summaryrefslogtreecommitdiff
path: root/data/en_us/waf-openapi/2019-09-10/api-docs.php
diff options
context:
space:
mode:
Diffstat (limited to 'data/en_us/waf-openapi/2019-09-10/api-docs.php')
-rw-r--r--data/en_us/waf-openapi/2019-09-10/api-docs.php10168
1 files changed, 6442 insertions, 3726 deletions
diff --git a/data/en_us/waf-openapi/2019-09-10/api-docs.php b/data/en_us/waf-openapi/2019-09-10/api-docs.php
index 18c0c40..6ffbcdf 100644
--- a/data/en_us/waf-openapi/2019-09-10/api-docs.php
+++ b/data/en_us/waf-openapi/2019-09-10/api-docs.php
@@ -1,338 +1,89 @@
<?php return [
'version' => '1.0',
- 'info' => [
- 'style' => 'RPC',
- 'product' => 'waf-openapi',
- 'version' => '2019-09-10',
- ],
+ 'info' => ['style' => 'RPC', 'product' => 'waf-openapi', 'version' => '2019-09-10'],
'directories' => [
[
- 'id' => 40429,
- 'title' => 'Instance information',
+ 'children' => ['DescribeInstanceInfo', 'DescribeInstanceSpecInfo'],
'type' => 'directory',
- 'children' => [
- 'DescribeInstanceInfo',
- 'DescribeInstanceSpecInfo',
- 'DeleteInstance',
- ],
+ 'title' => 'Instance information',
],
[
- 'id' => 40434,
- 'title' => 'Domain configurations',
+ 'children' => ['DescribeDomainNames', 'DescribeDomain', 'ModifyDomain', 'DescribeCertificates', 'DescribeCertMatchStatus', 'CreateCertificateByCertificateId', 'DescribeDomainBasicConfigs', 'DescribeDomainAdvanceConfigs'],
'type' => 'directory',
- 'children' => [
- 'DescribeDomainNames',
- 'DescribeDomain',
- 'CreateDomain',
- 'ModifyDomain',
- 'DeleteDomain',
- 'DescribeCertificates',
- 'DescribeCertMatchStatus',
- 'CreateCertificate',
- 'CreateCertificateByCertificateId',
- 'DescribeDomainBasicConfigs',
- 'DescribeDomainAdvanceConfigs',
- 'DescribeDomainList',
- ],
+ 'title' => 'Domain name configuration',
],
[
- 'id' => 40447,
- 'title' => 'Protection configuration',
+ 'children' => ['DescribeProtectionModuleMode', 'ModifyDomainIpv6Status', 'DescribeProtectionModuleStatus', 'ModifyProtectionModuleStatus', 'ModifyProtectionModuleMode', 'DescribeProtectionModuleRules', 'CreateProtectionModuleRule', 'ModifyProtectionModuleRule', 'ModifyProtectionRuleStatus', 'DescribeDomainRuleGroup', 'SetDomainRuleGroup', 'ModifyProtectionRuleCacheStatus', 'DeleteProtectionModuleRule', 'DescribeProtectionModuleCodeConfig', 'DescribeRuleGroups', 'DescribeRules'],
'type' => 'directory',
- 'children' => [
- 'DescribeProtectionModuleMode',
- 'ModifyDomainIpv6Status',
- 'DescribeProtectionModuleStatus',
- 'ModifyProtectionModuleStatus',
- 'ModifyProtectionModuleMode',
- 'DescribeProtectionModuleRules',
- 'CreateProtectionModuleRule',
- 'ModifyProtectionModuleRule',
- 'ModifyProtectionRuleStatus',
- 'DescribeDomainRuleGroup',
- 'SetDomainRuleGroup',
- 'ModifyProtectionRuleCacheStatus',
- 'DeleteProtectionModuleRule',
- 'DescribeProtectionModuleCodeConfig',
- 'DescribeRuleGroups',
- 'DescribeRules',
- ],
+ 'title' => 'Protection configuration',
],
[
- 'id' => 40462,
- 'title' => 'Log management',
+ 'children' => ['DescribeWafSourceIpSegment'],
'type' => 'directory',
- 'children' => [
- 'ModifyLogRetrievalStatus',
- 'ModifyLogServiceStatus',
- 'DescribeLogServiceStatus',
- ],
- ],
- [
- 'id' => 40466,
'title' => 'System management',
- 'type' => 'directory',
- 'children' => [
- 'DescribeWafSourceIpSegment',
- ],
],
[
- 'id' => 171036,
- 'title' => 'Resource operations',
+ 'children' => ['CreateCertificate', 'CreateDomain', 'DeleteDomain', 'DeleteInstance', 'DescribeDomainList', 'DescribeLogServiceStatus', 'ModifyLogRetrievalStatus', 'ModifyLogServiceStatus', 'MoveResourceGroup'],
+ 'title' => 'Others',
'type' => 'directory',
- 'children' => [
- 'MoveResourceGroup',
- ],
],
],
'components' => [
'schemas' => [],
],
'apis' => [
- 'DescribeInstanceInfo' => [
- 'methods' => [
- 'post',
- 'get',
- ],
- 'schemes' => [
- 'http',
- 'https',
- ],
+ 'CreateCertificate' => [
+ 'methods' => ['post', 'get'],
+ 'schemes' => ['http', 'https'],
'security' => [
[
'AK' => [],
],
],
- 'systemTags' => [
- 'operationType' => 'get',
- ],
+ 'systemTags' => [],
'parameters' => [
[
- 'name' => 'InstanceId',
+ 'name' => 'Domain',
'in' => 'query',
- 'schema' => [
- 'description' => 'The ID of the WAF instance.'."\n"
- ."\n"
- .'If you do not configure this parameter, all WAF instances in the Chinese mainland or all WAF instances outside the Chinese mainland are queried.'."\n",
- 'type' => 'string',
- 'required' => false,
- 'example' => 'waf-cn-tl32ast****',
- ],
+ 'schema' => ['description' => 'The domain name that has been added to WAF.', 'type' => 'string', 'required' => false, 'example' => 'www.example.com', 'title' => ''],
],
[
- 'name' => 'ResourceGroupId',
+ 'name' => 'Certificate',
'in' => 'query',
- 'schema' => [
- 'description' => 'The ID of the resource group to which the WAF instance belongs in Resource Management. If you do not configure this parameter, the WAF instance belongs to the default resource group.'."\n",
- 'type' => 'string',
- 'required' => false,
- 'example' => 'rg-atstuj3rtop****',
- ],
+ 'schema' => ['description' => 'The content of the certificate file.', 'type' => 'string', 'required' => false, 'default' => 'cn', 'example' => '-----BEGIN CERTIFICATE----- 62EcYPWd2Oy1vs6MTXcJSfN9Z7rZ9fmxWr2BFN2XbahgnsSXM48ixZJ4krc+1M+j2kcubVpsE2cgHdj4v8H6jUz9Ji4mr7vMNS6dXv8PUkl/qoDeNGCNdyTS5NIL5ir+g92cL8IGOkjgvhlqt9vc65Cgb4mL+n5+DV9uOyTZTW/MojmlgfUekC2xiXa54nxJf17Y1TADGSbyJbsC0Q9nIrHsPl8YKkvRWvIAqYxXZ7wRwWWmv4TMxFhWRiNY7yZIo2ZUhl02SIDNggIEeg== -----END CERTIFICATE-----', 'title' => ''],
],
[
- 'name' => 'RegionId',
+ 'name' => 'PrivateKey',
'in' => 'query',
- 'schema' => [
- 'description' => 'The region in which the WAF instance is deployed. Valid values:'."\n"
- ."\n"
- .'* **cn-hangzhou**: Chinese mainland.'."\n"
- .'* **ap-southeast-1**: outside the Chinese mainland.'."\n",
- 'type' => 'string',
- 'required' => false,
- 'example' => 'cn-hangzhou',
- 'default' => 'cn-hangzhou',
- ],
+ 'schema' => ['description' => 'The content of the private key file that corresponds to the certificate.', 'type' => 'string', 'required' => true, 'example' => '-----BEGIN RSA PRIVATE KEY----- DADTPZoOHd9WtZ3UKHJTRgNQmioPQn2bqdKHop+B/dn/4VZL7Jt8zSDGM9sTMThLyvsmLQKBgQCr+ujntC1kN6pGBj2Fw2l/EA/W3rYEce2tyhjgmG7rZ+A/jVE9fld5sQra6ZdwBcQJaiygoIYoaMF2EjRwc0qwHaluq0C15f6ujSoHh2e+D5zdmkTg/3NKNjqNv6xA2gYpinVDzFdZ9Zujxvuh9o4Vqf0YF8bv5UK5G04RtKadOw== -----END RSA PRIVATE KEY-----', 'title' => ''],
],
- ],
- 'responses' => [
- 200 => [
- 'schema' => [
- 'type' => 'object',
- 'properties' => [
- 'RequestId' => [
- 'description' => 'The ID of the request.'."\n",
- 'type' => 'string',
- 'example' => 'D7861F61-5B61-46CE-A47C-6B19160D5EB0',
- ],
- 'InstanceInfo' => [
- 'description' => 'The information about the WAF instance.'."\n",
- 'type' => 'object',
- 'properties' => [
- 'Status' => [
- 'description' => 'Indicates whether the WAF instance expires. Valid values:'."\n"
- ."\n"
- .'* **0**: The instance expires.'."\n"
- .'* **1**: The instance does not expire.'."\n"
- ."\n"
- .'> If the value of **PayType** is **0**, this parameter is not returned. The value 0 indicates that no WAF instances are purchased.'."\n",
- 'type' => 'integer',
- 'format' => 'int32',
- 'example' => '1',
- ],
- 'EndDate' => [
- 'description' => 'The expiration time of the WAF instance. This value is a UNIX timestamp. Unit: seconds.'."\n"
- ."\n"
- .'> If the value of **PayType** is **0**, this parameter is not returned. The value 0 indicates that no WAF instances are purchased.'."\n",
- 'type' => 'integer',
- 'format' => 'int64',
- 'example' => '1512921600',
- ],
- 'Version' => [
- 'description' => 'The edition of the WAF instance. Valid values:'."\n"
- ."\n"
- .'* **version_pro_china**: a WAF Pro instance in the Chinese mainland'."\n"
- .'* **version_business_china**: a WAF Business instance in the Chinese mainland'."\n"
- .'* **version_enterprise_china**: a WAF Enterprise instance in the Chinese mainland'."\n"
- .'* **version_exclusive_china**: a WAF Exclusive instance in the Chinese mainland'."\n"
- .'* **version_hybrid_cloud_standard_china**: a Hybrid Cloud WAF instance in the Chinese mainland'."\n"
- .'* **version_pro_china**: a WAF Pro instance outside the Chinese mainland'."\n"
- .'* **version_business**: a WAF Business instance outside the Chinese mainland'."\n"
- .'* **version_enterprise**: a WAF Enterprise instance outside the Chinese mainland'."\n"
- .'* **version_exclusive**: a WAF Exclusive instance outside the Chinese mainland'."\n"
- .'* **version_hybrid_cloud_standard**: a Hybrid Cloud WAF instance outside the Chinese mainland'."\n"
- ."\n"
- .'The preceding list contains all the editions of WAF instances within accounts that are created at the International site. If the returned version is not in the list, check whether your account is created at the International site.'."\n"
- ."\n"
- .'> If the value of **PayType** is **0**, this parameter is not returned. The value 0 indicates that no WAF instances are purchased.'."\n",
- 'type' => 'string',
- 'example' => 'version_3',
- ],
- 'RemainDay' => [
- 'description' => 'The number of remaining days before the trial period of the WAF instance ends.'."\n"
- ."\n"
- .'> This parameter is returned only if the value of **Trial** is **1**. The value 1 indicates that the free trial of a WAF instance is activated.'."\n",
- 'type' => 'integer',
- 'format' => 'int32',
- 'example' => '1',
- ],
- 'Region' => [
- 'description' => 'The region in which the WAF instance resides. Valid values:'."\n"
- ."\n"
- .'* **cn**: a region in the Chinese mainland'."\n"
- .'* **cn-hongkong**: a region outside the Chinese mainland'."\n"
- ."\n"
- .'> If the value of **PayType** is **0**, this parameter is not returned. The value 0 indicates that no WAF instances are purchased.'."\n",
- 'type' => 'string',
- 'example' => 'cn',
- ],
- 'PayType' => [
- 'description' => 'The activation status of WAF. Valid values:'."\n"
- ."\n"
- .'* **0**: No WAF instances are purchased within the Alibaba Cloud account.'."\n"
- .'* **1**: A subscription WAF instance is purchased within the Alibaba Cloud account.'."\n",
- 'type' => 'integer',
- 'format' => 'int32',
- 'example' => '1',
- ],
- 'InDebt' => [
- 'description' => 'Indicates whether the WAF instance has overdue payments. Valid values:'."\n"
- ."\n"
- .'* **0**: The instance has overdue payments.'."\n"
- .'* **1**: The instance does not have overdue payments.'."\n"
- ."\n"
- .'> If the value of **PayType** is **0**, this parameter is not returned. The value 0 indicates that no WAF instances are purchased.'."\n",
- 'type' => 'integer',
- 'format' => 'int32',
- 'example' => '1',
- ],
- 'InstanceId' => [
- 'description' => 'The ID of the WAF instance.'."\n"
- ."\n"
- .'> If the value of **PayType** is **0**, this parameter is not returned. The value 0 indicates that no WAF instances are purchased.'."\n",
- 'type' => 'string',
- 'example' => 'waf-cn-tl32ast****',
- ],
- 'SubscriptionType' => [
- 'description' => 'The billing method of the WAF instance: The value is fixed as **Subscription**.'."\n"
- ."\n"
- .'> If the value of **PayType** is **0**, this parameter is not returned. The value 0 indicates that no WAF instances are purchased.'."\n",
- 'type' => 'string',
- 'example' => 'Subscription',
- ],
- 'Trial' => [
- 'description' => 'Indicates whether a WAF instance of the free trial edition is activated within the Alibaba Cloud account. Valid values:'."\n"
- ."\n"
- .'* **0**: no'."\n"
- .'* **1**: yes'."\n"
- ."\n"
- .'> This parameter is returned only if a WAF instance of the free trial edition is activated within the Alibaba Cloud account.'."\n",
- 'type' => 'integer',
- 'format' => 'int32',
- 'example' => '1',
- ],
- ],
- ],
- ],
- ],
- ],
- ],
- 'errorCodes' => [
- 403 => [
- [
- 'errorCode' => 'Forbbiden',
- 'errorMessage' => 'User not authorized to operate on the specified resource.',
- ],
- ],
- 500 => [
- [
- 'errorCode' => 'InternalError',
- 'errorMessage' => 'The request processing has failed due to some unknown error.',
- ],
- ],
- ],
- 'responseDemo' => '[{"type":"json","example":"{\\n \\"RequestId\\": \\"D7861F61-5B61-46CE-A47C-6B19160D5EB0\\",\\n \\"InstanceInfo\\": {\\n \\"Status\\": 1,\\n \\"EndDate\\": 1512921600,\\n \\"Version\\": \\"version_3\\",\\n \\"RemainDay\\": 1,\\n \\"Region\\": \\"cn\\",\\n \\"PayType\\": 1,\\n \\"InDebt\\": 1,\\n \\"InstanceId\\": \\"waf-cn-tl32ast****\\",\\n \\"SubscriptionType\\": \\"Subscription\\",\\n \\"Trial\\": 1\\n }\\n}","errorExample":""},{"type":"xml","example":"<DescribeInstanceInfoResponse>\\n <RequestId>D7861F61-5B61-46CE-A47C-6B19160D5EB0</RequestId>\\n <InstanceInfo>\\n <Status>1</Status>\\n <EndDate>1512921600</EndDate>\\n <Version>version_3</Version>\\n <Region>cn</Region>\\n <PayType>1</PayType>\\n <InDebt>1</InDebt>\\n <InstanceId>waf-cn-tl32ast****</InstanceId>\\n <SubscriptionType>Subscription</SubscriptionType>\\n </InstanceInfo>\\n</DescribeInstanceInfoResponse>","errorExample":""}]',
- 'title' => 'DescribeInstanceInfo',
- 'description' => '## Usage notes'."\n"
- ."\n"
- .'You can call the DescribeInstanceInfo operation to query the information about the WAF instance within your Alibaba Cloud account. The information includes the ID, version, status, and expiration time of the instance.'."\n",
- 'responseParamsDescription' => ' ',
- 'extraInfo' => ' ',
- ],
- 'DescribeInstanceSpecInfo' => [
- 'methods' => [
- 'post',
- 'get',
- ],
- 'schemes' => [
- 'http',
- 'https',
- ],
- 'security' => [
[
- 'AK' => [],
+ 'name' => 'CertificateName',
+ 'in' => 'query',
+ 'schema' => ['description' => 'The name of the certificate.', 'type' => 'string', 'required' => true, 'example' => 'CertName', 'title' => ''],
],
- ],
- 'systemTags' => [
- 'operationType' => 'get',
- ],
- 'parameters' => [
[
'name' => 'InstanceId',
'in' => 'query',
- 'schema' => [
- 'description' => '',
- 'type' => 'string',
- 'required' => false,
- 'example' => 'waf-cn-st2225l****',
- ],
+ 'schema' => ['description' => 'Instance ID of the WAF instance.'."\n"
+ ."\n"
+ .'> You can call the [DescribeInstanceInfo](~~140857~~) operation to query instance ID of the current WAF instance.', 'type' => 'string', 'required' => true, 'example' => 'waf_elasticity-cn-0xldbqt****', 'title' => ''],
],
[
'name' => 'ResourceGroupId',
'in' => 'query',
- 'schema' => [
- 'description' => '',
- 'type' => 'string',
- 'required' => false,
- 'example' => 'rg-atstuj3rtop****',
- ],
+ 'schema' => ['description' => 'The ID of the resource group to which the WAF instance belongs in Resource Management. By default, this parameter is empty, which indicates that the instance belongs to the default resource group.'."\n"
+ ."\n"
+ .'For more information about resource groups, see [Create a resource group](~~94485~~).', 'type' => 'string', 'required' => false, 'example' => 'rg-atstuj3rtop****', 'title' => ''],
],
[
'name' => 'RegionId',
'in' => 'query',
- 'schema' => [
- 'type' => 'string',
- 'default' => 'cn-hangzhou',
- ],
+ 'schema' => ['description' => 'The region where the WAF instance is deployed. Valid values:'."\n"
+ ."\n"
+ .'- **cn-hangzhou**: the Chinese mainland.'."\n"
+ ."\n"
+ .'- **ap-southeast-1**: outside the Chinese mainland.', 'type' => 'string', 'default' => 'cn-hangzhou', 'required' => false, 'example' => 'cn-hangzhou', 'title' => ''],
],
],
'responses' => [
@@ -340,78 +91,43 @@
'schema' => [
'type' => 'object',
'properties' => [
- 'RequestId' => [
- 'description' => '',
- 'type' => 'string',
- 'example' => 'E906513E-F6B5-495E-98DC-7BA888671D76',
- ],
- 'InstanceId' => [
- 'description' => '',
- 'type' => 'string',
- 'example' => 'waf-cn-st2225l****',
- ],
- 'ExpireTime' => [
- 'description' => '',
- 'type' => 'integer',
- 'format' => 'int64',
- 'example' => '1677168000000',
- ],
- 'Version' => [
- 'description' => '',
- 'type' => 'string',
- 'example' => '',
- ],
- 'InstanceSpecInfos' => [
- 'description' => '',
- 'type' => 'array',
- 'items' => [
- 'type' => 'object',
- 'properties' => [
- 'Code' => [
- 'description' => '',
- 'type' => 'string',
- 'example' => '103',
- ],
- 'Value' => [
- 'description' => '',
- 'type' => 'string',
- 'example' => '',
- ],
- ],
- ],
- ],
+ 'CertificateId' => ['description' => 'The certificate record ID that is automatically generated by the system.', 'type' => 'integer', 'format' => 'int64', 'example' => '2329260', 'title' => ''],
+ 'RequestId' => ['description' => 'The request ID.', 'type' => 'string', 'example' => 'D7861F61-5B61-46CE-A47C-6B19160D5EB0', 'title' => ''],
],
+ 'description' => '',
+ 'title' => '',
+ 'example' => '',
],
],
],
- 'errorCodes' => [
- 403 => [
- [
- 'errorCode' => 'Forbbiden',
- 'errorMessage' => 'User not authorized to operate on the specified resource.',
- ],
- ],
- 500 => [
- [
- 'errorCode' => 'InternalError',
- 'errorMessage' => 'The request processing has failed due to some unknown error.',
+ 'errorCodes' => [],
+ 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"CertificateId\\": 2329260,\\n \\"RequestId\\": \\"D7861F61-5B61-46CE-A47C-6B19160D5EB0\\"\\n}","type":"json"}]',
+ 'title' => 'Upload certificate and private key for an added domain name',
+ 'summary' => 'Uploads the certificate and private key for a domain name that has been added to WAF.',
+ 'description' => 'Uploads or updates the certificate and private key for a specified domain name.',
+ 'changeSet' => [],
+ 'flowControl' => [
+ 'flowControlList' => [
+ ['threshold' => '10', 'countWindow' => 1, 'regionId' => '*', 'api' => 'CreateCertificate'],
+ ],
+ ],
+ 'ramActions' => [
+ [
+ 'operationType' => '',
+ 'ramAction' => [
+ 'action' => 'yundun-waf:CreateCertificate',
+ 'authLevel' => 'operate',
+ 'actionConditions' => [],
+ 'resources' => [
+ ['validationType' => 'always', 'product' => 'WAF', 'resourceType' => 'All Resource', 'arn' => '*'],
+ ],
],
],
],
- 'responseDemo' => '[{"type":"json","example":"{\\n \\"RequestId\\": \\"E906513E-F6B5-495E-98DC-7BA8****1D76\\",\\n \\"InstanceId\\": \\"waf-cn-st2225l****\\",\\n \\"ExpireTime\\": 1677168000000,\\n \\"Version\\": \\"version_3\\",\\n \\"InstanceSpecInfos\\": [\\n {\\n \\"Code\\": \\"103\\",\\n \\"Value\\": \\"640\\"\\n }\\n ]\\n}","errorExample":""},{"type":"xml","example":"<DescribeInstanceSpecInfoResponse>\\n <RequestId>E906513E-F6B5-495E-98DC-7BA888671D76</RequestId>\\n <InstanceId>waf-cn-st2225l****</InstanceId>\\n <ExpireTime>1677168000000</ExpireTime>\\n <Version>version_3或version_pro_china</Version>\\n <InstanceSpecInfos>\\n <Code>103</Code>\\n <Value>640</Value>\\n </InstanceSpecInfos>\\n</DescribeInstanceSpecInfoResponse>","errorExample":""}]',
- 'title' => 'DescribeInstanceSpecInfo',
- 'responseParamsDescription' => ' ',
- 'extraInfo' => ' ',
],
- 'DeleteInstance' => [
- 'methods' => [
- 'post',
- 'get',
- ],
- 'schemes' => [
- 'http',
- 'https',
- ],
+ 'CreateCertificateByCertificateId' => [
+ 'methods' => ['post', 'get'],
+ 'schemes' => ['http', 'https'],
'security' => [
[
'AK' => [],
@@ -420,460 +136,90 @@
'systemTags' => [],
'parameters' => [
[
- 'name' => 'InstanceId',
+ 'name' => 'Domain',
'in' => 'query',
- 'schema' => [
- 'description' => '',
- 'type' => 'string',
- 'required' => true,
- 'example' => 'waf_elasticity-cn-0xldbqt****',
- ],
+ 'schema' => ['description' => 'The domain name to which you want to add an SSL certificate.'."\n"
+ ."\n"
+ .'> Call [DescribeDomainList](~~255880~~) to query all domain names that are added to WAF.', 'type' => 'string', 'required' => true, 'example' => 'www.aliyundoc.com', 'title' => ''],
],
[
- 'name' => 'ResourceGroupId',
+ 'name' => 'CertificateId',
'in' => 'query',
- 'schema' => [
- 'description' => '',
- 'type' => 'string',
- 'required' => false,
- 'example' => 'rg-atstuj3rtop****',
- ],
+ 'schema' => ['description' => 'The ID of the certificate to add.'."\n"
+ ."\n"
+ .'> Call [DescribeCertificates](~~160783~~) to query the IDs of all SSL certificates associated with the domain name.', 'type' => 'integer', 'format' => 'int64', 'required' => true, 'example' => '3384669', 'title' => ''],
],
[
- 'name' => 'RegionId',
- 'in' => 'query',
- 'schema' => [
- 'type' => 'string',
- 'default' => 'cn-hangzhou',
- ],
- ],
- ],
- 'responses' => [
- 200 => [
- 'schema' => [
- 'type' => 'object',
- 'properties' => [
- 'RequestId' => [
- 'description' => '',
- 'type' => 'string',
- 'example' => 'F35F45B0-5D6B-4238-BE02-A62D0760E840',
- ],
- ],
- ],
- ],
- ],
- 'errorCodes' => [],
- 'responseDemo' => '[{"type":"json","example":"{\\n \\"RequestId\\": \\"F35F45B0-5D6B-4238-BE02-A62D****E840\\"\\n}","errorExample":""},{"type":"xml","example":"<DeleteInstanceResponse>\\r\\n<RequestId>F35F45B0-5D6B-4238-BE02-A62D0760E840</RequestId>\\r\\n</DeleteInstanceResponse>","errorExample":""}]',
- 'title' => 'DeleteInstance',
- 'requestParamsDescription' => ' ',
- 'responseParamsDescription' => ' ',
- 'extraInfo' => ' ',
- ],
- 'DescribeDomainNames' => [
- 'methods' => [
- 'post',
- 'get',
- ],
- 'schemes' => [
- 'http',
- 'https',
- ],
- 'security' => [
- [
- 'AK' => [],
- ],
- ],
- 'systemTags' => [
- 'operationType' => 'list',
- ],
- 'parameters' => [
- [
'name' => 'InstanceId',
'in' => 'query',
- 'schema' => [
- 'description' => '',
- 'type' => 'string',
- 'required' => true,
- 'example' => 'waf_elasticity-cn-0xldbqt****',
- ],
+ 'schema' => ['description' => 'The ID of the WAF instance.'."\n"
+ ."\n"
+ .'> Call [DescribeInstanceInfo](~~140857~~) to query the ID of the current WAF instance.', 'type' => 'string', 'required' => true, 'example' => 'waf-cn-zz11sr5****', 'title' => ''],
],
[
'name' => 'ResourceGroupId',
'in' => 'query',
- 'schema' => [
- 'description' => '',
- 'type' => 'string',
- 'required' => false,
- 'example' => 'rg-atstuj3rtop****',
- ],
+ 'schema' => ['description' => 'The ID of the resource group to which the WAF instance belongs in Resource Management. This parameter is empty by default, which indicates that the WAF instance belongs to the default resource group.'."\n"
+ ."\n"
+ .'For more information about resource groups, see [Create a resource group](~~94485~~).', 'type' => 'string', 'required' => false, 'example' => 'rg-atstuj3rtop****', 'title' => ''],
],
[
'name' => 'RegionId',
'in' => 'query',
- 'schema' => [
- 'type' => 'string',
- 'default' => 'cn-hangzhou',
- ],
+ 'schema' => ['description' => 'The region where the WAF instance is deployed. Valid values:'."\n"
+ ."\n"
+ .'- **cn-hangzhou**: the Chinese mainland.'."\n"
+ ."\n"
+ .'- **ap-southeast-1**: outside the Chinese mainland.', 'type' => 'string', 'default' => 'cn-hangzhou', 'required' => false, 'example' => 'cn-hangzhou', 'title' => ''],
],
],
'responses' => [
200 => [
+ 'headers' => [],
'schema' => [
'type' => 'object',
'properties' => [
- 'RequestId' => [
- 'description' => '',
- 'type' => 'string',
- 'example' => 'D7861F61-5B61-46CE-A47C-6B19160D5EB0',
- ],
- 'DomainNames' => [
- 'type' => 'array',
- 'items' => [
- 'description' => '',
- 'type' => 'string',
- 'example' => '["1.example.com","2.example.com","3.example.com"]',
- ],
- ],
+ 'CertificateId' => ['description' => 'The ID of the added certificate.', 'type' => 'integer', 'format' => 'int64', 'example' => '3384669', 'title' => ''],
+ 'RequestId' => ['description' => 'The ID of the request.', 'type' => 'string', 'example' => 'D7861F61-5B61-46CE-A47C-6B19160D5EB0', 'title' => ''],
],
+ 'description' => '',
+ 'title' => '',
+ 'example' => '',
],
],
],
- 'errorCodes' => [
- 403 => [
- [
- 'errorCode' => 'Forbbiden',
- 'errorMessage' => 'User not authorized to operate on the specified resource.',
- ],
- ],
- 500 => [
- [
- 'errorCode' => 'InternalError',
- 'errorMessage' => 'The request processing has failed due to some unknown error.',
- ],
- ],
- ],
- 'responseDemo' => '[{"type":"json","example":"{\\n \\"RequestId\\": \\"D7861F61-5B61-46CE-A47C-6B19160D5EB0\\",\\n \\"DomainNames\\": [\\n \\"1.example.com\\"\\n ]\\n}","errorExample":""},{"type":"xml","example":"<?xml version=\\"1.0\\" encoding=\\"UTF-8\\" ?>\\n<DescribeDomainNamesResponse>\\n\\t<DomainNames>1.example.com</DomainNames>\\n\\t<DomainNames>2.example.com</DomainNames>\\n\\t<DomainNames>3.example.com</DomainNames>\\n\\t<RequestId>D7861F61-5B61-46CE-A47C-6B19160D5EB0</RequestId>\\n</DescribeDomainNamesResponse>","errorExample":""}]',
- 'title' => 'DescribeDomainNames',
- 'requestParamsDescription' => ' ',
+ 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"CertificateId\\": 3384669,\\n \\"RequestId\\": \\"D7861F61-5B61-46CE-A47C-6B19160D5EB0\\"\\n}","type":"json"}]',
+ 'title' => 'Create a certificate for a domain name by certificate ID',
+ 'summary' => 'Creates a certificate for a specified domain name based on a certificate ID by calling the CreateCertificateByCertificateId operation.',
+ 'description' => 'This operation adds an SSL certificate to a specified domain name by certificate ID. Before calling this operation, call [DescribeCertificates](~~160783~~) to query the IDs of all SSL certificates associated with the domain name. To ensure system stability, the queries per second (QPS) for a single user is limited to 10. Requests that exceed this limit will be throttled, which may affect your business. Call this operation appropriately.',
+ 'requestParamsDescription' => 'When you call this operation, in addition to the request parameters described in this topic, you must include Alibaba Cloud API common request parameters. For more information about common parameters, see [Common parameters](~~162719~~).'."\n"
+ ."\n"
+ .'For the request format, see the request examples in the **Examples** section of this topic.',
'responseParamsDescription' => ' ',
'extraInfo' => ' ',
- ],
- 'DescribeDomain' => [
- 'methods' => [
- 'post',
- 'get',
- ],
- 'schemes' => [
- 'http',
- 'https',
- ],
- 'security' => [
- [
- 'AK' => [],
+ 'changeSet' => [],
+ 'flowControl' => [
+ 'flowControlList' => [
+ ['threshold' => '10', 'countWindow' => 1, 'regionId' => '*', 'api' => 'CreateCertificateByCertificateId'],
],
],
- 'deprecated' => false,
- 'systemTags' => [
- 'operationType' => 'get',
- ],
- 'parameters' => [
- [
- 'name' => 'InstanceId',
- 'in' => 'query',
- 'schema' => [
- 'description' => '',
- 'type' => 'string',
- 'required' => true,
- 'example' => 'waf-cn-7pp26f1****',
- ],
- ],
- [
- 'name' => 'Domain',
- 'in' => 'query',
- 'schema' => [
- 'description' => '',
- 'type' => 'string',
- 'required' => true,
- 'example' => 'www.example.com',
- ],
- ],
+ 'ramActions' => [
[
- 'name' => 'ResourceGroupId',
- 'in' => 'query',
- 'schema' => [
- 'type' => 'string',
- ],
- ],
- [
- 'name' => 'RegionId',
- 'in' => 'query',
- 'schema' => [
- 'type' => 'string',
- 'default' => 'cn-hangzhou',
- ],
- ],
- ],
- 'responses' => [
- 200 => [
- 'schema' => [
- 'type' => 'object',
- 'properties' => [
- 'RequestId' => [
- 'description' => '',
- 'type' => 'string',
- 'example' => 'D827FCFE-90A7-4330-9326-D33C8B4C7726',
- ],
- 'Domain' => [
- 'description' => '',
- 'type' => 'object',
- 'properties' => [
- 'HttpToUserIp' => [
- 'description' => '',
- 'type' => 'integer',
- 'format' => 'int32',
- 'example' => '0',
- ],
- 'SniStatus' => [
- 'description' => '',
- 'type' => 'integer',
- 'format' => 'int32',
- 'example' => '1',
- ],
- 'IsAccessProduct' => [
- 'description' => '',
- 'type' => 'integer',
- 'format' => 'int32',
- 'example' => '1',
- ],
- 'AccessHeaderMode' => [
- 'description' => '',
- 'type' => 'integer',
- 'format' => 'int32',
- 'example' => '1',
- ],
- 'HttpsRedirect' => [
- 'description' => '',
- 'type' => 'integer',
- 'format' => 'int32',
- 'example' => '0',
- ],
- 'IpFollowStatus' => [
- 'description' => '',
- 'type' => 'integer',
- 'format' => 'int32',
- 'example' => '1',
- ],
- 'LoadBalancing' => [
- 'description' => '',
- 'type' => 'integer',
- 'format' => 'int32',
- 'example' => '2',
- ],
- 'AccessType' => [
- 'description' => '',
- 'type' => 'string',
- 'example' => 'waf-cloud-dns',
- ],
- 'Version' => [
- 'description' => '',
- 'type' => 'integer',
- 'format' => 'int64',
- 'example' => '40',
- ],
- 'ClusterType' => [
- 'description' => '',
- 'type' => 'integer',
- 'format' => 'int32',
- 'example' => '0',
- ],
- 'ReadTime' => [
- 'description' => '',
- 'type' => 'integer',
- 'format' => 'int32',
- 'example' => '120',
- ],
- 'WriteTime' => [
- 'description' => '',
- 'type' => 'integer',
- 'format' => 'int32',
- 'example' => '120',
- ],
- 'SniHost' => [
- 'description' => '',
- 'type' => 'string',
- 'example' => 'waf.example.com',
- ],
- 'ResourceGroupId' => [
- 'description' => '',
- 'type' => 'string',
- 'example' => 'rg-acfm2mkrunv****',
- ],
- 'Cname' => [
- 'description' => '',
- 'type' => 'string',
- 'example' => 'kdmqyi3ck7xogegxpiyfpb0fj21mgkxn.****.com',
- ],
- 'ConnectionTime' => [
- 'description' => '',
- 'type' => 'integer',
- 'format' => 'int32',
- 'example' => '5',
- ],
- 'LogHeaders' => [
- 'description' => '',
- 'type' => 'array',
- 'items' => [
- 'type' => 'object',
- 'properties' => [
- 'k' => [
- 'description' => '',
- 'type' => 'string',
- 'example' => 'ALIWAF-TAG',
- ],
- 'v' => [
- 'description' => '',
- 'type' => 'string',
- 'example' => 'Yes',
- ],
- ],
- ],
- ],
- 'CloudNativeInstances' => [
- 'description' => '',
- 'type' => 'array',
- 'items' => [
- 'type' => 'object',
- 'properties' => [
- 'RedirectionTypeName' => [
- 'description' => '',
- 'type' => 'string',
- 'example' => 'ALB',
- ],
- 'CloudNativeProductName' => [
- 'description' => '',
- 'type' => 'string',
- 'example' => 'ALB',
- ],
- 'InstanceId' => [
- 'description' => '',
- 'type' => 'string',
- 'example' => 'alb-s65nua68wdedsp****',
- ],
- 'IPAddressList' => [
- 'description' => '',
- 'type' => 'array',
- 'example' => '["39.XX.XX.197"]',
- 'items' => [
- 'type' => 'string',
- ],
- ],
- 'ProtocolPortConfigs' => [
- 'description' => '',
- 'type' => 'array',
- 'items' => [
- 'type' => 'object',
- 'properties' => [
- 'Ports' => [
- 'description' => '',
- 'type' => 'array',
- 'example' => '[80]',
- 'items' => [
- 'type' => 'integer',
- 'format' => 'int32',
- ],
- ],
- 'Protocol' => [
- 'description' => '',
- 'type' => 'string',
- 'example' => 'http',
- ],
- ],
- ],
- ],
- ],
- ],
- ],
- 'HttpPort' => [
- 'type' => 'array',
- 'items' => [
- 'description' => '',
- 'type' => 'integer',
- 'example' => '[80]',
- 'format' => 'int32',
- ],
- ],
- 'Http2Port' => [
- 'type' => 'array',
- 'items' => [
- 'description' => '',
- 'type' => 'integer',
- 'example' => '[443,8443]',
- 'format' => 'int32',
- ],
- ],
- 'SourceIps' => [
- 'type' => 'array',
- 'items' => [
