This API is used to add a domain name to WAF.
POST /v1/{project_id}/premium-waf/host
Parameter |
Mandatory |
Type |
Description |
|---|---|---|---|
project_id |
Yes |
String |
Project ID |
Parameter |
Mandatory |
Type |
Description |
|---|---|---|---|
Content-Type |
Yes |
String |
Content type. Default value: application/json;charset=utf8 |
X-Auth-Token |
Yes |
String |
User token. It can be obtained by calling the IAM API (value of X-Subject-Token in the response header). |
Parameter |
Mandatory |
Type |
Description |
|---|---|---|---|
certificateid |
No |
String |
HTTPS certificate ID. It can be obtained by calling the ListCertificates API. This parameter is not required when the client protocol is HTTP, but it is mandatory when the client protocol is HTTPS. |
certificatename |
No |
String |
Certificate name. Certifacteid and certificatename are required at the same. If certificateid does not match certificatename, an error is reported. This parameter is not required when the client protocol is HTTP, but it is mandatory when the client protocol is HTTPS. |
hostname |
Yes |
String |
Protected domain name or IP address (port allowed) |
proxy |
No |
Boolean |
Whether a proxy is used for the domain name. If your website has no layer-7 proxy servers such as CDN and cloud acceleration service deployed in front of WAF and uses only layer-4 load balancers (or NAT), set Proxy Configured to No. Otherwise, Proxy Configured must be set to Yes. This ensures that WAF obtains real IP addresses of website visitors and takes protective actions configured in protection policies. This parameter is mandatory when the dedicated mode is enabled for the domain name you want to protect. |
policyid |
No |
String |
ID of the policy initially used to the domain name. It can be obtained by calling the API Querying Protection Policies. |
server |
No |
Array of PremiumWafServer objects |
Server configuration in dedicated mode. This parameter is mandatory when the dedicated mode is enabled for the domain name you want to protect. |
web_tag |
No |
String |
website name |
description |
No |
String |
website remarks |
loadbalancer_id |
No |
String |
Load balancer ID. This parameter is mandatory when the ELB mode is enabled for the domain name you want to protect. |
listener_id |
No |
String |
Listener ID. You can query the listener ID on the Listeners tab on the ELB console. If you leave this parameter blank, all listeners configured and to be configured for the load balancer will be protected by WAF. In cloud load balancer access mode, you are advised to set this parameter. |
protocol_port |
No |
Integer |
Port. This parameter is mandatory when the ELB mode is enabled for the domain name you want to protect. If the ELB mode is enabled for the domain name you want to protect and all listeners of the load balancer are connected to WAF, set this parameter to 0. If the ELB mode is enabled for the domain name you want to protect and a specified listener of the specified load balancer is connected to WAF, set this parameter to the listener port. |
mode |
No |
String |
If you use the cloud load balancer access mode, enter enter elb-shared. Otherwise, leave this parameter blank. |
Parameter |
Mandatory |
Type |
Description |
|---|---|---|---|
front_protocol |
Yes |
String |
Client protocol |
back_protocol |
Yes |
String |
Server protocol |
address |
Yes |
String |
IP address or domain name of the origin server that the client accesses. |
port |
Yes |
Integer |
Server port |
type |
Yes |
String |
The origin server address is an IPv4 address. Default value: ipv4 |
vpc_id |
Yes |
String |
VPC ID. Perform the following steps to obtain the VPC ID:
|
weight |
No |
Integer |
This parameter is reserved and can be ignored currently. |
Status code: 200
Parameter |
Type |
Description |
|---|---|---|
id |
String |
Protected domain name ID |
policyid |
String |
Policy ID |
hostname |
String |
Protected domain name |
domainid |
String |
Tenant ID |
projectid |
String |
Project ID |
protocol |
String |
Client protocol, which is the protocol used by a client (for example, a browser) to access your website. |
protect_status |
Integer |
WAF status of the protected domain name.
|
access_status |
Integer |
Whether a domain name is connected to WAF.
|
proxy |
Boolean |
Whether a proxy is used.
