ALIYUN::WAF::Domain is used to add a domain to Web Application Firewall (WAF).

Syntax

{
  "Type": "ALIYUN::WAF::Domain",
  "Properties": {
    "HttpToUserIp": String,
    "HttpPort": List,
    "IsAccessProduct": String,
    "ResourceGroupId": String,
    "DomainName": String,
    "InstanceId": String,
    "SourceIps": List,
    "ReadTime": Integer,
    "ClusterType": String,
    "LoadBalancing": String,
    "LogHeaders": List,
    "WriteTime": Integer,
    "Http2Port": List,
    "ConnectionTime": Integer,
    "HttpsRedirect": String,
    "HttpsPort": List
  }
}

Properties

Property Type Required Editable Description Constraint
HttpToUserIp String No Yes Specifies whether to enable the HTTP back-to-origin feature. After the feature is enabled, the WAF instance can use HTTP to forward HTTPS requests to the origin. By default, port 80 is used to forward the requests to the origin. Default value: 0. Valid values:
  • 0: disables the HTTP back-to-origin feature.
  • 1: enables the HTTP back-to-origin feature.
Note If your website does not support HTTPS access, you can enable the HTTP back-to-origin feature to enable HTTPS access through WAF.
HttpPort List No Yes The HTTP port. Separate multiple ports with commas (,).
Note Specify this parameter only if you want to use the HTTP protocol. You must specify at least one of the HttpPort and HttpsPort parameters.
IsAccessProduct String Yes Yes Specifies whether the domain has a Layer-7 proxy configured, such as Anti-DDoS Pro or CDN, to filter the inbound traffic before it is forwarded to WAF. Valid values: Valid values:
  • 0: no
  • 1: yes
ResourceGroupId String No No The ID of the resource group to which the domain belongs in Resource Management. None
DomainName String Yes No The domain name. None
InstanceId String Yes No The ID of the WAF instance. None
SourceIps List Yes Yes The IP addresses or domain of the origin server to which the specified domain points. You can specify IP addresses or a domain.
  • A maximum of 20 IP addresses are supported. Separate multiple IP addresses with commas (,).
  • Only one domain is supported.
ReadTime Integer No Yes The timeout period that is specified for read connections of WAF exclusive clusters. You can specify this parameter when you use exclusive clusters to protect resources.

Unit: seconds.

ClusterType String No Yes The type of the WAF cluster. Default value: 0. Valid values:
  • 0: The shared cluster.
  • 1: The exclusive cluster.
LoadBalancing String No Yes The load balancing algorithm that is used when WAF forwards requests to the origin. Valid values:
  • 0: IP hash
  • 1: round robin
LogHeaders List No Yes

The key-value pair that is used to mark the traffic that flows through WAF to the domain.

Specify the key-value pair in the [{"k":"_key_","v":"_value_"}] format. _key_ specifies a header field in a custom request. _value_ specifies the value of the field.

WAF automatically marks the requests that pass through WAF by adding the specified field and value to the headers of these requests.

If a request header contains the specified field, WAF overwrites the original field value with the specified value.
WriteTime Integer No Yes The timeout period that is specified for write connections of WAF exclusive clusters. You can specify this parameter when you use exclusive clusters to protect resources.

Unit: seconds.

Http2Port List No Yes The HTTP 2.0 ports. Separate multiple ports with commas (,).
ConnectionTime Integer No Yes The timeout period that is specified for connections of WAF exclusive clusters. You can specify this parameter when you use exclusive clusters to protect resources.

Unit: seconds.

HttpsRedirect String No Yes Specifies whether to redirect HTTP requests as HTTPS requests. Default value: 0. Valid values:
  • 0: HTTP requests are not redirected as HTTPS requests.
  • 1: HTTP requests are redirected as HTTPS requests.
This parameter is required only if the specified domain accepts HTTPS requests. After you enable this feature, HTTP requests are redirected to HTTPS port 443.
HttpsPort List No Yes The HTTPS port. Separate multiple HTTPS ports with commas (,).

Specify this parameter only if you want to use the HTTPS protocol. You must specify at least one of the HttpPort and HttpsPort parameters.

