This product(
waf-openapi/2021-10-01
) OpenAPI adopts RPC Signature style. See signature details in Description of the signature mechanism. We have packaged SDKs for common programming languages for developers. Developers can directly call the OpenAPI of this product by downloading the SDK without paying attention to the technical details. If the existing SDK cannot meet the usage requirements, you can connect through the signature mechanism. It will take about 5 working days. Therefore, it is recommended to join our DingTalk service group (78410016550) and sign under the guidance of experts. Before using the API, you need to prepare your identity account and access key (AccessKey) to effectively access the API through client tools (SDK, CLI, etc.). For details see getAccessKey.
Instance information
API | Title | Description |
---|---|---|
CreatePostpaidInstance | CreatePostpaidInstance | Creates a pay-as-you-go Web Application Firewall (WAF) 3.0 instance. |
DescribeInstance | DescribeInstance | Queries the details of a Web Application Firewall (WAF) instance within the current Alibaba Cloud account. |
ReleaseInstance | ReleaseInstance | Releases a Web Application Firewall (WAF) 3.0 instance. |
Website Configuration
API | Title | Description |
---|---|---|
Cloud Native | Cloud Native | |
SyncProductInstance | SyncProductInstance | Synchronizes Elastic Compute Service (ECS) instances and Classic Load Balancer (CLB) instances to Web Application Firewall (WAF). |
DescribeCloudResources | DescribeCloudResources | Queries cloud service resources that are added to Web Application Firewall (WAF). |
DescribeProductInstances | DescribeProductInstances | Queries the cloud service instances to be added to Web Application Firewall (WAF) in transparent proxy mode. |
DescribeResourceSupportRegions | DescribeResourceSupportRegions | Queries the region IDs of the Classic Load Balancer (CLB) and Elastic Compute Service (ECS) instances that are added to Web Application Firewall (WAF) in cloud native mode. |
DescribeResourceRegionId | DescribeResourceRegionId | Queries the region IDs of the resources that are added to Web Application Firewall (WAF) in cloud native mode. The resources include Application Load Balancer (ALB) instances, Microservices Engine (MSE) instances, and custom domain names bound to web applications in Function Compute. |
DescribeResourceInstanceCerts | DescribeResourceInstanceCerts | Queries the certificates that are used in cloud service instances. The certificates returned include the certificates within the delegated administrator account and the certificates within members to which specific instances belong. For example, the delegated administrator account has certificate 1, instance lb-xx-1 belongs to member B, and member B has certificate 2. If you specify instance lb-xx-1 in the request, certificate 1 and certificate 2 are returned. |
CreateCloudResource | CreateCloudResource | Adds a service to Web Application Firewall (WAF). This operation is supported for only the Elastic Compute Service (ECS) and Classic Load Balancer (CLB) services. |
ModifyCloudResource | ModifyCloudResource | Modifies the configurations of a service that is added to Web Application Firewall (WAF). |
DeleteCloudResource | DeleteCloudResource | Removes a service from Web Application Firewall (WAF). This operation is supported for only the Elastic Compute Service (ECS) and Classic Load Balancer (CLB) services. |
DescribeCloudResourceAccessedPorts | DescribeCloudResourceAccessedPorts | Queries the ports of the cloud service that is added to Web Application Firewall (WAF). This operation is supported for only Elastic Compute Service (ECS) and Classic Load Balancer (CLB). |
DescribeCloudResourceAccessPortDetails | DescribeCloudResourceAccessPortDetails | Queries a port of the cloud service that is added to Web Application Firewall (WAF). This operation is supported for only Elastic Compute Service (ECS) and Classic Load Balancer (CLB). |
CNAME Record | CNAME Record | |
CreateDomain | CreateDomain | Adds a domain name to Web Application Firewall (WAF). |
ModifyDomain | ModifyDomain | Modifies the configurations of a domain name that is added to Web Application Firewall (WAF) in CNAME record mode. |
DeleteDomain | DeleteDomain | Deletes a domain name that is added to Web Application Firewall (WAF). |
DescribeDomains | DescribeDomains | Queries the domain names that are added to Web Application Firewall (WAF). |
DescribeDomainDetail | DescribeDomainDetail | Queries the details of a domain name that is added to Web Application Firewall (WAF). |
