This topic describes how to use Web Application Firewall with OpenAPI.
View the OpenAPI documentation
The API overview indicates that the OpenAPI operation to query the details of a canonical name (CNAME) record is DescribeDomainDetail. Read the document to understand the parameters and permissions that are required to call this operation.
Create a RAM user and grant permissions
Identity
You can use an Alibaba Cloud account, a Resource Access Management (RAM) user, or a RAM role to call this operation. For more information about the differences between these identities, see Identities, credentials, and authorization. This example uses a RAM user to call the operation.
Log on to the RAM console, create a RAM user for API access, and save the AccessKey information. For more information, see Create a RAM user.
Grant permissions
Go to the RAM User List. In the Actions column of the target RAM user, click Add Permissions.
In the Access Policy section, enter the keyword
WAFin the search box and select the AliyunYundunWAFv3FullAccess policy.NoteThe system policies for WAF are as follows:
AliyunYundunWAFv3FullAccess: Grants full management permissions for WAF 3.0.
AliyunYundunWAFv3ReadOnlyAccess: Grants read-only permissions for WAF 3.0.
Click OK to complete the authorization.
Credentials
An AccessKey is generated by default when you create a RAM user. You can use this AccessKey. Alternatively, on the details page of the RAM user, you can go to the Authentication tab and click Create AccessKey to create a new AccessKey. For more information, see Create an AccessKey.
Call the OpenAPI operation
This topic uses Python as an example to describe how to call an OpenAPI operation.
Prepare the Python environment
You can download and install Python.
For Python 3 downloads, see Python 3.
Check the Python version.
Linux and macOS systems
Open the terminal and run the
python --versioncommand.Windows systems
In the Python installation path, double-click python.exe.
Open the command prompt.
Press Win+R to open the Run dialog box. Enter python and click OK.
Configure environment variables
For more information about how to configure environment variables, see Configure environment variables on Linux, macOS, and Windows systems.
Install dependencies
pip install alibabacloud_waf_openapi20211001==2.0.2Download the sample code
In the OpenAPI Portal, you can access the DescribeDomainDetail API using its Call URL.
Set the InstanceId request parameter to waf_v3prepaid_public_cn-uqm3bmw**** and the Domain request parameter to srtest.****.top. Then, click Initiate Call.
Click the SDK Example tab, and then click the Python tab.
The following is the SDK sample code for Python.
Click Download Complete Project to download the sample code package.
Decompress the sample code package on your computer and navigate to the alibabacloud_sample folder.
Run the code
Run the following command:
python sample.pyThe following output is returned:
{
"Status": 1,
"ResourceManagerResourceGroupId": "rg-acfmyqfktarf2ha",
"RequestId": "7072AAC6-C786-5861-88A6-C18626244BD1",
"CertDetail": {
"EndTime": 1971038823000,
"Sans": [
"*.wafqax.top"
],
"StartTime": 1655678823000,
"Id": "9853636-cn-hangzhou",
"Name": "auto_****_all",
"CommonName": "srtest.****.top"
},
"Listen": {
"ProtectionResource": "share",
"HttpsPorts": [
443
],
"TLSVersion": "tlsv1",
"Http2Enabled": false,
"CertId": "*cn-hangzhou",
"CipherSuite": 1,
"EnableTLSv3": false,
"IPv6Enabled": false,
"XffHeaderMode": 1,
"HttpPorts": [
80
]
},
"Redirect": {
"ConnectTimeout": 5,
"Keepalive": true,
"SniEnabled": false,
"ReadTimeout": 120,
"KeepaliveTimeout": 15,
"Backends": [
{
"Backend": "39.98.XX.XX"
},
{
"Backend": "39.98.XX.XX"
}
],
"FocusHttpBackend": false,
"WriteTimeout": 120,
"AllBackends": [
"39.98.XX.XX"
],
"Retry": true,
"KeepaliveRequests": 1000,
"Loadbalance": "iphash"
},
"Domain": "srtest.****.top",
"Cname": "*.yundunwaf3.com"
}