Response parameters

Fn::GetAtt

  • HttpToUserIp: indicates whether the HTTP back-to-origin feature is enabled.
  • HttpPort: the HTTP port.
  • IsAccessProduct: indicates whether the domain has a Layer-7 proxy configured to filter the inbound traffic before the traffic is forwarded to WAF.
  • ResourceGroupId: the ID of the resource group to which the domain belongs.
  • DomainName: the domain name.
  • InstanceId: the ID of the WAF instance.
  • SourceIps: the IP addresses or domain of the origin server to which the specified domain points.
  • ReadTime: the timeout period that is specified for read connections of WAF exclusive clusters.
  • ClusterType: the type of the WAF cluster.
  • Cname: the CNAME record assigned by the WAF instance to the specified domain.
  • LoadBalancing: the load balancing algorithm that is used when WAF forwards requests to the origin.
  • LogHeaders: the key-value pair that is used to mark the traffic that flows through WAF to the domain.
  • WriteTime: the timeout period that is specified for write connections of WAF exclusive clusters.
  • Http2Port: the HTTP 2.0 ports.
  • Version: the version of optimistic locking.
  • ConnectionTime: the timeout period that is specified for connections of WAF exclusive clusters.
  • HttpsRedirect: indicates whether HTTP requests are redirected as HTTPS requests.
  • HttpsPort: the HTTPS ports.