DescribePunishedDomains | DescribePunishedDomains | Queries a list of domain names that are added to Web Application Firewall (WAF) and penalized for failing to obtain an Internet Content Provider (ICP) filing. |
ModifyDomainPunishStatus | ModifyDomainPunishStatus | Re-adds a domain name that is penalized for failing to obtain an Internet Content Provider (ICP) filing to Web Application Firewall (WAF). |
DescribeCertDetail | DescribeCertDetail | Queries the details of a certificate, such as the certificate name, expiration time, issuance time, and associated domain name. |
DescribeCerts | DescribeCerts | Queries the certificates issued for your domain names that are added to Web Application Firewall (WAF). |
DescribeDomainDNSRecord | DescribeDomainDNSRecord | Checks whether the Domain Name System (DNS) settings of a domain name are properly configured. |
DescribeWafSourceIpSegment | DescribeWafSourceIpSegment | Queries the back-to-origin CIDR blocks of a Web Application Firewall (WAF) instance. |
DescribeResourcePort | DescribeResourcePort | Queries the ports of a cloud service instance that are added to Web Application Firewall (WAF). |
DescribeDDoSStatus | DescribeDDoSStatus | Checks whether DDoS attacks occur on specific domain names protected by a Web Application Firewall (WAF) instance. |
CreateSM2Cert | CreateSM2Cert | Uploads a ShangMi (SM) certificate for a domain name that is added to Web Application Firewall (WAF) in CNAME record mode. |
DescribeCnameCount | DescribeCnameCount | Queries the total number of domain names that are added to Web Application Firewall (WAF) in CNAME record mode and hybrid cloud reverse proxy mode. |
DescribeDefaultHttps | DescribeDefaultHttps | Queries the default SSL and Transport Layer Security (TLS) settings. |
ModifyDefaultHttps | ModifyDefaultHttps | Modifies the default SSL and Transport Layer Security (TLS) settings. |
Hybrid Cloud | Hybrid Cloud | |
DescribeHybridCloudResources | DescribeHybridCloudResources | Queries the domain names that are added to a Web Application Firewall (WAF) instance in hybrid cloud mode. |
Protection Configurations
API | Title | Description |
---|---|---|
Protected objects | Protected objects | |
CreateDefenseResourceGroup | CreateDefenseResourceGroup | Creates a protected object group. |
ModifyDefenseResourceGroup | ModifyDefenseResourceGroup | Modifies the configurations of a protected object group. |
DeleteDefenseResourceGroup | DeleteDefenseResourceGroup | Deletes a protected object group. |
DescribeDefenseResourceGroup | DescribeDefenseResourceGroup | Queries the information about a protected object group. |
DescribeDefenseResourceGroups | DescribeDefenseResourceGroups | Performs a pagination query to retrieve the information about protected object groups. |
DescribeDefenseResourceGroupNames | DescribeDefenseResourceGroupNames | Queries the names of protected object groups. |
DescribeDefenseResource | DescribeDefenseResource | Queries the information about a protected object. |
DescribeDefenseResources | DescribeDefenseResources | Queries protected objects by page. |
DescribeDefenseResourceNames | DescribeDefenseResourceNames | Performs a pagination query to retrieve the names of protected objects. |
ModifyDefenseResourceXff | ModifyDefenseResourceXff | Modifies the cookie settings of a protected object and the method to identify the originating IP addresses of clients. |
ModifyPauseProtectionStatus | ModifyPauseProtectionStatus | Modifies the protection status of Web Application Firewall (WAF). |
DescribePauseProtectionStatus | DescribePauseProtectionStatus | Queries the protection status of Web Application Firewall (WAF). |
Protection rules | Protection rules | |
ModifyDefenseRuleCache | ModifyDefenseRuleCache | Updates the cached page of a website that is protected based on a website tamper-proofing rule. |
DescribeDefenseResourceTemplates | DescribeDefenseResourceTemplates | Queries the protection templates that are associated with a protected object or protected object group. |
DescribeDefenseTemplateValidGroups | DescribeDefenseTemplateValidGroups | Queries the names of protected object groups for which a protection template can take effect. |
DescribeDefenseTemplates | DescribeDefenseTemplates | Performs a paging query to retrieve protection templates. |
CreateDefenseTemplate | CreateDefenseTemplate | Creates a protection rule template. |
CopyDefenseTemplate | CopyDefenseTemplate | Creates a new protection template from the copy. |
ModifyDefenseTemplate | ModifyDefenseTemplate | Modifies the configurations of a protection rule template. |