- 'description' => '',
- 'type' => 'string',
- 'example' => '["39.XX.XX.197"]',
- ],
- ],
- 'HttpsPort' => [
- 'type' => 'array',
- 'items' => [
- 'description' => '',
- 'type' => 'integer',
- 'example' => '[443,8443]',
- 'format' => 'int32',
- ],
- ],
- 'AccessHeaders' => [
- 'type' => 'array',
- 'items' => [
- 'description' => '',
- 'type' => 'string',
- 'example' => '["X-Client-IP"]',
- ],
- ],
- 'Retry' => [
- 'type' => 'boolean',
- 'default' => 'true',
- ],
- 'Keepalive' => [
- 'type' => 'boolean',
- 'default' => 'true',
- ],
- 'KeepaliveRequests' => [
- 'type' => 'integer',
- 'format' => 'int32',
- 'default' => '1000',
- ],
- 'KeepaliveTimeout' => [
- 'type' => 'integer',
- 'format' => 'int32',
- 'default' => '15',
- ],
- ],
- ],
+ 'operationType' => '',
+ 'ramAction' => [
+ 'action' => 'yundun-waf:CreateCertificateByCertificateId',
+ 'authLevel' => 'operate',
+ 'actionConditions' => [],
+ 'resources' => [
+ ['validationType' => 'always', 'product' => 'WAF', 'resourceType' => 'All Resource', 'arn' => '*'],
],
],
],
],
- 'responseDemo' => '[{"type":"json","example":"{\\n \\"RequestId\\": \\"D827FCFE-90A7-4330-9326-D33C8B4C7726\\",\\n \\"Domain\\": {\\n \\"HttpToUserIp\\": 0,\\n \\"SniStatus\\": 1,\\n \\"IsAccessProduct\\": 1,\\n \\"AccessHeaderMode\\": 1,\\n \\"HttpsRedirect\\": 0,\\n \\"IpFollowStatus\\": 1,\\n \\"LoadBalancing\\": 2,\\n \\"AccessType\\": \\"waf-cloud-dns\\",\\n \\"Version\\": 40,\\n \\"ClusterType\\": 0,\\n \\"ReadTime\\": 120,\\n \\"WriteTime\\": 120,\\n \\"SniHost\\": \\"waf.example.com\\",\\n \\"ResourceGroupId\\": \\"rg-acfm2mkrunv****\\",\\n \\"Cname\\": \\"kdmqyi3ck7xogegxpiyfpb0fj21mgkxn.****.com\\",\\n \\"ConnectionTime\\": 5,\\n \\"LogHeaders\\": [\\n {\\n \\"k\\": \\"ALIWAF-TAG\\",\\n \\"v\\": \\"Yes\\"\\n }\\n ],\\n \\"CloudNativeInstances\\": [\\n {\\n \\"RedirectionTypeName\\": \\"ALB\\",\\n \\"CloudNativeProductName\\": \\"ALB\\",\\n \\"InstanceId\\": \\"alb-s65nua68wdedsp****\\",\\n \\"IPAddressList\\": [\\n \\"39.XX.XX.197\\"\\n ],\\n \\"ProtocolPortConfigs\\": [\\n {\\n \\"Ports\\": [\\n 80\\n ],\\n \\"Protocol\\": \\"http\\"\\n }\\n ]\\n }\\n ],\\n \\"HttpPort\\": [\\n 80\\n ],\\n \\"Http2Port\\": [\\n 8443\\n ],\\n \\"SourceIps\\": [\\n \\"39.XX.XX.197\\"\\n ],\\n \\"HttpsPort\\": [\\n 443\\n ],\\n \\"AccessHeaders\\": [\\n \\"X-Client-IP\\"\\n ],\\n \\"Retry\\": false,\\n \\"Keepalive\\": true,\\n \\"KeepaliveRequests\\": 1000,\\n \\"KeepaliveTimeout\\": 15\\n }\\n}","errorExample":""},{"type":"xml","example":"<?xml version=\\"1.0\\" encoding=\\"UTF-8\\" ?>\\n<DescribeDomainResponse>\\n\\t<RequestId>D827FCFE-90A7-4330-9326-D33C8B4C7726</RequestId>\\n\\t<Domain>\\n\\t\\t<HttpToUserIp>0</HttpToUserIp>\\n\\t\\t<HttpPort>80</HttpPort>\\n\\t\\t<IsAccessProduct>1</IsAccessProduct>\\n\\t\\t<AccessHeaderMode>1</AccessHeaderMode>\\n\\t\\t<ResourceGroupId>rg-acfm2mkrunv****</ResourceGroupId>\\n\\t\\t<AccessHeaders>X-Client-IP</AccessHeaders>\\n\\t\\t<ReadTime>120</ReadTime>\\n\\t\\t<SourceIps>39.XX.XX.197</SourceIps>\\n\\t\\t<IpFollowStatus>1</IpFollowStatus>\\n\\t\\t<ClusterType>0</ClusterType>\\n\\t\\t<LoadBalancing>2</LoadBalancing>\\n\\t\\t<Cname>kdmqyi3ck7xogegxpiyfpb0fj21mgkxn.****.com</Cname>\\n\\t\\t<LogHeaders>\\n\\t\\t\\t<v>Yes</v>\\n\\t\\t\\t<k>ALIWAF-TAG</k>\\n\\t\\t</LogHeaders>\\n\\t\\t<WriteTime>120</WriteTime>\\n\\t\\t<Http2Port>443</Http2Port>\\n\\t\\t<Http2Port>8443</Http2Port>\\n\\t\\t<Version>40</Version>\\n\\t\\t<HttpsRedirect>0</HttpsRedirect>\\n\\t\\t<ConnectionTime>5</ConnectionTime>\\n\\t\\t<AccessType>waf-cloud-dns</AccessType>\\n\\t\\t<HttpsPort>443</HttpsPort>\\n\\t\\t<HttpsPort>8443</HttpsPort>\\n\\t</Domain>\\n</DescribeDomainResponse>\\n","errorExample":""}]',
- 'title' => 'DescribeDomain',
- 'responseParamsDescription' => ' ',
- 'extraInfo' => ' ',
],
'CreateDomain' => [
- 'methods' => [
- 'post',
- 'get',
- ],
- 'schemes' => [
- 'http',
- 'https',
- ],
+ 'methods' => ['post', 'get'],
+ 'schemes' => ['http', 'https'],
'security' => [
[
'AK' => [],
@@ -885,416 +231,243 @@
[
'name' => 'InstanceId',
'in' => 'query',
- 'schema' => [
- 'description' => 'The ID of the WAF instance.'."\n"
- ."\n"
- .'> You can call the [DescribeInstanceInfo](~~140857~~) operation to query the ID of the WAF instance.'."\n",
- 'type' => 'string',
- 'required' => true,
- 'example' => 'waf-cn-7pp26f1****',
- ],
+ 'schema' => ['description' => 'The ID of the WAF instance.'."\n"
+ .'> You can call [DescribeInstanceInfo](~~140857~~) to query the ID of the current WAF instance.', 'type' => 'string', 'required' => true, 'example' => 'waf-cn-7pp26f1****', 'title' => ''],
],
[
'name' => 'Domain',
'in' => 'query',
- 'schema' => [
- 'description' => 'The domain name that you want to add to WAF.'."\n",
- 'type' => 'string',
- 'required' => true,
- 'example' => 'www.example.com',
- ],
+ 'schema' => ['description' => 'The domain name to be added to WAF for protection.', 'type' => 'string', 'required' => true, 'example' => 'www.example.com', 'title' => ''],
],
[
'name' => 'SourceIps',
'in' => 'query',
- 'schema' => [
- 'description' => 'The IP address or domain name of the origin server. You can specify only one type of address.'."\n"
- ."\n"
- .'* If you use an IP address, specify the value in the `["ip1","ip2",...]` format. You can specify up to 20 IP addresses.'."\n"
- .'* If you use a domain name, specify the value in the `["domain"]` format. You can enter only one domain name.'."\n"
- ."\n"
- .'> This parameter is required only if you set **AccessType** to **waf-cloud-dns**.'."\n",
- 'type' => 'string',
- 'required' => false,
- 'example' => '["39.XX.XX.197"]',
- ],
+ 'schema' => ['description' => 'The IP address of the origin server or the back-to-origin domain name associated with the domain name. You can set only one of the two:'."\n"
+ ."\n"
+ .'- To set origin server IP addresses, use the `["ip1","ip2",……]` format. A maximum of 20 IP addresses can be added.'."\n"
+ .'- To set the back-to-origin domain name, use the `["domain"]` format. Only one domain name can be specified.'."\n"
+ ."\n"
+ .'> This parameter is required only when **AccessType** is set to **waf-cloud-dns** (indicating that the domain name uses the CNAME access method).', 'type' => 'string', 'required' => false, 'example' => '["39.XX.XX.197"]', 'title' => ''],
],
[
'name' => 'IsAccessProduct',
'in' => 'query',
- 'schema' => [
- 'description' => 'Specifies whether a Layer 7 proxy is configured in front of WAF. A Layer 7 proxy is used to filter inbound traffic before the traffic reaches the WAF instance. Layer 7 proxies include Anti-DDoS Pro, Anti-DDoS Premium, and Alibaba Cloud CDN. Valid values:'."\n"
- ."\n"
- .'* **0**: No Layer 7 proxy is configured in front of WAF.'."\n"
- .'* **1**: A Layer 7 proxy is configured in front of WAF.'."\n",
- 'type' => 'integer',
- 'format' => 'int32',
- 'required' => true,
- 'example' => '0',
- ],
+ 'schema' => ['description' => 'Specifies whether a Layer 7 proxy is deployed in front of WAF (such as Anti-DDoS Pro or CDN), that is, whether the client access traffic passes through other Layer 7 proxy forwarding before reaching WAF. Valid values:'."\n"
+ ."\n"
+ .'- **0**: No.'."\n"
+ .'- **1**: Yes.', 'type' => 'integer', 'format' => 'int32', 'required' => true, 'example' => '0', 'title' => ''],
],
[
'name' => 'AccessHeaderMode',
'in' => 'query',
- 'schema' => [
- 'description' => 'The method that you want WAF to use to obtain the actual IP address of a client. Valid values:'."\n"
- ."\n"
- .'* **0**: WAF reads the first value of the X-Forwarded-For (XFF) header field as the actual IP address of a client. This is the default value.'."\n"
- .'* **1**: WAF reads the value of a custom header field as the actual IP address of a client.'."\n"
- ."\n"
- .'> This parameter is required only if you set **IsAccessProduct** to **1**.'."\n",
- 'type' => 'integer',
- 'format' => 'int32',
- 'required' => false,
- 'example' => '0',
- ],
+ 'schema' => ['description' => 'The method that WAF uses to obtain the actual IP address of the client. Valid values:'."\n"
+ ."\n"
+ .'- **0** (default): WAF reads the first value of the X-Forwarded-For (XFF) field in the request header as the client IP address.'."\n"
+ .'- **1**: WAF reads the value of a custom field that you specified in the request header as the client IP address.'."\n"
+ ."\n"
+ .'> This parameter is required only when **IsAccessProduct** is set to **1** (indicating that a Layer 7 proxy is deployed in front of WAF).', 'type' => 'integer', 'format' => 'int32', 'required' => false, 'example' => '0', 'title' => ''],
],
[
'name' => 'AccessHeaders',
'in' => 'query',
- 'schema' => [
- 'description' => 'The custom header fields that you want WAF to use to obtain the actual IP address of a client. Specify the value in the `["header1","header2",...]` format.'."\n"
- ."\n"
- .'> This parameter is required only if you set **AccessHeaderMode** to **1**.'."\n",
- 'type' => 'string',
- 'required' => false,
- 'example' => '["X-Client-IP"]',
- ],
+ 'schema' => ['description' => 'The list of custom fields used to obtain the client IP address, in the `["header1","header2",……]` format.'."\n"
+ ."\n"
+ .'> This parameter is required only when **AccessHeaderMode** is set to **1** (indicating that WAF reads the value of a custom field in the request header as the client IP address).', 'type' => 'string', 'required' => false, 'example' => '["X-Client-IP"]', 'title' => ''],
],
[
'name' => 'LoadBalancing',
'in' => 'query',
- 'schema' => [
- 'description' => 'The load balancing algorithm that you want WAF to use to forward requests to the origin server. Valid values:'."\n"
- ."\n"
- .'* **0**: The IP hash algorithm.'."\n"
- .'* **1**: The round-robin algorithm.'."\n"
- .'* **2**: The least time algorithm.'."\n"
- ."\n"
- .'> This parameter is required only if you set **AccessType** to **waf-cloud-dns**.'."\n",
- 'type' => 'integer',
- 'format' => 'int32',
- 'required' => false,
- 'example' => '0',
- 'default' => '0',
- ],
+ 'schema' => ['description' => 'The load balancing algorithm used for back-to-origin. Valid values:'."\n"
+ ."\n"
+ .'- **0**: IP Hash.'."\n"
+ .'- **1**: Round Robin.'."\n"
+ .'- **2**: Least Time.'."\n"
+ ."\n"
+ .'> This parameter is required only when **AccessType** is set to **waf-cloud-dns** (indicating that the domain name uses the CNAME access method).', 'type' => 'integer', 'format' => 'int32', 'required' => false, 'default' => '0', 'example' => '0', 'title' => ''],
],
[
'name' => 'LogHeaders',
'in' => 'query',
- 'schema' => [
- 'description' => 'The key-value pairs that you want to use to label the requests that pass through the WAF instance.'."\n"
- ."\n"
- .'Specify the key-value pair in the `[{"k":"_key_","v":"_value_"}]` format. `key` is the custom header field, and `value` is the value of the custom header field.'."\n"
- ."\n"
- .'The WAF can automatically add custom key-value pairs as traffic markers to the request headers of traffic destined for the protected domain. This allows backend services to easily identify requests that have passed through the WAF.'."\n"
- ."\n"
- .'> If a request contains a custom header field, WAF overwrites the original value of the field with the specified value.'."\n",
- 'type' => 'string',
- 'required' => false,
- 'example' => '[{"k":"ALIWAF-TAG","v":"Yes"}]',
- ],
+ 'schema' => ['description' => 'The traffic tag field and value of the domain name, used to mark traffic processed by WAF.'."\n"
+ ."\n"
+ .'The format of this parameter value is `[{"k":"_key_","v":"_value_"}]`, where `_key_` specifies the custom request header field and `_value_` specifies the value set for the field.'."\n"
+ ."\n"
+ .'By specifying custom request header fields and their corresponding values, when traffic to the domain name passes through WAF, WAF automatically adds the custom field values to the request header as traffic tags, facilitating statistics collection by backend services.'."\n"
+ ."\n"
+ .'> If the custom header field already exists in the request, the system overwrites the value of the custom field in the request with the specified traffic tag value.', 'type' => 'string', 'required' => false, 'example' => '[{"k":"ALIWAF-TAG","v":"Yes"}]', 'title' => ''],
],
[
'name' => 'HttpPort',
'in' => 'query',
- 'schema' => [
- 'description' => 'The HTTPS ports. Specify the value in the `["port1","port2",...]` format.'."\n"
- ."\n"
- .'> This parameter is required only if you set **AccessType** to **waf-cloud-dns**. If you specify this parameter, your website uses HTTP. You must specify **HttpPort** or **HttpsPort**.'."\n",
- 'type' => 'string',
- 'required' => false,
- 'example' => '[80]',
- ],
+ 'schema' => ['description' => 'The list of HTTP protocol ports, in the `[port1,port2,……]` format.'."\n"
+ ."\n"
+ .'> This parameter is required only when **AccessType** is set to **waf-cloud-dns** (indicating that the domain name uses the CNAME access method). Setting this parameter indicates that the domain name uses the HTTP protocol. **HttpPort** and **HttpsPort** cannot both be empty.', 'type' => 'string', 'required' => false, 'example' => '[80]', 'title' => ''],
],
[
'name' => 'HttpsPort',
'in' => 'query',
- 'schema' => [
- 'description' => 'The HTTPS ports. Specify the value in the `["port1","port2",...]` format.'."\n"
- ."\n"
- .'> This parameter is required only if you set **AccessType** to **waf-cloud-dns**. If you specify this parameter, your website uses HTTPS. You must specify **HttpPort** or **HttpsPort**.'."\n",
- 'type' => 'string',
- 'required' => false,
- 'example' => '[443]',
- ],
+ 'schema' => ['description' => 'The list of HTTPS protocol ports, in the `[port1,port2,……]` format.'."\n"
+ ."\n"
+ .'> This parameter is required only when **AccessType** is set to **waf-cloud-dns** (indicating that the domain name uses the CNAME access method). Setting this parameter indicates that the domain name uses the HTTPS protocol. **HttpPort** and **HttpsPort** cannot both be empty.', 'type' => 'string', 'required' => false, 'example' => '[443]', 'title' => ''],
],
[
'name' => 'Http2Port',
'in' => 'query',
- 'schema' => [
- 'description' => 'The HTTP/2 ports. Specify the value in the `["port1","port2",...]` format.'."\n"
- ."\n"
- .'> This parameter is required only if you set **AccessType** to **waf-cloud-dns** and specify **HttpsPort**.'."\n",
- 'type' => 'string',
- 'required' => false,
- 'example' => '[443]',
- ],
+ 'schema' => ['description' => 'The list of HTTP 2.0 protocol ports, in the `[port1,port2,……]` format.'."\n"
+ ."\n"
+ .'> This parameter is required only when **AccessType** is set to **waf-cloud-dns** (indicating that the domain name uses the CNAME access method) and **HttpsPort** is not empty (indicating that the domain name uses the HTTPS protocol).', 'type' => 'string', 'required' => false, 'example' => '[443]', 'title' => ''],
],
[
'name' => 'HttpToUserIp',
'in' => 'query',
- 'schema' => [
- 'description' => 'Specifies whether to enable HTTPS to HTTP redirection for back-to-origin requests. If you enable this feature, WAF forwards requests to the origin server over HTTP. The default port is 80. Valid values:'."\n"
- ."\n"
- .'* **0**: Disables HTTPS to HTTP redirection for back-to-origin requests. This is the default value.'."\n"
- .'* **1**: Enables HTTPS to HTTP redirection for back-to-origin requests.'."\n"
- ."\n"
- .'> This parameter is required only if you set **AccessType** to **waf-cloud-dns** and specify **HttpsPort**.'."\n",
- 'type' => 'integer',
- 'format' => 'int32',
- 'required' => false,
- 'example' => '0',
- 'default' => '0',
- ],
+ 'schema' => ['description' => 'Specifies whether to enable HTTP back-to-origin. After this feature is enabled, HTTPS requests are forwarded to the origin server over HTTP, and the default back-to-origin port is 80. Valid values:'."\n"
+ ."\n"
+ .'- **0** (default): Disabled.'."\n"
+ .'- **1**: Enabled.'."\n"
+ ."\n"
+ .'> This parameter is required only when **AccessType** is set to **waf-cloud-dns** (indicating that the domain name uses the CNAME access method) and **HttpsPort** is not empty (indicating that the domain name uses the HTTPS protocol).', 'type' => 'integer', 'format' => 'int32', 'required' => false, 'default' => '0', 'example' => '0', 'title' => ''],
],
[
'name' => 'HttpsRedirect',
'in' => 'query',
- 'schema' => [
- 'description' => 'Specifies whether to enable the feature of redirecting HTTP requests to HTTPS requests. Specifies whether to enable HTTP to HTTPS redirection. If you enable this feature, requests are sent over HTTPS. The default port is 443. Valid values:'."\n"
- ."\n"
- .'* **0**: Disables HTTP to HTTPS redirection. This is the default value.'."\n"
- .'* **1**: Enables HTTP to HTTPS redirection.'."\n"
- ."\n"
- .'> This parameter is required only if you set **AccessType** to **waf-cloud-dns** and specify **HttpsPort**.'."\n",
- 'type' => 'integer',
- 'format' => 'int32',
- 'required' => false,
- 'example' => '0',
- 'default' => '0',
- ],
+ 'schema' => ['description' => 'Specifies whether to enable HTTPS forced redirect. After this feature is enabled, HTTP requests from clients are forcibly redirected to HTTPS requests, and the default redirect port is 443. Valid values:'."\n"
+ ."\n"
+ .'- **0** (default): Disabled.'."\n"
+ .'- **1**: Enabled.'."\n"
+ ."\n"
+ .'> This parameter is required only when **AccessType** is set to **waf-cloud-dns** (indicating that the domain name uses the CNAME access method) and **HttpsPort** is not empty (indicating that the domain name uses the HTTPS protocol).', 'type' => 'integer', 'format' => 'int32', 'required' => false, 'default' => '0', 'example' => '0', 'title' => ''],
],
[
'name' => 'ClusterType',
'in' => 'query',
- 'schema' => [
- 'description' => 'The type of the WAF protection cluster. Valid values:'."\n"
- ."\n"
- .'* **0**: Shared cluster. This is the default value.'."\n"
- .'* **1**: Exclusive cluster.'."\n"
- ."\n"
- .'> This parameter is required only if you set **AccessType** to **waf-cloud-dns**.'."\n",
- 'type' => 'integer',
- 'format' => 'int32',
- 'required' => false,
- 'example' => '0',
- 'default' => '0',
- ],
+ 'schema' => ['description' => 'The type of the WAF protection cluster. Valid values:'."\n"
+ ."\n"
+ .'- **0** (default): Physical cluster.'."\n"
+ .'- **1**: Virtual cluster, that is, WAF exclusive cluster.'."\n"
+ ."\n"
+ .'> This parameter is required only when **AccessType** is set to **waf-cloud-dns** (indicating that the domain name uses the CNAME access method).', 'type' => 'integer', 'format' => 'int32', 'required' => false, 'default' => '0', 'example' => '0', 'title' => ''],
],
[
'name' => 'ResourceGroupId',
'in' => 'query',
- 'schema' => [
- 'description' => 'The ID of the resource group to which the WAF instance belongs in Resource Management. This parameter is empty by default, which specifies that the instance belongs to the default resource group.'."\n"
- ."\n"
- .'For more information about resource groups, see [Create a resource group](~~94485~~).'."\n",
- 'type' => 'string',
- 'required' => false,
- 'example' => 'rg-atstuj3rtop****',
- ],
+ 'schema' => ['description' => 'The ID of the resource group to which the WAF instance belongs in Resource Management. The default value is empty, indicating that the instance belongs to the default resource group.'."\n"
+ ."\n"
+ .'For more information about resource groups, see [Create a resource group](~~94485~~).', 'type' => 'string', 'required' => false, 'example' => 'rg-atstuj3rtop****', 'title' => ''],
],
[
'name' => 'ConnectionTime',
'in' => 'query',
- 'schema' => [
- 'description' => 'The timeout period for connections of WAF exclusive clusters. Unit: seconds.'."\n"
- ."\n"
- .'> This parameter is required only if you set **AccessType** to **waf-cloud-dns** and **ClusterType** to **1**.'."\n",
- 'type' => 'integer',
- 'format' => 'int32',
- 'required' => false,
- 'example' => '5',
- 'default' => '5',
- ],
+ 'schema' => ['description' => 'The connection timeout period of the WAF exclusive cluster. Unit: seconds.'."\n"
+ ."\n"
+ .'> This parameter is required only when **AccessType** is set to **waf-cloud-dns** (indicating that the domain name uses the CNAME access method) and **ClusterType** is set to **1** (indicating that the domain name uses a WAF exclusive cluster).', 'type' => 'integer', 'format' => 'int32', 'required' => false, 'default' => '5', 'example' => '5', 'title' => ''],
],
[
'name' => 'ReadTime',
'in' => 'query',
- 'schema' => [
- 'description' => 'The timeout period for read connections of WAF exclusive clusters. Unit: seconds.'."\n"
- ."\n"
- .'> This parameter is required only if you set **AccessType** to **waf-cloud-dns** and **ClusterType** to **1**.'."\n",
- 'type' => 'integer',
- 'format' => 'int32',
- 'required' => false,
- 'example' => '120',
- 'default' => '120',
- ],
+ 'schema' => ['description' => 'The read connection timeout period of the WAF exclusive cluster. Unit: seconds.'."\n"
+ ."\n"
+ .'> This parameter is required only when **AccessType** is set to **waf-cloud-dns** (indicating that the domain name uses the CNAME access method) and **ClusterType** is set to **1** (indicating that the domain name uses a WAF exclusive cluster).', 'type' => 'integer', 'format' => 'int32', 'required' => false, 'default' => '120', 'example' => '120', 'title' => ''],
],
[
'name' => 'WriteTime',
'in' => 'query',
- 'schema' => [
- 'description' => 'The timeout period for write connections of WAF exclusive clusters. Unit: seconds.'."\n"
- ."\n"
- .'> This parameter is required only if you set **AccessType** to **waf-cloud-dns** and **ClusterType** to **1**.'."\n",
- 'type' => 'integer',
- 'format' => 'int32',
- 'required' => false,
- 'example' => '120',
- 'default' => '120',
- ],
+ 'schema' => ['description' => 'The write connection timeout period of the WAF exclusive cluster. Unit: seconds.'."\n"
+ ."\n"
+ .'> This parameter is required only when **AccessType** is set to **waf-cloud-dns** (indicating that the domain name uses the CNAME access method) and **ClusterType** is set to **1** (indicating that the domain name uses a WAF exclusive cluster).', 'type' => 'integer', 'format' => 'int32', 'required' => false, 'default' => '120', 'example' => '120', 'title' => ''],
],
[
'name' => 'AccessType',
'in' => 'query',
- 'schema' => [
- 'description' => 'The mode in which you want to add the domain name to WAF. Valid values:'."\n"
- ."\n"
- .'* **waf-cloud-dns**: CNAME record mode. This is the default value.'."\n"
- .'* **waf-cloud-native**: Transparent proxy mode.'."\n",
- 'type' => 'string',
- 'required' => false,
- 'example' => 'waf-cloud-dns',
- ],
+ 'schema' => ['description' => 'The access method of the domain name. Valid values:'."\n"
+ ."\n"
+ .'- **waf-cloud-dns** (default): CNAME access.'."\n"
+ ."\n"
+ .'- **waf-cloud-native**: Transparent access.', 'type' => 'string', 'required' => false, 'example' => 'waf-cloud-dns', 'title' => ''],
],
[
'name' => 'CloudNativeInstances',
'in' => 'query',
- 'schema' => [
- 'description' => 'The list of server and port configurations for the transparent proxy mode. Set the value to a string that consists of JSON arrays. Each element in a JSON array is a JSON struct that contains the following fields:'."\n"
- ."\n"
- .'* **ProtocolPortConfigs**: The list of protocol and port configurations. This field is required. Data type: array. Each element in a JSON array is a JSON struct that contains the following fields:'."\n"
- ."\n"
- .' * **Ports**:The list of ports. This field is required. Data type: array. Specify the value in the `[port1,port2,……]` format.'."\n"
- .' * **Protocol**: The protocol. This field is required. Data type: string. Valid values: **http** and **https**.'."\n"
- ."\n"
- .'* **CloudNativeProductName**: The type of the cloud service instance. This field is required. Data type: string. Valid values: **ECS**, **SLB**, and **ALB**.'."\n"
- ."\n"
- .'* **RedirectionTypeName**: The type of traffic redirection port. This field is required. Data type: string. Valid values: **ECS**, **SLB-L4**, **SLB-L7**, and **ALB**.'."\n"
- ."\n"
- .'* **InstanceId**: The ID of the cloud service instance. This field is required. Data type: string.'."\n"
- ."\n"
- .'* **IPAddressList**: The list of public IP addresses of the cloud service instance. This field is required. Data type: array. Specify the value in the `["ip1","ip2",...]` format.'."\n"
- ."\n"
- .'> This parameter is required only if you set **AccessType** to **waf-cloud-native**.'."\n",
- 'type' => 'string',
- 'required' => false,
- 'example' => '[{"ProtocolPortConfigs":[{"Ports":[80],"Protocol":"http"}],"RedirectionTypeName":"ALB","InstanceId":"alb-s65nua68wdedsp****","IPAddressList":["182.XX.XX.113"],"CloudNativeProductName":"ALB"}]',
- ],
+ 'schema' => ['description' => 'The server and port configuration list for transparent access, in the string format of a JSON array. Each element in the JSON array is a structure that contains the following fields:'."\n"
+ ."\n"
+ .'- **ProtocolPortConfigs**: JSON Array | Required | The protocol and port configuration list. Each element in the JSON array is a structure that contains the following fields:'."\n"
+ .' - **Ports**: Array | Required | The list of ports, in the `[port1,port2,……]` format.'."\n"
+ .' - **Protocol**: String | Required | The protocol type. Valid values: **http**, **https**.'."\n"
+ .'- **CloudNativeProductName**: String | Required | The type of the cloud service instance. Valid values: **ECS**, **SLB**, **ALB**.'."\n"
+ .'- **RedirectionTypeName**: String | Required | The type of the redirection port. Valid values: **ECS** (ECS port), **SLB-L4** (SLB Layer 4 port), **SLB-L7** (SLB Layer 7 port), **ALB** (ALB port).'."\n"
+ .'- **InstanceId**: String | Required | The ID of the cloud service instance.'."\n"
+ .'- **IPAddressList**: Array | Required | The list of public IP addresses of the cloud service instance, in the `["ip1","ip2",……]` format.'."\n"
+ ."\n"
+ .'> This parameter is required only when **AccessType** is set to **waf-cloud-native** (indicating that the domain name uses the transparent access method).', 'type' => 'string', 'required' => false, 'example' => '[{"ProtocolPortConfigs":[{"Ports":[80],"Protocol":"http"}],"RedirectionTypeName":"ALB","InstanceId":"alb-s65nua68wdedsp****","IPAddressList":["182.XX.XX.113"],"CloudNativeProductName":"ALB"}]', 'title' => ''],
],
[
'name' => 'IpFollowStatus',
'in' => 'query',
- 'schema' => [
- 'description' => 'Specifies whether to enable the feature of forwarding requests to the origin servers that use the IP address type specified in the requests. If you enable the feature, WAF forwards requests from IPv4 addresses to origin servers that use IPv4 addresses and requests from IPv6 addresses to origin servers that use IPv6 addresses. Valid values:'."\n"
- ."\n"
- .'* **0**: Disables the feature of forwarding requests to the origin servers that use the IP address type that is specified in the requests. This is the default value.'."\n"
- .'* **1**: Enables the feature of forwarding requests to the origin servers that use the IP address type that is specified in the requests.'."\n"
- ."\n"
- .'> This parameter is required only if you set **AccessType** to **waf-cloud-dns**.'."\n",
- 'type' => 'integer',
- 'format' => 'int32',
- 'required' => false,
- 'example' => '1',
- ],
+ 'schema' => ['description' => 'Specifies whether to enable the IPv4/IPv6 back-to-origin protocol follow feature when the origin server addresses include both IPv4 and IPv6 addresses. After this feature is enabled, WAF forwards requests from IPv4 addresses to the IPv4 origin server and forwards requests from IPv6 addresses to the IPv6 origin server. Valid values:'."\n"
+ ."\n"
+ .'- **0** (default): Disabled.'."\n"
+ .'- **1**: Enabled.'."\n"
+ ."\n"
+ .'> This parameter is required only when **AccessType** is set to **waf-cloud-dns** (indicating that the domain name uses the CNAME access method).', 'type' => 'integer', 'format' => 'int32', 'required' => false, 'example' => '1', 'title' => ''],
],
[
'name' => 'SniStatus',
'in' => 'query',
- 'schema' => [
- 'description' => 'Specifies whether to enable origin Server Name Indication (SNI). Origin SNI specifies the domain name that must be used for establishing an HTTPS connection during the initial handshake. This occurs when the WAF forwards requests to the origin server. If the origin server hosts multiple domain names, you must enable this feature. Valid values:'."\n"
- ."\n"
- .'* **0**: Disables origin SNI.'."\n"
- .'* **1**: Enables origin SNI.'."\n"
- ."\n"
- .'By default, origin SNI is disabled for WAF instances in Chinese mainland and enabled for WAF instances outside the Chinese mainland.'."\n"
- ."\n"
- .'> This parameter is required only if you set **AccessType** to **waf-cloud-dns** and specify **HttpsPort**.'."\n",
- 'type' => 'integer',
- 'format' => 'int32',
- 'required' => false,
- 'example' => '1',
- ],
+ 'schema' => ['description' => 'Specifies whether to enable back-to-origin SNI. Back-to-origin SNI means that when WAF forwards client requests to the origin server and performs a TLS handshake with the origin server, WAF specifies the host to access through the SNI extension field (Server Name Indicator extension) and establishes an HTTPS connection with that host. If your origin server has multiple virtual hosts (corresponding to different domain names), you need to enable back-to-origin SNI. Valid values:'."\n"
+ .'- **0**: Disabled.'."\n"
+ .'- **1**: Enabled.'."\n"
+ ."\n"
+ .'For WAF instances in the China mainland, back-to-origin SNI is disabled by default. For WAF instances outside the China mainland, back-to-origin SNI is enabled by default.'."\n"
+ ."\n"
+ .'> This parameter is required only when **AccessType** is set to **waf-cloud-dns** (indicating that the domain name uses the CNAME access method) and **HttpsPort** is not empty (indicating that the domain name uses the HTTPS protocol).', 'type' => 'integer', 'format' => 'int32', 'required' => false, 'example' => '1', 'title' => ''],
],
[
'name' => 'SniHost',
'in' => 'query',
- 'schema' => [
- 'description' => 'The value of the custom SNI extended field. If you do not specify this parameter, the value of the **Host** field in the request header is automatically used as the value of the SNI field.'."\n"
- ."\n"
