ALIYUN::WAF::Domain is used to add a domain to Web Application Firewall (WAF).
Syntax
{
"Type": "ALIYUN::WAF::Domain",
"Properties": {
"HttpToUserIp": String,
"HttpPort": List,
"IsAccessProduct": String,
"ResourceGroupId": String,
"DomainName": String,
"InstanceId": String,
"SourceIps": List,
"ReadTime": Integer,
"ClusterType": String,
"LoadBalancing": String,
"LogHeaders": List,
"WriteTime": Integer,
"Http2Port": List,
"ConnectionTime": Integer,
"HttpsRedirect": String,
"HttpsPort": List
}
}Properties
| Property | Type | Required | Editable | Description | Constraint |
|---|---|---|---|---|---|
| HttpToUserIp | String | No | Yes | Specifies whether to enable the HTTP back-to-origin feature. After the feature is enabled, the WAF instance can use HTTP to forward HTTPS requests to the origin. By default, port 80 is used to forward the requests to the origin. | Default value: 0. Valid values:
Note If your website does not support HTTPS access, you can enable the HTTP back-to-origin
feature to enable HTTPS access through WAF.
|
| HttpPort | List | No | Yes | The HTTP port. | Separate multiple ports with commas (,).
Note Specify this parameter only if you want to use the HTTP protocol. You must specify
at least one of the HttpPort and HttpsPort parameters.
|
| IsAccessProduct | String | Yes | Yes | Specifies whether the domain has a Layer-7 proxy configured, such as Anti-DDoS Pro or CDN, to filter the inbound traffic before it is forwarded to WAF. Valid values: | Valid values:
|
| ResourceGroupId | String | No | No | The ID of the resource group to which the domain belongs in Resource Management. | None |
| DomainName | String | Yes | No | The domain name. | None |
| InstanceId | String | Yes | No | The ID of the WAF instance. | None |
| SourceIps | List | Yes | Yes | The IP addresses or domain of the origin server to which the specified domain points. | You can specify IP addresses or a domain.
|
| ReadTime | Integer | No | Yes | The timeout period that is specified for read connections of WAF exclusive clusters. | You can specify this parameter when you use exclusive clusters to protect resources.
Unit: seconds. |
| ClusterType | String | No | Yes | The type of the WAF cluster. | Default value: 0. Valid values:
|
| LoadBalancing | String | No | Yes | The load balancing algorithm that is used when WAF forwards requests to the origin. | Valid values:
|
| LogHeaders | List | No | Yes |
The key-value pair that is used to mark the traffic that flows through WAF to the domain. Specify the key-value pair in the WAF automatically marks the requests that pass through WAF by adding the specified field and value to the headers of these requests. |
If a request header contains the specified field, WAF overwrites the original field value with the specified value. |
| WriteTime | Integer | No | Yes | The timeout period that is specified for write connections of WAF exclusive clusters. | You can specify this parameter when you use exclusive clusters to protect resources.
Unit: seconds. |
| Http2Port | List | No | Yes | The HTTP 2.0 ports. | Separate multiple ports with commas (,). |
| ConnectionTime | Integer | No | Yes | The timeout period that is specified for connections of WAF exclusive clusters. | You can specify this parameter when you use exclusive clusters to protect resources.
Unit: seconds. |
| HttpsRedirect | String | No | Yes | Specifies whether to redirect HTTP requests as HTTPS requests. | Default value: 0. Valid values:
|
| HttpsPort | List | No | Yes | The HTTPS port. | Separate multiple HTTPS ports with commas (,).
Specify this parameter only if you want to use the HTTPS protocol. You must specify at least one of the HttpPort and HttpsPort parameters. |
Response parameters
Fn::GetAtt
- HttpToUserIp: indicates whether the HTTP back-to-origin feature is enabled.
- HttpPort: the HTTP port.
- IsAccessProduct: indicates whether the domain has a Layer-7 proxy configured to filter the inbound traffic before the traffic is forwarded to WAF.
- ResourceGroupId: the ID of the resource group to which the domain belongs.
- DomainName: the domain name.
- InstanceId: the ID of the WAF instance.
- SourceIps: the IP addresses or domain of the origin server to which the specified domain points.
- ReadTime: the timeout period that is specified for read connections of WAF exclusive clusters.
- ClusterType: the type of the WAF cluster.
- Cname: the CNAME record assigned by the WAF instance to the specified domain.
- LoadBalancing: the load balancing algorithm that is used when WAF forwards requests to the origin.
- LogHeaders: the key-value pair that is used to mark the traffic that flows through WAF to the domain.
- WriteTime: the timeout period that is specified for write connections of WAF exclusive clusters.
- Http2Port: the HTTP 2.0 ports.
- Version: the version of optimistic locking.
- ConnectionTime: the timeout period that is specified for connections of WAF exclusive clusters.
- HttpsRedirect: indicates whether HTTP requests are redirected as HTTPS requests.
- HttpsPort: the HTTPS ports.