DescribeDefenseTemplate | DescribeDefenseTemplate | Queries a protection rule template. |
ModifyDefenseTemplateStatus | ModifyDefenseTemplateStatus | Changes the status of a protection rule template. |
DeleteDefenseTemplate | DeleteDefenseTemplate | Deletes a protection rule template. |
CreateDefenseRule | CreateDefenseRule | Creates a protection rule. |
ModifyDefenseRule | ModifyDefenseRule | Modifies the configurations of a protection rule. |
ModifyDefenseRuleStatus | ModifyDefenseRuleStatus | Changes the status of a protection rule. |
DeleteDefenseRule | DeleteDefenseRule | Deletes a protection rule. |
DescribeDefenseRule | DescribeDefenseRule | Queries a protection rule. |
DescribeDefenseRules | DescribeDefenseRules | Queries protection rules by page. |
ModifyTemplateResources | ModifyTemplateResources | Associates or disassociates a protection resource with or from a protection rule template. |
DescribeTemplateResources | DescribeTemplateResources | Queries the resources that are associated to a protection rule template. |
DescribeTemplateResourceCount | DescribeTemplateResourceCount | Queries the number of protected resources for which a protection template takes effect. |
DescribeRuleGroups | DescribeRuleGroups | Queries regular expression rule groups by page. |
Protection for Major Events | Protection for Major Events | |
CreateMajorProtectionBlackIp | CreateMajorProtectionBlackIp | Creates an IP address blacklist for major event protection. |
ModifyMajorProtectionBlackIp | ModifyMajorProtectionBlackIp | Modifies an IP address blacklist for major event protection. |
DeleteMajorProtectionBlackIp | DeleteMajorProtectionBlackIp | Deletes an IP address blacklist for major event protection. |
ClearMajorProtectionBlackIp | ClearMajorProtectionBlackIp | Clears an IP address blacklist for major event protection. |
DescribeMajorProtectionBlackIps | DescribeMajorProtectionBlackIps | Queries IP addresses in an IP address blacklist for major event protection by page. |
API | Title | Description |
---|---|---|
DeleteApisecAbnormals | DeleteApisecAbnormals | Deletes multiple risks detected by the API security module at a time. |
ModifyApisecAbnormals | ModifyApisecAbnormals | Modifies the status of multiple risks detected by the API security module at a time. |
DescribeApisecAssetTrend | DescribeApisecAssetTrend | Queries the asset trends in the API security module. |
DescribeApisecEventDomainStatistic | DescribeApisecEventDomainStatistic | Queries the statistics on domain names on which security events are detected by the API security module. |
DescribeApisecSensitiveDomainStatistic | DescribeApisecSensitiveDomainStatistic | Queries the statistics on domain names on which sensitive data is detected by the API security module. |
ModifyApisecEvents | ModifyApisecEvents | Modifies the status of multiple security events detected by the API security module at a time. |
DeleteApisecEvents | DeleteApisecEvents | Deletes multiple security events detected by the API security module at a time. |
DescribeApisecLogDeliveries | DescribeApisecLogDeliveries | Queries the configurations of API security log subscription. |
DescribeApisecSlsLogStores | DescribeApisecSlsLogStores | Queries the Logstores whose names start with apisec- in Simple Log Service. |
ModifyApisecLogDeliveryStatus | ModifyApisecLogDeliveryStatus | Modifies the status of API security log subscription. |
DescribeApisecSlsProjects | DescribeApisecSlsProjects | Queries the projects whose names start with apisec- in Simple Log Service. |
ModifyApisecLogDelivery | ModifyApisecLogDelivery | Modifies the configurations of API security log subscription. |
CreateApiExport | CreateApiExport | Creates a data export task in the API security module. |
DescribeApiExports | DescribeApiExports | Queries the list of data export tasks in the API security module. |
DescribeApisecAbnormals | DescribeApisecAbnormals | Queries the list of API security risks. |
DescribeApisecApiResources | DescribeApisecApiResources | Queries API assets in the API security module. |
ModifyApisecStatus | ModifyApisecStatus | Changes the status of the API security module for protected objects or protected object groups. |
ModifyApisecModuleStatus | ModifyApisecModuleStatus | Changes the status of features in the API security module for protected objects or protected object groups. |
ModifyApisecApiResource | ModifyApisecApiResource | Modifies the annotations of APIs in the API security module. |
DescribeUserEventType | DescribeUserEventType | Queries the types and statistics of security events in the API security module. |