- .'In most cases, you do not need to specify a custom value for the SNI field. However, if you want WAF to use an SNI field whose value is different from the value of the Host header field in back-to-origin requests, you can specify a custom value for the SNI field.'."\n"
- ."\n"
- .'> This parameter is required only if you set SniStatus to **1**.'."\n",
- 'type' => 'string',
- 'required' => false,
- 'example' => 'waf.example.com',
- ],
+ 'schema' => ['description' => 'The custom value of the SNI extension field. If this parameter is not set, the value of the **Host** field in the request header is used as the value of the SNI extension field by default.'."\n"
+ ."\n"
+ .'In most cases, you do not need to customize the SNI, unless your business has special configuration requirements and you want WAF to use an SNI different from the actual request Host in the back-to-origin request (that is, the custom SNI set here).'."\n"
+ ."\n"
+ .'> This parameter is required only when **SniStatus** is set to **1** (indicating that back-to-origin SNI is enabled).', 'type' => 'string', 'required' => false, 'example' => 'waf.example.com', 'title' => ''],
],
[
'name' => 'Retry',
'in' => 'query',
- 'schema' => [
- 'description' => 'Specifies whether WAF retries to forward requests when the requests fail to be forwarded to the origin server. Valid values:'."\n"
- ."\n"
- .'* **true** (default)'."\n"
- .'* **false**'."\n",
- 'type' => 'boolean',
- 'required' => false,
- 'example' => 'true',
- 'default' => 'true',
- ],
+ 'schema' => ['description' => 'Specifies whether to retry when WAF fails to forward requests to the origin server. Valid values:'."\n"
+ ."\n"
+ .'- **true** (default): Retry.'."\n"
+ .'- **false**: Do not retry.', 'type' => 'boolean', 'default' => 'true', 'required' => false, 'example' => 'true', 'title' => ''],
],
[
'name' => 'Keepalive',
'in' => 'query',
- 'schema' => [
- 'description' => 'Specifies whether to enable the persistent connection feature. Valid values:'."\n"
- ."\n"
- .'* **true** (default)'."\n"
- .'* **false**'."\n",
- 'type' => 'boolean',
- 'required' => false,
- 'example' => 'true',
- 'default' => 'true',
- ],
+ 'schema' => ['description' => 'Specifies whether to enable persistent connections. Valid values:'."\n"
+ ."\n"
+ .'- **true** (default): Enable persistent connections.'."\n"
+ ."\n"
+ .'- **false**: Disable persistent connections.', 'type' => 'boolean', 'default' => 'true', 'required' => false, 'example' => 'true', 'title' => ''],
],
[
'name' => 'KeepaliveRequests',
'in' => 'query',
- 'schema' => [
- 'description' => 'The number of requests that reuse persistent connections. Valid values: 60 to 1000.'."\n"
- ."\n"
- .'> This parameter specifies the number of persistent connections that can be reused after you enable the persistent connection feature.'."\n",
- 'type' => 'integer',
- 'format' => 'int32',
- 'required' => false,
- 'maximum' => '1000',
- 'minimum' => '60',
- 'example' => '1000',
- 'default' => '1000',
- ],
+ 'schema' => ['description' => 'The number of requests that can reuse a persistent connection. Valid values: 60 to 1000.'."\n"
+ ."\n"
+ .'> The number of requests that can reuse a persistent connection after persistent connections are enabled.', 'type' => 'integer', 'format' => 'int32', 'maximum' => '1000', 'minimum' => '60', 'default' => '1000', 'required' => false, 'example' => '1000', 'title' => ''],
],
[
'name' => 'KeepaliveTimeout',
'in' => 'query',
- 'schema' => [
- 'description' => 'The timeout period of persistent connections that are in the idle state. Valid values: 1 to 60. Default value: 15. Unit: seconds.'."\n"
- ."\n"
- .'> This parameter specifies the duration for which a reused persistent connection can remain in the idle state before it is released.'."\n",
- 'type' => 'integer',
- 'format' => 'int32',
- 'required' => false,
- 'maximum' => '3600',
- 'minimum' => '1',
- 'example' => '15',
- 'default' => '15',
- ],
+ 'schema' => ['description' => 'The timeout period of idle persistent connections. Valid values: 1 to 60. Default value: 15. Unit: seconds.'."\n"
+ ."\n"
+ .'> The period after which idle persistent connections are released.', 'type' => 'integer', 'format' => 'int32', 'maximum' => '3600', 'minimum' => '1', 'default' => '15', 'required' => false, 'example' => '15', 'title' => ''],
],
[
'name' => 'RegionId',
'in' => 'query',
- 'schema' => [
- 'description' => 'The region ID of the WAF instance. Valid values:'."\n"
- ."\n"
- .'* **cn-hangzhou**: Chinese mainland.'."\n"
- .'* **ap-southeast-1**: Outside the Chinese mainland.'."\n",
- 'type' => 'string',
- 'required' => false,
- 'example' => 'ap-southeast-1',
- 'default' => 'cn-hangzhou',
- ],
+ 'schema' => ['description' => 'The region where the WAF instance is deployed. Valid values:'."\n"
+ ."\n"
+ .'- **cn-hangzhou**: China mainland.'."\n"
+ ."\n"
+ .'- **ap-southeast-1**: Outside the China mainland.', 'type' => 'string', 'default' => 'cn-hangzhou', 'required' => false, 'example' => 'cn-hangzhou', 'title' => ''],
],
],
'responses' => [
@@ -1302,463 +475,122 @@
'schema' => [
'type' => 'object',
'properties' => [
- 'Cname' => [
- 'description' => 'The CNAME assigned by WAF to the domain name.'."\n"
- ."\n"
- .'> This parameter is returned only if you set **AccessType** to **waf-cloud-dns**.'."\n",
- 'type' => 'string',
- 'example' => 'mmspx7qhfvnfzggheh1g2wnbhog66vcv.****.com',
- ],
- 'RequestId' => [
- 'description' => 'The ID of the request.'."\n",
- 'type' => 'string',
- 'example' => 'D7861F61-5B61-46CE-A47C-6B19160D5EB0',
- ],
+ 'Cname' => ['description' => 'The CNAME address assigned by WAF to the domain name.'."\n"
+ ."\n"
+ .'> This parameter is returned only when the domain name uses the CNAME access method (the request parameter **AccessType** is set to **waf-cloud-dns**).', 'type' => 'string', 'example' => 'mmspx7qhfvnfzggheh1g2wnbhog66vcv.****.com', 'title' => ''],
+ 'RequestId' => ['description' => 'The ID of the request.', 'type' => 'string', 'example' => 'D7861F61-5B61-46CE-A47C-6B19****5EB0', 'title' => ''],
],
'description' => '',
+ 'title' => '',
+ 'example' => '',
],
],
],
- 'responseDemo' => '[{"type":"json","example":"{\\n \\"Cname\\": \\"mmspx7qhfvnfzggheh1g2wnbhog66vcv.****.com\\",\\n \\"RequestId\\": \\"D7861F61-5B61-46CE-A47C-6B19****5EB0\\"\\n}","errorExample":""},{"type":"xml","example":"<?xml version=\\"1.0\\" encoding=\\"UTF-8\\" ?>\\n<CreateDomainResponse>\\n\\t<Cname>mmspx7qhfvnfzggheh1g2wnbhog66vcv.****.com</Cname>\\n\\t<RequestId>D7861F61-5B61-46CE-A47C-6B19160D5EB0</RequestId>\\n</CreateDomainResponse>","errorExample":""}]',
- 'title' => 'CreateDomain',
- 'summary' => 'Adds a domain name to a Web Application Firewall (WAF) instance.',
- 'requestParamsDescription' => 'All Alibaba Cloud API operations must include common request parameters. For more information about common request parameters, see [Common parameters](~~162719~~).'."\n"
+ 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"Cname\\": \\"mmspx7qhfvnfzggheh1g2wnbhog66vcv.****.com\\",\\n \\"RequestId\\": \\"D7861F61-5B61-46CE-A47C-6B19****5EB0\\"\\n}","type":"json"}]',
+ 'title' => 'Add domain name configuration',
+ 'summary' => 'Add a domain name to a WAF instance for protection.',
+ 'requestParamsDescription' => 'When you call this API operation, in addition to the request parameters described in this topic, you must also include Alibaba Cloud API common request parameters. For more information about common request parameters, see [Common parameters](~~162719~~).'."\n"
."\n"
- .'For more information about sample requests, see the **"Examples"** section of this topic.'."\n",
+ .'For the request format of API calls, see the request examples in the **Examples** section of this topic.',
'responseParamsDescription' => ' ',
'extraInfo' => ' ',
- ],
- 'ModifyDomain' => [
- 'methods' => [
- 'post',
- 'get',
+ 'changeSet' => [
+ ['createdAt' => '2023-08-28T12:42:34.000Z', 'description' => 'Request parameters changed'],
+ ['createdAt' => '2023-05-23T05:46:03.000Z', 'description' => 'Request parameters changed'],
+ ['createdAt' => '2022-08-22T10:01:08.000Z', 'description' => 'Request parameters changed, Error codes changed'],
],
- 'schemes' => [
- 'http',
- 'https',
+ 'flowControl' => [
+ 'flowControlList' => [
+ ['threshold' => '10', 'countWindow' => 1, 'regionId' => '*', 'api' => 'CreateDomain'],
+ ],
],
+ 'ramActions' => [
+ [
+ 'operationType' => '',
+ 'ramAction' => [
+ 'action' => 'yundun-waf:CreateDomain',
+ 'authLevel' => 'operate',
+ 'actionConditions' => [],
+ 'resources' => [
+ ['validationType' => 'always', 'product' => 'WAF', 'resourceType' => 'All Resource', 'arn' => '*'],
+ ],
+ ],
+ ],
+ ],
+ ],
+ 'CreateProtectionModuleRule' => [
+ 'methods' => ['post', 'get'],
+ 'schemes' => ['http', 'https'],
'security' => [
[
'AK' => [],
],
],
- 'deprecated' => false,
'systemTags' => [],
'parameters' => [
[
- 'name' => 'InstanceId',
- 'in' => 'query',
- 'schema' => [
- 'description' => 'The ID of the WAF instance.'."\n"
- ."\n"
- .'> You can call the [DescribeInstanceInfo](~~140857~~) operation to query the ID of the WAF instance.'."\n",
- 'type' => 'string',
- 'required' => true,
- 'example' => 'waf-cn-7pp26f1****',
- ],
- ],
- [
- 'name' => 'InstanceId',
- 'in' => 'query',
- 'schema' => [
- 'description' => 'The ID of the WAF instance.'."\n"
- ."\n"
- .'> You can call the [DescribeInstanceInfo](~~140857~~) operation to query the ID of the WAF instance.'."\n",
- 'type' => 'string',
- 'required' => true,
- 'example' => 'waf-cn-7pp26f1****',
- ],
- ],
- [
'name' => 'Domain',
'in' => 'query',
- 'schema' => [
- 'description' => 'The domain name whose configurations you want to modify.'."\n"
- ."\n"
- .'> You can call the [DescribeDomainNames](~~86373~~) operation to query the domain names that are added to Web Application Firewall (WAF).'."\n",
- 'type' => 'string',
- 'required' => true,
- 'example' => 'www.example.com',
- ],
- ],
- [
- 'name' => 'SourceIps',
- 'in' => 'query',
- 'schema' => [
- 'description' => 'The address type of the origin server. The address can be an IP address or a domain name. You can specify only one type of address.'."\n"
- ."\n"
- .'* If you use the IP address type, specify the value in the `["ip1","ip2",...]` format. You can add up to 20 IP addresses.'."\n"
- .'* If you use the domain name type, specify the value in the `["domain"]` format. You can enter only one domain name.'."\n"
- ."\n"
- .'> You need to specify the parameter only when the value of the **AccessType** parameter is set to **waf-cloud-dns**.'."\n",
- 'type' => 'string',
- 'required' => false,
- 'example' => '["39.XX.XX.197"]',
- ],
- ],
- [
- 'name' => 'LoadBalancing',
- 'in' => 'query',
- 'schema' => [
- 'description' => 'The load balancing algorithm that is used when WAF forwards requests to the origin server. Valid values:'."\n"
- ."\n"
- .'* **0**: IP hash'."\n"
- .'* **1**: round-robin'."\n"
- .'* **2**: least time'."\n"
- ."\n"
- .'> You need to specify the parameter only when the value of the **AccessType** parameter is set to **waf-cloud-dns**.'."\n",
- 'type' => 'integer',
- 'format' => 'int32',
- 'required' => false,
- 'example' => '0',
- 'default' => '0',
- ],
- ],
- [
- 'name' => 'HttpPort',
- 'in' => 'query',
- 'schema' => [
- 'description' => 'The HTTP ports. Specify the value in the `["port1","port2",...]` format.'."\n"
- ."\n"
- .'> You need to specify the parameter only when the value of the **AccessType** parameter is set to **waf-cloud-dns**. If you specify this parameter, your website uses HTTP. You must specify at least one of the **HttpPort** and **HttpsPort** parameters.'."\n",
- 'type' => 'string',
- 'required' => false,
- 'example' => '[80]',
- ],
- ],
- [
- 'name' => 'HttpsPort',
- 'in' => 'query',
- 'schema' => [
- 'description' => 'The HTTPS ports. Specify the value in the `["port1","port2",...]` format.'."\n"
- ."\n"
- .'> You need to specify the parameter only when the value of the **AccessType** parameter is set to **waf-cloud-dns**. If you specify this parameter, your website uses HTTPS. You must specify at least one of the **HttpPort** and **HttpsPort** parameters.'."\n",
- 'type' => 'string',
- 'required' => false,
- 'example' => '[443]',
- ],
- ],
- [
- 'name' => 'Http2Port',
- 'in' => 'query',
- 'schema' => [
- 'description' => 'The HTTP/2 ports. Specify the value in the `["port1","port2",...]` format.'."\n"
- ."\n"
- .'> You need to specify this parameter only when the value of the **AccessType** parameter is set to **waf-cloud-dns** and the **HttpsPort** parameter is not empty. If the HttpsPort parameter is not empty, your website uses HTTPS.'."\n",
- 'type' => 'string',
- 'required' => false,
- 'example' => '[443]',
- ],
- ],
- [
- 'name' => 'HttpsRedirect',
- 'in' => 'query',
- 'schema' => [
- 'description' => 'Specifies whether to enable the feature of redirecting HTTP requests to HTTPS requests. If you enable the feature, HTTP requests are redirected to HTTPS requests on port 443, which is used by default. Valid values:'."\n"
- ."\n"
- .'* **0**: disables the feature. This is the default value.'."\n"
- .'* **1**: enables the feature.'."\n"
- ."\n"
- .'> You need to specify this parameter only when the value of the **AccessType** parameter is set to **waf-cloud-dns** and the **HttpsPort** parameter is not empty. If the HttpsPort parameter is not empty, your website uses HTTPS.'."\n",
- 'type' => 'integer',
- 'format' => 'int32',
- 'required' => false,
- 'example' => '0',
- 'default' => '0',
- ],
- ],
- [
- 'name' => 'HttpToUserIp',
- 'in' => 'query',
- 'schema' => [
- 'description' => 'Specifies whether to enable the feature of redirecting HTTPS requests to HTTP requests. If you enable the feature, HTTPS requests are redirected to HTTP requests on port 80, which is used by default. Valid values:'."\n"
- ."\n"
- .'* **0**: disables the feature. This is the default value.'."\n"
- .'* **1**: enables the feature.'."\n"
- ."\n"
- .'> You need to specify this parameter only when the value of the **AccessType** parameter is set to **waf-cloud-dns** and the **HttpsPort** parameter is not empty. If the HttpsPort parameter is not empty, your website uses HTTPS.'."\n",
- 'type' => 'integer',
- 'format' => 'int32',
- 'required' => false,
- 'example' => '0',
- 'default' => '0',
- ],
- ],
- [
- 'name' => 'IsAccessProduct',
- 'in' => 'query',
- 'schema' => [
- 'description' => 'Specifies whether to deploy a Layer 7 proxy, which is used to filter inbound traffic before the traffic reaches the WAF instance. The supported Layer 7 proxies include Anti-DDoS Pro, Anti-DDoS Premium, and Alibaba Cloud CDN. Valid values:'."\n"
- ."\n"
- .'* **0**: does not configure a Layer 7 proxy'."\n"
- .'* **1**: configures a Layer 7 proxy'."\n",
- 'type' => 'integer',
- 'format' => 'int32',
- 'required' => true,
- 'example' => '0',
- ],
- ],
- [
- 'name' => 'AccessHeaderMode',
- 'in' => 'query',
- 'schema' => [
- 'description' => 'The method that WAF uses to obtain the actual IP address of a client. Valid values:'."\n"
- ."\n"
- .'* **0**: WAF reads the first value of the X-Forwarded-For (XFF) header field as the actual IP address of the client. This is the default value.'."\n"
- .'* **1**: WAF reads the value of a custom header field as the actual IP address of the client.'."\n"
- ."\n"
- .'> You need to specify the parameter only when the **IsAccessProduct** parameter is set to **1**.'."\n",
- 'type' => 'integer',
- 'format' => 'int32',
- 'required' => false,
- 'example' => '0',
- ],
- ],
- [
- 'name' => 'AccessHeaders',
- 'in' => 'query',
- 'schema' => [
- 'description' => 'The custom header fields that are used to obtain the actual IP address of a client. Specify the value in the `["header1","header2",...]` format.'."\n"
- ."\n"
- .'> You need to specify the parameter only when the **AccessHeaderMode** parameter is set to **1**.'."\n",
- 'type' => 'string',
- 'required' => false,
- 'example' => '["X-Client-IP"]',
- ],
- ],
- [
- 'name' => 'LogHeaders',
- 'in' => 'query',
- 'schema' => [
- 'description' => 'The key-value pair that is used to mark the requests that pass through the WAF instance.'."\n"
- ."\n"
- .'Specify the key-value pair in the `[{"k":"_key_","v":"_value_"}]` format. `_key_` specifies a header field in a custom request. `_value_` specifies the value of the field.'."\n"
- ."\n"
- .'WAF automatically adds the key-value pair to the headers of requests. This way, the requests that pass through WAF are identified.'."\n"
- ."\n"
- .'> If requests contain the custom header field, WAF overwrites the original value of the field with the specified value.'."\n",
- 'type' => 'string',
- 'required' => false,
- 'example' => '[{"k":"ALIWAF-TAG","v":"Yes"}]',
- ],
- ],
- [
- 'name' => 'ClusterType',
- 'in' => 'query',
- 'schema' => [
- 'description' => 'The type of WAF protection cluster. Valid values:'."\n"
- ."\n"
- .'* **0**: shared cluster. This is the default value.'."\n"
- .'* **1**: exclusive cluster.'."\n"
- ."\n"
- .'> You need to specify the parameter only when the value of the **AccessType** parameter is set to **waf-cloud-dns**.'."\n",
- 'type' => 'integer',
- 'format' => 'int32',
- 'required' => false,
- 'example' => '0',
- ],
- ],
- [
- 'name' => 'ConnectionTime',
- 'in' => 'query',
- 'schema' => [
- 'description' => 'The timeout period for connections of WAF exclusive clusters. Unit: seconds.'."\n"
- ."\n"
- .'> You need to specify the parameter only when the value of the **AccessType** parameter is set to **waf-cloud-dns** and the value of the **ClusterType** parameter is set to **1**.'."\n",
- 'type' => 'integer',
- 'format' => 'int32',
- 'required' => false,
- 'example' => '5',
- 'default' => '5',
- ],
- ],
- [
- 'name' => 'ReadTime',
- 'in' => 'query',
- 'schema' => [
- 'description' => 'The timeout period for read connections of WAF exclusive clusters. Unit: seconds.'."\n"
- ."\n"
- .'> You need to specify the parameter only when the value of the **AccessType** parameter is set to **waf-cloud-dns** and the value of the **ClusterType** parameter is set to **1**.'."\n",
- 'type' => 'integer',
- 'format' => 'int32',
- 'required' => false,
- 'example' => '120',
- 'default' => '120',
- ],
- ],
- [
- 'name' => 'WriteTime',
- 'in' => 'query',
- 'schema' => [
- 'description' => 'The timeout period for write connections of WAF exclusive clusters. Unit: seconds.'."\n"
- ."\n"
- .'> You need to specify the parameter only when the value of the **AccessType** parameter is set to **waf-cloud-dns** and the value of the **ClusterType** parameter is set to **1**.'."\n",
- 'type' => 'integer',
- 'format' => 'int32',
- 'required' => false,
- 'example' => '120',
- 'default' => '120',
- ],
- ],
- [
- 'name' => 'AccessType',
- 'in' => 'query',
- 'schema' => [
- 'description' => 'The mode that is used to add the domain name. Valid values:'."\n"
- ."\n"
- .'* **waf-cloud-dns**: CNAME record mode. This is the default value.'."\n"
- .'* **waf-cloud-native**: transparent proxy mode.'."\n",
- 'type' => 'string',
- 'required' => false,
- 'example' => 'waf-cloud-dns',
- ],
- ],
- [
- 'name' => 'CloudNativeInstances',
- 'in' => 'query',
- 'schema' => [
- 'description' => 'The list of server and port configurations for the transparent proxy mode. The value is a string that consists of JSON arrays. Each element in a JSON array is a JSON struct that contains the following fields:'."\n"
- ."\n"
- .'* **ProtocolPortConfigs**: the list of protocol and port configurations. This field is required. Data type: array. Each element in a JSON array is a JSON struct that contains the following fields:'."\n"
- ."\n"
- .' * **Ports**: the list of ports. This field is required. Data type: array. The value is in the `[port1,port2,……]` format.'."\n"
- .' * **Protocol**: the protocol. This field is required. Data type: string. Valid values: **http** and **https**.'."\n"
- ."\n"
- .'* **CloudNativeProductName**: the type of the cloud service instance. This field is required. Data type: string. Valid values: **ECS**, **SLB**, and **ALB**.'."\n"
- ."\n"
- .'* **RedirectionTypeName**: the type of traffic redirection port. This field is required. Data type: string. Valid values: **ECS**, **SLB-L4**, **SLB-L7**, and **ALB**.'."\n"
- ."\n"
- .'* **InstanceId**: the ID of the cloud service instance. This field is required. Data type: string.'."\n"
- ."\n"
- .'* **IPAddressList**: the list of public IP addresses of the cloud service instance. This field is required. Data type: array. The value is in the `["ip1","ip2",...]` format.'."\n"
- ."\n"
- .'> You need to specify the parameter only when the value of the **AccessType** parameter is set to **waf-cloud-native**.'."\n",
- 'type' => 'string',
- 'required' => false,
- 'example' => '[{"ProtocolPortConfigs":[{"Ports":[80],"Protocol":"http"}],"RedirectionTypeName":"ALB","InstanceId":"alb-s65nua68wdedsp****","IPAddressList":["182.XX.XX.113"],"CloudNativeProductName":"ALB"}]',
- ],
- ],
- [
- 'name' => 'IpFollowStatus',
- 'in' => 'query',
- 'schema' => [
- 'description' => 'Specifies whether to enable the feature of forwarding requests to the origin servers that use the IP address type specified in the requests. If you enable the feature, WAF forwards requests from IPv4 addresses to origin servers that use IPv4 addresses and requests from IPv6 addresses to origin servers that use IPv6 addresses. Valid values:'."\n"
- ."\n"
- .'* **0**: disables the feature. This is the default value.'."\n"
- .'* **1**: enables the feature.'."\n"
- ."\n"
- .'> You need to specify the parameter only when the value of the **AccessType** parameter is set to **waf-cloud-dns**.'."\n",
- 'type' => 'integer',
- 'format' => 'int32',
- 'required' => false,
- 'example' => '0',
- ],
+ 'schema' => ['description' => 'The domain name for which you want to add protection rule configurations.'."\n"
+ ."\n"
+ .'> You can call [DescribeDomainNames](~~86373~~) to query all domain names that have been added to WAF for protection.', 'type' => 'string', 'required' => true, 'example' => 'www.example.com', 'title' => ''],
],
[
- 'name' => 'SniStatus',
- 'in' => 'query',
- 'schema' => [
- 'description' => 'Specifies whether to enable origin SNI. Origin Server Name Indication (SNI) specifies the domain name to which an HTTPS connection needs to be established at the start of the TLS handshaking process when WAF forwards requests to the origin server. If the origin server hosts multiple domain names, you must enable this feature. Valid values:'."\n"
- ."\n"
- .'* **0**: disables origin SNI.'."\n"
- .'* **1**: enables origin SNI.'."\n"
- ."\n"
- .'By default, origin SNI is disabled for WAF instances in the Chinese mainland and enabled for WAF instances outside the Chinese mainland.'."\n"
- ."\n"
- .'> You need to specify this parameter only when the value of the **AccessType** parameter is set to **waf-cloud-dns** and the **HttpsPort** parameter is not empty. If the HttpsPort parameter is not empty, your website uses HTTPS.'."\n",
- 'type' => 'integer',
- 'format' => 'int32',
- 'required' => false,
- 'example' => '1',
- ],
- ],
- [
- 'name' => 'SniHost',
- 'in' => 'query',
- 'schema' => [
- 'description' => 'The value of the custom SNI field. If this parameter is not specified, the value of the **Host** field in the request header is automatically used as the value of the SNI field.'."\n"
- ."\n"
- .'If you want WAF to use an SNI field whose value is different from the value of the Host field, you can specify a custom value for the SNI field.'."\n"
- ."\n"
- .'> This parameter needs to be set only when the value of the **SniStatus** parameter is set to **1**.'."\n",
- 'type' => 'string',
- 'required' => false,
- 'example' => 'waf.example.com',
- ],
- ],
- [
- 'name' => 'Retry',
+ 'name' => 'DefenseType',
'in' => 'query',
- 'schema' => [
- 'description' => '',
- 'type' => 'boolean',
- 'required' => false,
- 'example' => 'true',
- 'default' => 'false',
- ],
+ 'schema' => ['description' => 'The protection module to configure. Valid values:'."\n"
+ ."\n"
+ .'- **waf-codec**: Rule engine decoding settings.'."\n"
+ ."\n"
+ .'- **tamperproof**: Website tamper-proofing rule configurations.'."\n"
+ ."\n"
+ .'- **dlp**: Data leakage prevention rule configurations.'."\n"
+ ."\n"
+ .'- **ng_account**: Account security rule configurations.'."\n"
+ ."\n"
+ .'- **antifraud**: Data risk control protection request configurations.'."\n"
+ ."\n"
+ .'- **antifraud_js**: Data risk control JS insertion page configurations.'."\n"
+ ."\n"
+ .'- **bot_algorithm**: Bot management intelligent algorithm rules.'."\n"
+ ."\n"
+ .'- **bot_wxbb_pkg**: App protection version protection rules.'."\n"
+ ."\n"
+ .'- **bot_wxbb**: App protection path protection rules.'."\n"
+ ."\n"
+ .'- **ac_custom**: Custom protection policy rule configurations.'."\n"
+ ."\n"
+ .'- **whitelist**: Whitelist rule configurations.', 'type' => 'string', 'required' => true, 'example' => 'ac_custom', 'title' => ''],
],
[
- 'name' => 'Keepalive',
+ 'name' => 'Rule',
'in' => 'query',
- 'schema' => [
- 'description' => '',
- 'type' => 'boolean',
- 'required' => false,
- 'example' => 'true',
- 'default' => 'false',
- ],
+ 'schema' => ['description' => 'The rule configuration content, which is a string converted from a JSON object constructed with a set of parameters.'."\n"
+ ."\n"
+ .'> The specific parameters vary depending on the protection module configuration (**DefenseType**) that is specified. For more information, see the detailed description of the Rule parameter.', 'type' => 'string', 'required' => true, 'example' => ' {"action":"monitor","name":"test","scene":"custom_acl","conditions":[{"opCode":1,"key":"URL","values":"/example"}]}', 'title' => ''],
],
[
- 'name' => 'KeepaliveRequests',
- 'in' => 'query',
- 'schema' => [
- 'description' => '',
- 'type' => 'integer',
- 'format' => 'int32',
- 'required' => false,
- 'maximum' => '1000',
- 'minimum' => '60',
- 'example' => '1000',
- 'default' => '1000',
- ],
- ],
- [
- 'name' => 'KeepaliveTimeout',
+ 'name' => 'InstanceId',
'in' => 'query',
- 'schema' => [
- 'description' => '',
- 'type' => 'integer',
- 'format' => 'int32',
- 'required' => false,
- 'maximum' => '3600',
- 'minimum' => '1',
- 'example' => '60',
- 'default' => '15',
- ],
+ 'schema' => ['description' => 'The ID of the WAF instance.'."\n"
+ ."\n"
+ .'> You can call [DescribeInstanceInfo](~~140857~~) to query the ID of the current WAF instance.', 'type' => 'string', 'required' => true, 'example' => 'waf-cn-0xldbqt****', 'title' => ''],
],
[
'name' => 'ResourceGroupId',
'in' => 'query',
- 'schema' => [
- 'description' => '',
- 'type' => 'string',
- 'required' => false,
- 'example' => 'rg-atstuj3rtop****',
- ],
+ 'schema' => ['description' => 'The ID of the resource group to which the WAF instance belongs in Resource Management. The default value is empty, which indicates that the instance belongs to the default resource group.'."\n"
+ ."\n"
+ .'For more information about resource groups, see [Create a resource group](~~94485~~).', 'type' => 'string', 'required' => false, 'example' => 'rg-atstuj3rtop****', 'title' => ''],
],
[
'name' => 'RegionId',
'in' => 'query',
- 'schema' => [
- 'description' => 'The region in which the WAF instance is deployed. Valid values:'."\n"
- ."\n"
- .'* **cn-hangzhou**: Chinese mainland.'."\n"
- .'* **ap-southeast-1**: outside the Chinese mainland.'."\n",
- 'type' => 'string',
- 'required' => false,
- 'example' => 'cn-hangzhou',
- 'default' => 'cn-hangzhou',
- ],
+ 'schema' => ['description' => 'The region where the WAF instance is deployed. Valid values:'."\n"
+ ."\n"
+ .'- **cn-hangzhou**: Chinese mainland.'."\n"
+ ."\n"
+ .'- **ap-southeast-1**: outside the Chinese mainland.', 'type' => 'string', 'default' => 'cn-hangzhou', 'required' => false, 'example' => 'cn-hangzhou', 'title' => ''],
],
],
'responses' => [
@@ -1766,30 +598,513 @@
'schema' => [
'type' => 'object',
'properties' => [
- 'RequestId' => [
- 'description' => 'The ID of the request.'."\n",
- 'type' => 'string',
- 'example' => 'D7861F61-5B61-46CE-A47C-6B19****5EB0',
- ],
+ 'RequestId' => ['description' => 'The ID of the request.', 'type' => 'string', 'example' => 'D7861F61-5B61-46CE-A47C-6B19****5EB0', 'title' => ''],
],
+ 'description' => '',
+ 'title' => '',
+ 'example' => '',
],
],
],
- 'responseDemo' => '[{"type":"json","example":"{\\n \\"RequestId\\": \\"D7861F61-5B61-46CE-A47C-6B19****5EB0\\"\\n}","errorExample":""},{"type":"xml","example":"<?xml version=\\"1.0\\" encoding=\\"UTF-8\\" ?>\\r\\n<ModifyDomainResponse>\\r\\n\\t<RequestId>D7861F61-5B61-46CE-A47C-6B19160D5EB0</RequestId>\\r\\n</ModifyDomainResponse>","errorExample":""}]',
- 'title' => 'ModifyDomain',
- 'summary' => 'Modifies the configurations of a domain name.',
+ 'errorCodes' => [],
+ 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"RequestId\\": \\"D7861F61-5B61-46CE-A47C-6B19****5EB0\\"\\n}","type":"json"}]',
+ 'title' => 'Create a configuration rule in a WAF protection module',
+ 'summary' => 'Creates a configuration rule in a specified WAF protection module, such as Web Intrusion Prevention, Data Security, Advanced Protection, Bot Management, Access Control, or Rate Limiting.',
+ 'description' => 'This API is used to create rule configurations in a specified WAF protection module, including Web Intrusion Prevention, Data Security, Advanced Protection, Bot Management, Access Control, and Rate Limiting. You can specify the protection module by setting the **DefenseType** parameter value. For the specific meanings of the parameter values, see the description of the **DefenseType** request parameter.'."\n"
+ .'Note that to ensure system documentation, the single-user QPS limit is 10 requests per second. Exceeding the limit will result in API call throttling, which may affect your business. Please make calls appropriately.',
+ 'requestParamsDescription' => '**Detailed description of the Rule parameter**'."\n"
+ ."\n"
+ .' - The JSON string corresponding to rule engine decoding settings (**waf-codec**) contains the following parameters:'."\n"
+ ."\n"
+ .' - **codecList**: Array type | Required | The decoding configurations to enable. You can view the supported parameter values in the Web Application Firewall console.'."\n"
+ ."\n"
+ .' - **Example**'."\n"
+ .' ```'."\n"
+ .' {'."\n"
+ .' "codecList":["url","base64"]'."\n"
+ .' }'."\n"
+ .' ```'."\n"
+ ."\n"