Examples
JSON format
{
"ROSTemplateFormatVersion": "2015-09-01",
"Parameters": {
"HttpToUserIp": {
"Type": "String",
"Description": "Http back to source"
},
"HttpPort": {
"Type": "Json",
"Description": "Http port configuration"
},
"IsAccessProduct": {
"Type": "String",
"Description": "Is there a seven-layer agency before WAF"
},
"ResourceGroupId": {
"Type": "String",
"Description": "Resource group Id"
},
"DomainName": {
"Type": "String",
"Description": "Domain name"
},
"InstanceId": {
"Type": "String",
"Description": "Instance id"
},
"SourceIps": {
"Type": "Json",
"Description": "Back to source IP configuration"
},
"ReadTime": {
"Type": "Number",
"Description": "Read connection timeout period"
},
"ClusterType": {
"Type": "String",
"Description": "Cluster type"
},
"LoadBalancing": {
"Type": "String",
"Description": "Load balancing configuration"
},
"LogHeaders": {
"Type": "Json",
"Description": "Domain traffic tagging"
},
"WriteTime": {
"Type": "Number",
"Description": "Write connection timeout period"
},
"Http2Port": {
"Type": "Json",
"Description": "Http2 port configuration"
},
"ConnectionTime": {
"Type": "Number",
"Description": "Connection timeout"
},
"HttpsRedirect": {
"Type": "String",
"Description": "Https forced redirect configuration"
},
"HttpsPort": {
"Type": "Json",
"Description": "Https port configuration"
}
},
"Resources": {
"WAFDomain": {
"Type": "ALIYUN::WAF::Domain",
"Properties": {
"HttpToUserIp": {
"Ref": "HttpToUserIp"
},
"HttpPort": {
"Ref": "HttpPort"
},
"IsAccessProduct": {
"Ref": "IsAccessProduct"
},
"ResourceGroupId": {
"Ref": "ResourceGroupId"
},
"DomainName": {
"Ref": "DomainName"
},
"InstanceId": {
"Ref": "InstanceId"
},
"SourceIps": {
"Ref": "SourceIps"
},
"ReadTime": {
"Ref": "ReadTime"
},
"ClusterType": {
"Ref": "ClusterType"
},
"LoadBalancing": {
"Ref": "LoadBalancing"
},
"LogHeaders": {
"Ref": "LogHeaders"
},
"WriteTime": {
"Ref": "WriteTime"
},
"Http2Port": {
"Ref": "Http2Port"
},
"ConnectionTime": {
"Ref": "ConnectionTime"
},
"HttpsRedirect": {
"Ref": "HttpsRedirect"
},
"HttpsPort": {
"Ref": "HttpsPort"
}
}
}
},
"Outputs": {
"HttpToUserIp": {
"Description": "Http back to source",
"Value": {
"Fn::GetAtt": [
"WAFDomain",
"HttpToUserIp"
]
}
},
"HttpPort": {
"Description": "Http port configuration",
"Value": {
"Fn::GetAtt": [
"WAFDomain",
"HttpPort"
]
}
},
"IsAccessProduct": {
"Description": "Is there a seven-layer agency before WAF",
"Value": {
"Fn::GetAtt": [
"WAFDomain",
"IsAccessProduct"
]
}
},
"ResourceGroupId": {
"Description": "Resource group Id",
"Value": {
"Fn::GetAtt": [
"WAFDomain",
"ResourceGroupId"
]
}
},
"DomainName": {
"Description": "Domain name",
"Value": {
"Fn::GetAtt": [
"WAFDomain",
"DomainName"
]
}
},
"InstanceId": {
"Description": "Instance id",
"Value": {
"Fn::GetAtt": [
"WAFDomain",
"InstanceId"
]
}
},
"SourceIps": {
"Description": "Back to source IP configuration",
"Value": {
"Fn::GetAtt": [
"WAFDomain",
"SourceIps"
]
}
},
"ReadTime": {
"Description": "Read connection timeout period",
"Value": {
"Fn::GetAtt": [
"WAFDomain",
"ReadTime"
]
}
},
"ClusterType": {
"Description": "Cluster type",
"Value": {
"Fn::GetAtt": [
"WAFDomain",
"ClusterType"
]
}
},
"Cname": {
"Description": "CNAME assigned by WAF instance",
"Value": {
"Fn::GetAtt": [
"WAFDomain",
"Cname"
]
}
},
"LoadBalancing": {
"Description": "Load balancing configuration",
"Value": {
"Fn::GetAtt": [
"WAFDomain",
"LoadBalancing"
]
}
},
"LogHeaders": {
"Description": "Domain traffic tagging",
"Value": {
"Fn::GetAtt": [
"WAFDomain",
"LogHeaders"
]
}
},
"WriteTime": {
"Description": "Write connection timeout period",
"Value": {
"Fn::GetAtt": [
"WAFDomain",
"WriteTime"
]
}
},
"Http2Port": {
"Description": "Http2 port configuration",
"Value": {
"Fn::GetAtt": [
"WAFDomain",
"Http2Port"
]
}
},
"Version": {
"Description": "Optimistic lock version",
