Files

qinweiwei 14cbe51752 wafd API 20260210 version

Reviewed-by: Belejkanic, Lukas <lukas.belejkanic@t-systems.com>
Co-authored-by: qinweiwei <qinweiwei@huawei.com>
Co-committed-by: qinweiwei <qinweiwei@huawei.com>

2026-04-21 11:31:19 +00:00

69 KiB

Raw Blame History

Adding a Protected Domain Name

Function

This API is used to add a domain name to WAF.

URI

POST /v1/{project_id}/premium-waf/host

**Table 1** Path Parameters
Parameter	Mandatory	Type	Description
project_id	Yes	String	Project ID

Request Parameters

**Table 2** Request header parameters
Parameter	Mandatory	Type	Description
Content-Type	Yes	String	Content type. Default value: application/json;charset=utf8
X-Auth-Token	Yes	String	User token. It can be obtained by calling the IAM API (value of X-Subject-Token in the response header).

**Table 3** Request body parameters
Parameter	Mandatory	Type	Description
certificateid	No	String	HTTPS certificate ID. It can be obtained by calling the ListCertificates API. This parameter is not required when the client protocol is HTTP, but it is mandatory when the client protocol is HTTPS.
certificatename	No	String	Certificate name. Certifacteid and certificatename are required at the same. If certificateid does not match certificatename, an error is reported. This parameter is not required when the client protocol is HTTP, but it is mandatory when the client protocol is HTTPS.
hostname	Yes	String	Protected domain name or IP address (port allowed)
proxy	No	Boolean	Whether a proxy is used for the domain name. If your website has no layer-7 proxy servers such as CDN and cloud acceleration service deployed in front of WAF and uses only layer-4 load balancers (or NAT), set Proxy Configured to No. Otherwise, Proxy Configured must be set to Yes. This ensures that WAF obtains real IP addresses of website visitors and takes protective actions configured in protection policies. This parameter is mandatory when the dedicated mode is enabled for the domain name you want to protect.
policyid	No	String	ID of the policy initially used to the domain name. It can be obtained by calling the API Querying Protection Policies.
server	No	Array of PremiumWafServer objects	Server configuration in dedicated mode. This parameter is mandatory when the dedicated mode is enabled for the domain name you want to protect.
block_page	No	BlockPage object	Alarm page configuration
web_tag	No	String	website name
description	No	String	website remarks
loadbalancer_id	No	String	Load balancer ID. This parameter is mandatory when the ELB mode is enabled for the domain name you want to protect.
listener_id	No	String	Listener ID. You can query the listener ID on the Listeners tab on the ELB console. If you leave this parameter blank, all listeners configured and to be configured for the load balancer will be protected by WAF. In cloud load balancer access mode, you are advised to set this parameter.
protocol_port	No	Integer	Port. This parameter is mandatory when the ELB mode is enabled for the domain name you want to protect. If the ELB mode is enabled for the domain name you want to protect and all listeners of the load balancer are connected to WAF, set this parameter to 0. If the ELB mode is enabled for the domain name you want to protect and a specified listener of the specified load balancer is connected to WAF, set this parameter to the listener port.
mode	No	String	If you use the cloud load balancer access mode, enter enter elb-shared. Otherwise, leave this parameter blank.

**Table 4** PremiumWafServer
Parameter	Mandatory	Type	Description
front_protocol	Yes	String	Client protocol
back_protocol	Yes	String	Server protocol
address	Yes	String	IP address or domain name of the origin server that the client accesses.
port	Yes	Integer	Server port
type	Yes	String	The origin server address is an IPv4 address. Default value: ipv4
vpc_id	Yes	String	VPC ID. Perform the following steps to obtain the VPC ID: 1.Find the name of the VPC where the dedicated engine is located. The VPC name is in the VPC\Subnet column. Log in to the WAF console and choose Instance Management > Dedicated Engine > VPC\Subnet. Log in to the VPC console and click the VPC name. On the page displayed, copy the VPC ID in the VPC Information area.
weight	No	Integer	This parameter is reserved and can be ignored currently.

**Table 5** BlockPage
Parameter	Mandatory	Type	Description
template	Yes	String	Template type. The value can be: default: The default block page is returned when a request is blocked. custom: Your custom block page is returned when a request is blocked. redirect: The request is redirected to the URL you specify.
custom_page	No	CustomPage object	Custom alarm page
redirect_url	No	String	Redirection URL

**Table 6** CustomPage
Parameter	Mandatory	Type	Description
status_code	Yes	String	Status Codes
content_type	Yes	String	Content type of alarm page
content	Yes	String	Page content

Response Parameters

Status code: 200

**Table 7** Response body parameters
Parameter	Type	Description
id	String	Protected domain name ID
policyid	String	Policy ID
hostname	String	Protected domain name
domainid	String	Tenant ID
projectid	String	Project ID
protocol	String	Client protocol, which is the protocol used by a client (for example, a browser) to access your website.
protect_status	Integer	WAF status of the protected domain name. 0: Suspended. WAF only forwards requests for the domain name but does not detect attacks. -1: Enabled. WAF detects attacks based on the configured policy.
access_status	Integer	Whether a domain name is connected to WAF. 0: disconnected 1: connected
proxy	Boolean	Whether a proxy is used. true: The proxy is enabled. false: The proxy is disabled.
server	Array of PremiumWafServer objects	Origin server list
flag	Flag object	Feature switch for configuring compliance certification checks for domain names protected with the dedicated WAF instance. If you want to enable pci_3ds and pci_dss, see Modifying a Domain Name Protected by a Dedicated WAF Instance.
block_page	BlockPage object	Alarm configuration page
extend	Extend object	This parameter includes some extended information about the protected domain name.
web_tag	String	website name
description	String	website remarks
timestamp	Long	Creation time.
loadbalancer_id	String	Load balancer ID. This parameter is returned when the ELB mode is enabled for the domain name you want to protect.
listener_id	String	Listener ID. This parameter is returned when the ELB mode is enabled for the domain name you want to protect and a specified listener of the load balancer is connected to WAF.
protocol_port	Integer	Port. If the ELB mode is enabled for the domain name you want to protect and all listeners of the load balancer are connected to WAF, 0 is returned. If the ELB mode is enabled for the domain name you want to protect and a specified listener of the load balancer is connected to WAF, the listener port is returned.
mode	String	Protection mode for the domain name. Set this parameter to elb-shared when the ELB mode is enabled for the domain name you want to protect.
pool_ids	Array of strings	Dedicated engine group the domain name was added to. This parameter is required only in special WAF mode, such as ELB mode.