+ .'- The JSON string corresponding to website tamper-proofing rule configurations (**tamperproof**) contains the following parameters:'."\n"
+ ."\n"
+ .' - **uri**: String type | Required | The specific URL to protect.'."\n"
+ .' - **name**: String type | Required | The rule name.'."\n"
+ ."\n"
+ .' - **Example**'."\n"
+ ."\n"
+ .' ```'."\n"
+ .' {'."\n"
+ .' "name":"example",'."\n"
+ .' "uri":"http://www.aliyundoc.com/example"'."\n"
+ .' }'."\n"
+ .' ```'."\n"
+ ."\n"
+ .'- The JSON string corresponding to data leakage prevention rule configurations (**dlp**) contains the following parameters:'."\n"
+ ."\n"
+ .' - **name**: String type | Required | The rule name.'."\n"
+ .' - **conditions**: Array type | Required | The match conditions described in JSON string format. A maximum of two match conditions can be set, and the relationship between the conditions is AND. This parameter contains the following sub-parameters:'."\n"
+ ."\n"
+ .' - **key**: The match item. Valid values:'."\n"
+ ."\n"
+ .' - **0**: The URL to protect.'."\n"
+ .' - **10**: Sensitive information.'."\n"
+ .' - **11**: Response code.'."\n"
+ .' > You cannot set match conditions for both response code (**11**) and sensitive information (**10**) simultaneously in the **conditions** parameter.'."\n"
+ ."\n"
+ .' - **operation**: The match logic. The value is fixed to **1**, which indicates Contains.'."\n"
+ ."\n"
+ .' - **value**: The match condition value described in JSON string format. Multiple condition values are supported. This parameter contains the following sub-parameters:'."\n"
+ ."\n"
+ .' - **v**: Applicable only when the match item (**key**) is URL (**0**) or response code (**11**).'."\n"
+ .' - URL: When `"key":0`, the value is a URL address.'."\n"
+ .' - Response code: When `"key":11`, valid values include **400**, **401**, **402**, **403**, **404**, **405-499**, **500**, **501**, **502**, **503**, **504**, and **505-599**.'."\n"
+ .' - **k**: Applicable only when the match item (**key**) is sensitive information (**10**). Valid values:'."\n"
+ .' - **100**: ID card numbers.'."\n"
+ .' - **101**: Credit card numbers.'."\n"
+ .' - **102**: Phone numbers.'."\n"
+ .' - **103**: Default sensitive words.'."\n"
+ ."\n"
+ .' - **action**: The match action. Valid values:'."\n"
+ .' - **3**: Alert.'."\n"
+ .' - **10**: Sensitive information filtering. This action is applicable only to match conditions that contain sensitive information (`"key":10`).'."\n"
+ .' - **11**: Return the built-in block page. This action is applicable only to match conditions that contain response codes (`"key":11`).'."\n"
+ ."\n"
+ .' - **Example**'."\n"
+ ."\n"
+ .' ```'."\n"
+ .' {'."\n"
+ .' "name":"example",'."\n"
+ .' "conditions":[{"key":11,"operation":1,"value":[{"v":401}]},{"key":"0","operation":1,"value":[{"v":"www.aliyundoc.com"}]}],'."\n"
+ .' "action":3'."\n"
+ .' }'."\n"
+ .' ```'."\n"
+ ."\n"
+ .'- The JSON string corresponding to account security rule configurations (**ng_account**) contains the following parameters:'."\n"
+ ."\n"
+ .' - **url_path**: String type | Required | The detection interface, expressed as a URL path. It must start with a forward slash (/).'."\n"
+ .' - **method**: String type | Required | The request method to detect, including POST, GET, PUT, and DELETE. Multiple request methods are separated by commas (,).'."\n"
+ .' - **account_left**: String type | Required | The account parameter name.'."\n"
+ .' - **password_left**: String type | Optional | The password parameter name.'."\n"
+ .' - **action**: String type | Required | The protection action. Valid values:'."\n"
+ .' - **monitor**: Alert.'."\n"
+ .' - **block**: Block.'."\n"
+ ."\n"
+ .' - **Example**'."\n"
+ ."\n"
+ .' ```'."\n"
+ .' {'."\n"
+ .' "url_path":"/example",'."\n"
+ .' "method":"POST,GET,PUT,DELETE",'."\n"
+ .' "account_left":"aaa",'."\n"
+ .' "password_left:"123",'."\n"
+ .' "action":"monitor"'."\n"
+ .' }'."\n"
+ .' ``` '."\n"
+ ."\n"
+ .'- The JSON string corresponding to data risk control protection request configurations (**antifraud**) contains the following parameters:'."\n"
+ ."\n"
+ .' - **uri**: String type | Required | The specific protection request URL.'."\n"
+ .' '."\n"
+ .' - **Example**'."\n"
+ ."\n"
+ .' ```'."\n"
+ .' {'."\n"
+ .' "uri": "http://1.example.com/example"'."\n"
+ .' }'."\n"
+ .' ```'."\n"
+ ."\n"
+ .'- The JSON string corresponding to data risk control JS insertion page configurations (**antifraud_js**) contains the following parameters:'."\n"
+ ."\n"
+ .' - **uri**: String type | Required | The URL of the page into which the data risk control JS is inserted. The system inserts the data risk control JS into all pages under the specified URL path. The value must start with a forward slash (/).'."\n"
+ ."\n"
+ .' - **Example**'."\n"
+ ."\n"
+ .' ```'."\n"
+ .' {'."\n"
+ .' "uri": "/example/example"'."\n"
+ .' }'."\n"
+ .' ```'."\n"
+ ."\n"
+ .'- The JSON string corresponding to Bot management intelligent algorithm rule configurations (**bot_algorithm**) contains the following parameters:'."\n"
+ ."\n"
+ .' - **name**: String type | Required | The rule name.'."\n"
+ .' - **algorithmName**: String type | Required | The algorithm name. Valid values:'."\n"
+ .' - **RR**: Dedicated resource crawler identification algorithm.'."\n"
+ .' - **PR**: Targeted path crawler identification algorithm.'."\n"
+ .' - **DPR**: Parameter polling crawler identification algorithm.'."\n"
+ .' - **SR**: Dynamic IP crawler identification algorithm.'."\n"
+ .' - **IND**: Proxy device crawler identification algorithm.'."\n"
+ .' - **Periodicity**: Periodicity-based crawler identification algorithm.'."\n"
+ .' - **timeInterval**: Integer type | Required | The detection period. Valid values: 30, 60, 120, 300, and 600. Unit: seconds.'."\n"
+ .' - **action**: String type | Required | The disposition action. Valid values:'."\n"
+ .' - **monitor**: Monitor.'."\n"
+ .' - **captcha**: Slider CAPTCHA.'."\n"
+ .' - **js**: JavaScript verification.'."\n"
+ .' - **block**: Block. When Block is selected as the disposition action, the block duration (**blocktime**) parameter must be specified.'."\n"
+ .' - **blocktime**: Integer type | Optional | The block duration. Unit: minutes. Valid values: 1 to 600.'."\n"
+ .' - **config**: String type | Required | The algorithm configuration information in JSON string format. The specific sub-parameters in the algorithm configuration are related to the selected algorithm name (**algorithmName**).'."\n"
+ .' - The configuration information for the dedicated resource crawler identification algorithm (**RR**) contains the following sub-parameters:'."\n"
+ .' - **resourceType**: Integer type | Optional | The type of the requested resource. Valid values:'."\n"
+ .' - **1**: Dynamic resource type.'."\n"
+ .' - **2**: Static resource type.'."\n"
+ .' - **-1**: Custom resource type. When Custom resource type is selected, you must also specify the **extensions** parameter with specific resource suffixes in string format, with multiple suffixes separated by commas (,), for example, `css,jpg,xls`.'."\n"
+ .' - **minRequestCountPerIp**: Integer type | Required | The range of IPs to detect during the detection period. Only IPs with access request counts greater than or equal to this value will be detected. Valid values: 5 to 10000.'."\n"
+ .' - **minRatio**: Float type | Required | The risk determination condition, which is the threshold for the ratio of IP access requests that access the specified resource type (for the dedicated resource crawler identification algorithm) or the threshold for the ratio of IP access requests that access the specified path (for the targeted path crawler identification algorithm). An IP is determined as risky when the ratio exceeds this threshold. Valid values: 0.01 to 1.'."\n"
+ .' - The configuration information for the targeted path crawler identification algorithm (**PR**) contains the following sub-parameters:'."\n"
+ .' - **keyPathConfiguration**: Array type | Optional | The request path information, supporting a maximum of 10 paths. This sub-parameter is required only when the targeted path crawler identification algorithm is used. It is expressed in JSON string format and contains the following parameters:'."\n"
+ .' - **method**: String type | Required | The request method. Valid values: **POST**, **GET**, **PUT**, **DELETE**, **HEAD**, and **OPTIONS**.'."\n"
+ .' - **url**: String type | Required | The request path keyword. It must start with a forward slash (/).'."\n"
+ .' - **matchType**: String type | Required | The match method, used in combination with the request path keyword (**url**) parameter to specify the request path. Valid values: **all** (exact match), **prefix** (prefix match), and **regex** (regular expression match).'."\n"
+ .' - **minRequestCountPerIp**: Integer type | Required | The range of IPs to detect during the detection period. Only IPs with access request counts greater than or equal to this value will be detected. Valid values: 5 to 10000.'."\n"
+ .' - **minRatio**: Float type | Required | The risk determination condition, which is the threshold for the ratio of IP access requests that access the specified resource type (for the dedicated resource crawler identification algorithm) or the threshold for the ratio of IP access requests that access the specified path (for the targeted path crawler identification algorithm). An IP is determined as risky when the ratio exceeds this threshold. Valid values: 0.01 to 1.'."\n"
+ .' - The configuration information for the parameter polling crawler identification algorithm (**DPR**) contains the following sub-parameters:'."\n"
+ .' - **method**: String type | Required | The request method. Valid values: **POST**, **GET**, **PUT**, **DELETE**, **HEAD**, and **OPTIONS**.'."\n"
+ .' - **urlPattern**: String type | Required | The key parameter path. It must start with a forward slash (/). Use {} to represent key parameters. When multiple {} are configured, these parameters are concatenated as the key parameter. For example, `/company/{}/{}/{}/user.php?uid={}`.'."\n"
+ .' - **minRequestCountPerIp**: Integer type | Required | The range of IPs to detect during the detection period. Only IPs with access request counts greater than or equal to this value will be detected. Valid values: 5 to 10000.'."\n"
+ .' - **minRatio**: Float type | Required | The risk determination condition, which is the threshold for the ratio of different key parameter values in IP access requests. An IP is determined as risky when the ratio exceeds this threshold. Valid values: 0.01 to 1.'."\n"
+ .' - The configuration information for the dynamic IP crawler identification algorithm (**SR**) contains the following sub-parameters:'."\n"
+ .' - **maxRequestCountPerSrSession**: Integer type | Required | Defines abnormal sessions by setting the minimum number of requests per session. A session is considered abnormal if the number of requests within a single session is less than this value. Valid values: 1 to 8.'."\n"
+ .' - **minSrSessionCountPerIp**: Integer type | Required | The risk determination condition, which is the threshold for the number of abnormal sessions in IP access requests. An IP is determined as risky when the number of abnormal sessions in a single IP\'s access requests exceeds this value. Valid values: 5 to 300.'."\n"
+ .' - The configuration information for the proxy device crawler identification algorithm (**IND**) contains the following sub-parameters:'."\n"
+ .' - **minIpCount**: Integer type | Required | The malicious device determination condition, which is the threshold for the number of IP changes associated with a device\'s WIFI connections. The device is determined as risky when this threshold is exceeded. Valid values: 5 to 500.'."\n"
+ .' - **keyPathConfiguration**: Array type | Optional | The detection path information, supporting a maximum of 10 paths. It is expressed in JSON string format and contains the following parameters:'."\n"
+ .' - **method**: String type | Required | The request method. Valid values: **POST**, **GET**, **PUT**, **DELETE**, **HEAD**, and **OPTIONS**.'."\n"
+ .' - **url**: String type | Required | The detection path keyword. It must start with a forward slash (/).'."\n"
+ .' - **matchType**: String type | Required | The match method, used in combination with the detection path keyword (**url**) parameter to specify the request path. Valid values: **all** (exact match), **prefix** (prefix match), and **regex** (regular expression match).'."\n"
+ .' - The configuration information for the periodicity-based crawler identification algorithm (**Periodicity**) contains the following sub-parameters:'."\n"
+ .' - **minRequestCountPerIp**: Integer type | Required | The range of IPs to detect during the detection period. Only IPs with access request counts greater than or equal to this value will be detected. Valid values: 5 to 10000.'."\n"
+ .' - **level**: Integer type | Required | The risk determination level, which indicates the clarity of the periodicity features of the access IP. Valid values:'."\n"
+ .' - **0**: Obvious.'."\n"
+ .' - **1**: Moderate.'."\n"
+ .' - **2**: Weak.'."\n"
+ .' - **Example**'."\n"
+ .' ```'."\n"
+ .' {'."\n"
+ .' "name":"Proxy device crawler identification",'."\n"
+ .' "algorithmName":"IND",'."\n"
+ .' "timeInterval":"60",'."\n"
+ .' "action":"monitor",'."\n"
+ .' "config":{'."\n"
+ .' "minIpCount":5,'."\n"
+ .' "keyPathConfiguration":[{"url":"/index","method":"GET","matchType":"prefix"}]'."\n"
+ .' }'."\n"
+ .' }'."\n"
+ .' ```'."\n"
+ ."\n"
+ .'- The JSON string corresponding to App protection version protection rule configurations (**bot_wxbb_pkg**) contains the following parameters:'."\n"
+ ."\n"
+ .' - **name**: String type | Required | The rule name.'."\n"
+ .' - **action**: String type | Required | The disposition action. Valid values:'."\n"
+ .' - **test**: Monitor.'."\n"
+ .' - **close**: Block.'."\n"
+ .' - **nameList**: Array type | Required | The legitimate version information. A maximum of five rules can be specified. It is expressed in JSON string format and contains the following parameters:'."\n"
+ .' - **name**: String type | Required | The legitimate package name.'."\n"
+ .' - **signList**: Array type | Required | The corresponding package signatures. A maximum of 15 signatures can be specified, separated by commas (,).'."\n"
+ ."\n"
+ .' - **Example**'."\n"
+ .' ```'."\n"
+ .' {'."\n"
+ .' "name":"test",'."\n"
+ .' "action":"close",'."\n"
+ .' "nameList":[{'."\n"
+ .' "name":"apk-xxxx",'."\n"
+ .' "signList":["xxxxxx","xxxxx","xxxx","xx"]'."\n"
+ .' }]'."\n"
+ .' }'."\n"
+ .' ```'."\n"
+ ."\n"
+ .'- The JSON string corresponding to App protection path protection rule configurations (**bot_wxbb**) contains the following parameters:'."\n"
+ ."\n"
+ .' - **name**: String type | Required | The rule name.'."\n"
+ .' - **uri**: String type | Required | The protection path. It must start with a forward slash (/).'."\n"
+ .' - **matchType**: String type | Required | The match method. Valid values: **all** (exact match), **prefix** (prefix match), and **regex** (regular expression match).'."\n"
+ .' - **arg**: String type | Required | The included parameter, used in combination with the match method (**matchType**) parameter to specify the protection path configuration.'."\n"
+ .' - **action**: String type | Required | The disposition action. Valid values:'."\n"
+ .' - **test**: Monitor.'."\n"
+ .' - **close**: Block.'."\n"
+ .' - **hasTag**: Boolean type | Required | Specifies whether a custom signature field is required.'."\n"
+ .' - **true**: Yes. When a custom signature field is required, you must specify the **wxbbVmpFieldType** and **wxbbVmpFieldValue** parameters to define the type and value of the signature field.'."\n"
+ .' - **false**: No.'."\n"
+ .' - **wxbbVmpFieldType**: Integer type | Optional | The type of the custom signature field. This parameter is required when the **hasTag** parameter is set to **true**. Valid values:'."\n"
+ .' - **0**: Header.'."\n"
+ .' - **1**: Parameter.'."\n"
+ .' - **2**: Cookie.'."\n"
+ .' - **wxbbVmpFieldValue**: String type | Optional | The value of the custom signature field. This parameter is required when the **hasTag** parameter is set to **true**.'."\n"
+ .' - **blockInvalidSign**: Integer type | Required | Specifies whether to perform the disposition action on invalid signatures. The value is fixed to **1**. This is the default protection policy for path protection rules.'."\n"
+ .' - **blockProxy**: Integer type | Optional | Specifies whether to perform the disposition action on proxies. The value is fixed to **1**. This parameter does not need to be specified if no disposition action is required for proxy behavior.'."\n"
+ .' - **blockSimulator**: Integer type | Optional | Specifies whether to perform the disposition action on simulators. The value is fixed to **1**. This parameter does not need to be specified if no disposition action is required for simulator behavior.'."\n"
+ ."\n"
+ .' - **Example**'."\n"
+ ."\n"
+ .' ```'."\n"
+ .' {'."\n"
+ .' "name":"test",'."\n"
+ .' "uri":"/index",'."\n"
+ .' "matchType":"all",'."\n"
+ .' "arg":"test",'."\n"
+ .' "action":"close",'."\n"
+ .' "hasTag":true,'."\n"
+ .' "wxbbVmpFieldType":2,'."\n"
+ .' "wxbbVmpFieldValue":"test",'."\n"
+ .' "blockInvalidSign":1,'."\n"
+ .' "blockProxy":1'."\n"
+ .' }'."\n"
+ .' ```'."\n"
+ ."\n"
+ .'- Custom protection policy rule configurations (**ac_custom**) use the **scene** parameter in the corresponding JSON string to set ACL access control rules and CC attack protection rules.'."\n"
+ ."\n"
+ .' - To set an ACL access control rule (the **scene** parameter value is **custom_acl**), the corresponding JSON string contains the following parameters:'."\n"
+ ."\n"
+ .' - **name**: String type | Required | The rule name.'."\n"
+ .' - **scene**: String type | Required | The protection type. When setting an ACL access control rule, the value is fixed to **custom_acl**.'."\n"
+ .' - **action**: String type | Required | The disposition action. Valid values:'."\n"
+ .' - **monitor**: Monitor.'."\n"
+ .' - **captcha**: Slider CAPTCHA.'."\n"
+ .' - **captcha_strict**: Strict slider CAPTCHA.'."\n"
+ .' - **js**: JavaScript verification.'."\n"
+ .' - **block**: Block.'."\n"
+ ."\n"
+ .' - **conditions**: Array type | Required | The match conditions. A maximum of five match conditions can be specified. It is described in JSON string format and contains the following parameters:'."\n"
+ ."\n"
+ .' - **key**: The match field. Valid values: **URL**, **IP**, **Referer**, **User-Agent**, **Params**, **Cookie**, **Content-Type**, **Content-Length**, **X-Forwarded-For**, **Post-Body**, **Http-Method**, **Header**, and **URLPath**.'."\n"
+ ."\n"
+ .' - **opCode**: The logical operator. Valid values:'."\n"
+ ."\n"
+ .' > Not every match field (**key**) of a custom rule supports all logical operators (**opcode**). For the relationship between different match fields and supported logical operators, refer to the WAF console at [WAF console](https://yundun.console.aliyun.com/?p=wafnext).'."\n"
+ ."\n"
+ .' - **11**: Equals.'."\n"
+ .' - **10**: Does not equal.'."\n"
+ .' - **41**: Equals one of multiple values.'."\n"
+ .' - **50**: Does not equal any value.'."\n"
+ .' - **1**: Contains.'."\n"
+ .' - **0**: Does not contain.'."\n"
+ .' - **51**: Contains one of multiple values.'."\n"
+ .' - **52**: Does not contain any value.'."\n"
+ .' - **82**: Exists.'."\n"
+ .' - **2**: Does not exist.'."\n"
+ .' - **21**: Length equals.'."\n"
+ .' - **22**: Length is greater than.'."\n"
+ .' - **20**: Length is less than.'."\n"
+ .' - **60**: Does not match regular expression.'."\n"
+ .' - **61**: Matches regular expression.'."\n"
+ .' - **72**: Prefix match.'."\n"
+ .' - **81**: Suffix match.'."\n"
+ .' - **80**: Content is empty.'."\n"
+ ."\n"
+ .' - **values**: The match content. Fill in the corresponding content as needed, expressed as a String type.'."\n"
+ ."\n"
+ .' > The valid values of the logical operator (**opCode**) and match content (**values**) parameters in the match condition are related to the specified match field (**key**). For detailed information about supported match condition configurations, see [Match condition field description](~~147945~~).'."\n"
+ ."\n"
+ .' - **Example**'."\n"
+ .' ```'."\n"
+ .' {'."\n"
+ .' "action":"monitor",'."\n"
+ .' "name":"test",'."\n"
+ .' "scene":"custom_acl",'."\n"
+ .' "conditions":[{"opCode":1,"key":"URL","values":"/example"}]'."\n"
+ .' }'."\n"
+ .' ```'."\n"
+ ."\n"
+ .' - To set a CC attack protection rule (the **scene** parameter value is **custom_cc**), the corresponding JSON string contains the following parameters:'."\n"
+ ."\n"
+ .' - **name**: String type | Required | The rule name.'."\n"
+ .' - **scene**: String type | Required | The protection type. When setting a CC attack protection rule, the value is fixed to **custom_cc**.'."\n"
+ .' - **conditions**: Array type | Required | The match conditions. A maximum of five match conditions can be specified. It is described in JSON string format and contains the following parameters:'."\n"
+ ."\n"
+ .' - **key**: The match field. Valid values: **URL**, **IP**, **Referer**, **User-Agent**, **Params**, **Cookie**, **Content-Type**, **Content-Length**, **X-Forwarded-For**, **Post-Body**, **Http-Method**, **Header**, and **URLPath**.'."\n"
+ ."\n"
+ .' - **opCode**: The logical operator. Valid values:'."\n"
+ ."\n"
+ .' > Not every match field (**key**) of a custom rule supports all logical operators (**opcode**). For the relationship between different match fields and supported logical operators, refer to the WAF console at [WAF console](https://yundun.console.aliyun.com/?p=wafnext).'."\n"
+ .' '."\n"
+ .' - **11**: Equals.'."\n"
+ .' - **10**: Does not equal.'."\n"
+ .' - **41**: Equals one of multiple values.'."\n"
+ .' - **50**: Does not equal any value.'."\n"
+ .' - **1**: Contains.'."\n"
+ .' - **0**: Does not contain.'."\n"
+ .' - **51**: Contains one of multiple values.'."\n"
+ .' - **52**: Does not contain any value.'."\n"
+ .' - **82**: Exists.'."\n"
+ .' - **2**: Does not exist.'."\n"
+ .' - **21**: Length equals.'."\n"
+ .' - **22**: Length is greater than.'."\n"
+ .' - **20**: Length is less than.'."\n"
+ .' - **60**: Does not match regular expression.'."\n"
+ .' - **61**: Matches regular expression.'."\n"
+ .' - **72**: Prefix match.'."\n"
+ .' - **81**: Suffix match.'."\n"
+ .' - **80**: Content is empty.'."\n"
+ ."\n"
+ .' - **values**: The match content. Fill in the corresponding content as needed, expressed as a String type.'."\n"
+ ."\n"
+ .' > The valid values of the logical operator (**opCode**) and match content (**values**) parameters in the match condition are related to the specified match field (**key**).'."\n"
+ ."\n"
+ .' - **action**: String type | Required | The disposition action. Valid values:'."\n"
+ ."\n"
+ .' - **monitor**: Monitor.'."\n"
+ .' - **captcha**: Slider CAPTCHA.'."\n"
+ .' - **captcha_strict**: Strict slider CAPTCHA.'."\n"
+ .' - **js**: JavaScript verification.'."\n"
+ .' - **block**: Block.'."\n"
+ ."\n"
+ .' - **ratelimit**: JSON format | Required | The rate limiting settings. It is described in JSON string format and contains the following parameters:'."\n"
+ ."\n"
+ .' - **target**: String type | Required | The type of the statistical object. Valid values:'."\n"
+ .' - **remote_addr**: IP.'."\n"
+ .' - **cookie.acw_tc**: Session.'."\n"
+ .' - **queryarg**: Custom parameter. When Custom parameter is selected, you must specify the name of the custom parameter in the **subkey** parameter.'."\n"
+ .' - **cookie**: Custom cookie. When Custom cookie is selected, you must specify the cookie content in the **subkey** parameter.'."\n"
+ .' - **header**: Custom header. When Custom header is selected, you must specify the header content in the **subkey** parameter.'."\n"
+ .' - **subkey**: String type | Optional | Required when the **target** parameter value is **cookie**, **header**, or **queryarg**. Specify the corresponding information in the **subkey** parameter.'."\n"
+ .' - **interval**: Integer type | Required | The statistical duration in seconds, which is the statistical period for access counts. It is used in combination with the threshold (**threshold**) parameter.'."\n"
+ .' - **threshold**: Integer type | Required | The threshold for the number of times a single statistical object is allowed to access the protected URL within the detection duration.'."\n"
+ .' - **status**: JSON format | Optional | The response code frequency settings. It is described in JSON string format and contains the following parameters:'."\n"
+ .' - **code**: Integer type | Required | The specified response code.'."\n"
+ .' - **count**: Integer type | Optional | The threshold for the number of occurrences, meaning the protection rule is triggered when the specified response code occurs more than this threshold. Valid values: 1 to 999999999. The **count** parameter and the **ratio** parameter are mutually exclusive and cannot be configured simultaneously.'."\n"
+ .' - **ratio**: Integer type | Optional | The threshold for the occurrence ratio (percentage), meaning the protection rule is triggered when the specified response code occurrence ratio exceeds this threshold. Valid values: 1 to 100. The **count** parameter and the **ratio** parameter are mutually exclusive and cannot be configured simultaneously.'."\n"
+ .' - **scope**: String type | Required | The effective scope. Valid values:'."\n"
+ .' - **rule**: Within the current feature match scope.'."\n"
+ .' - **domain**: Within the domain scope of the current rule.'."\n"
+ .' - **ttl**: Integer type | Required | The effective duration of the disposition action in seconds. Valid values: 60 to 86400.'."\n"
+ ."\n"
+ .' - **Example**'."\n"
+ ."\n"
+ .' ```'."\n"
+ .' {'."\n"
+ .' "name":"CC protection",'."\n"
+ .' "conditions":[{"opCode":1,"key":"URL","values":"/example"}],'."\n"
+ .' "action":"block", '."\n"
+ .' "scene":"custom_cc", '."\n"
+ .' "ratelimit":{'."\n"
+ .' "target": "remote_addr", '."\n"
+ .' "interval": 300,'."\n"
+ .' "threshold": 2000,'."\n"
+ .' "status": {'."\n"
+ .' "code": 404,'."\n"
+ .' "count": 200'."\n"
+ .' },'."\n"
+ .' "scope": "rule",'."\n"
+ .' "ttl": 1800'."\n"
+ .' }'."\n"
+ .' }'."\n"
+ .' ```'."\n"
+ ."\n"
+ .'- The JSON string corresponding to website whitelist rule configurations (**whitelist**) contains the following parameters:'."\n"
+ ."\n"
+ .' - **name**: String type | Required | The rule name.'."\n"
+ .' - **tags**: Array type | Required | The modules to skip during detection. Different types of whitelist rules support different modules (**tags**) to skip. The details are as follows:'."\n"
+ ."\n"
+ .' > The values of **tags** can only include the values listed under the specific whitelist type. For example, the **tags** values cannot include both **regular** and **cc** simultaneously, because **regular** belongs to the Web Intrusion Prevention whitelist and **cc** belongs to the Access Control/Rate Limiting whitelist.'."\n"
+ ."\n"
+ .' - To set a global whitelist, **tags** valid values:'."\n"
+ .' - **waf**: Skip detection of all protection modules.'."\n"
+ ."\n"
+ .' - To set a Web Intrusion Prevention whitelist, **tags** valid values (multiple values can be set):'."\n"
+ .' - **regular**: Skip detection by the rule engine (including all protection rules).'."\n"
+ .' - **regular_rule**: Skip detection of specified protection rules in the rule engine (if this value is selected, you must set the rule IDs to skip using the **regularRules** parameter).'."\n"
+ .' - **regular_type**: Skip detection of specified types of protection rules in the rule engine (if this value is selected, you must set the rule types to skip using the **regularTypes** parameter).'."\n"
+ .' - **deeplearning**: Skip detection by the deep learning engine.'."\n"
+ ."\n"
+ .' - To set an Access Control/Rate Limiting whitelist, **tags** valid values (multiple values can be set):'."\n"
+ .' - **cc**: Skip detection by the CC security protection module.'."\n"
+ .' - **customrule**: Skip detection by the custom protection policy.'."\n"
+ .' - **blacklist**: Skip detection by the IP blacklist module.'."\n"
+ .' - **antiscan**: Skip detection by the scan protection module.'."\n"
+ ."\n"
+ .' - To set a Data Security whitelist, **tags** valid values (multiple values can be set):'."\n"
+ .' - **dlp**: Skip detection by the data leakage prevention module.'."\n"
+ .' - **tamperproof**: Skip detection by the website tamper-proofing module.'."\n"
+ .' - **account**: Skip detection by the account security module.'."\n"
+ ."\n"
+ .' - To set a Bot Management whitelist, **tags** valid values (multiple values can be set):'."\n"
+ .' - **bot_intelligence**: Skip detection by the crawler threat intelligence module.'."\n"
+ .' - **bot_algorithm**: Skip detection by the typical crawler behavior identification module.'."\n"
+ .' - **bot_wxbb**: Skip detection by the App protection module.'."\n"
+ .' - **antifraud**: Skip detection by the data risk control module.'."\n"
+ ."\n"
+ .' - **regularRules**: Array type | Optional | The list of protection rule IDs to skip. This parameter is required if the **tags** parameter value contains **regular_rule**. You can view all Web attack protection rules in WAF and obtain the related rule IDs on the **Protection Rule Group** page of the [WAF console](https://yundun.console.aliyun.com/?p=wafnext) by using **Create Rule Group**. For more information, see [Customize protection rule groups](~~99262~~).'."\n"
+ .' - **regularTypes**: Array type | Optional | The list of protection rule types to skip. This parameter is required if the **tags** parameter value contains **regular_type**. Valid values:'."\n"
+ .' - **sqli**: SQL injection.'."\n"
+ .' - **xss**: Cross-site scripting (XSS).'."\n"
+ .' - **code_exec**: Code execution.'."\n"
+ .' - **lfilei**: Local file inclusion.'."\n"
+ .' - **rfilei**: Remote file inclusion.'."\n"
+ .' - **webshell**: WebShell.'."\n"
+ .' - **vvip**: Customized protection rules.'."\n"
+ .' - **other**: Other types.'."\n"
+ .' '."\n"
+ .' - **conditions**: Array type | Required | The match conditions. A maximum of five match conditions can be specified. It is described in JSON string format and contains the following parameters:'."\n"