DescribeUserEventTrend | DescribeUserEventTrend | Queries the trends of attacks detected by the API security module. |
DescribeUserAsset | DescribeUserAsset | Queries the user asset statistics in the API security module. |
DescribeUserApiRequest | DescribeUserApiRequest | Queries the traffic statistics of an API. |
DescribeUserAbnormalType | DescribeUserAbnormalType | Queries the types and statistics of risks in the API security module. |
DescribeUserAbnormalTrend | DescribeUserAbnormalTrend | Queries the trends of API security risks. |
DescribeSensitiveStatistic | DescribeSensitiveStatistic | Queries the sensitive data statistics of the tracing and auditing feature. |
DescribeSensitiveRequests | DescribeSensitiveRequests | Queries the tracing results of sensitive data. |
DescribeSensitiveRequestLog | DescribeSensitiveRequestLog | Queries the access logs of sensitive data. |
DescribeSensitiveOutboundTrend | DescribeSensitiveOutboundTrend | Queries the trends of cross-border data transfer of personal information. |
DescribeSensitiveOutboundStatistic | DescribeSensitiveOutboundStatistic | Queries the data types of personal information involved in cross-border data transfer. |
DescribeSensitiveOutboundDistribution | DescribeSensitiveOutboundDistribution | Queries the traffic distribution of personal information records involved in cross-border data transfer. |
DescribeSensitiveDetectionResult | DescribeSensitiveDetectionResult | Queries the compliance check results of API security. |
DescribeSensitiveApiStatistic | DescribeSensitiveApiStatistic | Queries the personal information-related APIs and domain names. |
DescribeFreeUserEvents | DescribeFreeUserEvents | Queries the list of security events on which basic detection is performed in the API security module. |
DescribeFreeUserEventTypes | DescribeFreeUserEventTypes | Queries the types of security events on which basic detection is performed in the API security module. |
DescribeFreeUserEventCount | DescribeFreeUserEventCount | Queries the statistics of security events that are detected by using the basic detection feature of the API security module. |
DescribeFreeUserAssetCount | DescribeFreeUserAssetCount | Queries the asset statistics provided by basic detection in the API security module. |
DescribeApisecUserOperations | DescribeApisecUserOperations | Queries user operation records in the API security module. |
DescribeApisecSuggestions | DescribeApisecSuggestions | Queries the protection suggestions for APIs. |
DescribeApisecStatistics | DescribeApisecStatistics | Queries the statistics of API security-related risks and events. |
DescribeApisecRules | DescribeApisecRules | Queries the policies configured in the API security module. |
DescribeApisecProtectionResources | DescribeApisecProtectionResources | Queries the list of protected objects to which API security policies are applied. |
DescribeApisecProtectionGroups | DescribeApisecProtectionGroups | Queries the list of protected object groups to which API security policies are applied. |
DescribeApisecMatchedHosts | DescribeApisecMatchedHosts | Queries the list of domain names detected in the API security module. |
DescribeApisecEvents | DescribeApisecEvents | Queries API security events. |
Report information
API | Title | Description |
---|---|---|
DescribeFlowChart | DescribeFlowChart | Queries the traffic statistics of requests that are forwarded to Web Application Firewall (WAF). |
DescribePeakTrend | DescribePeakTrend | Queries the queries per second (QPS) statistics of a WAF instance. |
DescribeResponseCodeTrendGraph | DescribeResponseCodeTrendGraph | Queries the trend of the number of error codes that are returned to clients or Web Application Firewall (WAF). The error codes include 302, 405, 444, 499, and 5XX. |
DescribeVisitUas | DescribeVisitUas | Queries the top 10 user agents that are used to initiate requests. |
DescribeVisitTopIp | DescribeVisitTopIp | Queries the top 10 IP addresses from which requests are sent. |
DescribeRuleHitsTopResource | DescribeRuleHitsTopResource | Queries the top 10 protected objects that trigger protection rules. |
DescribeRuleHitsTopRuleId | DescribeRuleHitsTopRuleId | Queries the IDs of the top 10 protection rules that are matched by requests. |
DescribeRuleHitsTopTuleType | DescribeRuleHitsTopTuleType | Queries the top 10 protection modules that are matched. |
DescribeRuleHitsTopUrl | DescribeRuleHitsTopUrl | Queries the top 10 URLs that trigger protection rules. |
DescribeRuleHitsTopClientIp | DescribeRuleHitsTopClientIp | Queries the top 10 IP addresses from which attacks are initiated. |