Examples

JSON format

{
  "ROSTemplateFormatVersion": "2015-09-01",
  "Parameters": {
    "HttpToUserIp": {
      "Type": "String",
      "Description": "Http back to source"
    },
    "HttpPort": {
      "Type": "Json",
      "Description": "Http port configuration"
    },
    "IsAccessProduct": {
      "Type": "String",
      "Description": "Is there a seven-layer agency before WAF"
    },
    "ResourceGroupId": {
      "Type": "String",
      "Description": "Resource group Id"
    },
    "DomainName": {
      "Type": "String",
      "Description": "Domain name"
    },
    "InstanceId": {
      "Type": "String",
      "Description": "Instance id"
    },
    "SourceIps": {
      "Type": "Json",
      "Description": "Back to source IP configuration"
    },
    "ReadTime": {
      "Type": "Number",
      "Description": "Read connection timeout period"
    },
    "ClusterType": {
      "Type": "String",
      "Description": "Cluster type"
    },
    "LoadBalancing": {
      "Type": "String",
      "Description": "Load balancing configuration"
    },
    "LogHeaders": {
      "Type": "Json",
      "Description": "Domain traffic tagging"
    },
    "WriteTime": {
      "Type": "Number",
      "Description": "Write connection timeout period"
    },
    "Http2Port": {
      "Type": "Json",
      "Description": "Http2 port configuration"
    },
    "ConnectionTime": {
      "Type": "Number",
      "Description": "Connection timeout"
    },
    "HttpsRedirect": {
      "Type": "String",
      "Description": "Https forced redirect configuration"
    },
    "HttpsPort": {
      "Type": "Json",
      "Description": "Https port configuration"
    }
  },
  "Resources": {
    "WAFDomain": {
      "Type": "ALIYUN::WAF::Domain",
      "Properties": {
        "HttpToUserIp": {
          "Ref": "HttpToUserIp"
        },
        "HttpPort": {
          "Ref": "HttpPort"
        },
        "IsAccessProduct": {
          "Ref": "IsAccessProduct"
        },
        "ResourceGroupId": {
          "Ref": "ResourceGroupId"
        },
        "DomainName": {
          "Ref": "DomainName"
        },
        "InstanceId": {
          "Ref": "InstanceId"
        },
        "SourceIps": {
          "Ref": "SourceIps"
        },
        "ReadTime": {
          "Ref": "ReadTime"
        },
        "ClusterType": {
          "Ref": "ClusterType"
        },
        "LoadBalancing": {
          "Ref": "LoadBalancing"
        },
        "LogHeaders": {
          "Ref": "LogHeaders"
        },
        "WriteTime": {
          "Ref": "WriteTime"
        },
        "Http2Port": {
          "Ref": "Http2Port"
        },
        "ConnectionTime": {
          "Ref": "ConnectionTime"
        },
        "HttpsRedirect": {
          "Ref": "HttpsRedirect"
        },
        "HttpsPort": {
          "Ref": "HttpsPort"
        }
      }
    }
  },
  "Outputs": {
    "HttpToUserIp": {
      "Description": "Http back to source",
      "Value": {
        "Fn::GetAtt": [
          "WAFDomain",
          "HttpToUserIp"
        ]
      }
    },
    "HttpPort": {
      "Description": "Http port configuration",
      "Value": {
        "Fn::GetAtt": [
          "WAFDomain",
          "HttpPort"
        ]
      }
    },
    "IsAccessProduct": {
      "Description": "Is there a seven-layer agency before WAF",
      "Value": {
        "Fn::GetAtt": [
          "WAFDomain",
          "IsAccessProduct"
        ]
      }
    },
    "ResourceGroupId": {
      "Description": "Resource group Id",
      "Value": {
        "Fn::GetAtt": [
          "WAFDomain",
          "ResourceGroupId"
        ]
      }
    },
    "DomainName": {
      "Description": "Domain name",
      "Value": {
        "Fn::GetAtt": [
          "WAFDomain",
          "DomainName"
        ]
      }
    },
    "InstanceId": {
      "Description": "Instance id",
      "Value": {
        "Fn::GetAtt": [
          "WAFDomain",
          "InstanceId"
        ]
      }
    },
    "SourceIps": {
      "Description": "Back to source IP configuration",
      "Value": {
        "Fn::GetAtt": [
          "WAFDomain",
          "SourceIps"
        ]
      }
    },
    "ReadTime": {
      "Description": "Read connection timeout period",
      "Value": {
        "Fn::GetAtt": [
          "WAFDomain",
          "ReadTime"
        ]
      }
    },
    "ClusterType": {
      "Description": "Cluster type",
      "Value": {
        "Fn::GetAtt": [
          "WAFDomain",
          "ClusterType"
        ]
      }
    },
    "Cname": {
      "Description": "CNAME assigned by WAF instance",
      "Value": {
        "Fn::GetAtt": [
          "WAFDomain",
          "Cname"
        ]
      }
    },
    "LoadBalancing": {
      "Description": "Load balancing configuration",
      "Value": {
        "Fn::GetAtt": [
          "WAFDomain",
          "LoadBalancing"
        ]
      }
    },
    "LogHeaders": {
      "Description": "Domain traffic tagging",
      "Value": {
        "Fn::GetAtt": [
          "WAFDomain",
          "LogHeaders"
        ]
      }
    },
    "WriteTime": {
      "Description": "Write connection timeout period",
      "Value": {
        "Fn::GetAtt": [
          "WAFDomain",
          "WriteTime"
        ]
      }
    },
    "Http2Port": {
      "Description": "Http2 port configuration",
      "Value": {
        "Fn::GetAtt": [
          "WAFDomain",
          "Http2Port"
        ]
      }
    },
    "Version": {
      "Description": "Optimistic lock version",
      "Value": {
        "Fn::GetAtt": [
          "WAFDomain",
          "Version"
        ]
      }
    },
    "ConnectionTime": {
      "Description": "Connection timeout",
      "Value": {
        "Fn::GetAtt": [
          "WAFDomain",
          "ConnectionTime"
        ]
      }
    },
    "HttpsRedirect": {
      "Description": "Https forced redirect configuration",
      "Value": {
        "Fn::GetAtt": [
          "WAFDomain",
          "HttpsRedirect"
        ]
      }
    },
    "HttpsPort": {
      "Description": "Https port configuration",
      "Value": {
        "Fn::GetAtt": [
          "WAFDomain",
          "HttpsPort"
        ]
      }
    }
  }
}