+ ."\n"
+ .' - **key**: The match field. Valid values: **URL**, **IP**, **Referer**, **User-Agent**, **Params**, **Cookie**, **Content-Type**, **Content-Length**, **X-Forwarded-For**, **Post-Body**, **Http-Method**, **Header**, and **URLPath**.'."\n"
+ ."\n"
+ .' - **opCode**: The logical operator. Valid values:'."\n"
+ ."\n"
+ .' > Not every match field (**key**) of a custom rule supports all logical operators (**opcode**). For the relationship between different match fields and supported logical operators, refer to the WAF console at [WAF console](https://yundun.console.aliyun.com/?p=wafnext).'."\n"
+ ."\n"
+ .' - **11**: Equals.'."\n"
+ .' - **10**: Does not equal.'."\n"
+ .' - **41**: Equals one of multiple values.'."\n"
+ .' - **50**: Does not equal any value.'."\n"
+ .' - **1**: Contains or belongs to.'."\n"
+ .' - **0**: Does not contain or does not belong to.'."\n"
+ .' - **51**: Contains one of multiple values.'."\n"
+ .' - **52**: Does not contain any value.'."\n"
+ .' - **82**: Exists.'."\n"
+ .' - **2**: Does not exist.'."\n"
+ .' - **21**: Length equals.'."\n"
+ .' - **22**: Length is greater than.'."\n"
+ .' - **20**: Length is less than.'."\n"
+ .' - **60**: Does not match regular expression.'."\n"
+ .' - **61**: Matches regular expression.'."\n"
+ .' - **72**: Prefix match.'."\n"
+ .' - **81**: Suffix match.'."\n"
+ .' - **80**: Content is empty.'."\n"
+ .' - **30**: Value is less than.'."\n"
+ .' - **31**: Value is greater than.'."\n"
+ ."\n"
+ .' - **values**: The match content. Fill in the corresponding content as needed, expressed as a String type.'."\n"
+ ."\n"
+ .' > The valid values of the logical operator (**opCode**) and match content (**values**) parameters in the match condition are related to the specified match field (**key**).'."\n"
+ ."\n"
+ .' - **Example**'."\n"
+ .' '."\n"
+ .' ```'."\n"
+ .' {'."\n"
+ .' "name": "test",'."\n"
+ .' "tags": ["cc","customrule"],'."\n"
+ .' "conditions":[{"opCode":1,"key":"URL","values":"/example"}],'."\n"
+ .' }'."\n"
+ .' ``` '."\n"
+ ."\n\n"
+ .'When calling the API, in addition to the request parameters described in this topic, you must also include the Alibaba Cloud API common request parameters. For more information about common request parameters, see [Common parameters](~~162719~~).'."\n"
+ ."\n"
+ .'For the request format of the API call, see the request examples in the **Examples** section of this topic.',
'responseParamsDescription' => ' ',
'extraInfo' => ' ',
- ],
- 'DeleteDomain' => [
- 'methods' => [
- 'post',
- 'get',
+ 'changeSet' => [],
+ 'flowControl' => [
+ 'flowControlList' => [
+ ['threshold' => '10', 'countWindow' => 1, 'regionId' => '*', 'api' => 'CreateProtectionModuleRule'],
+ ],
],
- 'schemes' => [
- 'http',
- 'https',
+ 'ramActions' => [
+ [
+ 'operationType' => '',
+ 'ramAction' => [
+ 'action' => 'yundun-waf:CreateProtectionModuleRule',
+ 'authLevel' => 'operate',
+ 'actionConditions' => [],
+ 'resources' => [
+ ['validationType' => 'always', 'product' => 'WAF', 'resourceType' => 'All Resource', 'arn' => '*'],
+ ],
+ ],
+ ],
],
+ ],
+ 'DeleteDomain' => [
+ 'methods' => ['post', 'get'],
+ 'schemes' => ['http', 'https'],
'security' => [
[
'AK' => [],
@@ -1801,37 +1116,30 @@
[
'name' => 'InstanceId',
'in' => 'query',
- 'schema' => [
- 'description' => '',
- 'type' => 'string',
- 'required' => true,
- 'example' => 'waf_elasticity-cn-0xldbqt****',
- ],
+ 'schema' => ['description' => 'Instance ID of the WAF instance.'."\n"
+ ."\n"
+ .'> You can call the [DescribeInstanceInfo](~~140857~~) operation to query instance ID of the current WAF instance.', 'type' => 'string', 'required' => true, 'example' => 'waf_elasticity-cn-0xldbqt****', 'title' => ''],
],
[
'name' => 'Domain',
'in' => 'query',
- 'schema' => [
- 'description' => '',
- 'type' => 'string',
- 'required' => true,
- 'example' => 'www.example.com',
- ],
+ 'schema' => ['description' => 'The domain name that has been added to WAF.', 'type' => 'string', 'required' => true, 'example' => 'www.example.com', 'title' => ''],
],
[
'name' => 'ResourceGroupId',
'in' => 'query',
- 'schema' => [
- 'type' => 'string',
- ],
+ 'schema' => ['description' => 'The ID of the resource group to which the WAF instance belongs in Resource Management. This parameter is empty by default, which indicates that the instance belongs to the default resource group.'."\n"
+ ."\n"
+ .'For more information about resource groups, see [Create a resource group](~~94485~~).', 'type' => 'string', 'required' => false, 'example' => 'rg-atstuj3rtop****', 'title' => ''],
],
[
'name' => 'RegionId',
'in' => 'query',
- 'schema' => [
- 'type' => 'string',
- 'default' => 'cn-hangzhou',
- ],
+ 'schema' => ['description' => 'The region where the WAF instance resides. Valid values:'."\n"
+ ."\n"
+ .'- **cn-hangzhou**: the Chinese mainland.'."\n"
+ ."\n"
+ .'- **ap-southeast-1**: outside the Chinese mainland.', 'type' => 'string', 'default' => 'cn-hangzhou', 'required' => false, 'example' => 'cn-hangzhou', 'title' => ''],
],
],
'responses' => [
@@ -1839,74 +1147,71 @@
'schema' => [
'type' => 'object',
'properties' => [
- 'RequestId' => [
- 'description' => '',
- 'type' => 'string',
- 'example' => 'D7861F61-5B61-46CE-A47C-6B19160D5EB0',
- ],
+ 'RequestId' => ['description' => 'The request ID.', 'type' => 'string', 'example' => 'D7861F61-5B61-46CE-A47C-6B19****5EB0', 'title' => ''],
],
+ 'description' => '',
+ 'title' => '',
+ 'example' => '',
],
],
],
'errorCodes' => [],
- 'responseDemo' => '[{"type":"json","example":"{\\n \\"RequestId\\": \\"D7861F61-5B61-46CE-A47C-6B19****5EB0\\"\\n}","errorExample":""},{"type":"xml","example":"<?xml version=\\"1.0\\" encoding=\\"UTF-8\\" ?>\\r\\n<DeleteDomainResponse>\\r\\n\\t<RequestId>D7861F61-5B61-46CE-A47C-6B19160D5EB0</RequestId>\\r\\n</DeleteDomainResponse>","errorExample":""}]',
- 'title' => 'DeleteDomain',
+ 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"RequestId\\": \\"D7861F61-5B61-46CE-A47C-6B19****5EB0\\"\\n}","type":"json"}]',
+ 'title' => 'Delete specified domain name configuration information',
+ 'summary' => 'Deletes the configuration information of a specified domain name.',
'requestParamsDescription' => ' ',
'responseParamsDescription' => ' ',
'extraInfo' => ' ',
- ],
- 'DescribeCertificates' => [
- 'methods' => [
- 'post',
- 'get',
+ 'changeSet' => [],
+ 'flowControl' => [
+ 'flowControlList' => [
+ ['threshold' => '50', 'countWindow' => 1, 'regionId' => '*', 'api' => 'DeleteDomain'],
+ ],
],
- 'schemes' => [
- 'http',
- 'https',
+ 'ramActions' => [
+ [
+ 'operationType' => '',
+ 'ramAction' => [
+ 'action' => 'yundun-waf:DeleteDomain',
+ 'authLevel' => 'operate',
+ 'actionConditions' => [],
+ 'resources' => [
+ ['validationType' => 'always', 'product' => 'WAF', 'resourceType' => 'All Resource', 'arn' => '*'],
+ ],
+ ],
+ ],
],
+ ],
+ 'DeleteInstance' => [
+ 'methods' => ['post', 'get'],
+ 'schemes' => ['http', 'https'],
'security' => [
[
'AK' => [],
],
],
- 'systemTags' => [
- 'operationType' => 'list',
- ],
+ 'systemTags' => [],
'parameters' => [
[
'name' => 'InstanceId',
'in' => 'query',
- 'schema' => [
- 'description' => '',
- 'type' => 'string',
- 'required' => true,
- 'example' => 'waf-cn-zz11sr5****',
- ],
- ],
- [
- 'name' => 'Domain',
- 'in' => 'query',
- 'schema' => [
- 'description' => '',
- 'type' => 'string',
- 'required' => false,
- 'example' => 'www.aliyundoc.com',
- ],
+ 'schema' => ['description' => 'The instance ID of the WAF instance.', 'type' => 'string', 'required' => true, 'example' => 'waf_elasticity-cn-0xldbqt****', 'title' => ''],
],
[
'name' => 'ResourceGroupId',
'in' => 'query',
- 'schema' => [
- 'type' => 'string',
- ],
+ 'schema' => ['description' => 'The ID of the resource group.'."\n"
+ ."\n"
+ .'Default value: empty, which indicates the default resource group.', 'type' => 'string', 'required' => false, 'example' => 'rg-atstuj3rtop****', 'title' => ''],
],
[
'name' => 'RegionId',
'in' => 'query',
- 'schema' => [
- 'type' => 'string',
- 'default' => 'cn-hangzhou',
- ],
+ 'schema' => ['description' => 'The region where the WAF instance resides. Valid values:'."\n"
+ ."\n"
+ .'- **cn-hangzhou**: the Chinese mainland.'."\n"
+ ."\n"
+ .'- **ap-southeast-1**: outside the Chinese mainland.', 'type' => 'string', 'default' => 'cn-hangzhou', 'required' => false, 'example' => 'cn-hangzhou', 'title' => ''],
],
],
'responses' => [
@@ -1914,135 +1219,115 @@
'schema' => [
'type' => 'object',
'properties' => [
- 'RequestId' => [
- 'description' => '',
- 'type' => 'string',
- 'example' => 'ECF65091-3704-55D5-BC88-EC208B0E238C',
- ],
- 'Certificates' => [
- 'description' => '',
- 'type' => 'array',
- 'items' => [
- 'type' => 'object',
- 'properties' => [
- 'IsUsing' => [
- 'description' => '',
- 'type' => 'boolean',
- 'example' => 'false',
- ],
- 'CertificateName' => [
- 'description' => '',
- 'type' => 'string',
- 'example' => '*.aliyundoc.com',
- ],
- 'CertificateId' => [
- 'description' => '',
- 'type' => 'integer',
- 'format' => 'int64',
- 'example' => '2329260',
- ],
- 'CommonName' => [
- 'description' => '',
- 'type' => 'string',
- 'example' => '*.aliyundoc.com',
- ],
- 'Sans' => [
- 'description' => '',
- 'type' => 'array',
- 'items' => [
- 'description' => '',
- 'type' => 'string',
- 'example' => '*.aliyundoc.com',
- ],
- ],
- 'EndTime' => [
- 'type' => 'integer',
- 'format' => 'int64',
- ],
- ],
- ],
- ],
+ 'RequestId' => ['description' => 'The unique identifier that Alibaba Cloud generated for this API request.', 'type' => 'string', 'example' => 'F35F45B0-5D6B-4238-BE02-A62D****E840', 'title' => ''],
],
+ 'description' => '',
+ 'title' => '',
+ 'example' => '',
],
],
],
- 'responseDemo' => '[{"type":"json","example":"{\\n \\"RequestId\\": \\"ECF65091-3704-55D5-BC88-EC208B0E238C\\",\\n \\"Certificates\\": [\\n {\\n \\"IsUsing\\": false,\\n \\"CertificateName\\": \\"*.aliyundoc.com\\",\\n \\"CertificateId\\": 2329260,\\n \\"CommonName\\": \\"*.aliyundoc.com\\",\\n \\"Sans\\": [\\n \\"*.aliyundoc.com\\"\\n ],\\n \\"EndTime\\": 1971273600000\\n }\\n ]\\n}","errorExample":""},{"type":"xml","example":"<DescribeCertificatesResponse>\\n <RequestId>ECF65091-3704-55D5-BC88-EC208B0E238C</RequestId>\\n <Certificates>\\n <IsUsing>false</IsUsing>\\n <CertificateName>*.aliyundoc.com</CertificateName>\\n <CertificateId>2329260</CertificateId>\\n <CommonName>*.aliyundoc.com</CommonName>\\n <Sans>*.aliyundoc.com</Sans>\\n </Certificates>\\n</DescribeCertificatesResponse>","errorExample":""}]',
- 'title' => 'DescribeCertificates',
- 'summary' => 'Queries the SSL certificates that are associated with a domain name and managed by Alibaba Cloud Certificate Management Service.',
+ 'errorCodes' => [],
+ 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"RequestId\\": \\"F35F45B0-5D6B-4238-BE02-A62D****E840\\"\\n}","type":"json"}]',
+ 'title' => 'Release a WAF instance',
+ 'summary' => 'Releases a pay-as-you-go Web Application Firewall (WAF) instance or an expired subscription instance.',
+ 'description' => 'After an instance is released, all data associated with the instance is permanently deleted and cannot be recovered. Proceed with caution.',
+ 'requestParamsDescription' => ' ',
'responseParamsDescription' => ' ',
'extraInfo' => ' ',
- ],
- 'DescribeCertMatchStatus' => [
- 'methods' => [
- 'post',
- 'get',
+ 'changeSet' => [],
+ 'flowControl' => [
+ 'flowControlList' => [
+ ['threshold' => '20', 'countWindow' => 1, 'regionId' => '*', 'api' => 'DeleteInstance'],
+ ],
],
- 'schemes' => [
- 'https',
+ 'ramActions' => [
+ [
+ 'operationType' => '',
+ 'ramAction' => [
+ 'action' => 'yundun-waf:DeleteInstance',
+ 'authLevel' => 'operate',
+ 'actionConditions' => [],
+ 'resources' => [
+ ['validationType' => 'always', 'product' => 'WAF', 'resourceType' => 'All Resource', 'arn' => '*'],
+ ],
+ ],
+ ],
],
+ ],
+ 'DeleteProtectionModuleRule' => [
+ 'methods' => ['post', 'get'],
+ 'schemes' => ['http', 'https'],
'security' => [
[
'AK' => [],
],
],
- 'systemTags' => [
- 'operationType' => 'get',
- ],
+ 'systemTags' => [],
'parameters' => [
[
'name' => 'Domain',
'in' => 'query',
- 'schema' => [
- 'description' => '',
- 'type' => 'string',
- 'required' => true,
- 'example' => 'www.example.com',
- ],
+ 'schema' => ['description' => 'The domain name for which you want to delete the protection rule.'."\n"
+ ."\n"
+ .'> You can call [DescribeDomainList](~~255880~~) to query all domain names that are added to WAF.', 'type' => 'string', 'required' => true, 'example' => 'www.aliyundoc.com', 'title' => ''],
],
[
- 'name' => 'Certificate',
+ 'name' => 'DefenseType',
'in' => 'query',
- 'schema' => [
- 'description' => '',
- 'type' => 'string',
- 'required' => true,
- 'example' => '-----BEGIN CERTIFICATE----- 62EcYPWd2Oy1vs6MTXcJSfN9Z7rZ9fmxWr2BFN2XbahgnsSXM48ixZJ4krc+1M+j2kcubVpsE2cgHdj4v8H6jUz9Ji4mr7vMNS6dXv8PUkl/qoDeNGCNdyTS5NIL5ir+g92cL8IGOkjgvhlqt9vc65Cgb4mL+n5+DV9uOyTZTW/MojmlgfUekC2xiXa54nxJf17Y1TADGSbyJbsC0Q9nIrHsPl8YKkvRWvIAqYxXZ7wRwWWmv4TMxFhWRiNY7yZIo2ZUhl02SIDNggIEeg== -----END CERTIFICATE-----',
- ],
+ 'schema' => ['description' => 'The protection feature module to which the rule to be deleted belongs. Valid values:'."\n"
+ ."\n"
+ .'- **waf-codec**: the decoding settings of the RegEx Protection DPI engine.'."\n"
+ ."\n"
+ .'- **tamperproof**: web tamper-proofing rules.'."\n"
+ ."\n"
+ .'- **dlp**: data leak prevention rules.'."\n"
+ ."\n"
+ .'- **ng_account**: account security rules.'."\n"
+ ."\n"
+ .'- **antifraud**: data risk control protection request configurations.'."\n"
+ ."\n"
+ .'- **antifraud_js**: data risk control JS insertion page configurations.'."\n"
+ ."\n"
+ .'- **bot_algorithm**: intelligent algorithm rules of Bot Management.'."\n"
+ ."\n"
+ .'- **bot_wxbb_pkg**: version protection rules of App Protection.'."\n"
+ ."\n"
+ .'- **bot_wxbb**: path protection rules of App Protection.'."\n"
+ ."\n"
+ .'- **ac_custom**: custom protection policy rules.'."\n"
+ ."\n"
+ .'- **whitelist**: whitelist rules.', 'type' => 'string', 'required' => true, 'example' => 'ac_custom', 'title' => ''],
],
[
- 'name' => 'PrivateKey',
+ 'name' => 'RuleId',
'in' => 'query',
- 'schema' => [
- 'description' => '',
- 'type' => 'string',
- 'required' => true,
- 'example' => '-----BEGIN RSA PRIVATE KEY----- DADTPZoOHd9WtZ3UKHJTRgNQmioPQn2bqdKHop+B/dn/4VZL7Jt8zSDGM9sTMThLyvsmLQKBgQCr+ujntC1kN6pGBj2Fw2l/EA/W3rYEce2tyhjgmG7rZ+A/jVE9fld5sQra6ZdwBcQJaiygoIYoaMF2EjRwc0qwHaluq0C15f6ujSoHh2e+D5zdmkTg/3NKNjqNv6xA2gYpinVDzFdZ9Zujxvuh9o4Vqf0YF8bv5UK5G04RtKadOw== -----END RSA PRIVATE KEY-----',
- ],
+ 'schema' => ['description' => 'The ID of the protection rule to delete.'."\n"
+ ."\n"
+ .'> You can call [DescribeProtectionModuleRules](~~100398~~) to query the IDs of all rules in a specified protection module.', 'type' => 'integer', 'format' => 'int64', 'required' => true, 'example' => '42754', 'title' => ''],
],
[
'name' => 'InstanceId',
'in' => 'query',
- 'schema' => [
- 'description' => '',
- 'type' => 'string',
- 'required' => true,
- 'example' => 'waf_elasticity-cn-0xldbqt****',
- ],
+ 'schema' => ['description' => 'The ID of the WAF instance.'."\n"
+ ."\n"
+ .'> You can call [DescribeInstanceInfo](~~140857~~) to query the ID of the current WAF instance.', 'type' => 'string', 'required' => true, 'example' => 'waf-cn-mp9153****', 'title' => ''],
],
[
'name' => 'ResourceGroupId',
'in' => 'query',
- 'schema' => [
- 'type' => 'string',
- ],
+ 'schema' => ['description' => 'The ID of the resource group to which the WAF instance belongs in Resource Management. By default, this parameter is empty, which indicates that the instance belongs to the default resource group.'."\n"
+ ."\n"
+ .'For more information about resource groups, see [Create a resource group](~~94485~~).', 'type' => 'string', 'required' => false, 'example' => 'rg-acfm2pz25js****', 'title' => ''],
],
[
'name' => 'RegionId',
'in' => 'query',
- 'schema' => [
- 'type' => 'string',
- 'default' => 'cn-hangzhou',
- ],
+ 'schema' => ['description' => 'The region where the WAF instance is deployed. Valid values:'."\n"
+ ."\n"
+ .'- **cn-hangzhou**: the Chinese mainland.'."\n"
+ ."\n"
+ .'- **ap-southeast-1**: outside the Chinese mainland.', 'type' => 'string', 'default' => 'cn-hangzhou', 'required' => false, 'example' => 'cn-hangzhou', 'title' => ''],
],
],
'responses' => [
@@ -2050,108 +1335,92 @@
'schema' => [
'type' => 'object',
'properties' => [
- 'MatchStatus' => [
- 'description' => '',
- 'type' => 'boolean',
- 'example' => 'false',
- ],
- 'RequestId' => [
- 'description' => '',
- 'type' => 'string',
- 'example' => 'D7861F61-5B61-46CE-A47C-6B19160D5EB0',
- ],
+ 'RequestId' => ['description' => 'The ID of the request.', 'type' => 'string', 'example' => '1557B42F-B889-460A-B17F-1DE5C5AD7FF2', 'title' => ''],
],
+ 'description' => '',
+ 'title' => '',
+ 'example' => '',
],
],
],
'errorCodes' => [],
- 'responseDemo' => '[{"type":"json","example":"{\\n \\"MatchStatus\\": false,\\n \\"RequestId\\": \\"D7861F61-5B61-46CE-A47C-6B19****5EB0\\"\\n}","errorExample":""},{"type":"xml","example":"<?xml version=\\"1.0\\" encoding=\\"UTF-8\\" ?>\\n<DescribeCertMatchStatusResponse>\\n\\t<MatchStatus>false</MatchStatus>\\n\\t<RequestId>D7861F61-5B61-46CE-A47C-6B19160D5EB0</RequestId>\\n</DescribeCertMatchStatusResponse>","errorExample":""}]',
- 'title' => 'DescribeCertMatchStatus',
- 'requestParamsDescription' => ' ',
+ 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"RequestId\\": \\"1557B42F-B889-460A-B17F-1DE5C5AD7FF2\\"\\n}","type":"json"}]',
+ 'title' => 'Delete a rule from a protection module',
+ 'summary' => 'Deletes a rule configured in a specified protection module by calling DeleteProtectionModuleRule.',
+ 'description' => 'This operation deletes a rule configured in a specified protection module.'."\n"
+ .'To ensure system stability, the queries per second (QPS) for a single user is limited to 10. If the limit is exceeded, API calls are throttled, which may affect your business. Call this operation at an appropriate frequency.',
+ 'requestParamsDescription' => 'When you call this operation, you must include common Alibaba Cloud API request parameters in addition to the operation-specific request parameters described in this topic. For more information about common request parameters, see [Common parameters](~~162719~~).'."\n"
+ ."\n"
+ .'For the request format, see the request examples in the **Examples** section of this topic.',
'responseParamsDescription' => ' ',
'extraInfo' => ' ',
- ],
- 'CreateCertificate' => [
- 'methods' => [
- 'post',
- 'get',
+ 'changeSet' => [],
+ 'flowControl' => [
+ 'flowControlList' => [
+ ['threshold' => '10', 'countWindow' => 1, 'regionId' => '*', 'api' => 'DeleteProtectionModuleRule'],
+ ],
],
- 'schemes' => [
- 'http',
- 'https',
+ 'ramActions' => [
+ [
+ 'operationType' => '',
+ 'ramAction' => [
+ 'action' => 'yundun-waf:DeleteProtectionModuleRule',
+ 'authLevel' => 'operate',
+ 'actionConditions' => [],
+ 'resources' => [
+ ['validationType' => 'always', 'product' => 'WAF', 'resourceType' => 'All Resource', 'arn' => '*'],
+ ],
+ ],
+ ],
],
+ ],
+ 'DescribeCertMatchStatus' => [
+ 'methods' => ['post', 'get'],
+ 'schemes' => ['https'],
'security' => [
[
'AK' => [],
],
],
- 'systemTags' => [],
+ 'systemTags' => ['operationType' => 'get'],
'parameters' => [
[
'name' => 'Domain',
'in' => 'query',
- 'schema' => [
- 'description' => '',
- 'type' => 'string',
- 'required' => false,
- 'example' => 'www.example.com',
- ],
+ 'schema' => ['description' => 'The domain name that is added to WAF.', 'type' => 'string', 'required' => true, 'example' => 'www.example.com', 'title' => ''],
],
[
'name' => 'Certificate',
'in' => 'query',
- 'schema' => [
- 'description' => '',
- 'type' => 'string',
- 'required' => false,
- 'example' => '-----BEGIN CERTIFICATE----- 62EcYPWd2Oy1vs6MTXcJSfN9Z7rZ9fmxWr2BFN2XbahgnsSXM48ixZJ4krc+1M+j2kcubVpsE2cgHdj4v8H6jUz9Ji4mr7vMNS6dXv8PUkl/qoDeNGCNdyTS5NIL5ir+g92cL8IGOkjgvhlqt9vc65Cgb4mL+n5+DV9uOyTZTW/MojmlgfUekC2xiXa54nxJf17Y1TADGSbyJbsC0Q9nIrHsPl8YKkvRWvIAqYxXZ7wRwWWmv4TMxFhWRiNY7yZIo2ZUhl02SIDNggIEeg== -----END CERTIFICATE-----',
- 'default' => 'cn',
- ],
+ 'schema' => ['description' => 'The content of the certificate file.', 'type' => 'string', 'required' => true, 'example' => '-----BEGIN CERTIFICATE----- 62EcYPWd2Oy1vs6MTXcJSfN9*****9fmxWr2BFN2XbahgnsSXM48ixZJ4krc+1M+j2kcubVpsE2cgHdj4v8H6jUz9Ji4mr7vMNS6dXv8PUkl/qoDeNGCNdyTS5NIL5ir+g92cL8IGOkjgvhlqt9vc65Cgb4mL+n5+DV9uOyTZTW/MojmlgfUekC2xiXa54nxJf17Y1TADGSbyJbsC0Q9nIrHsPl8YKkvRWvIAqYxXZ7wRwWWmv4TMxFhWRiNY7yZIo2ZUhl02SIDNggIEeg== -----END CERTIFICATE-----', 'title' => ''],
],
[
'name' => 'PrivateKey',
'in' => 'query',
- 'schema' => [
- 'description' => '',
- 'type' => 'string',
- 'required' => true,
- 'example' => '-----BEGIN RSA PRIVATE KEY----- DADTPZoOHd9WtZ3UKHJTRgNQmioPQn2bqdKHop+B/dn/4VZL7Jt8zSDGM9sTMThLyvsmLQKBgQCr+ujntC1kN6pGBj2Fw2l/EA/W3rYEce2tyhjgmG7rZ+A/jVE9fld5sQra6ZdwBcQJaiygoIYoaMF2EjRwc0qwHaluq0C15f6ujSoHh2e+D5zdmkTg/3NKNjqNv6xA2gYpinVDzFdZ9Zujxvuh9o4Vqf0YF8bv5UK5G04RtKadOw== -----END RSA PRIVATE KEY-----',
- ],
- ],
- [
- 'name' => 'CertificateName',
- 'in' => 'query',
- 'schema' => [
- 'description' => '',
- 'type' => 'string',
- 'required' => true,
- 'example' => 'CertName',
- ],
+ 'schema' => ['description' => 'The content of the private key file.', 'type' => 'string', 'required' => true, 'example' => '-----BEGIN RSA PRIVATE KEY----- DADTPZoOHd9WtZ3UKHJTRgNQ****Qn2bqdKHop+B/dn/4VZL7Jt8zSDGM9sTMThLyvsmLQKBgQCr+ujntC1kN6pGBj2Fw2l/EA/W3rYEce2tyhjgmG7rZ+A/jVE9fld5sQra6ZdwBcQJaiygoIYoaMF2EjRwc0qwHaluq0C15f6ujSoHh2e+D5zdmkTg/3NKNjqNv6xA2gYpinVDzFdZ9Zujxvuh9o4Vqf0YF8bv5UK5G04RtKadOw== -----END RSA PRIVATE KEY-----', 'title' => ''],
],
[
'name' => 'InstanceId',
'in' => 'query',
- 'schema' => [
- 'description' => '',
- 'type' => 'string',
- 'required' => true,
- 'example' => 'waf_elasticity-cn-0xldbqt****',
- ],
+ 'schema' => ['description' => 'Instance ID of the WAF instance.'."\n"
+ ."\n"
+ .'> You can call the [DescribeInstanceInfo](~~140857~~) operation to query instance ID of the WAF instance.', 'type' => 'string', 'required' => true, 'example' => 'waf_elasticity-cn-0xldbqt****', 'title' => ''],
],
[
'name' => 'ResourceGroupId',
'in' => 'query',
- 'schema' => [
- 'type' => 'string',
- ],
+ 'schema' => ['description' => 'The ID of the resource group to which the WAF instance belongs in Resource Management.'."\n"
+ ."\n"
+ .'If you do not specify this parameter, the default resource group is used.', 'type' => 'string', 'required' => false, 'example' => 'rg-atstuj3rtop****', 'title' => ''],
],
[
'name' => 'RegionId',
'in' => 'query',
- 'schema' => [
- 'type' => 'string',
- 'default' => 'cn-hangzhou',
- ],
+ 'schema' => ['description' => 'The region where the WAF instance is deployed. Valid values:'."\n"
+ ."\n"
+ .'- **cn-hangzhou**: the Chinese mainland.'."\n"
+ ."\n"
+ .'- **ap-southeast-1**: outside the Chinese mainland.', 'type' => 'string', 'default' => 'cn-hangzhou', 'required' => false, 'example' => 'cn-hangzhou', 'title' => ''],
],
],
'responses' => [
@@ -2159,215 +1428,194 @@
'schema' => [
'type' => 'object',
'properties' => [
- 'CertificateId' => [
- 'description' => '',
- 'type' => 'integer',
- 'format' => 'int64',
- 'example' => '2329260',
- ],
- 'RequestId' => [
- 'description' => '',
- 'type' => 'string',
- 'example' => 'D7861F61-5B61-46CE-A47C-6B19160D5EB0',
- ],
+ 'MatchStatus' => ['description' => 'Indicates whether the certificate and private key match.', 'type' => 'boolean', 'example' => 'false', 'title' => ''],
+ 'RequestId' => ['description' => 'The request ID.', 'type' => 'string', 'example' => 'D7861F61-5B61-46CE-A47C-6B19****5EB0', 'title' => ''],
],
+ 'description' => '',
+ 'title' => '',
+ 'example' => '',
],
],
],
'errorCodes' => [],
- 'responseDemo' => '[{"type":"json","example":"{\\n \\"CertificateId\\": 2329260,\\n \\"RequestId\\": \\"D7861F61-5B61-46CE-A47C-6B19160D5EB0\\"\\n}","errorExample":""},{"type":"xml","example":"<?xml version=\\"1.0\\" encoding=\\"UTF-8\\" ?>\\n<CreateCertificateResponse>\\n\\t<CertificateId>2329260</CertificateId>\\n\\t<RequestId>D7861F61-5B61-46CE-A47C-6B19160D5EB0</RequestId>\\n</CreateCertificateResponse>","errorExample":""}]',
- 'title' => 'CreateCertificate',
+ 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"MatchStatus\\": false,\\n \\"RequestId\\": \\"D7861F61-5B61-46CE-A47C-6B19****5EB0\\"\\n}","type":"json"}]',
+ 'title' => 'Check whether the uploaded certificate and private key match for a domain name',
+ 'summary' => 'Checks whether the certificate and private key uploaded for a specified domain name configuration match.',
'requestParamsDescription' => ' ',
'responseParamsDescription' => ' ',
'extraInfo' => ' ',
- ],
- 'CreateCertificateByCertificateId' => [
- 'methods' => [
- 'post',
- 'get',
+ 'changeSet' => [],
+ 'flowControl' => [
+ 'flowControlList' => [
+ ['threshold' => '10', 'countWindow' => 1, 'regionId' => '*', 'api' => 'DescribeCertMatchStatus'],
+ ],
],
- 'schemes' => [
- 'http',
- 'https',
+ 'ramActions' => [
+ [
+ 'operationType' => 'get',
+ 'ramAction' => [
+ 'action' => 'yundun-waf:DescribeCertMatchStatus',
+ 'authLevel' => 'operate',
+ 'actionConditions' => [],
+ 'resources' => [
+ ['validationType' => 'always', 'product' => 'WAF', 'resourceType' => 'All Resource', 'arn' => '*'],
+ ],
+ ],
+ ],
],
+ ],
+ 'DescribeCertificates' => [
+ 'methods' => ['post', 'get'],
+ 'schemes' => ['http', 'https'],
'security' => [
[
'AK' => [],
],
],
- 'systemTags' => [],
+ 'systemTags' => ['operationType' => 'list'],
'parameters' => [
[
- 'name' => 'Domain',
- 'in' => 'query',
- 'schema' => [
- 'description' => '',
- 'type' => 'string',
- 'required' => true,
- 'example' => 'www.aliyundoc.com',
- ],
- ],
- [
- 'name' => 'CertificateId',
+ 'name' => 'InstanceId',
'in' => 'query',
- 'schema' => [
- 'description' => '',
- 'type' => 'integer',
- 'format' => 'int64',
- 'required' => true,
- 'example' => '3384669',
- ],
+ 'schema' => ['description' => 'The ID of the WAF instance.'."\n"
+ ."\n"
+ .'> You can call [DescribeInstanceInfo](~~140857~~) to obtain the ID of the current WAF instance.', 'type' => 'string', 'required' => true, 'example' => 'waf-cn-zz11sr5****', 'title' => ''],
],
[
- 'name' => 'InstanceId',
+ 'name' => 'Domain',
'in' => 'query',
- 'schema' => [
- 'description' => '',
- 'type' => 'string',
- 'required' => true,
- 'example' => 'waf-cn-zz11sr5****',
- ],
+ 'schema' => ['description' => 'The domain name for which you want to query the associated SSL certificates.'."\n"
+ ."\n"
+ .'If you do not set this parameter, the SSL certificates associated with all domain names are queried.', 'type' => 'string', 'required' => false, 'example' => 'www.aliyundoc.com', 'title' => ''],
],
[
'name' => 'ResourceGroupId',
'in' => 'query',
- 'schema' => [
- 'type' => 'string',
- ],
+ 'schema' => ['description' => 'The ID of the resource group to which the WAF instance belongs in Resource Management.'."\n"
+ ."\n"
+ .'If you do not set this parameter, the default resource group is used.', 'type' => 'string', 'required' => false, 'example' => 'rg-aekzz2e****pp7i', 'title' => ''],
],
[
'name' => 'RegionId',
'in' => 'query',
- 'schema' => [
- 'type' => 'string',
- 'default' => 'cn-hangzhou',
- ],
+ 'schema' => ['description' => 'The region where the WAF instance resides. Valid values:'."\n"
+ ."\n"
+ .'- **cn-hangzhou**: Chinese mainland.'."\n"
+ ."\n"
+ .'- **ap-southeast-1**: outside the Chinese mainland.', 'type' => 'string', 'default' => 'cn-hangzhou', 'required' => false, 'example' => 'cn-hangzhou', 'title' => ''],
],
],
'responses' => [
200 => [
- 'headers' => [],
'schema' => [
'type' => 'object',
'properties' => [
- 'CertificateId' => [
- 'description' => '',
- 'type' => 'integer',
- 'format' => 'int64',
- 'example' => '3384669',
- ],
- 'RequestId' => [
- 'description' => '',
- 'type' => 'string',
- 'example' => 'D7861F61-5B61-46CE-A47C-6B19160D5EB0',
+ 'RequestId' => ['description' => 'The ID of the request.', 'type' => 'string', 'example' => 'ECF65091-3704-55D5-BC88-EC208B0E238C', 'title' => ''],
+ 'Certificates' => [
+ 'description' => 'The SSL certificate information associated with the domain name.',
+ 'type' => 'array',
+ 'items' => [
+ 'type' => 'object',
+ 'properties' => [
+ 'IsUsing' => ['description' => 'Indicates whether the certificate is currently used by the domain name. Valid values:'."\n"
+ ."\n"
+ .'- **true**: The certificate is in use.'."\n"
+ .'- **false**: The certificate is not in use.', 'type' => 'boolean', 'example' => 'false', 'title' => ''],
+ 'CertificateName' => ['description' => 'The name of the certificate.', 'type' => 'string', 'example' => '*.aliyundoc.com', 'title' => ''],
+ 'CertificateId' => ['description' => 'The ID of the certificate.', 'type' => 'integer', 'format' => 'int64', 'example' => '2329260', 'title' => ''],
+ 'CommonName' => ['description' => 'The domain name that is bound to the certificate.', 'type' => 'string', 'example' => '*.aliyundoc.com', 'title' => ''],
+ 'Sans' => [
+ 'description' => 'The list of SAN (Subject Alternative Name) extension attributes of the certificate.',
+ 'type' => 'array',
+ 'items' => ['description' => 'Other domain names that are bound to the certificate.', 'type' => 'string', 'example' => '*.aliyundoc.com', 'title' => ''],
+ 'title' => '',
+ 'example' => '',
+ ],
+ 'EndTime' => ['description' => 'The expiration time of the certificate. The value is a Unix timestamp in UTC. Unit: milliseconds.', 'type' => 'integer', 'format' => 'int64', 'example' => '1971273600000', 'title' => ''],
+ ],
+ 'description' => '',
+ 'title' => '',
+ 'example' => '',
+ ],
+ 'title' => '',
+ 'example' => '',
],
],
+ 'description' => '',
+ 'title' => '',
+ 'example' => '',
],
],
],
- 'responseDemo' => '[{"type":"json","example":"{\\n \\"CertificateId\\": 3384669,\\n \\"RequestId\\": \\"D7861F61-5B61-46CE-A47C-6B19160D5EB0\\"\\n}","errorExample":""},{"type":"xml","example":"<CreateCertificateByCertificateIdResponse>\\n <CertificateId>3384669</CertificateId>\\n <RequestId>D7861F61-5B61-46CE-A47C-6B19160D5EB0</RequestId>\\n</CreateCertificateByCertificateIdResponse>","errorExample":""}]',
- 'title' => 'CreateCertificateByCertificateId',