DescribeFlowTopResource | DescribeFlowTopResource | Queries the top 10 protected objects that receive requests. |
DescribeRuleHitsTopUa | DescribeRuleHitsTopUa | Queries the top 10 user agents that are used to initiate attacks. |
DescribeFlowTopUrl | DescribeFlowTopUrl | Queries the top 10 URLs that are used to initiate requests. |
Log configurations
API | Title | Description |
---|---|---|
DescribeUserSlsLogRegions | DescribeUserSlsLogRegions | Queries available regions for log storage. |
DescribeUserWafLogStatus | DescribeUserWafLogStatus | Queries the status, region ID, and status modification time of Web Application Firewall (WAF) logs. |
DescribeSlsAuthStatus | DescribeSlsAuthStatus | Queries whether Web Application Firewall (WAF) is authorized to access Logstores. |
DescribeSlsLogStoreStatus | DescribeSlsLogStoreStatus | Queries the status of a Simple Log Service Logstore. |
DescribeSlsLogStore | DescribeSlsLogStore | Queries information about a Logstore, such as the total capacity, storage duration, and used capacity. |
ModifyResourceLogStatus | ModifyResourceLogStatus | Enables or disables the log collection feature for a protected object. |
DescribeResourceLogStatus | DescribeResourceLogStatus | Queries whether the log collection feature is enabled for a protected object. |
Hybrid Cloud Cluster Management
API | Title | Description |
---|---|---|
DescribeHybridCloudServerRegions | DescribeHybridCloudServerRegions | Queries information about the regions that the hybrid cloud mode supports, such as the Internet service providers (ISPs), continents, and cities. |
DescribeHybridCloudUnassignedMachines | DescribeHybridCloudUnassignedMachines | Queries servers that are not assigned to a hybrid cloud cluster. |
ModifyHybridCloudClusterBypassStatus | ModifyHybridCloudClusterBypassStatus | Enables or disables manual bypass for a hybrid cloud cluster of the SDK-based traffic mirroring mode. |
DescribeHybridCloudUser | DescribeHybridCloudUser | Queries the HTTP and HTTPS ports that you can use when you add a domain name to Web Application Firewall (WAF) in hybrid cloud mode. |
DescribeHybridCloudGroups | DescribeHybridCloudGroups | Queries the hybrid cloud node groups that are added to Web Application Firewall (WAF). |
Multi Account Management
API | Title | Description |
---|---|---|
CreateMemberAccounts | CreateMemberAccounts | Adds members to use the multi-account management feature of Web Application Firewall (WAF). |
ModifyMemberAccount | ModifyMemberAccount | Modifies the information about members that are added for multi-account management. |
DeleteMemberAccount | DeleteMemberAccount | Removes the members that are added for multi-account management in Web Application Firewall (WAF). |
DescribeAccountDelegatedStatus | DescribeAccountDelegatedStatus | Queries whether an Alibaba Cloud account is the delegated administrator account of a Web Application Firewall (WAF) instance. |
DescribeMemberAccounts | DescribeMemberAccounts | Queries information about members. |
API | Title | Description |
---|---|---|
ChangeResourceGroup | ChangeResourceGroup | Changes the resource group to which a protected object belongs. |
Tag Management
API | Title | Description |
---|---|---|
TagResources | TagResources | Adds tags to resources. |
ListTagKeys | ListTagKeys | Queries tag keys. |
UntagResources | UntagResources | Removes tags from resources and then deletes the tags. |
ListTagResources | ListTagResources | Queries the tags that are added to a resource. |
ListTagValues | ListTagValues | Queries the tag values of a tag key. |
API | Title | Description |
---|---|---|
ModifyHybridCloudClusterRule | ModifyHybridCloudClusterRule | Modifies the rule of a hybrid cloud cluster. |
CreateHybridCloudGroup | CreateHybridCloudGroup | Creates a node group for a hybrid cloud cluster. |
DescribeHybridCloudClusterRule | DescribeHybridCloudClusterRule | Obtains the rule information about a hybrid cloud cluster. |
ModifyHybridCloudServer | ModifyHybridCloudServer | Modifies the information about a hybrid cloud node. |
ModifyHybridCloudGroupExpansionServer | ModifyHybridCloudGroupExpansionServer | Adds a node to a node group of a hybrid cloud cluster. |
ModifyHybridCloudGroupShrinkServer | ModifyHybridCloudGroupShrinkServer | Deletes a node from a node group of a hybrid cloud cluster. |
ModifyHybridCloudSdkPullinStatus | ModifyHybridCloudSdkPullinStatus | Modifies the traffic redirection status of a hybrid cloud cluster by using an SDK. |
DescribeHybridCloudClusters | DescribeHybridCloudClusters | Queries a list of hybrid cloud clusters. |