**Table 8** PremiumWafServer
Parameter	Type	Description
front_protocol	String	Client protocol
back_protocol	String	Server protocol
address	String	IP address or domain name of the origin server that the client accesses.
port	Integer	Server port
type	String	The origin server address is an IPv4 address. Default value: ipv4
vpc_id	String	VPC ID. Perform the following steps to obtain the VPC ID: 1.Find the name of the VPC where the dedicated engine is located. The VPC name is in the VPC\Subnet column. Log in to the WAF console and choose Instance Management > Dedicated Engine > VPC\Subnet. Log in to the VPC console and click the VPC name. On the page displayed, copy the VPC ID in the VPC Information area.
weight	Integer	This parameter is reserved and can be ignored currently.

**Table 9** Flag
Parameter	Type	Description
pci_3ds	String	Whether to enable PCI 3DS compliance check. This parameter must be used together with tls and cipher. tls must be set to TLS v1.2, and cipher must be set to cipher_2. Note: If PCI 3DS compliance check is enabled and the minimum TLS is set to TLS v1.2, the website can be accessed using TLS v1.2, but cannot be accessed using TLS v1.1 or earlier. Once PCI 3DS is enabled, it cannot be disabled. Before you enable it, ensure that your website services will not be affected. true: Enable this check. false: Disable this check.
pci_dss	String	Whether to enable PCI DSS compliance check. This parameter must be used together with tls and cipher. tls must be set to TLS v1.2, and cipher must be set to cipher_2. Note: If PCI DSS compliance check is enabled and the minimum TLS is set to TLS v1.2, the website can be accessed using TLS v1.2, but cannot be accessed using TLS v1.1 or earlier. Before you enable it, ensure that your website services will not be affected. true: Enable this check. false: Disable this check.

**Table 10** BlockPage
Parameter	Type	Description
template	String	Template type. The value can be: default: The default block page is returned when a request is blocked. custom: Your custom block page is returned when a request is blocked. redirect: The request is redirected to the URL you specify.
custom_page	CustomPage object	Custom alarm page
redirect_url	String	Redirection URL

**Table 11** CustomPage
Parameter	Type	Description
status_code	String	Status Codes
content_type	String	Content type of alarm page
content	String	Page content

**Table 12** Extend
Parameter	Type	Description
ltsInfo	String	Details about LTS configuration
extend	String	Timeout configuration details.

Status code: 400

**Table 13** Response body parameters
Parameter	Type	Description
error_code	String	Error code
error_msg	String	Error message

Status code: 401

**Table 14** Response body parameters
Parameter	Type	Description
error_code	String	Error code
error_msg	String	Error message

Status code: 500

**Table 15** Response body parameters
Parameter	Type	Description
error_code	String	Error code
error_msg	String	Error message

Example Requests

POST https://{Endpoint}/v1/{project_id}/premium-waf/host?

{
  "hostname" : "www.demo.com",
  "server" : [ {
    "front_protocol" : "HTTP",
    "back_protocol" : "HTTP",
    "vpc_id" : "cf6dbace-b36a-4d51-ae04-52a3319ae247",
    "type" : "ipv4",
    "address" : "1.1.1.1",
    "port" : 80
  } ],
  "proxy" : false,
  "mode" : "elb-shared",
  "loadbalancer_id" : "53e414f6-2500-436a-b60d-83c65e9e36e0",
  "listener_id" : "12e345f6-7800-436a-b90d-12c34e5e67e0",
  "protocol_port" : 0,
  "description" : ""
}

Example Responses

Status code: 200

Request succeeded.

{
  "id" : "51a5649e52d341a9bb802044950969dc",
  "policyid" : "1607df035bc847b582ce9c838c083b88",
  "hostname" : "www.demo.com",
  "protocol" : "HTTP",
  "server" : [ {
    "address" : "1.1.1.1",
    "port" : 80,
    "type" : "ipv4",
    "weight" : 1,
    "front_protocol" : "HTTP",
    "back_protocol" : "HTTP",
    "vpc_id" : "cf6dbace-b36a-4d51-ae04-52a3319ae247"
  } ],
  "proxy" : false,
  "timestamp" : 1650596007113,
  "flag" : {
    "pci_3ds" : "false",
    "pci_dss" : "false"
  },
  "description" : "",
  "projectid" : "550500b49078408682d0d4f7d923f3e1",
  "domainid" : "d4ecb00b031941ce9171b7bc3386883f",
  "protect_status" : 1,
  "access_status" : 0,
  "extend" : { },
  "block_page" : {
    "template" : "default"
  }
}

Status Codes

Status Code	Description
200	Request succeeded.
400	Request failed.
401	The token does not have the required permission.
500	Internal server error.

Error Codes

See Error Codes.

Parent topic: Managing Websites Protected in Dedicated Mode

69 KiB Raw Blame History