Configures a protection rule group of the protection rules engine feature and the status of the intelligent rule hosting feature for a specific domain name.
Usage notes
You can call the SetDomainRuleGroup operation to configure the protection rule group of the protection rules engine feature and the status of the intelligent rule hosting feature for a specific domain name.
When you configure a protection rule group, you can choose from the predefined loose, medium, or strict protection rule groups provided by Web Application Firewall (WAF). Alternatively, you can use a custom protection rule group.
You cannot create a custom protection rule group by calling an API operation. To configure a custom protection rule group for a domain name, log on to the WAF console and choose System Management > Protection Rule Group. On the Protection Rule Group page, create a custom protection rule group and record its ID. Then, you can call the SetDomainRuleGroup operation to configure the custom protection rule group for the domain name.
Limits
You can call this operation up to 10 times per second per account. If the number of calls per second exceeds the limit, throttling is triggered.
As a result, your business may be affected. We recommend that you take note of the limit when you call this operation.
Debugging
Request parameters
Parameter | Type | Required | Example | Description |
Action | String | Yes | SetDomainRuleGroup | The operation that you want to perform. Set the value to SetDomainRuleGroup. |
Domains | String | Yes | ["www.aliyundoc.com"] | The list of domain names for which you want to configure a protection rule group. The value is a string that consists of JSON arrays. You can specify multiple domain names in the Note You can call the DescribeDomainList operation to query all domain names that are protected by WAF. |
RuleGroupId | Long | Yes | 1012 | The ID of the protection rule group that is configured for the domain name. Valid values:
You can also specify the ID of a custom rule group. Note To obtain the ID of a custom rule group, log on to the WAF console and choose System Management > Protection Rule Group. |
WafVersion | Long | No | 1 | The version number for the current configuration, which is used to implement optimistic locking. |
InstanceId | String | Yes | waf-cn-tl32ast**** | The ID of the WAF instance. Note You can call the DescribeInstanceInfo operation to query the ID of the WAF instance. |
ResourceGroupId | String | No | rg-acfm2pz25js**** | The ID of the resource group to which the domain name belongs in Resource Management. If you do not specify this parameter, the WAF instance belongs to the default resource group. |
WafAiStatus | Integer | No | 1 | The status of the intelligent rule hosting feature. Valid values:
The intelligent rule hosting feature automatically learns the patterns of historical network traffic, identifies protection rules that may block normal requests in specific scenarios, and then adds the protection rules to the whitelist for web intrusion prevention. After the risk of blocking normal requests is eliminated, the intelligent rule hosting feature removes the protection rules from the whitelist. |
All Alibaba Cloud API operations must include common request parameters. For more information about common request parameters, see Common parameters.
For more information about sample requests, see the "Examples" section of this topic.
Response parameters
Parameter | Type | Example | Description |
RequestId | String | D7861F61-5B61-46CE-A47C-6B19160D5EB0 | The ID of the request. |
Examples
Sample requests
http(s)://[Endpoint]/?Action=SetDomainRuleGroup
&Domains=["www.aliyundoc.com"]
&RuleGroupId=1012
&InstanceId=waf-cn-tl32ast****
&Common request parametersSample success responses
XML format
HTTP/1.1 200 OK
Content-Type:application/xml
<SetDomainRuleGroupResponse>
<RequestId>D7861F61-5B61-46CE-A47C-6B19160D5EB0</RequestId>
</SetDomainRuleGroupResponse>JSON format
HTTP/1.1 200 OK
Content-Type:application/json
{
"RequestId" : "D7861F61-5B61-46CE-A47C-6B19160D5EB0"
}Error codes
For a list of error codes, visit the API Error Center.