"Value": {
"Fn::GetAtt": [
"WAFDomain",
"Version"
]
}
},
"ConnectionTime": {
"Description": "Connection timeout",
"Value": {
"Fn::GetAtt": [
"WAFDomain",
"ConnectionTime"
]
}
},
"HttpsRedirect": {
"Description": "Https forced redirect configuration",
"Value": {
"Fn::GetAtt": [
"WAFDomain",
"HttpsRedirect"
]
}
},
"HttpsPort": {
"Description": "Https port configuration",
"Value": {
"Fn::GetAtt": [
"WAFDomain",
"HttpsPort"
]
}
}
}
}YAML format
ROSTemplateFormatVersion: '2015-09-01'
Parameters:
HttpToUserIp:
Type: String
Description: Http back to source
HttpPort:
Type: Json
Description: Http port configuration
IsAccessProduct:
Type: String
Description: Is there a seven-layer agency before WAF
ResourceGroupId:
Type: String
Description: Resource group Id
DomainName:
Type: String
Description: Domain name
InstanceId:
Type: String
Description: Instance id
SourceIps:
Type: Json
Description: Back to source IP configuration
ReadTime:
Type: Number
Description: Read connection timeout period
ClusterType:
Type: String
Description: Cluster type
LoadBalancing:
Type: String
Description: Load balancing configuration
LogHeaders:
Type: Json
Description: Domain traffic tagging
WriteTime:
Type: Number
Description: Write connection timeout period
Http2Port:
Type: Json
Description: Http2 port configuration
ConnectionTime:
Type: Number
Description: Connection timeout
HttpsRedirect:
Type: String
Description: Https forced redirect configuration
HttpsPort:
Type: Json
Description: Https port configuration
Resources:
WAFDomain:
Type: 'ALIYUN::WAF::Domain'
Properties:
HttpToUserIp:
Ref: HttpToUserIp
HttpPort:
Ref: HttpPort
IsAccessProduct:
Ref: IsAccessProduct
ResourceGroupId:
Ref: ResourceGroupId
DomainName:
Ref: DomainName
InstanceId:
Ref: InstanceId
SourceIps:
Ref: SourceIps
ReadTime:
Ref: ReadTime
ClusterType:
Ref: ClusterType
LoadBalancing:
Ref: LoadBalancing
LogHeaders:
Ref: LogHeaders
WriteTime:
Ref: WriteTime
Http2Port:
Ref: Http2Port
ConnectionTime:
Ref: ConnectionTime
HttpsRedirect:
Ref: HttpsRedirect
HttpsPort:
Ref: HttpsPort
Outputs:
HttpToUserIp:
Description: Http back to source
Value:
'Fn::GetAtt':
- WAFDomain
- HttpToUserIp
HttpPort:
Description: Http port configuration
Value:
'Fn::GetAtt':
- WAFDomain
- HttpPort
IsAccessProduct:
Description: Is there a seven-layer agency before WAF
Value:
'Fn::GetAtt':
- WAFDomain
- IsAccessProduct
ResourceGroupId:
Description: Resource group Id
Value:
'Fn::GetAtt':
- WAFDomain
- ResourceGroupId
DomainName:
Description: Domain name
Value:
'Fn::GetAtt':
- WAFDomain
- DomainName
InstanceId:
Description: Instance id
Value:
'Fn::GetAtt':
- WAFDomain
- InstanceId
SourceIps:
Description: Back to source IP configuration
Value:
'Fn::GetAtt':
- WAFDomain
- SourceIps
ReadTime:
Description: Read connection timeout period
Value:
'Fn::GetAtt':
- WAFDomain
- ReadTime
ClusterType:
Description: Cluster type
Value:
'Fn::GetAtt':
- WAFDomain
- ClusterType
Cname:
Description: CNAME assigned by WAF instance
Value:
'Fn::GetAtt':
- WAFDomain
- Cname
LoadBalancing:
Description: Load balancing configuration
Value:
'Fn::GetAtt':
- WAFDomain
- LoadBalancing
LogHeaders:
Description: Domain traffic tagging
Value:
'Fn::GetAtt':
- WAFDomain
- LogHeaders
WriteTime:
Description: Write connection timeout period
Value:
'Fn::GetAtt':
- WAFDomain
- WriteTime
Http2Port:
Description: Http2 port configuration
Value:
'Fn::GetAtt':
- WAFDomain
- Http2Port
Version:
Description: Optimistic lock version
Value:
'Fn::GetAtt':
- WAFDomain
- Version
ConnectionTime:
Description: Connection timeout
Value:
'Fn::GetAtt':
- WAFDomain
- ConnectionTime
HttpsRedirect:
Description: Https forced redirect configuration
Value:
'Fn::GetAtt':
- WAFDomain
- HttpsRedirect
HttpsPort:
Description: Https port configuration
Value:
'Fn::GetAtt':
- WAFDomain
- HttpsPort