+ 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"RequestId\\": \\"ECF65091-3704-55D5-BC88-EC208B0E238C\\",\\n \\"Certificates\\": [\\n {\\n \\"IsUsing\\": false,\\n \\"CertificateName\\": \\"*.aliyundoc.com\\",\\n \\"CertificateId\\": 2329260,\\n \\"CommonName\\": \\"*.aliyundoc.com\\",\\n \\"Sans\\": [\\n \\"*.aliyundoc.com\\"\\n ],\\n \\"EndTime\\": 1971273600000\\n }\\n ]\\n}","type":"json"}]',
+ 'title' => 'Query available certificates for a specified domain name',
+ 'summary' => 'Queries the available existing certificates for a specified domain name, that is, certificates that are already managed in SSL Certificates Service.',
+ 'description' => 'This API is used to query the list of SSL certificates associated with a domain name (purchased through Alibaba Cloud SSL Certificates Service or uploaded and managed in SSL Certificates Service), such as the certificate ID, name, associated domain name, and SAN (Subject Alternative Name) extension attributes. Note that to ensure system stability, the QPS for a single user is limited to 10 requests per second. If the limit is exceeded, API calls will be throttled, which may affect your business. Please call this API at a reasonable frequency.',
+ 'requestParamsDescription' => 'When you call this API, in addition to the request parameters described in this topic, you must also include Alibaba Cloud API common request parameters. For more information about common request parameters, see [Common parameters](~~162719~~).'."\n"
+ ."\n"
+ .'For the request format of the API, see the request example in the **Examples** section of this topic.',
'responseParamsDescription' => ' ',
'extraInfo' => ' ',
- ],
- 'DescribeDomainBasicConfigs' => [
- 'methods' => [
- 'post',
- 'get',
+ 'changeSet' => [
+ ['createdAt' => '2023-04-18T02:30:35.000Z', 'description' => 'Response parameters changed, Error codes changed'],
+ ],
+ 'flowControl' => [
+ 'flowControlList' => [
+ ['threshold' => '10', 'countWindow' => 1, 'regionId' => '*', 'api' => 'DescribeCertificates'],
+ ],
],
- 'schemes' => [
- 'http',
- 'https',
+ 'ramActions' => [
+ [
+ 'operationType' => 'list',
+ 'ramAction' => [
+ 'action' => 'yundun-waf:DescribeCertificates',
+ 'authLevel' => 'operate',
+ 'actionConditions' => [],
+ 'resources' => [
+ ['validationType' => 'always', 'product' => 'WAF', 'resourceType' => 'All Resource', 'arn' => '*'],
+ ],
+ ],
+ ],
],
+ ],
+ 'DescribeDomain' => [
+ 'methods' => ['post', 'get'],
+ 'schemes' => ['http', 'https'],
'security' => [
[
'AK' => [],
],
],
- 'systemTags' => [
- 'operationType' => 'get',
- ],
+ 'deprecated' => false,
+ 'systemTags' => ['operationType' => 'get'],
'parameters' => [
[
'name' => 'InstanceId',
'in' => 'query',
- 'schema' => [
- 'description' => '',
- 'type' => 'string',
- 'required' => true,
- 'example' => 'waf-cn-tl32ast****',
- ],
- ],
- [
- 'name' => 'DomainKey',
- 'in' => 'query',
- 'schema' => [
- 'description' => '',
- 'type' => 'string',
- 'required' => false,
- 'example' => 'aliyundoc',
- ],
- ],
- [
- 'name' => 'AccessType',
- 'in' => 'query',
- 'schema' => [
- 'description' => '',
- 'type' => 'string',
- 'required' => false,
- 'example' => 'waf-cloud-dns',
- ],
- ],
- [
- 'name' => 'CloudNativeProductId',
- 'in' => 'query',
- 'schema' => [
- 'description' => '',
- 'type' => 'integer',
- 'format' => 'int32',
- 'required' => false,
- 'example' => '0',
- ],
- ],
- [
- 'name' => 'PageNumber',
- 'in' => 'query',
- 'schema' => [
- 'description' => '',
- 'type' => 'integer',
- 'format' => 'int32',
- 'required' => false,
- 'example' => '1',
- ],
+ 'schema' => ['description' => 'The ID of the WAF instance.'."\n"
+ ."\n"
+ .'> You can call [DescribeInstanceInfo](~~140857~~) to query the ID of the current WAF instance.', 'type' => 'string', 'required' => true, 'example' => 'waf-cn-7pp26f1****', 'title' => ''],
],
[
- 'name' => 'PageSize',
+ 'name' => 'Domain',
'in' => 'query',
- 'schema' => [
- 'description' => '',
- 'type' => 'integer',
- 'format' => 'int32',
- 'required' => false,
- 'example' => '10',
- ],
+ 'schema' => ['description' => 'The domain name to query.'."\n"
+ ."\n"
+ .'> You can call [DescribeDomainNames](~~86373~~) to query all domain names that have been added to WAF protection.', 'type' => 'string', 'required' => true, 'example' => 'www.example.com', 'title' => ''],
],
[
'name' => 'ResourceGroupId',
'in' => 'query',
- 'schema' => [
- 'description' => '',
- 'type' => 'string',
- 'required' => false,
- 'example' => 'rg-acfm2pz25js****',
- ],
+ 'schema' => ['description' => 'The resource group ID.', 'type' => 'string', 'required' => false, 'example' => 'rg-acfm2pz25js****', 'title' => ''],
],
[
'name' => 'RegionId',
'in' => 'query',
- 'schema' => [
- 'type' => 'string',
- 'default' => 'cn-hangzhou',
- ],
+ 'schema' => ['description' => 'The region where the WAF instance resides. Valid values:'."\n"
+ ."\n"
+ .'- **cn-hangzhou**: the Chinese mainland.'."\n"
+ ."\n"
+ .'- **ap-southeast-1**: outside the Chinese mainland.', 'type' => 'string', 'default' => 'cn-hangzhou', 'required' => false, 'example' => 'cn-hangzhou', 'title' => ''],
],
],
'responses' => [
@@ -2375,161 +1623,296 @@
'schema' => [
'type' => 'object',
'properties' => [
- 'TotalCount' => [
- 'description' => '',
- 'type' => 'integer',
- 'format' => 'int32',
- 'example' => '1',
- ],
- 'RequestId' => [
- 'description' => '',
- 'type' => 'string',
- 'example' => 'D7861F61-5B61-46CE-A47C-6B19160D5EB0',
- ],
- 'DomainConfigs' => [
- 'description' => '',
- 'type' => 'array',
- 'items' => [
- 'type' => 'object',
- 'properties' => [
- 'Status' => [
- 'description' => '',
- 'type' => 'integer',
- 'format' => 'int32',
- 'example' => '1',
- ],
- 'Domain' => [
- 'description' => '',
- 'type' => 'string',
- 'example' => 'www.aliyundoc.com',
- ],
- 'Owner' => [
- 'description' => '',
- 'type' => 'string',
- 'example' => 'WAF',
- ],
- 'CcMode' => [
- 'description' => '',
- 'type' => 'integer',
- 'format' => 'int32',
- 'example' => '0',
- ],
- 'CcStatus' => [
- 'description' => '',
- 'type' => 'integer',
- 'format' => 'int32',
- 'example' => '1',
- ],
- 'AccessType' => [
- 'description' => '',
- 'type' => 'string',
- 'example' => 'waf-cloud-dns',
- ],
- 'Version' => [
- 'description' => '',
- 'type' => 'integer',
- 'format' => 'int64',
- 'example' => '0',
- ],
- 'AclStatus' => [
- 'description' => '',
- 'type' => 'integer',
- 'format' => 'int32',
- 'example' => '1',
- ],
- 'WafStatus' => [
+ 'RequestId' => ['description' => 'The ID of the request.', 'type' => 'string', 'example' => 'D827FCFE-90A7-4330-9326-D33C8B4C7726', 'title' => ''],
+ 'Domain' => [
+ 'description' => 'The configuration information of the domain name.',
+ 'type' => 'object',
+ 'properties' => [
+ 'HttpToUserIp' => ['description' => 'Indicates whether the HTTP back-to-origin feature is enabled. Valid values:'."\n"
+ ."\n"
+ .'- **0**: disabled.'."\n"
+ .'- **1**: enabled.'."\n"
+ ."\n"
+ .'> This parameter is returned only when **AccessType** is set to **waf-cloud-dns** (indicating that the domain name is added to WAF by using the CNAME method) and **HttpsPort** is not empty (indicating that the domain name uses HTTPS).', 'type' => 'integer', 'format' => 'int32', 'example' => '0', 'title' => ''],
+ 'SniStatus' => ['description' => 'Indicates whether back-to-origin Server Name Indication (SNI) is enabled. When back-to-origin SNI is enabled, WAF forwards client requests to the origin server and specifies the host to access through the SNI extension field (Server Name Indicator extension) during the TLS handshake with the origin server, and then establishes an HTTPS connection with the specified host. Valid values:'."\n"
+ ."\n"
+ .'- **0**: disabled.'."\n"
+ .'- **1**: enabled.'."\n"
+ ."\n"
+ .'> This parameter is returned only when **AccessType** is set to **waf-cloud-dns** (indicating that the domain name is added by using the CNAME method) and **HttpsPort** is not empty (indicating that the domain name uses HTTPS).', 'type' => 'integer', 'format' => 'int32', 'example' => '1', 'title' => ''],
+ 'IsAccessProduct' => ['description' => 'Indicates whether another Layer 7 proxy (such as Anti-DDoS Pro or CDN) is deployed in front of WAF, meaning whether client traffic passes through another Layer 7 proxy before reaching WAF. Valid values:'."\n"
+ ."\n"
+ .'- **0**: no.'."\n"
+ .'- **1**: yes.', 'type' => 'integer', 'format' => 'int32', 'example' => '1', 'title' => ''],
+ 'AccessHeaderMode' => ['description' => 'The method that WAF uses to obtain the originating IP address of the client. Valid values:'."\n"
+ ."\n"
+ .'- **0**: WAF reads the first value of the X-Forwarded-For (XFF) field in the request header as the client IP address.'."\n"
+ .'- **1**: WAF reads the value of a custom field that you specify in the request header as the client IP address.'."\n"
+ ."\n"
+ .'> This parameter is returned only when **IsAccessProduct** is set to **1** (indicating that another Layer 7 proxy service is deployed in front of WAF).', 'type' => 'integer', 'format' => 'int32', 'example' => '1', 'title' => ''],
+ 'HttpsRedirect' => ['description' => 'Indicates whether HTTPS forced redirect is enabled. Valid values:'."\n"
+ ."\n"
+ .'- **0**: disabled.'."\n"
+ .'- **1**: enabled.'."\n"
+ ."\n"
+ .'> This parameter is returned only when **AccessType** is set to **waf-cloud-dns** (indicating that the domain name is added to WAF by using the CNAME method) and **HttpsPort** is not empty (indicating that the domain name uses HTTPS).', 'type' => 'integer', 'format' => 'int32', 'example' => '0', 'title' => ''],
+ 'IpFollowStatus' => ['description' => 'Indicates whether the IPv4/IPv6 back-to-origin protocol follow feature is enabled. Valid values:'."\n"
+ .'- **0**: disabled.'."\n"
+ .'- **1**: enabled.'."\n"
+ ."\n"
+ .'> This parameter is returned only when **AccessType** is set to **waf-cloud-dns** (indicating that the domain name is added to WAF by using the CNAME method).', 'type' => 'integer', 'format' => 'int32', 'example' => '1', 'title' => ''],
+ 'LoadBalancing' => ['description' => 'The load balancing algorithm used for back-to-origin. Valid values:'."\n"
+ ."\n"
+ .'- **0**: IP Hash.'."\n"
+ .'- **1**: round-robin.'."\n"
+ .'- **2**: Least Time.'."\n"
+ ."\n"
+ .'> This parameter is returned only when **AccessType** is set to **waf-cloud-dns** (indicating that the domain name is added to WAF by using the CNAME method).', 'type' => 'integer', 'format' => 'int32', 'example' => '2', 'title' => ''],
+ 'AccessType' => ['description' => 'The Website Config method. Valid values:'."\n"
+ .'- **waf-cloud-dns**: CNAME access.'."\n"
+ .'- **waf-cloud-native**: transparent access.', 'type' => 'string', 'example' => 'waf-cloud-dns', 'title' => ''],
+ 'Version' => ['description' => 'The version of the current domain name configuration.', 'type' => 'integer', 'format' => 'int64', 'example' => '40', 'title' => ''],
+ 'ClusterType' => ['description' => 'The cluster type of the WAF instance. Valid values:'."\n"
+ ."\n"
+ .'- **0**: physical cluster.'."\n"
+ .'- **1**: virtual cluster, which is a WAF exclusive cluster.'."\n"
+ ."\n"
+ .'> This parameter is returned only when **AccessType** is set to **waf-cloud-dns** (indicating that the domain name is added to WAF by using the CNAME method).', 'type' => 'integer', 'format' => 'int32', 'example' => '0', 'title' => ''],
+ 'ReadTime' => ['description' => 'The read connection timeout period of the WAF cluster. Unit: seconds.'."\n"
+ ."\n"
+ .'> This parameter is returned only when **AccessType** is set to **waf-cloud-dns** (indicating that the domain name is added to WAF by using the CNAME method).', 'type' => 'integer', 'format' => 'int32', 'example' => '120', 'title' => ''],
+ 'WriteTime' => ['description' => 'The write connection timeout period of the WAF cluster. Unit: seconds.'."\n"
+ ."\n"
+ .'> This parameter is returned only when **AccessType** is set to **waf-cloud-dns** (indicating that the domain name is added to WAF by using the CNAME method).', 'type' => 'integer', 'format' => 'int32', 'example' => '120', 'title' => ''],
+ 'SniHost' => ['description' => 'The custom value of the SNI extension field. An empty value indicates that no custom SNI value is set. By default, the value of the **Host** field in the request header is used as the value of the SNI extension field.'."\n"
+ ."\n"
+ .'> This parameter is returned only when **SniStatus** is set to **1** (indicating that back-to-origin SNI is enabled).', 'type' => 'string', 'example' => 'waf.example.com', 'title' => ''],
+ 'ResourceGroupId' => ['description' => 'The ID of the resource group to which the WAF instance belongs.', 'type' => 'string', 'example' => 'rg-acfm2mkrunv****', 'title' => ''],
+ 'Cname' => ['description' => 'The CNAME assigned by WAF to the domain name.'."\n"
+ ."\n"
+ .'> This parameter is returned only when **AccessType** is set to **waf-cloud-dns** (indicating that the domain name is added to WAF by using the CNAME method).', 'type' => 'string', 'example' => 'kdmqyi3ck7xogegxpiyfpb0fj21mgkxn.****.com', 'title' => ''],
+ 'ConnectionTime' => ['description' => 'The connection timeout period of the WAF cluster. Unit: seconds.'."\n"
+ ."\n"
+ .'> This parameter is returned only when **AccessType** is set to **waf-cloud-dns** (indicating that the domain name is added to WAF by using the CNAME method).', 'type' => 'integer', 'format' => 'int32', 'example' => '5', 'title' => ''],
+ 'LogHeaders' => [
+ 'description' => 'The traffic tag fields and values of the domain name, which are used to mark traffic processed by WAF.'."\n"
+ ."\n"
+ .'> This parameter is returned only when the traffic tag feature is enabled for the domain name.',
+ 'type' => 'array',
+ 'items' => [
+ 'type' => 'object',
+ 'properties' => [
+ 'k' => ['description' => 'The name of the traffic tag field.', 'type' => 'string', 'example' => 'ALIWAF-TAG', 'title' => ''],
+ 'v' => ['description' => 'The value of the traffic tag field.', 'type' => 'string', 'example' => 'Yes', 'title' => ''],
+ ],
'description' => '',
- 'type' => 'integer',
- 'format' => 'int32',
- 'example' => '1',
+ 'title' => '',
+ 'example' => '',
],
- 'WafMode' => [
+ 'title' => '',
+ 'example' => '',
+ ],
+ 'CloudNativeInstances' => [
+ 'description' => 'The configuration list for transparent access.'."\n"
+ ."\n"
+ .'> This parameter is returned only when **AccessType** is set to **waf-cloud-native** (indicating that the domain name is added to WAF by using the transparent access method).',
+ 'type' => 'array',
+ 'items' => [
+ 'type' => 'object',
+ 'properties' => [
+ 'RedirectionTypeName' => ['description' => 'The type of the traffic redirection port. Valid values:'."\n"
+ ."\n"
+ .'- **SLB-L4**: redirects traffic from the Layer 4 listener port of a Classic Load Balancer (CLB, formerly SLB) instance to WAF for protection.'."\n"
+ .'- **SLB-L7**: redirects traffic from the Layer 7 listener port of a CLB instance to WAF for protection.'."\n"
+ .'- **ECS**: redirects traffic from the listener port of an Elastic Compute Service (ECS) server to WAF for protection.'."\n"
+ .'- **ALB**: redirects traffic from the HTTP or HTTPS listener port of an Application Load Balancer (ALB) instance to WAF for protection.', 'type' => 'string', 'example' => 'ALB', 'title' => ''],
+ 'CloudNativeProductName' => ['description' => 'The type of the cloud service instance. Valid values:'."\n"
+ ."\n"
+ .'- **SLB**: Classic Load Balancer (CLB, formerly SLB) instance.'."\n"
+ .'- **ECS**: Elastic Compute Service (ECS) server.'."\n"
+ .'- **ALB**: Application Load Balancer (ALB) instance.', 'type' => 'string', 'example' => 'ALB', 'title' => ''],
+ 'InstanceId' => ['description' => 'The ID of the cloud service instance.', 'type' => 'string', 'example' => 'alb-s65nua68wdedsp****', 'title' => ''],
+ 'IPAddressList' => [
+ 'description' => 'The list of public IP addresses of the cloud service instance.',
+ 'type' => 'array',
+ 'items' => ['description' => 'The public IP address of the cloud service instance.', 'type' => 'string', 'example' => '39.XX.XX.197', 'title' => ''],
+ 'example' => '["39.XX.XX.197"]',
+ 'title' => '',
+ ],
+ 'ProtocolPortConfigs' => [
+ 'description' => 'The list of protocol and port configurations.',
+ 'type' => 'array',
+ 'items' => [
+ 'description' => 'The protocol and port configuration.',
+ 'type' => 'object',
+ 'properties' => [
+ 'Ports' => [
+ 'description' => 'The list of ports.',
+ 'type' => 'array',
+ 'items' => ['description' => 'The port.', 'type' => 'integer', 'format' => 'int32', 'example' => '80', 'title' => ''],
+ 'example' => '[80]',
+ 'title' => '',
+ ],
+ 'Protocol' => ['description' => 'The protocol type. Valid values:'."\n"
+ .'- **http**: HTTP.'."\n"
+ .'- **https**: HTTPS.', 'type' => 'string', 'example' => 'http', 'title' => ''],
+ ],
+ 'title' => '',
+ 'example' => '',
+ ],
+ 'title' => '',
+ 'example' => '',
+ ],
+ ],
'description' => '',
- 'type' => 'integer',
- 'format' => 'int32',
- 'example' => '0',
+ 'title' => '',
+ 'example' => '',
],
+ 'title' => '',
+ 'example' => '',
+ ],
+ 'HttpPort' => [
+ 'description' => 'The list of HTTP ports.'."\n"
+ ."\n"
+ .'> This parameter is returned only when **AccessType** is set to **waf-cloud-dns** (indicating that the domain name is added to WAF by using the CNAME method).',
+ 'type' => 'array',
+ 'items' => ['description' => 'The HTTP port.', 'type' => 'integer', 'format' => 'int32', 'example' => '80', 'title' => ''],
+ 'title' => '',
+ 'example' => '',
+ ],
+ 'Http2Port' => [
+ 'description' => 'The list of HTTP 2.0 ports.'."\n"
+ ."\n"
+ .'> This parameter is returned only when **AccessType** is set to **waf-cloud-dns** (indicating that the domain name is added to WAF by using the CNAME method) and **HttpsPort** is not empty (indicating that the domain name uses HTTPS).',
+ 'type' => 'array',
+ 'items' => ['description' => 'The HTTP 2.0 port.', 'type' => 'integer', 'format' => 'int32', 'example' => '8443', 'title' => ''],
+ 'title' => '',
+ 'example' => '',
+ ],
+ 'SourceIps' => [
+ 'description' => 'The addresses of the origin server.'."\n"
+ ."\n"
+ .'> This parameter is returned only when **AccessType** is set to **waf-cloud-dns** (indicating that the domain name is added to WAF by using the CNAME method).',
+ 'type' => 'array',
+ 'items' => ['description' => 'The address of the origin server.', 'type' => 'string', 'example' => '39.XX.XX.197', 'title' => ''],
+ 'title' => '',
+ 'example' => '',
+ ],
+ 'HttpsPort' => [
+ 'description' => 'The list of HTTPS ports.'."\n"
+ ."\n"
+ .'> This parameter is returned only when **AccessType** is set to **waf-cloud-dns** (indicating that the domain name is added to WAF by using the CNAME method).',
+ 'type' => 'array',
+ 'items' => ['description' => 'The HTTPS port.', 'type' => 'integer', 'format' => 'int32', 'example' => '443', 'title' => ''],
+ 'title' => '',
+ 'example' => '',
+ ],
+ 'AccessHeaders' => [
+ 'description' => 'The list of custom fields used to obtain the originating IP address of the client.'."\n"
+ ."\n"
+ .'> This parameter is returned only when **AccessHeaderMode** is set to **1** (indicating that WAF reads the value of a custom field that you specify in the request header as the client IP address).',
+ 'type' => 'array',
+ 'items' => ['description' => 'The custom field used to obtain the originating IP address of the client.', 'type' => 'string', 'example' => 'X-Client-IP', 'title' => ''],
+ 'title' => '',
+ 'example' => '',
],
+ 'Retry' => ['description' => 'Indicates whether WAF retries when back-to-origin fails. Valid values:'."\n"
+ ."\n"
+ .'- **true**: retries.'."\n"
+ ."\n"
+ .'- **false**: does not retry.', 'type' => 'boolean', 'default' => 'true', 'example' => 'false', 'title' => ''],
+ 'Keepalive' => ['description' => 'Indicates whether persistent connections are enabled. Valid values:'."\n"
+ ."\n"
+ .'- **true**: enabled.'."\n"
+ ."\n"
+ .'- **false**: disabled.', 'type' => 'boolean', 'default' => 'true', 'example' => 'true', 'title' => ''],
+ 'KeepaliveRequests' => ['description' => 'The number of requests that reuse persistent connections. Valid values: 60 to 1000.'."\n"
+ ."\n"
+ .'> The number of persistent connections to reuse after persistent connections are enabled.', 'type' => 'integer', 'format' => 'int32', 'default' => '1000', 'example' => '1000', 'title' => ''],
+ 'KeepaliveTimeout' => ['description' => 'The idle timeout period for persistent connections. Valid values: 1 to 60. Default value: 15. Unit: seconds.'."\n"
+ ."\n"
+ .'> The idle duration after which a reused persistent connection is released.', 'type' => 'integer', 'format' => 'int32', 'default' => '15', 'example' => '15', 'title' => ''],
],
+ 'title' => '',
+ 'example' => '',
],
],
+ 'description' => '',
+ 'title' => '',
+ 'example' => '',
],
],
],
- 'errorCodes' => [
- 403 => [
- [
- 'errorCode' => 'Forbbiden',
- 'errorMessage' => 'User not authorized to operate on the specified resource.',
- ],
+ 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"RequestId\\": \\"D827FCFE-90A7-4330-9326-D33C8B4C7726\\",\\n \\"Domain\\": {\\n \\"HttpToUserIp\\": 0,\\n \\"SniStatus\\": 1,\\n \\"IsAccessProduct\\": 1,\\n \\"AccessHeaderMode\\": 1,\\n \\"HttpsRedirect\\": 0,\\n \\"IpFollowStatus\\": 1,\\n \\"LoadBalancing\\": 2,\\n \\"AccessType\\": \\"waf-cloud-dns\\",\\n \\"Version\\": 40,\\n \\"ClusterType\\": 0,\\n \\"ReadTime\\": 120,\\n \\"WriteTime\\": 120,\\n \\"SniHost\\": \\"waf.example.com\\",\\n \\"ResourceGroupId\\": \\"rg-acfm2mkrunv****\\",\\n \\"Cname\\": \\"kdmqyi3ck7xogegxpiyfpb0fj21mgkxn.****.com\\",\\n \\"ConnectionTime\\": 5,\\n \\"LogHeaders\\": [\\n {\\n \\"k\\": \\"ALIWAF-TAG\\",\\n \\"v\\": \\"Yes\\"\\n }\\n ],\\n \\"CloudNativeInstances\\": [\\n {\\n \\"RedirectionTypeName\\": \\"ALB\\",\\n \\"CloudNativeProductName\\": \\"ALB\\",\\n \\"InstanceId\\": \\"alb-s65nua68wdedsp****\\",\\n \\"IPAddressList\\": [\\n \\"39.XX.XX.197\\"\\n ],\\n \\"ProtocolPortConfigs\\": [\\n {\\n \\"Ports\\": [\\n 80\\n ],\\n \\"Protocol\\": \\"http\\"\\n }\\n ]\\n }\\n ],\\n \\"HttpPort\\": [\\n 80\\n ],\\n \\"Http2Port\\": [\\n 8443\\n ],\\n \\"SourceIps\\": [\\n \\"39.XX.XX.197\\"\\n ],\\n \\"HttpsPort\\": [\\n 443\\n ],\\n \\"AccessHeaders\\": [\\n \\"X-Client-IP\\"\\n ],\\n \\"Retry\\": false,\\n \\"Keepalive\\": true,\\n \\"KeepaliveRequests\\": 1000,\\n \\"KeepaliveTimeout\\": 15\\n }\\n}","type":"json"}]',
+ 'title' => 'Query the configuration of a domain name added to WAF',
+ 'summary' => 'Queries the configuration information of a domain name that has been added to WAF protection.',
+ 'requestParamsDescription' => 'When you call this operation, you must include common Alibaba Cloud API request parameters in addition to the request parameters described in this topic. For more information about common request parameters, see [Common parameters](~~162719~~).'."\n"
+ ."\n"
+ .'For the request format, see the request example in the **Examples** section of this topic.',
+ 'responseParamsDescription' => ' ',
+ 'extraInfo' => ' ',
+ 'changeSet' => [
+ ['createdAt' => '2023-08-22T06:08:27.000Z', 'description' => 'Response parameters changed'],
+ ['createdAt' => '2023-05-23T05:46:04.000Z', 'description' => 'Response parameters changed, Error codes changed'],
+ ],
+ 'flowControl' => [
+ 'flowControlList' => [
+ ['threshold' => '10', 'countWindow' => 1, 'regionId' => '*', 'api' => 'DescribeDomain'],
],
- 500 => [
- [
- 'errorCode' => 'InternalError',
- 'errorMessage' => 'The request processing has failed due to some unknown error.',
+ ],
+ 'ramActions' => [
+ [
+ 'operationType' => 'get',
+ 'ramAction' => [
+ 'action' => 'yundun-waf:DescribeDomain',
+ 'authLevel' => 'operate',
+ 'actionConditions' => [],
+ 'resources' => [
+ ['validationType' => 'always', 'product' => 'WAF', 'resourceType' => 'All Resource', 'arn' => '*'],
+ ],
],
],
],
- 'responseDemo' => '[{"type":"json","example":"{\\n \\"TotalCount\\": 1,\\n \\"RequestId\\": \\"D7861F61-5B61-46CE-A47C-6B19160D5EB0\\",\\n \\"DomainConfigs\\": [\\n {\\n \\"Status\\": 1,\\n \\"Domain\\": \\"www.aliyundoc.com\\",\\n \\"Owner\\": \\"WAF\\",\\n \\"CcMode\\": 0,\\n \\"CcStatus\\": 1,\\n \\"AccessType\\": \\"waf-cloud-dns\\",\\n \\"Version\\": 0,\\n \\"AclStatus\\": 1,\\n \\"WafStatus\\": 1,\\n \\"WafMode\\": 0\\n }\\n ]\\n}","errorExample":""},{"type":"xml","example":"<DescribeDomainBasicConfigsResponse>\\n <TotalCount>1</TotalCount>\\n <RequestId>D7861F61-5B61-46CE-A47C-6B19160D5EB0</RequestId>\\n <DomainConfigs>\\n <Status>1</Status>\\n <Domain>www.aliyundoc.com</Domain>\\n <Owner>WAF</Owner>\\n <CcMode>0</CcMode>\\n <CcStatus>1</CcStatus>\\n <Version>0</Version>\\n <AclStatus>1</AclStatus>\\n <WafStatus>1</WafStatus>\\n <WafMode>0</WafMode>\\n </DomainConfigs>\\n</DescribeDomainBasicConfigsResponse>","errorExample":""}]',
- 'title' => 'DescribeDomainBasicConfigs',
- 'responseParamsDescription' => ' ',
- 'extraInfo' => ' ',
],
'DescribeDomainAdvanceConfigs' => [
- 'methods' => [
- 'post',
- 'get',
- ],
- 'schemes' => [
- 'http',
- 'https',
- ],
+ 'methods' => ['post', 'get'],
+ 'schemes' => ['http', 'https'],
'security' => [
[
'AK' => [],
],
],
- 'systemTags' => [
- 'operationType' => 'get',
- ],
+ 'systemTags' => ['operationType' => 'get'],
'parameters' => [
[
'name' => 'InstanceId',
'in' => 'query',
- 'schema' => [
- 'description' => '',
- 'type' => 'string',
- 'required' => true,
- 'example' => 'waf-cn-2r427ng****',
- ],
+ 'schema' => ['description' => 'The ID of the WAF instance.'."\n"
+ ."\n"
+ .'> You can call [DescribeInstanceInfo](~~140857~~) to query the ID of the current WAF instance.', 'type' => 'string', 'required' => true, 'example' => 'waf-cn-2r427ng****', 'title' => ''],
],
[
'name' => 'DomainList',
'in' => 'query',
- 'schema' => [
- 'description' => '',
- 'type' => 'string',
- 'required' => true,
- 'example' => 'www.aliyundoc.com',
- ],
+ 'schema' => ['description' => 'The domain names whose configurations you want to query. You can specify multiple domain names. Separate multiple domain names with commas (,).'."\n"
+ ."\n"
+ .'> You can call [DescribeDomainList](~~255880~~) to query all domain names that have been added to WAF for protection.', 'type' => 'string', 'required' => true, 'example' => 'www.aliyundoc.com', 'title' => ''],
],
[
'name' => 'ResourceGroupId',
'in' => 'query',
- 'schema' => [
- 'description' => '',
- 'type' => 'string',
- 'required' => false,
- 'example' => 'rg-atstuj3rtop****',
- ],
+ 'schema' => ['description' => 'The ID of the resource group to which the domain name belongs in Resource Management.'."\n"
+ ."\n"
+ .'If you do not specify this parameter, the default resource group is used.', 'type' => 'string', 'required' => false, 'example' => 'rg-atstuj3rtop****', 'title' => ''],
],
[
'name' => 'RegionId',
'in' => 'query',
- 'schema' => [
- 'type' => 'string',
- 'default' => 'cn-hangzhou',
- ],
+ 'schema' => ['description' => 'The region where the WAF instance is deployed. Valid values:'."\n"
+ ."\n"
+ .'- **cn-hangzhou**: the Chinese mainland.'."\n"
+ ."\n"
+ .'- **ap-southeast-1**: outside the Chinese mainland.', 'type' => 'string', 'default' => 'cn-hangzhou', 'required' => false, 'example' => 'cn-hangzhou', 'title' => ''],
],
],
'responses' => [
@@ -2537,232 +1920,377 @@
'schema' => [
'type' => 'object',
'properties' => [
- 'RequestId' => [
- 'description' => '',
- 'type' => 'string',
- 'example' => 'D7861F61-5B61-46CE-A47C-6B19160D5EB0',
- ],
+ 'RequestId' => ['description' => 'The ID of the request.', 'type' => 'string', 'example' => 'D7861F61-5B61-46CE-A47C-6B19160D5EB0', 'title' => ''],
'DomainConfigs' => [
- 'description' => '',
+ 'description' => 'The detailed configuration information of the domain names.',
'type' => 'array',
'items' => [
'type' => 'object',
'properties' => [
- 'Domain' => [
- 'description' => '',
- 'type' => 'string',
- 'example' => 'www.aliyundoc.com',
- ],
+ 'Domain' => ['description' => 'The domain name.', 'type' => 'string', 'example' => 'www.aliyundoc.com', 'title' => ''],
'Profile' => [
- 'description' => '',
+ 'description' => 'The domain name configuration.',
'type' => 'object',
'properties' => [
'Http2Port' => [
- 'description' => '',
+ 'description' => 'The list of HTTP 2.0 ports.',
'type' => 'array',
- 'items' => [
- 'description' => '',
- 'type' => 'integer',
- 'format' => 'int32',
- 'example' => '443',
- ],
- ],
- 'Ipv6Status' => [
- 'description' => '',
- 'type' => 'integer',
- 'format' => 'int32',
- 'example' => '1',
+ 'items' => ['description' => 'The HTTP 2.0 port.', 'type' => 'integer', 'format' => 'int32', 'example' => '443', 'title' => ''],
+ 'title' => '',
+ 'example' => '',
],
+ 'Ipv6Status' => ['description' => 'Indicates whether IPv6 security protection is enabled. Valid values:'."\n"
+ ."\n"
+ .'- **0**: disabled.'."\n"
+ ."\n"
+ .'- **1**: enabled.', 'type' => 'integer', 'format' => 'int32', 'example' => '1', 'title' => ''],
'HttpPort' => [
- 'description' => '',
+ 'description' => 'The list of HTTP ports.',
'type' => 'array',
- 'items' => [
- 'description' => '',
- 'type' => 'integer',
- 'format' => 'int32',
- 'example' => '80',
- ],
- ],
- 'GSLBStatus' => [
- 'description' => '',
- 'type' => 'string',
- 'example' => 'on',
+ 'items' => ['description' => 'The HTTP port.', 'type' => 'integer', 'format' => 'int32', 'example' => '80', 'title' => ''],
+ 'title' => '',
+ 'example' => '',
],
+ 'GSLBStatus' => ['description' => 'Indicates whether intelligent load balancing is enabled. Valid values:'."\n"
+ ."\n"
+ .'- **off**: disabled.'."\n"
+ ."\n"
+ .'- **on**: enabled.', 'type' => 'string', 'example' => 'on', 'title' => ''],
'Rs' => [
- 'description' => '',
+ 'description' => 'The list of origin server addresses.',
'type' => 'array',
- 'items' => [
- 'description' => '',
- 'type' => 'string',
- 'example' => '38.XX.XX.42',
- ],
+ 'items' => ['description' => 'The origin server address.', 'type' => 'string', 'example' => '38.XX.XX.42', 'title' => ''],
'example' => '["39.XX.XX.197"]',
+ 'title' => '',
],
- 'VipServiceStatus' => [
- 'description' => '',
- 'type' => 'integer',
- 'format' => 'int32',
- 'example' => '0',
- ],
- 'ClusterType' => [
- 'description' => '',
- 'type' => 'integer',
- 'format' => 'int32',
- 'example' => '0',
- ],
- 'ExclusiveVipStatus' => [
- 'description' => '',
- 'type' => 'integer',
- 'format' => 'int32',
- 'example' => '0',
- ],
- 'Cname' => [
- 'description' => '',
- 'type' => 'string',
- 'example' => '****dsbpkt75zeiok5mta2j5l7hggcrm.****.com',
- ],
- 'CertStatus' => [
- 'description' => '',
- 'type' => 'integer',
- 'format' => 'int32',