YAML format

ROSTemplateFormatVersion: '2015-09-01'
Parameters:
  HttpToUserIp:
    Type: String
    Description: Http back to source
  HttpPort:
    Type: Json
    Description: Http port configuration
  IsAccessProduct:
    Type: String
    Description: Is there a seven-layer agency before WAF
  ResourceGroupId:
    Type: String
    Description: Resource group Id
  DomainName:
    Type: String
    Description: Domain name
  InstanceId:
    Type: String
    Description: Instance id
  SourceIps:
    Type: Json
    Description: Back to source IP configuration
  ReadTime:
    Type: Number
    Description: Read connection timeout period
  ClusterType:
    Type: String
    Description: Cluster type
  LoadBalancing:
    Type: String
    Description: Load balancing configuration
  LogHeaders:
    Type: Json
    Description: Domain traffic tagging
  WriteTime:
    Type: Number
    Description: Write connection timeout period
  Http2Port:
    Type: Json
    Description: Http2 port configuration
  ConnectionTime:
    Type: Number
    Description: Connection timeout
  HttpsRedirect:
    Type: String
    Description: Https forced redirect configuration
  HttpsPort:
    Type: Json
    Description: Https port configuration
Resources:
  WAFDomain:
    Type: 'ALIYUN::WAF::Domain'
    Properties:
      HttpToUserIp:
        Ref: HttpToUserIp
      HttpPort:
        Ref: HttpPort
      IsAccessProduct:
        Ref: IsAccessProduct
      ResourceGroupId:
        Ref: ResourceGroupId
      DomainName:
        Ref: DomainName
      InstanceId:
        Ref: InstanceId
      SourceIps:
        Ref: SourceIps
      ReadTime:
        Ref: ReadTime
      ClusterType:
        Ref: ClusterType
      LoadBalancing:
        Ref: LoadBalancing
      LogHeaders:
        Ref: LogHeaders
      WriteTime:
        Ref: WriteTime
      Http2Port:
        Ref: Http2Port
      ConnectionTime:
        Ref: ConnectionTime
      HttpsRedirect:
        Ref: HttpsRedirect
      HttpsPort:
        Ref: HttpsPort
Outputs:
  HttpToUserIp:
    Description: Http back to source
    Value:
      'Fn::GetAtt':
        - WAFDomain
        - HttpToUserIp
  HttpPort:
    Description: Http port configuration
    Value:
      'Fn::GetAtt':
        - WAFDomain
        - HttpPort
  IsAccessProduct:
    Description: Is there a seven-layer agency before WAF
    Value:
      'Fn::GetAtt':
        - WAFDomain
        - IsAccessProduct
  ResourceGroupId:
    Description: Resource group Id
    Value:
      'Fn::GetAtt':
        - WAFDomain
        - ResourceGroupId
  DomainName:
    Description: Domain name
    Value:
      'Fn::GetAtt':
        - WAFDomain
        - DomainName
  InstanceId:
    Description: Instance id
    Value:
      'Fn::GetAtt':
        - WAFDomain
        - InstanceId
  SourceIps:
    Description: Back to source IP configuration
    Value:
      'Fn::GetAtt':
        - WAFDomain
        - SourceIps
  ReadTime:
    Description: Read connection timeout period
    Value:
      'Fn::GetAtt':
        - WAFDomain
        - ReadTime
  ClusterType:
    Description: Cluster type
    Value:
      'Fn::GetAtt':
        - WAFDomain
        - ClusterType
  Cname:
    Description: CNAME assigned by WAF instance
    Value:
      'Fn::GetAtt':
        - WAFDomain
        - Cname
  LoadBalancing:
    Description: Load balancing configuration
    Value:
      'Fn::GetAtt':
        - WAFDomain
        - LoadBalancing
  LogHeaders:
    Description: Domain traffic tagging
    Value:
      'Fn::GetAtt':
        - WAFDomain
        - LogHeaders
  WriteTime:
    Description: Write connection timeout period
    Value:
      'Fn::GetAtt':
        - WAFDomain
        - WriteTime
  Http2Port:
    Description: Http2 port configuration
    Value:
      'Fn::GetAtt':
        - WAFDomain
        - Http2Port
  Version:
    Description: Optimistic lock version
    Value:
      'Fn::GetAtt':
        - WAFDomain
        - Version
  ConnectionTime:
    Description: Connection timeout
    Value:
      'Fn::GetAtt':
        - WAFDomain
        - ConnectionTime
  HttpsRedirect:
    Description: Https forced redirect configuration
    Value:
      'Fn::GetAtt':
        - WAFDomain
        - HttpsRedirect
  HttpsPort:
    Description: Https port configuration
    Value:
      'Fn::GetAtt':
        - WAFDomain
        - HttpsPort