|
server |
Array of PremiumWafServer objects |
Origin server list |
flag |
Flag object |
Feature switch for configuring compliance certification checks for domain names protected with the dedicated WAF instance. If you want to enable pci_3ds and pci_dss, see Modifying a Domain Name Protected by a Dedicated WAF Instance. |
block_page |
BlockPage object |
Alarm configuration page |
extend |
Extend object |
This parameter includes some extended information about the protected domain name. |
web_tag |
String |
website name |
description |
String |
website remarks |
timestamp |
Long |
Creation time. |
loadbalancer_id |
String |
Load balancer ID. This parameter is returned when the ELB mode is enabled for the domain name you want to protect. |
listener_id |
String |
Listener ID. This parameter is returned when the ELB mode is enabled for the domain name you want to protect and a specified listener of the load balancer is connected to WAF. |
protocol_port |
Integer |
Port. If the ELB mode is enabled for the domain name you want to protect and all listeners of the load balancer are connected to WAF, 0 is returned. If the ELB mode is enabled for the domain name you want to protect and a specified listener of the load balancer is connected to WAF, the listener port is returned. |
mode |
String |
Protection mode for the domain name. Set this parameter to elb-shared when the ELB mode is enabled for the domain name you want to protect. |
pool_ids |
Array of strings |
Dedicated engine group the domain name was added to. This parameter is required only in special WAF mode, such as ELB mode. |
Parameter |
Type |
Description |
|---|---|---|
front_protocol |
String |
Client protocol |
back_protocol |
String |
Server protocol |
address |
String |
IP address or domain name of the origin server that the client accesses. |
port |
Integer |
Server port |
type |
String |
The origin server address is an IPv4 address. Default value: ipv4 |
vpc_id |
String |
VPC ID. Perform the following steps to obtain the VPC ID:
|
weight |
Integer |
This parameter is reserved and can be ignored currently. |
Parameter |
Type |
Description |
|---|---|---|
pci_3ds |
String |
Whether to enable PCI 3DS compliance check. This parameter must be used together with tls and cipher. tls must be set to TLS v1.2, and cipher must be set to cipher_2. Note: If PCI 3DS compliance check is enabled and the minimum TLS is set to TLS v1.2, the website can be accessed using TLS v1.2, but cannot be accessed using TLS v1.1 or earlier. Once PCI 3DS is enabled, it cannot be disabled. Before you enable it, ensure that your website services will not be affected.
|
pci_dss |
String |
Whether to enable PCI DSS compliance check. This parameter must be used together with tls and cipher. tls must be set to TLS v1.2, and cipher must be set to cipher_2. Note: If PCI DSS compliance check is enabled and the minimum TLS is set to TLS v1.2, the website can be accessed using TLS v1.2, but cannot be accessed using TLS v1.1 or earlier. Before you enable it, ensure that your website services will not be affected.
|
Parameter |
Type |
Description |
|---|---|---|
template |
String |
Template type. The value can be:
|
custom_page |
CustomPage object |
Custom alarm page |
redirect_url |
String |
Redirection URL |
Parameter |
Type |
Description |
|---|---|---|
status_code |
String |
Status Codes |
content_type |
String |
Content type of alarm page |
content |
String |
Page content |
Parameter |
Type |
Description |
|---|---|---|
ltsInfo |
String |
Details about LTS configuration |
extend |
String |
Timeout configuration details. |
Status code: 400
Parameter |
Type |
Description |
|---|---|---|
error_code |
String |
Error code |
error_msg |
String |
Error message |
Status code: 401
Parameter |
Type |
Description |
|---|---|---|
error_code |
String |
Error code |
error_msg |
String |
Error message |
Status code: 500
Parameter |
Type |
Description |
|---|---|---|
error_code |
String |
Error code |
error_msg |
String |
Error message |
POST https://{Endpoint}/v1/{project_id}/premium-waf/host?
{
"hostname" : "www.demo.com",
"server" : [ {
"front_protocol" : "HTTP",
"back_protocol" : "HTTP",
"vpc_id" : "cf6dbace-b36a-4d51-ae04-52a3319ae247",
"type" : "ipv4",
"address" : "1.1.1.1",
"port" : 80
} ],
"proxy" : false,
"mode" : "elb-shared",
"loadbalancer_id" : "53e414f6-2500-436a-b60d-83c65e9e36e0",
"listener_id" : "12e345f6-7800-436a-b90d-12c34e5e67e0",
"protocol_port" : 0,
"description" : ""
}
Status code: 200
Request succeeded.
{
"id" : "51a5649e52d341a9bb802044950969dc",
"policyid" : "1607df035bc847b582ce9c838c083b88",
"hostname" : "www.demo.com",
"protocol" : "HTTP",
"server" : [ {
"address" : "1.1.1.1",
"port" : 80,
"type" : "ipv4",
"weight" : 1,
"front_protocol" : "HTTP",
"back_protocol" : "HTTP",
"vpc_id" : "cf6dbace-b36a-4d51-ae04-52a3319ae247"
} ],
"proxy" : false,
"timestamp" : 1650596007113,
"flag" : {
"pci_3ds" : "false",
"pci_dss" : "false"
},
"description" : "",
"projectid" : "550500b49078408682d0d4f7d923f3e1",
"domainid" : "d4ecb00b031941ce9171b7bc3386883f",
"protect_status" : 1,
"access_status" : 0,
"extend" : { },
"block_page" : {
"template" : "default"
}
}
Status Code |
Description |
|---|---|
200 |
Request succeeded. |
400 |
Request failed. |
401 |
The token does not have the required permission. |
500 |
Internal server error. |
See Error Codes.