- 'example' => '1',
- ],
+ 'VipServiceStatus' => ['description' => 'The service status of the WAF instance IP address (or WAF virtual cluster IP address) currently in use. Valid values:'."\n"
+ ."\n"
+ .'- **0**: Normal.'."\n"
+ ."\n"
+ .'- **1**: The system scrubs traffic.'."\n"
+ ."\n"
+ .'- **2**: The system is in blackhole filtering status.', 'type' => 'integer', 'format' => 'int32', 'example' => '0', 'title' => ''],
+ 'ClusterType' => ['description' => 'The cluster type of the WAF instance. Valid values:'."\n"
+ ."\n"
+ .'- **0** (default): physical cluster.'."\n"
+ .'- **1**: virtual cluster, which is a WAF exclusive cluster.', 'type' => 'integer', 'format' => 'int32', 'example' => '0', 'title' => ''],
+ 'ExclusiveVipStatus' => ['description' => 'Indicates whether an exclusive IP address is used. Valid values:'."\n"
+ ."\n"
+ .'- **0**: no.'."\n"
+ ."\n"
+ .'- **1**: yes.', 'type' => 'integer', 'format' => 'int32', 'example' => '0', 'title' => ''],
+ 'Cname' => ['description' => 'The CNAME address assigned by the WAF instance for the domain name configuration.', 'type' => 'string', 'example' => '****dsbpkt75zeiok5mta2j5l7hggcrm.****.com', 'title' => ''],
+ 'CertStatus' => ['description' => 'The certificate status (the HTTPS protocol status). Valid values:'."\n"
+ ."\n"
+ .'- **0**: abnormal. For example, no certificate is uploaded, or the uploaded certificate is invalid.'."\n"
+ ."\n"
+ .'- **1**: normal. A certificate is uploaded and the certificate is valid.', 'type' => 'integer', 'format' => 'int32', 'example' => '1', 'title' => ''],
'HttpsPort' => [
- 'description' => '',
+ 'description' => 'The list of HTTPS ports.',
'type' => 'array',
- 'items' => [
- 'description' => '',
- 'type' => 'integer',
- 'format' => 'int32',
- 'example' => '443',
- ],
- ],
- 'ResolvedType' => [
- 'description' => '',
- 'type' => 'integer',
- 'format' => 'int32',
- 'example' => '0',
+ 'items' => ['description' => 'The HTTPS port.', 'type' => 'integer', 'format' => 'int32', 'example' => '443', 'title' => ''],
+ 'title' => '',
+ 'example' => '',
],
+ 'ResolvedType' => ['description' => 'The type of the CNAME records to parse. Valid values:'."\n"
+ ."\n"
+ .'- **-1**: points to the origin server.'."\n"
+ ."\n"
+ .'- **0**: points to the WAF instance IP address.'."\n"
+ ."\n"
+ .'- **1**: points to the WAF virtual cluster IP address.', 'type' => 'integer', 'format' => 'int32', 'example' => '0', 'title' => ''],
],
+ 'title' => '',
+ 'example' => '',
],
],
+ 'description' => '',
+ 'title' => '',
+ 'example' => '',
],
+ 'title' => '',
+ 'example' => '',
],
],
+ 'description' => '',
+ 'title' => '',
+ 'example' => '',
],
],
],
- 'responseDemo' => '[{"type":"json","example":"{\\n \\"RequestId\\": \\"D7861F61-5B61-46CE-A47C-6B19160D5EB0\\",\\n \\"DomainConfigs\\": [\\n {\\n \\"Domain\\": \\"www.aliyundoc.com\\",\\n \\"Profile\\": {\\n \\"Http2Port\\": [\\n 443\\n ],\\n \\"Ipv6Status\\": 1,\\n \\"HttpPort\\": [\\n 80\\n ],\\n \\"GSLBStatus\\": \\"on\\",\\n \\"Rs\\": [\\n \\"38.XX.XX.42\\"\\n ],\\n \\"VipServiceStatus\\": 0,\\n \\"ClusterType\\": 0,\\n \\"ExclusiveVipStatus\\": 0,\\n \\"Cname\\": \\"****dsbpkt75zeiok5mta2j5l7hggcrm.****.com\\",\\n \\"CertStatus\\": 1,\\n \\"HttpsPort\\": [\\n 443\\n ],\\n \\"ResolvedType\\": 0\\n }\\n }\\n ]\\n}","errorExample":""},{"type":"xml","example":"<DescribeDomainAdvanceConfigsResponse>\\n <RequestId>D7861F61-5B61-46CE-A47C-6B19160D5EB0</RequestId>\\n <DomainConfigs>\\n <Domain>www.aliyundoc.com</Domain>\\n <Profile>\\n <Http2Port>443</Http2Port>\\n <Ipv6Status>1</Ipv6Status>\\n <HttpPort>80</HttpPort>\\n <GSLBStatus>on</GSLBStatus>\\n <Rs>38.XX.XX.42</Rs>\\n <VipServiceStatus>0</VipServiceStatus>\\n <ClusterType>0</ClusterType>\\n <ExclusiveVipStatus>0</ExclusiveVipStatus>\\n <Cname>****dsbpkt75zeiok5mta2j5l7hggcrm.****.com</Cname>\\n <CertStatus>1</CertStatus>\\n <HttpsPort>443</HttpsPort>\\n <ResolvedType>0</ResolvedType>\\n </Profile>\\n </DomainConfigs>\\n</DescribeDomainAdvanceConfigsResponse>","errorExample":""}]',
- 'title' => 'DescribeDomainAdvanceConfigs',
+ 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"RequestId\\": \\"D7861F61-5B61-46CE-A47C-6B19160D5EB0\\",\\n \\"DomainConfigs\\": [\\n {\\n \\"Domain\\": \\"www.aliyundoc.com\\",\\n \\"Profile\\": {\\n \\"Http2Port\\": [\\n 443\\n ],\\n \\"Ipv6Status\\": 1,\\n \\"HttpPort\\": [\\n 80\\n ],\\n \\"GSLBStatus\\": \\"on\\",\\n \\"Rs\\": [\\n \\"38.XX.XX.42\\"\\n ],\\n \\"VipServiceStatus\\": 0,\\n \\"ClusterType\\": 0,\\n \\"ExclusiveVipStatus\\": 0,\\n \\"Cname\\": \\"****dsbpkt75zeiok5mta2j5l7hggcrm.****.com\\",\\n \\"CertStatus\\": 1,\\n \\"HttpsPort\\": [\\n 443\\n ],\\n \\"ResolvedType\\": 0\\n }\\n }\\n ]\\n}","type":"json"}]',
+ 'title' => 'Query detailed configuration records of added domain names',
+ 'summary' => 'Queries the detailed configurations of domain names that have been added to WAF for protection.',
+ 'description' => 'Queries the detailed configurations of domain names that have been added to WAF for protection, such as CNAME addresses, origin server addresses, and HTTP and HTTPS port lists. To ensure system stability, the queries per second (QPS) for a single user is limited to 50. If the limit is exceeded, API calls are throttled, which may affect your business. Call this operation at an appropriate frequency.',
+ 'requestParamsDescription' => 'When you call this operation, you must include the common request parameters of Alibaba Cloud APIs in addition to the request parameters described in this topic. For more information about common request parameters, see [Common parameters](~~162719~~).'."\n"
+ ."\n"
+ .'For the request format, see the request examples in the **Examples** section of this topic.',
'responseParamsDescription' => ' ',
'extraInfo' => ' ',
- ],
- 'DescribeDomainList' => [
- 'methods' => [
- 'post',
- 'get',
+ 'changeSet' => [
+ ['createdAt' => '2021-10-18T07:56:27.000Z', 'description' => 'Response parameters changed, Error codes changed'],
],
- 'schemes' => [
- 'http',
- 'https',
+ 'flowControl' => [
+ 'flowControlList' => [
+ ['threshold' => '50', 'countWindow' => 1, 'regionId' => '*', 'api' => 'DescribeDomainAdvanceConfigs'],
+ ],
+ ],
+ 'ramActions' => [
+ [
+ 'operationType' => 'get',
+ 'ramAction' => [
+ 'action' => 'yundun-waf:DescribeDomainAdvanceConfigs',
+ 'authLevel' => 'operate',
+ 'actionConditions' => [],
+ 'resources' => [
+ ['validationType' => 'always', 'product' => 'WAF', 'resourceType' => 'All Resource', 'arn' => '*'],
+ ],
+ ],
+ ],
],
+ ],
+ 'DescribeDomainBasicConfigs' => [
+ 'methods' => ['post', 'get'],
+ 'schemes' => ['http', 'https'],
'security' => [
[
'AK' => [],
],
],
- 'systemTags' => [
- 'operationType' => 'get',
- ],
+ 'systemTags' => ['operationType' => 'get'],
'parameters' => [
[
+ 'name' => 'InstanceId',
+ 'in' => 'query',
+ 'schema' => ['description' => 'The ID of the WAF instance.'."\n"
+ .'> You can call [DescribeInstanceInfo](~~140857~~) to query the ID of the current WAF instance.', 'type' => 'string', 'required' => true, 'example' => 'waf-cn-tl32ast****', 'title' => ''],
+ ],
+ [
+ 'name' => 'DomainKey',
+ 'in' => 'query',
+ 'schema' => ['description' => 'The domain name keyword. If you specify this parameter, only domain name configurations that contain the specified keyword are returned.'."\n"
+ ."\n"
+ .'If you do not specify this parameter, all domain name configurations are returned.', 'type' => 'string', 'required' => false, 'example' => 'aliyundoc', 'title' => ''],
+ ],
+ [
+ 'name' => 'AccessType',
+ 'in' => 'query',
+ 'schema' => ['description' => 'The domain name access mode. Set this parameter to query domain name configurations that use the specified access mode. Valid values:'."\n"
+ ."\n"
+ .'- **waf-cloud-dns**: CNAME access.'."\n"
+ .'- **waf-cloud-native**: transparent access.'."\n"
+ ."\n"
+ .'If you do not set this parameter, all domain name configurations are returned.', 'type' => 'string', 'required' => false, 'example' => 'waf-cloud-dns', 'title' => ''],
+ ],
+ [
+ 'name' => 'CloudNativeProductId',
+ 'in' => 'query',
+ 'schema' => ['description' => 'The type of the origin server. Set this parameter to query domain name configurations that use the specified origin server type in transparent access mode. Valid values:'."\n"
+ .'- **0**: ECS instance.'."\n"
+ .'- **1**: Classic Load Balancer (CLB) instance.'."\n"
+ .'- **2**: Application Load Balancer (ALB) instance.'."\n"
+ ."\n"
+ .'If you do not set this parameter, all domain name configurations are returned.', 'type' => 'integer', 'format' => 'int32', 'required' => false, 'example' => '0', 'title' => ''],
+ ],
+ [
+ 'name' => 'PageNumber',
+ 'in' => 'query',
+ 'schema' => ['description' => 'The page number in a paging query. Default value: **1**.', 'type' => 'integer', 'format' => 'int32', 'required' => false, 'example' => '1', 'title' => ''],
+ ],
+ [
+ 'name' => 'PageSize',
+ 'in' => 'query',
+ 'schema' => ['description' => 'The number of domain name configurations per page in a paging query. Default value: **10**.', 'type' => 'integer', 'format' => 'int32', 'required' => false, 'example' => '10', 'title' => ''],
+ ],
+ [
'name' => 'ResourceGroupId',
'in' => 'query',
+ 'schema' => ['description' => 'The ID of the resource group to which the domain name belongs in Resource Management.'."\n"
+ ."\n"
+ .'If you do not specify this parameter, the default resource group is used.', 'type' => 'string', 'required' => false, 'example' => 'rg-acfm2pz25js****', 'title' => ''],
+ ],
+ [
+ 'name' => 'RegionId',
+ 'in' => 'query',
+ 'schema' => ['description' => 'The region where the WAF instance is deployed. Valid values:'."\n"
+ ."\n"
+ .'- **cn-hangzhou**: the Chinese mainland.'."\n"
+ ."\n"
+ .'- **ap-southeast-1**: outside the Chinese mainland.', 'type' => 'string', 'default' => 'cn-hangzhou', 'required' => false, 'example' => 'cn-hangzhou', 'title' => ''],
+ ],
+ ],
+ 'responses' => [
+ 200 => [
'schema' => [
+ 'type' => 'object',
+ 'properties' => [
+ 'TotalCount' => ['description' => 'The total number of domain name configurations returned.', 'type' => 'integer', 'format' => 'int32', 'example' => '1', 'title' => ''],
+ 'RequestId' => ['description' => 'The request ID.', 'type' => 'string', 'example' => 'D7861F61-5B61-46CE-A47C-6B19160D5EB0', 'title' => ''],
+ 'DomainConfigs' => [
+ 'description' => 'The list of domain name configurations.',
+ 'type' => 'array',
+ 'items' => [
+ 'type' => 'object',
+ 'properties' => [
+ 'Status' => ['description' => 'The status of the domain name configuration. Valid values:'."\n"
+ ."\n"
+ .'- **0**: invalid (deleted).'."\n"
+ .'- **1**: valid (created).'."\n"
+ .'- **10**: being created.'."\n"
+ .'- **11**: creation failed.'."\n"
+ .'- **20**: being deleted.', 'type' => 'integer', 'format' => 'int32', 'example' => '1', 'title' => ''],
+ 'Domain' => ['description' => 'The domain name.', 'type' => 'string', 'example' => 'www.aliyundoc.com', 'title' => ''],
+ 'Owner' => ['description' => 'The source of the domain name configuration. The value is fixed as **WAF**, which indicates that the domain name is added through WAF.', 'type' => 'string', 'example' => 'WAF', 'title' => ''],
+ 'CcMode' => ['description' => 'The mode of the CC security protection feature. Valid values:'."\n"
+ ."\n"
+ .'- **0**: **Protection** mode.'."\n"
+ .'- **1**: **Protection-Emergency** mode.', 'type' => 'integer', 'format' => 'int32', 'example' => '0', 'title' => ''],
+ 'CcStatus' => ['description' => 'The status of the CC security protection feature. Valid values:'."\n"
+ ."\n"
+ .'- **0**: disabled.'."\n"
+ .'- **1**: enabled.', 'type' => 'integer', 'format' => 'int32', 'example' => '1', 'title' => ''],
+ 'AccessType' => ['description' => 'The domain name access mode. Valid values:'."\n"
+ ."\n"
+ .'- **waf-cloud-dns**: CNAME access.'."\n"
+ .'- **waf-cloud-native**: transparent access.', 'type' => 'string', 'example' => 'waf-cloud-dns', 'title' => ''],
+ 'Version' => ['description' => 'The version number of the current configuration.', 'type' => 'integer', 'format' => 'int64', 'example' => '0', 'title' => ''],
+ 'AclStatus' => ['description' => 'The status of the custom protection policy feature. Valid values:'."\n"
+ ."\n"
+ .'- **0**: disabled.'."\n"
+ .'- **1**: enabled.', 'type' => 'integer', 'format' => 'int32', 'example' => '1', 'title' => ''],
+ 'WafStatus' => ['description' => 'The status of the rule protection engine feature. Valid values:'."\n"
+ ."\n"
+ .'- **0**: disabled.'."\n"
+ .'- **1**: enabled.', 'type' => 'integer', 'format' => 'int32', 'example' => '1', 'title' => ''],
+ 'WafMode' => ['description' => 'The mode of the rule protection engine feature. Valid values:'."\n"
+ ."\n"
+ .'- **0**: **Block** mode.'."\n"
+ .'- **1**: **Warn** mode.', 'type' => 'integer', 'format' => 'int32', 'example' => '0', 'title' => ''],
+ ],
+ 'description' => '',
+ 'title' => '',
+ 'example' => '',
+ ],
+ 'title' => '',
+ 'example' => '',
+ ],
+ ],
'description' => '',
- 'type' => 'string',
- 'required' => false,
- 'example' => 'rg-acfm2pz25js****',
+ 'title' => '',
+ 'example' => '',
],
],
+ ],
+ 'errorCodes' => [
+ 403 => [
+ ['errorCode' => 'Forbbiden', 'errorMessage' => 'User not authorized to operate on the specified resource.', 'description' => ''],
+ ],
+ 500 => [
+ ['errorCode' => 'InternalError', 'errorMessage' => 'The request processing has failed due to some unknown error.', 'description' => ''],
+ ],
+ ],
+ 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"TotalCount\\": 1,\\n \\"RequestId\\": \\"D7861F61-5B61-46CE-A47C-6B19160D5EB0\\",\\n \\"DomainConfigs\\": [\\n {\\n \\"Status\\": 1,\\n \\"Domain\\": \\"www.aliyundoc.com\\",\\n \\"Owner\\": \\"WAF\\",\\n \\"CcMode\\": 0,\\n \\"CcStatus\\": 1,\\n \\"AccessType\\": \\"waf-cloud-dns\\",\\n \\"Version\\": 0,\\n \\"AclStatus\\": 1,\\n \\"WafStatus\\": 1,\\n \\"WafMode\\": 0\\n }\\n ]\\n}","type":"json"}]',
+ 'title' => 'Query protection settings of domain name configurations',
+ 'summary' => 'Queries the basic configurations of website domain names that are added to Web Application Firewall (WAF) for protection.',
+ 'description' => 'This operation is used to query the basic configurations of website domain names that are added to WAF for protection (hereinafter referred to as domain name configurations) by paging. For example, you can query the status of domain name configurations and the status and mode of default security protection modules, including the rule protection DPI engine, CC security protection, and custom protection policy. To ensure system stability, the queries per second (QPS) for a single user is limited to 50. If the limit is exceeded, API calls are throttled, which may affect your business. Invoke this operation at an appropriate frequency.',
+ 'requestParamsDescription' => 'When you call this operation, you must also include Alibaba Cloud common request parameters in addition to the request parameters described in this topic. For more information, see [Common parameters](~~162719~~).'."\n"
+ ."\n"
+ .'For the request format, see the **Example** section of this topic.',
+ 'responseParamsDescription' => ' ',
+ 'extraInfo' => ' ',
+ 'changeSet' => [],
+ 'flowControl' => [
+ 'flowControlList' => [
+ ['threshold' => '50', 'countWindow' => 1, 'regionId' => '*', 'api' => 'DescribeDomainBasicConfigs'],
+ ],
+ ],
+ 'ramActions' => [
+ [
+ 'operationType' => 'get',
+ 'ramAction' => [
+ 'action' => 'yundun-waf:DescribeDomainBasicConfigs',
+ 'authLevel' => 'operate',
+ 'actionConditions' => [],
+ 'resources' => [
+ ['validationType' => 'always', 'product' => 'WAF', 'resourceType' => 'All Resource', 'arn' => '*'],
+ ],
+ ],
+ ],
+ ],
+ ],
+ 'DescribeDomainList' => [
+ 'methods' => ['post', 'get'],
+ 'schemes' => ['http', 'https'],
+ 'security' => [
+ [
+ 'AK' => [],
+ ],
+ ],
+ 'systemTags' => ['operationType' => 'get'],
+ 'parameters' => [
+ [
+ 'name' => 'ResourceGroupId',
+ 'in' => 'query',
+ 'schema' => ['description' => 'The ID of the resource group to which the WAF instance belongs in Resource Management. This parameter is empty by default, which indicates that the instance belongs to the default resource group.'."\n"
+ ."\n"
+ .'For more information about resource groups, see [Create a resource group](~~94485~~).', 'type' => 'string', 'required' => false, 'example' => 'rg-acfm2pz25js****', 'title' => ''],
+ ],
[
'name' => 'InstanceId',
'in' => 'query',
- 'schema' => [
- 'description' => '',
- 'type' => 'string',
- 'required' => true,
- 'example' => 'waf-cn-7pp26f1****',
- ],
+ 'schema' => ['description' => 'The ID of the WAF instance.'."\n"
+ ."\n"
+ .'> You can call [DescribeInstanceInfo](~~140857~~) to query the ID of the WAF instance.', 'type' => 'string', 'required' => true, 'example' => 'waf-cn-7pp26f1****', 'title' => ''],
],
[
'name' => 'DomainName',
'in' => 'query',
- 'schema' => [
- 'description' => '',
- 'type' => 'string',
- 'required' => false,
- 'example' => 'example.com',
- ],
+ 'schema' => ['description' => 'The domain name that you want to query.'."\n"
+ ."\n"
+ .'You can set this parameter to perform a prefix match to check whether a specific domain name is added to WAF for protection.', 'type' => 'string', 'required' => false, 'example' => 'example.com', 'title' => ''],
],
[
'name' => 'PageNumber',
'in' => 'query',
- 'schema' => [
- 'description' => '',
- 'type' => 'integer',
- 'format' => 'int32',
- 'required' => false,
- 'example' => '1',
- 'default' => '1',
- ],
+ 'schema' => ['description' => 'The page number of the page to return in a paged query. Default value: **1**, which indicates the first page.', 'type' => 'integer', 'format' => 'int32', 'required' => false, 'default' => '1', 'example' => '1', 'title' => ''],
],
[
'name' => 'PageSize',
'in' => 'query',
- 'schema' => [
- 'description' => '',
- 'type' => 'integer',
- 'format' => 'int32',
- 'required' => false,
- 'example' => '10',
- 'default' => '10',
- ],
+ 'schema' => ['description' => 'The number of entries per page in a paged query. Default value: **10**, which indicates 10 entries per page.', 'type' => 'integer', 'format' => 'int32', 'required' => false, 'default' => '10', 'example' => '10', 'title' => ''],
],
[
'name' => 'IsSub',
'in' => 'query',
- 'schema' => [
- 'description' => '',
- 'type' => 'integer',
- 'format' => 'int32',
- 'required' => false,
- 'example' => '0',
- 'default' => '0',
- ],
+ 'schema' => ['description' => 'The type of domain name that you want to query. Valid values:'."\n"
+ ."\n"
+ .'- **0** (default): queries all domain names, including exact domain names and wildcard domain names.'."\n"
+ .'- **1**: queries only exact domain names.', 'type' => 'integer', 'format' => 'int32', 'required' => false, 'default' => '0', 'example' => '0', 'title' => ''],
],
[
'name' => 'DomainNames',
'in' => 'query',
'style' => 'repeatList',
'schema' => [
- 'description' => '',
+ 'description' => 'The list of domain names that you want to query.'."\n"
+ ."\n"
+ .'You can set this parameter to perform a fuzzy match to check whether multiple domain names are added to WAF for protection.',
'type' => 'array',
- 'items' => [
- 'type' => 'string',
- ],
+ 'items' => ['description' => 'The domain name that you want to query.', 'type' => 'string', 'required' => false, 'example' => 'example.com '."\n", 'title' => ''],
'required' => false,
'example' => 'example.com',
'maxItems' => 100,
+ 'title' => '',
],
],
[
'name' => 'RegionId',
'in' => 'query',
- 'schema' => [
- 'type' => 'string',
- 'default' => 'cn-hangzhou',
- ],
+ 'schema' => ['description' => 'The region where the WAF instance resides. Valid values:'."\n"
+ ."\n"
+ .'- **cn-hangzhou**: the Chinese mainland.'."\n"
+ ."\n"
+ .'- **ap-southeast-1**: outside the Chinese mainland.', 'type' => 'string', 'default' => 'cn-hangzhou', 'required' => false, 'example' => 'cn-hangzhou', 'title' => ''],
],
],
'responses' => [
@@ -2770,100 +2298,177 @@
'schema' => [
'type' => 'object',
'properties' => [
- 'TotalCount' => [
- 'description' => '',
- 'type' => 'integer',
- 'format' => 'int32',
- 'example' => '2',
- ],
- 'RequestId' => [
- 'description' => '',
- 'type' => 'string',
- 'example' => '592E866F-6C05-4E7C-81DE-B4D8E86B91EF',
- ],
+ 'TotalCount' => ['description' => 'The total number of domain names returned.', 'type' => 'integer', 'format' => 'int32', 'example' => '2', 'title' => ''],
+ 'RequestId' => ['description' => 'The ID of the request.', 'type' => 'string', 'example' => '592E866F-6C05-4E7C-81DE-B4D8E86B91EF', 'title' => ''],
'DomainNames' => [
+ 'description' => 'The list of domain names returned.',
'type' => 'array',
- 'items' => [
- 'description' => '',
- 'type' => 'string',
- 'example' => '["www.example.com","test.example.com"]',
- ],
+ 'items' => ['description' => 'The domain name.', 'type' => 'string', 'example' => 'www.example.com', 'title' => ''],
+ 'title' => '',
+ 'example' => '',
],
],
+ 'description' => '',
+ 'title' => '',
+ 'example' => '',
],
],
],
'errorCodes' => [],
- 'responseDemo' => '[{"type":"json","example":"{\\n \\"TotalCount\\": 2,\\n \\"RequestId\\": \\"592E866F-6C05-4E7C-81DE-B4D8E86B91EF\\",\\n \\"DomainNames\\": [\\n \\"www.example.com\\"\\n ]\\n}","errorExample":""},{"type":"xml","example":"<?xml version=\\"1.0\\" encoding=\\"UTF-8\\" ?>\\r\\n<DescribeDomainListResponse>\\r\\n\\t<TotalCount>2</TotalCount>\\r\\n\\t<RequestId>592E866F-6C05-4E7C-81DE-B4D8E86B91EF</RequestId>\\r\\n\\t<DomainNames>www.example.com</DomainNames>\\r\\n\\t<DomainNames>test.example.com</DomainNames>\\r\\n</DescribeDomainListResponse>","errorExample":""}]',
- 'title' => 'DescribeDomainList',
+ 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"TotalCount\\": 2,\\n \\"RequestId\\": \\"592E866F-6C05-4E7C-81DE-B4D8E86B91EF\\",\\n \\"DomainNames\\": [\\n \\"www.example.com\\"\\n ]\\n}","type":"json"}]',
+ 'title' => 'Query domain name asset information',
+ 'summary' => 'Invokes DescribeDomainList to perform a paged query of domain names that are added to WAF for protection.',
+ 'description' => 'You can also use this operation to query all domain names that are added to WAF for protection, but paged query is not supported, which means all domain names are returned at a time. If you have a large number of domain names, we recommend that you invoke this operation to perform a paged query, which displays results by page and supports conditional query.',
+ 'requestParamsDescription' => 'When you call this operation, you must include common request parameters in addition to the operation-specific request parameters described in this topic. For more information about common request parameters, see [Common parameters](~~162719~~).'."\n"
+ ."\n"
+ .'For the request format, see the request examples in the **Examples** section of this topic.',
'responseParamsDescription' => ' ',
'extraInfo' => ' ',
- ],
- 'DescribeProtectionModuleMode' => [
- 'methods' => [
- 'post',
- 'get',
+ 'changeSet' => [],
+ 'flowControl' => [
+ 'flowControlList' => [
+ ['threshold' => '10', 'countWindow' => 1, 'regionId' => '*', 'api' => 'DescribeDomainList'],
+ ],
],
- 'schemes' => [
- 'http',
- 'https',
+ 'ramActions' => [
+ [
+ 'operationType' => 'get',
+ 'ramAction' => [
+ 'action' => 'yundun-waf:DescribeDomainList',
+ 'authLevel' => 'operate',
+ 'actionConditions' => [],
+ 'resources' => [
+ ['validationType' => 'always', 'product' => 'WAF', 'resourceType' => 'All Resource', 'arn' => '*'],
+ ],
+ ],
+ ],
],
+ ],
+ 'DescribeDomainNames' => [
+ 'methods' => ['post', 'get'],
+ 'schemes' => ['http', 'https'],
'security' => [
[
'AK' => [],
],
],
- 'systemTags' => [
- 'operationType' => 'get',
- ],
+ 'systemTags' => ['operationType' => 'list'],
'parameters' => [
[
- 'name' => 'Domain',
+ 'name' => 'InstanceId',
'in' => 'query',
- 'schema' => [
- 'description' => '',
- 'type' => 'string',
- 'required' => true,
- 'example' => 'www.example.com',
- ],
+ 'schema' => ['description' => 'Instance ID of the WAF instance.'."\n"
+ ."\n"
+ .'> You can call the [DescribeInstanceInfo](~~140857~~) operation to query instance ID of the current WAF instance.', 'type' => 'string', 'required' => true, 'example' => 'waf_elasticity-cn-0xldbqt****', 'title' => ''],
],
[
- 'name' => 'DefenseType',
+ 'name' => 'ResourceGroupId',
'in' => 'query',
+ 'schema' => ['description' => 'The ID of the resource group to which the domain name belongs in Resource Management. This parameter is empty by default, which indicates that the domain name belongs to the default resource group.', 'type' => 'string', 'required' => false, 'example' => 'rg-atstuj3rtop****', 'title' => ''],
+ ],
+ [
+ 'name' => 'RegionId',
+ 'in' => 'query',
+ 'schema' => ['description' => 'The region where the WAF instance is deployed. Valid values:'."\n"
+ ."\n"
+ .'- **cn-hangzhou**: the Chinese mainland.'."\n"
+ ."\n"
+ .'- **ap-southeast-1**: outside the Chinese mainland.', 'type' => 'string', 'default' => 'cn-hangzhou', 'required' => false, 'example' => 'cn-hangzhou', 'title' => ''],
+ ],
+ ],
+ 'responses' => [
+ 200 => [
'schema' => [
+ 'type' => 'object',
+ 'properties' => [
+ 'RequestId' => ['description' => 'The request ID.', 'type' => 'string', 'example' => 'D7861F61-5B61-46CE-A47C-6B19160D5EB0', 'title' => ''],
+ 'DomainNames' => [
+ 'description' => 'The list of domain names that have been added.',
+ 'type' => 'array',
+ 'items' => ['description' => 'The domain name.', 'type' => 'string', 'example' => '1.example.com', 'title' => ''],
+ 'title' => '',
+ 'example' => '',
+ ],
+ ],
'description' => '',
- 'type' => 'string',
- 'required' => true,
- 'example' => 'waf',
+ 'title' => '',
+ 'example' => '',
],
],
+ ],
+ 'errorCodes' => [
+ 403 => [
+ ['errorCode' => 'Forbbiden', 'errorMessage' => 'User not authorized to operate on the specified resource.', 'description' => ''],
+ ],
+ 500 => [
+ ['errorCode' => 'InternalError', 'errorMessage' => 'The request processing has failed due to some unknown error.', 'description' => ''],
+ ],
+ ],
+ 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"RequestId\\": \\"D7861F61-5B61-46CE-A47C-6B19160D5EB0\\",\\n \\"DomainNames\\": [\\n \\"1.example.com\\"\\n ]\\n}","type":"json"}]',
+ 'title' => 'Retrieve the list of domain names added to a specified instance',
+ 'summary' => 'Retrieves the list of domain names that have been added to a specified WAF instance.',
+ 'requestParamsDescription' => ' ',
+ 'responseParamsDescription' => ' ',
+ 'extraInfo' => ' ',
+ 'changeSet' => [],
+ 'flowControl' => [
+ 'flowControlList' => [
+ ['threshold' => '50', 'countWindow' => 1, 'regionId' => '*', 'api' => 'DescribeDomainNames'],
+ ],
+ ],
+ 'ramActions' => [
+ [
+ 'operationType' => 'list',
+ 'ramAction' => [
+ 'action' => 'yundun-waf:DescribeDomainNames',
+ 'authLevel' => 'operate',
+ 'actionConditions' => [],
+ 'resources' => [
+ ['validationType' => 'always', 'product' => 'WAF', 'resourceType' => 'All Resource', 'arn' => '*'],
+ ],
+ ],
+ ],
+ ],
+ ],
+ 'DescribeDomainRuleGroup' => [
+ 'methods' => ['post', 'get'],
+ 'schemes' => ['http', 'https'],
+ 'security' => [
+ [
+ 'AK' => [],
+ ],
+ ],
+ 'systemTags' => ['operationType' => 'get'],
+ 'parameters' => [
+ [
+ 'name' => 'Domain',
+ 'in' => 'query',
+ 'schema' => ['description' => 'The domain name to query.'."\n"
+ ."\n"
+ .'> You can call [DescribeDomainList](~~255880~~) to query all domain names that have been added to WAF for protection.', 'type' => 'string', 'required' => true, 'example' => 'www.aliyundoc.com', 'title' => ''],
+ ],
[
'name' => 'InstanceId',
'in' => 'query',
- 'schema' => [
- 'description' => '',
- 'type' => 'string',
- 'required' => true,
- 'example' => 'waf_elasticity-cn-0xldbqt****',
- ],
+ 'schema' => ['description' => 'The ID of the WAF instance.'."\n"
+ ."\n"
+ .'> You can call [DescribeInstanceInfo](~~140857~~) to query the ID of the current WAF instance.', 'type' => 'string', 'required' => true, 'example' => 'waf-cn-tl32ast****', 'title' => ''],
],
[
'name' => 'ResourceGroupId',
'in' => 'query',
- 'schema' => [
- 'description' => '',
- 'type' => 'string',
- 'required' => false,
- 'example' => 'rg-atstuj3rtop****',
- ],
+ 'schema' => ['description' => 'The ID of the resource group to which the WAF instance belongs in Resource Management. Default value: empty, which indicates the default resource group.'."\n"
+ ."\n"
+ .'For more information about resource groups, see [Create a resource group](~~94485~~).', 'type' => 'string', 'required' => false, 'example' => 'rg-aek2oij****hbfi', 'title' => ''],
],
[
'name' => 'RegionId',
'in' => 'query',
- 'schema' => [
- 'type' => 'string',
- 'default' => 'cn-hangzhou',
- ],
+ 'schema' => ['description' => 'The region where the WAF instance is deployed. Valid values:'."\n"
+ ."\n"
+ .'- **cn-hangzhou**: Chinese mainland.'."\n"
+ ."\n"
+ .'- **ap-southeast-1**: outside the Chinese mainland.', 'type' => 'string', 'default' => 'cn-hangzhou', 'required' => false, 'example' => 'cn-hangzhou', 'title' => ''],
],
],
'responses' => [
@@ -2871,88 +2476,255 @@
'schema' => [
'type' => 'object',
'properties' => [
- 'RequestId' => [
- 'description' => '',
- 'type' => 'string',
- 'example' => 'D7861F61-5B61-46CE-A47C-6B19160D5EB0',
- ],
- 'Mode' => [
- 'description' => '',
- 'type' => 'integer',
- 'format' => 'int32',
- 'example' => '1',
- ],
+ 'RuleGroupId' => ['description' => 'The ID of the protection rule group bound to the domain. Valid values:'."\n"
+ ."\n"
+ .'- **1011**: the strict rule group built into WAF.'."\n"
+ .'- **1012**: the medium rule group built into WAF.'."\n"
+ .'- **1013**: the loose rule group built into WAF.'."\n"
+ ."\n"
+ .'Other values indicate the IDs of custom rule groups.'."\n", 'type' => 'integer', 'format' => 'int64', 'example' => '1012', 'title' => ''],
+ 'RequestId' => ['description' => 'The ID of the request.', 'type' => 'string', 'example' => 'D7861F61-5B61-46CE-A47C-6B19160D5EB0', 'title' => ''],
+ 'WafAiStatus' => ['description' => 'The status of the intelligent rule hosting feature. Valid values:'."\n"
+ ."\n"
+ .'- **0**: disabled.'."\n"
+ .'- **1**: enabled.', 'type' => 'integer', 'format' => 'int32', 'example' => '1', 'title' => ''],
],
+ 'description' => '',
+ 'title' => '',
+ 'example' => '',
],
],
],
- 'responseDemo' => '[{"type":"json","example":"{\\n \\"RequestId\\": \\"DE14845A-F46F-59BE-B8F7-6ED7A787D213\\",\\n \\"Mode\\": 0\\n}","errorExample":""},{"type":"xml","example":"<DescribeProtectionModuleModeResponse>\\n <LearnStatus>3</LearnStatus>\\n <RequestId>DE14845A-F46F-59BE-B8F7-6ED7A787D213</RequestId>\\n <Mode>0</Mode>\\n</DescribeProtectionModuleModeResponse>","errorExample":""}]',
