http2OriginEnabledFocusHttpBackendForbidden	When HTTP2 origin is enabled, HTTP origin cannot be enabled.	When HTTP2 origin is enabled, HTTP origin cannot be enabled.
400	Waf.Pullin.BatchDnsScheduleCheckFailed	Batch dns scheduling is in progress, and access related operations are prohibited.	batch dns scheduling is in progress, and access-related operations are prohibited.

See Error Codes for a complete list.

Release notes

See Release Notes for a complete list.