- 'title' => 'DescribeProtectionModuleMode',
- 'requestParamsDescription' => ' ',
+ 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"RuleGroupId\\": 1012,\\n \\"RequestId\\": \\"D7861F61-5B61-46CE-A47C-6B19160D5EB0\\",\\n \\"WafAiStatus\\": 1\\n}","type":"json"}]',
+ 'title' => 'DescribeDomainRuleGroup',
+ 'summary' => 'Queries the ID of the protection rule group bound to a domain and the status of the intelligent rule hosting feature by calling DescribeDomainRuleGroup.',
+ 'description' => 'This API operation is used to query the ID of the protection rule group bound to a specified domain and the status of the intelligent rule hosting feature under the rule protection engine.'."\n"
+ .'Note that to ensure system stability, the queries per second (QPS) for a single user is limited to 10. If the limit is exceeded, API calls will be throttled, which may affect your business. Please make API calls appropriately.',
+ 'requestParamsDescription' => 'When you call this API operation, in addition to the request parameters described in this topic, you must also include Alibaba Cloud API common request parameters. For more information about common request parameters, see [Common parameters](~~162719~~).'."\n"
+ ."\n"
+ .'For the request format of this API operation, see the request examples in the **Examples** section of this topic.',
'responseParamsDescription' => ' ',
'extraInfo' => ' ',
- ],
- 'ModifyDomainIpv6Status' => [
- 'methods' => [
- 'post',
- 'get',
+ 'changeSet' => [
+ ['createdAt' => '2022-01-18T08:24:59.000Z', 'description' => 'Response parameters changed, Error codes changed'],
],
- 'schemes' => [
- 'http',
- 'https',
+ 'flowControl' => [
+ 'flowControlList' => [
+ ['threshold' => '10', 'countWindow' => 1, 'regionId' => '*', 'api' => 'DescribeDomainRuleGroup'],
+ ],
+ ],
+ 'ramActions' => [
+ [
+ 'operationType' => 'get',
+ 'ramAction' => [
+ 'action' => 'yundun-waf:DescribeDomainRuleGroup',
+ 'authLevel' => 'operate',
+ 'actionConditions' => [],
+ 'resources' => [
+ ['validationType' => 'always', 'product' => 'WAF', 'resourceType' => 'All Resource', 'arn' => '*'],
+ ],
+ ],
+ ],
],
+ ],
+ 'DescribeInstanceInfo' => [
+ 'methods' => ['post', 'get'],
+ 'schemes' => ['http', 'https'],
'security' => [
[
'AK' => [],
],
],
- 'deprecated' => false,
- 'systemTags' => [],
+ 'systemTags' => ['operationType' => 'get'],
'parameters' => [
[
'name' => 'InstanceId',
'in' => 'query',
- 'schema' => [
- 'description' => '',
- 'type' => 'string',
- 'required' => true,
- 'example' => 'waf-cn-mp9153****',
- ],
+ 'schema' => ['description' => 'The ID of the WAF instance that you want to query.'."\n"
+ ."\n"
+ .'If you do not set this parameter, the information about all WAF instances in the Chinese mainland or outside the Chinese mainland is returned.', 'type' => 'string', 'required' => false, 'example' => 'waf-cn-tl32ast****', 'title' => ''],
],
[
- 'name' => 'Domain',
+ 'name' => 'ResourceGroupId',
'in' => 'query',
- 'schema' => [
- 'description' => '',
- 'type' => 'string',
- 'required' => true,
- 'example' => 'www.example.com',
- ],
+ 'schema' => ['description' => 'The ID of the resource group to which the WAF instance belongs in Resource Management. If you do not set this parameter, the default resource group is used.', 'type' => 'string', 'required' => false, 'example' => 'rg-atstuj3rtop****', 'title' => ''],
],
[
- 'name' => 'Enabled',
+ 'name' => 'RegionId',
'in' => 'query',
+ 'schema' => ['description' => 'The region where the WAF instance resides. Valid values:'."\n"
+ ."\n"
+ .'- **cn-hangzhou**: the Chinese mainland.'."\n"
+ ."\n"
+ .'- **ap-southeast-1**: outside the Chinese mainland.', 'type' => 'string', 'default' => 'cn-hangzhou', 'required' => false, 'example' => 'cn-hangzhou', 'title' => ''],
+ ],
+ ],
+ 'responses' => [
+ 200 => [
'schema' => [
+ 'type' => 'object',
+ 'properties' => [
+ 'RequestId' => ['description' => 'The ID of the request.', 'type' => 'string', 'example' => 'D7861F61-5B61-46CE-A47C-6B19160D5EB0', 'title' => ''],
+ 'InstanceInfo' => [
+ 'description' => 'The details of the WAF instance.',
+ 'type' => 'object',
+ 'properties' => [
+ 'Status' => ['description' => 'Indicates whether the WAF instance has expired. Valid values:'."\n"
+ .'- **0**: expired.'."\n"
+ .'- **1**: not expired.'."\n"
+ ."\n"
+ .'> This parameter is not returned if **PayType** is **0** (WAF instance is not activated).', 'type' => 'integer', 'format' => 'int32', 'example' => '1', 'title' => ''],
+ 'EndDate' => ['description' => 'The expiration time of the WAF instance. This value is a UNIX timestamp. Unit: seconds.'."\n"
+ ."\n"
+ .'> This parameter is not returned if **PayType** is **0** (WAF instance is not activated).', 'type' => 'integer', 'format' => 'int64', 'example' => '1512921600', 'title' => ''],
+ 'Version' => ['description' => 'The edition of the WAF instance. Valid values:'."\n"
+ ."\n"
+ .'<props="china">- **version_3**: Premium Edition in the Chinese mainland.</props>'."\n"
+ .'<props="china">- **version_4**: Business Edition in the Chinese mainland.</props>'."\n"
+ .'<props="china">- **version_5**: Ultimate Edition in the Chinese mainland.</props>'."\n"
+ .'<props="china">- **version_exclusive_cluster**: virtual exclusive cluster edition in the Chinese mainland.</props>'."\n"
+ .'<props="china">- **version_hybrid_cloud_standard**: Hybrid Cloud WAF Edition in the Chinese mainland.</props>'."\n"
+ .'<props="china">- **version_pro_asia**: Premium Edition outside the Chinese mainland.</props>'."\n"
+ .'<props="china">- **version_business_asia**: Business Edition outside the Chinese mainland.</props>'."\n"
+ .'<props="china">- **version_enterprise_asia**: Ultimate Edition outside the Chinese mainland.</props>'."\n"
+ .'<props="china">- **version_exclusive_cluster_asia**: virtual exclusive cluster edition outside the Chinese mainland.</props>'."\n"
+ .'<props="china">- **version_hybrid_cloud_standard_asia**: Hybrid Cloud WAF Edition outside the Chinese mainland.</props>'."\n"
+ .'<props="china">- **version_elastic_bill**: pay-as-you-go billing method edition.</props>'."\n"
+ .'<props="china">- **version_elastic_bill_new**: pay-as-you-go billing method 2.0 edition.</props>'."\n"
+ ."\n"
+ .'<props="china">If the returned version parameter value is not in the preceding list, confirm that you are using an Alibaba Cloud China Website (www.aliyun.com) account.</props> '."\n"
+ ."\n"
+ .'<props="intl">- **version_pro_china**: Premium Edition in the Chinese mainland.</props>'."\n"
+ .'<props="intl">- **version_business_china**: Business Edition in the Chinese mainland.</props>'."\n"
+ .'<props="intl">- **version_enterprise_china**: Ultimate Edition in the Chinese mainland.</props>'."\n"
+ .'<props="intl">- **version_exclusive_china**: virtual exclusive cluster edition in the Chinese mainland.</props>'."\n"
+ .'<props="intl">- **version_hybrid_cloud_standard_china**: Hybrid Cloud WAF Edition in the Chinese mainland.</props>'."\n"
+ .'<props="intl">- **version_pro**: Premium Edition outside the Chinese mainland.</props>'."\n"
+ .'<props="intl">- **version_business**: Business Edition outside the Chinese mainland.</props>'."\n"
+ .'<props="intl">- **version_enterprise**: Ultimate Edition outside the Chinese mainland.</props>'."\n"
+ .'<props="intl">- **version_exclusive**: virtual exclusive cluster edition outside the Chinese mainland.</props>'."\n"
+ .'<props="intl">- **version_hybrid_cloud_standard**: Hybrid Cloud WAF Edition outside the Chinese mainland.</props>'."\n"
+ ."\n"
+ .'<props="intl">If the returned version parameter value is not in the preceding list, confirm that you are using an Alibaba Cloud International Website (www.alibabacloud.com) account.</props>'."\n"
+ ."\n"
+ .'> This parameter is not returned if **PayType** is **0** (WAF instance is not activated).', 'type' => 'string', 'example' => 'version_3', 'title' => ''],
+ 'RemainDay' => ['description' => 'The remaining available days of the trial WAF instance.'."\n"
+ ."\n"
+ .'> This parameter is returned only if **Trial** is **1** (a trial WAF instance is activated).', 'type' => 'integer', 'format' => 'int32', 'example' => '1', 'title' => ''],
+ 'Region' => ['description' => 'The region of the WAF instance. Valid values:'."\n"
+ ."\n"
+ .'- **cn**: the Chinese mainland.'."\n"
+ .'- **cn-hongkong**: outside the Chinese mainland.'."\n"
+ ."\n"
+ .'> This parameter is not returned if **PayType** is **0** (WAF instance is not activated).', 'type' => 'string', 'example' => 'cn', 'title' => ''],
+ 'PayType' => ['description' => 'The activation status of the WAF instance. Valid values:'."\n"
+ ."\n"
+ .'- **0**: No WAF instance is activated under the current Alibaba Cloud account.'."\n"
+ .'- **1**: A subscription instance of WAF is activated under the current Alibaba Cloud account.'."\n"
+ .'<props="china">- **2**: A WAF instance that uses the pay-as-you-go billing method is activated under the current Alibaba Cloud account.</props>', 'type' => 'integer', 'format' => 'int32', 'example' => '1', 'title' => ''],
+ 'InDebt' => ['description' => 'Indicates whether the WAF instance has an overdue payment. Valid values:'."\n"
+ ."\n"
+ .'- **0**: The instance has an overdue payment.'."\n"
+ .'- **1**: The instance does not have an overdue payment.'."\n"
+ ."\n"
+ .'> This parameter is not returned if **PayType** is **0** (WAF instance is not activated).', 'type' => 'integer', 'format' => 'int32', 'example' => '1', 'title' => ''],
+ 'InstanceId' => ['description' => 'The ID of the WAF instance.'."\n"
+ ."\n"
+ .'> This parameter is not returned if **PayType** is **0** (WAF instance is not activated).', 'type' => 'string', 'example' => 'waf-cn-tl32ast****', 'title' => ''],
+ 'SubscriptionType' => ['description' => '<props="china">The billable method of the WAF instance. Valid values:</props>'."\n"
+ .'<props="china">- **Subscription**: subscription.</props>'."\n"
+ .'<props="china">- **PayAsYouGo**: pay-as-you-go billing method.</props>'."\n"
+ ."\n"
+ .'<props="intl">The billable method of the WAF instance. The value is fixed as **Subscription**, which indicates subscription.</props>'."\n"
+ ."\n"
+ .'> This parameter is not returned if **PayType** is **0** (WAF instance is not activated).', 'type' => 'string', 'example' => 'Subscription', 'title' => ''],
+ 'Trial' => ['description' => 'Indicates whether a trial WAF instance is activated under the current Alibaba Cloud account. Valid values:'."\n"
+ ."\n"
+ .'- **0**: No.'."\n"
+ .'- **1**: Yes.'."\n"
+ ."\n"
+ .'> This parameter is returned only if a trial WAF instance is activated under the current Alibaba Cloud account.', 'type' => 'integer', 'format' => 'int32', 'example' => '1', 'title' => ''],
+ ],
+ 'title' => '',
+ 'example' => '',
+ ],
+ ],
'description' => '',
- 'type' => 'string',
- 'required' => true,
- 'example' => '0',
+ 'title' => '',
+ 'example' => '',
],
],
+ ],
+ 'errorCodes' => [
+ 403 => [
+ ['errorCode' => 'Forbbiden', 'errorMessage' => 'User not authorized to operate on the specified resource.', 'description' => ''],
+ ],
+ 500 => [
+ ['errorCode' => 'InternalError', 'errorMessage' => 'The request processing has failed due to some unknown error.', 'description' => ''],
+ ],
+ ],
+ 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"RequestId\\": \\"D7861F61-5B61-46CE-A47C-6B19160D5EB0\\",\\n \\"InstanceInfo\\": {\\n \\"Status\\": 1,\\n \\"EndDate\\": 1512921600,\\n \\"Version\\": \\"version_3\\",\\n \\"RemainDay\\": 1,\\n \\"Region\\": \\"cn\\",\\n \\"PayType\\": 1,\\n \\"InDebt\\": 1,\\n \\"InstanceId\\": \\"waf-cn-tl32ast****\\",\\n \\"SubscriptionType\\": \\"Subscription\\",\\n \\"Trial\\": 1\\n }\\n}","type":"json"}]',
+ 'title' => 'Get WAF instance information',
+ 'summary' => 'Queries the details of a WAF instance under the current Alibaba Cloud account.',
+ 'description' => 'This operation queries the details of a WAF instance under the current Alibaba Cloud account, such as the instance ID, edition, status, and expiration time. To ensure system stability, the queries per second (QPS) is limited to 50 per user. If the limit is exceeded, API calls are throttled, which may affect your business. Call this operation at a proper frequency.',
+ 'requestParamsDescription' => 'When you call this operation, you must include common request parameters in addition to the operation-specific request parameters described in this topic. For more information about common request parameters, see [Common parameters](~~162719~~).'."\n"
+ ."\n"
+ .'For the request format, see the request examples in the **Examples** section of this topic.',
+ 'responseParamsDescription' => ' ',
+ 'extraInfo' => ' ',
+ 'changeSet' => [],
+ 'flowControl' => [
+ 'flowControlList' => [
+ ['threshold' => '50', 'countWindow' => 1, 'regionId' => '*', 'api' => 'DescribeInstanceInfo'],
+ ],
+ ],
+ 'ramActions' => [
+ [
+ 'operationType' => 'get',
+ 'ramAction' => [
+ 'action' => 'yundun-waf:DescribeInstanceInfo',
+ 'authLevel' => 'operate',
+ 'actionConditions' => [],
+ 'resources' => [
+ ['validationType' => 'always', 'product' => 'WAF', 'resourceType' => 'All Resource', 'arn' => '*'],
+ ],
+ ],
+ ],
+ ],
+ ],
+ 'DescribeInstanceSpecInfo' => [
+ 'methods' => ['post', 'get'],
+ 'schemes' => ['http', 'https'],
+ 'security' => [
+ [
+ 'AK' => [],
+ ],
+ ],
+ 'systemTags' => ['operationType' => 'get'],
+ 'parameters' => [
+ [
+ 'name' => 'InstanceId',
+ 'in' => 'query',
+ 'schema' => ['description' => 'The ID of the WAF instance to query.'."\n"
+ ."\n"
+ .'> You can call [DescribeInstanceInfo](~~140857~~) to query the ID of the current WAF instance.', 'type' => 'string', 'required' => false, 'example' => 'waf-cn-st2225l****', 'title' => ''],
+ ],
[
'name' => 'ResourceGroupId',
'in' => 'query',
- 'schema' => [
- 'type' => 'string',
- ],
+ 'schema' => ['description' => "\n"
+ .'The ID of the resource group to which the WAF instance belongs in Resource Management. This parameter is empty by default, which indicates that the instance belongs to the default resource group.'."\n"
+ ."\n"
+ .'For more information about resource groups, see [Create a resource group](~~94485~~).', 'type' => 'string', 'required' => false, 'example' => 'rg-atstuj3rtop****', 'title' => ''],
],
[
'name' => 'RegionId',
'in' => 'query',
- 'schema' => [
- 'type' => 'string',
- 'default' => 'cn-hangzhou',
- ],
+ 'schema' => ['description' => 'The region where the WAF instance resides. Valid values:'."\n"
+ ."\n"
+ .'- **cn-hangzhou**: the Chinese mainland.'."\n"
+ ."\n"
+ .'- **ap-southeast-1**: outside the Chinese mainland.', 'type' => 'string', 'default' => 'cn-hangzhou', 'required' => false, 'example' => 'cn-hangzhou', 'title' => ''],
],
],
'responses' => [
@@ -2960,84 +2732,278 @@
'schema' => [
'type' => 'object',
'properties' => [
- 'RequestId' => [
- 'description' => '',
- 'type' => 'string',
- 'example' => 'D7861F61-5B61-46CE-A47C-6B19160D5EB0',
+ 'RequestId' => ['description' => 'The ID of the request.', 'type' => 'string', 'example' => 'E906513E-F6B5-495E-98DC-7BA8****1D76', 'title' => ''],
+ 'InstanceId' => ['description' => 'The instance ID of the WAF instance.', 'type' => 'string', 'example' => 'waf-cn-st2225l****', 'title' => ''],
+ 'ExpireTime' => ['description' => 'The expiration time of the WAF instance. The value is a UNIX timestamp in the format of milliseconds.'."\n"
+ ."\n"
+ .'> For instances that use the pay-as-you-go billing method, the returned value indicates the expiration time of the trial edition.', 'type' => 'integer', 'format' => 'int64', 'example' => '1677168000000', 'title' => ''],
+ 'Version' => ['description' => 'The version of the WAF instance. Valid values:'."\n"
+ ."\n"
+ .'<props="china">'."\n"
+ ."\n"
+ .'- **version_3**: Premium Edition in the Chinese mainland.'."\n"
+ ."\n"
+ .'- **version_4**: Business edition in the Chinese mainland.'."\n"
+ ."\n"
+ .'- **version_5**: Ultimate Edition in the Chinese mainland.'."\n"
+ ."\n"
+ .'- **version_exclusive_cluster**: virtual exclusive cluster edition in the Chinese mainland.'."\n"
+ ."\n"
+ .'- **version_hybrid_clou_standard**: hybrid cloud WAF edition in the Chinese mainland.'."\n"
+ ."\n"
+ .'- **version_pro_asia**: Premium Edition outside China.'."\n"
+ ."\n"
+ .'- **version_business_asia**: Business edition outside China.'."\n"
+ ."\n"
+ .'- **version_enterprise_asia**: Ultimate Edition outside China.'."\n"
+ ."\n"
+ .'- **version_exclusive_cluster_asia**: virtual exclusive cluster edition outside China.'."\n"
+ ."\n"
+ .'- **version_hybrid_cloud_standard_asia**: hybrid cloud WAF edition outside China.'."\n"
+ ."\n"
+ .'- **version_elastic_bill**: pay-as-you-go billing method edition.'."\n"
+ ."\n"
+ .'- **version_elastic_bill_new**: pay-as-you-go billing method 2.0 edition.'."\n"
+ ."\n"
+ .'</props>'."\n"
+ ."\n"
+ .'<props="intl">'."\n"
+ ."\n"
+ .'- **version_pro_china**: Premium Edition in the Chinese mainland.'."\n"
+ ."\n"
+ .'- **version_business_china**: Business edition in the Chinese mainland.'."\n"
+ ."\n"
+ .'- **version_enterprise_china**: Ultimate Edition in the Chinese mainland.'."\n"
+ ."\n"
+ .'- **version_exclusive_china**: virtual exclusive cluster edition in the Chinese mainland.'."\n"
+ ."\n"
+ .'- **version_hybrid_cloud_standard_china**: hybrid cloud WAF edition in the Chinese mainland.'."\n"
+ ."\n"
+ .'- **version_pro**: Premium Edition outside China.'."\n"
+ ."\n"
+ .'- **version_business**: Business edition outside China.'."\n"
+ ."\n"
+ .'- **version_enterprise**: Ultimate Edition outside China.'."\n"
+ ."\n"
+ .'- **version_exclusive**: virtual exclusive cluster edition outside China.'."\n"
+ ."\n"
+ .'- **version_hybrid_cloud_standard**: hybrid cloud WAF edition outside China.'."\n"
+ ."\n"
+ .'</props>'."\n"
+ ."\n"
+ .'<props="china">If the returned version parameter value is not in the preceding list, confirm that you are using an Alibaba Cloud China Website (www.aliyun.com) account.</props>'."\n"
+ ."\n"
+ .'<props="intl">If the returned version parameter value is not in the preceding list, confirm that you are using an Alibaba Cloud International Website (www.alibabacloud.com) account.</props>', 'type' => 'string', 'example' => 'version_3', 'title' => ''],
+ 'InstanceSpecInfos' => [
+ 'description' => 'The specification information of the WAF instance. The information is returned as an array of **Code** and **Value** pairs. **Code** indicates the specification code, and **Value** indicates the corresponding specification value.',
+ 'type' => 'array',
+ 'items' => [
+ 'type' => 'object',
+ 'properties' => [
+ 'Code' => ['description' => 'The specification code of the WAF instance. Valid values:'."\n"
+ ."\n"
+ .'- **100**: indicates whether HTTPS service protection is supported.'."\n"
+ .'- **101**: the daily service traffic threshold.'."\n"
+ .'- **102**: the mitigation threshold for HTTP flood attacks.'."\n"
+ .'- **103**: the total number of domain names that can be added for protection.'."\n"
+ .'- **104**: indicates whether wildcard domain names are supported.'."\n"
+ .'- **105**: the number of custom mitigation policies (ACL access control) rules that can be configured.'."\n"
+ .'- **106**: the number of back-to-origin IP addresses for domain names.'."\n"
+ .'- **107**: indicates whether servers outside Alibaba Cloud are supported.'."\n"
+ .'- **108**: indicates whether the custom advanced web access control feature is supported.'."\n"
+ .'- **109**: indicates whether non-standard ports are supported.'."\n"
+ .'- **110**: indicates whether the scan protection feature is supported.'."\n"
+ .'- **111**: indicates whether data risk control is supported.'."\n"
+ .'- **112**: the number of data risk control records that can be configured.'."\n"
+ .'- **113**: the number of primary domain names (top-level domain names) that can be added for protection.'."\n"
+ .'- **114**: the normal service bandwidth threshold.'."\n"
+ .'- **115**: the number of attached domain name packages.'."\n"
+ .'- **116**: indicates whether adding ECS IP addresses under different Alibaba Cloud accounts as origin server IP addresses is supported.'."\n"
+ .'- **117**: indicates whether adding Web Hosting IP addresses as origin server IP addresses is supported.'."\n"
+ .'- **118**: the number of data risk control rule scenarios that can be configured.'."\n"
+ .'- **119**: indicates whether the semantics analysis DPI engine feature is supported.'."\n"
+ .'- **12**: indicates whether the service network traffic analysis feature is supported.'."\n"
+ .'- **120**: indicates whether ICP filing verification is required for domain names added for protection.'."\n"
+ .'- **121**: indicates whether custom mitigation policies (HTTP flood attack prevention) rules can be configured.'."\n"
+ .'- **122**: the number of custom mitigation policies (HTTP flood attack prevention) rules that can be configured.'."\n"
+ .'- **123**: indicates whether the region-level IP blacklist feature is supported.'."\n"
+ .'- **124**: indicates whether web tamper-proofing is supported.'."\n"
+ .'- **125**: the number of custom tamper-proofing protection rules that can be configured.'."\n"
+ .'- **126**: indicates whether log collection is supported.'."\n"
+ .'- **127**: the number of non-standard ports that can be added.'."\n"
+ .'- **128**: the HTTP protocol ports that can be added.'."\n"
+ .'- **129**: the HTTPS protocol ports that can be added.'."\n"
+ .'- **13**: indicates whether switching the HTTP flood protection mode is supported.'."\n"
+ .'- **130**: indicates whether attacker profiling is supported.'."\n"
+ .'- **131**: indicates whether the sensitive information leak prevention feature is supported.'."\n"
+ .'- **132**: the number of sensitive information leak prevention rules that can be configured.'."\n"
+ .'- **133**: the condition fields that can be used in custom mitigation policies and whitelist policies.'."\n"
+ .'- **134**: the number of attached exclusive IP addresses.'."\n"
+ .'- **135**: indicates whether the data dashboard feature is supported.'."\n"
+ .'- **136**: the number of supported data dashboards.'."\n"
+ .'- **137**: indicates whether the deep learning engine feature is supported.'."\n"
+ .'- **138**: indicates whether full logs are supported.'."\n"
+ .'- **139**: the storage duration of full logs.'."\n"
+ .'- **14**: indicates whether viewing HTTP flood attack log details is supported.'."\n"
+ .'- **140**: the maximum storage capacity of full logs.'."\n"
+ .'- **141**: indicates whether the alerting settings feature is supported.'."\n"
+ .'- **142**: the number of times the full log storage space can be cleared.'."\n"
+ .'- **143**: indicates whether custom protection rule groups are supported.'."\n"
+ .'- **144**: the number of custom rule groups that can be configured.'."\n"
+ .'- **145**: indicates whether the general gateway proxy for protection modules is supported.'."\n"
+ .'- **146**: indicates whether the general rule proxy for protection modules is supported.'."\n"
+ .'- **147**: indicates whether the security expert service platform is supported.'."\n"
+ .'- **148**: indicates whether trial use is supported.'."\n"
+ .'- **149**: indicates whether transparent proxy mode is supported.'."\n"
+ .'- **150**: indicates whether IPv6 is supported.'."\n"
+ .'- **151**: indicates whether the proactive defense feature is supported.'."\n"
+ .'- **152**: the number of proactive defense rules that can be configured.'."\n"
+ .'- **153**: indicates whether HTTP 2.0 service protection is supported.'."\n"
+ .'- **154**: indicates whether the domain name configuration feature is supported.'."\n"
+ .'- **155**: indicates whether the asset discovery feature is supported.'."\n"
+ .'- **156**: indicates whether pre-release testing specifications are available.'."\n"
+ .'- **157**: indicates whether virtual exclusive clusters are supported.'."\n"
+ .'- **158**: the number of ports supported by virtual exclusive clusters.'."\n"
+ .'- **159**: indicates whether the account security feature is supported.'."\n"
+ .'- **160**: the number of interfaces for account security protection.'."\n"
+ .'- **162**: the number of whitelist rules that can be added.'."\n"
+ .'- **163**: the number of custom protection rules.'."\n"
+ .'- **164**: the number of IP blacklist rules.'."\n"
+ .'- **167**: indicates whether custom scan protection configuration is supported.'."\n"
+ .'- **168**: the number of Global Server Load Balancing (GSLB) protected domain names.'."\n"
+ .'- **169**: indicates whether intelligent load balancing is supported.'."\n"
+ .'- **171**: indicates whether the application protection feature is supported.'."\n"
+ .'- **172**: the number of application protection rules.'."\n"
+ .'- **173**: indicates whether the typical crawler behavior identification feature is supported.'."\n"
+ .'- **176**: indicates whether the legitimate crawler identification feature is supported.'."\n"
+ .'- **177**: indicates whether the crawler threat intelligence feature is supported.'."\n"
+ .'- **181**: the number of traffic redirection configurations (each corresponding to a specific instance IP address and port) that can be added for transparent access.'."\n"
+ .'- **190**: indicates whether HTTP flood attack prevention capabilities are supported.'."\n"
+ .'- **191**: indicates whether account security defense capabilities are supported.'."\n"
+ .'- **192**: indicates whether scan attack prevention capabilities are supported.'."\n"
+ .'- **193**: indicates whether custom TLS security policy is supported.'."\n"
+ .'- **194**: indicates whether advanced settings for custom TLS security policy are supported.'."\n"
+ .'- **196**: indicates whether transparent access supports attaching any interface.'."\n"
+ .'- **199**: indicates whether origin fetch over IPv6 is supported.'."\n"
+ .'- **200**: indicates whether scenario-specific anti-crawler configuration is supported.'."\n"
+ .'- **201**: the number of scenario-specific anti-crawler configurations.', 'type' => 'string', 'example' => '103', 'title' => ''],
+ 'Value' => ['description' => 'The value that corresponds to the WAF instance specification code. The value can be **true** (yes) or **false** (no), or a specific number.'."\n"
+ ."\n"
+ .'> For example, if **Code** is set to **103**, the **Value** is **640**. If **Code** is set to **104**, the **Value** is **true**.', 'type' => 'string', 'example' => '640', 'title' => ''],
+ ],
+ 'description' => '',
+ 'title' => '',
+ 'example' => '',
+ ],
+ 'title' => '',
+ 'example' => '',
],
],
+ 'description' => '',
+ 'title' => '',
+ 'example' => '',
],
],
],
- 'errorCodes' => [],
- 'responseDemo' => '[{"type":"json","example":"{\\n \\"RequestId\\": \\"D7861F61-5B61-46CE-A47C-6B19****5EB0\\"\\n}","errorExample":""},{"type":"xml","example":"<?xml version=\\"1.0\\" encoding=\\"UTF-8\\" ?>\\r\\n<ModifyDomainIpv6StatusResponse>\\r\\n\\t<RequestId>D7861F61-5B61-46CE-A47C-6B19160D5EB0</RequestId>\\r\\n</ModifyDomainIpv6StatusResponse>","errorExample":""}]',
- 'title' => 'ModifyDomainIpv6Status',
- 'requestParamsDescription' => ' ',
+ 'errorCodes' => [
+ 403 => [
+ ['errorCode' => 'Forbbiden', 'errorMessage' => 'User not authorized to operate on the specified resource.', 'description' => ''],
+ ],
+ 500 => [
+ ['errorCode' => 'InternalError', 'errorMessage' => 'The request processing has failed due to some unknown error.', 'description' => ''],
+ ],
+ ],
+ 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"RequestId\\": \\"E906513E-F6B5-495E-98DC-7BA8****1D76\\",\\n \\"InstanceId\\": \\"waf-cn-st2225l****\\",\\n \\"ExpireTime\\": 1677168000000,\\n \\"Version\\": \\"version_3\\",\\n \\"InstanceSpecInfos\\": [\\n {\\n \\"Code\\": \\"103\\",\\n \\"Value\\": \\"640\\"\\n }\\n ]\\n}","type":"json"}]',
+ 'title' => 'Query WAF instance specifications',
+ 'summary' => 'Queries the specification information of a WAF instance.',
+ 'requestParamsDescription' => 'When you call this operation, you must include the common request parameters of Alibaba Cloud APIs in addition to the request parameters described in this topic. For more information about common request parameters, see [Common parameters](~~162719~~).'."\n"
+ ."\n"
+ .'For the request format, see the request examples in the **Examples** section of this topic.',
'responseParamsDescription' => ' ',
'extraInfo' => ' ',
- ],
- 'DescribeProtectionModuleStatus' => [
- 'methods' => [
- 'post',
- 'get',
- ],
- 'schemes' => [
- 'http',
- 'https',
+ 'changeSet' => [],
+ 'flowControl' => [
+ 'flowControlList' => [],
+ ],
+ 'ramActions' => [
+ [
+ 'operationType' => 'get',
+ 'ramAction' => [
+ 'action' => 'yundun-waf:DescribeInstanceSpecInfo',
+ 'authLevel' => 'operate',
+ 'actionConditions' => [],
+ 'resources' => [
+ ['validationType' => 'always', 'product' => 'WAF', 'resourceType' => 'All Resource', 'arn' => '*'],
+ ],
+ ],
+ ],
],
+ ],
+ 'DescribeLogServiceStatus' => [
+ 'methods' => ['post', 'get'],
+ 'schemes' => ['http', 'https'],
'security' => [
[
'AK' => [],
],
],
- 'systemTags' => [
- 'operationType' => 'get',
- ],
+ 'systemTags' => ['operationType' => 'get'],
'parameters' => [
[
- 'name' => 'Domain',
+ 'name' => 'InstanceId',
'in' => 'query',
- 'schema' => [
- 'description' => '',
- 'type' => 'string',
- 'required' => true,
- 'example' => 'www.aliyundoc.com',
- ],
+ 'schema' => ['description' => 'The ID of the WAF instance.'."\n"
+ ."\n"
+ .'> You can call DescribeInstanceInfo to query the ID of the current WAF instance.', 'type' => 'string', 'required' => true, 'example' => 'waf-cn-zz11sr5****', 'title' => ''],
],
[
- 'name' => 'DefenseType',
+ 'name' => 'Region',
'in' => 'query',
- 'schema' => [
- 'description' => '',
- 'type' => 'string',
- 'required' => true,
- 'example' => 'waf',
- ],
+ 'schema' => ['description' => 'The region ID of Log Service. Valid values: '."\n"
+ .'- **cn**: the Chinese mainland (default)'."\n"
+ .'- **cn-hongkong**: outside China.', 'type' => 'string', 'required' => false, 'default' => 'cn', 'example' => 'cn', 'title' => ''],
],
[
- 'name' => 'InstanceId',
+ 'name' => 'ResourceGroupId',
'in' => 'query',
- 'schema' => [
- 'description' => '',
- 'type' => 'string',
- 'required' => true,
- 'example' => 'waf-cn-zz11sr5****',
- ],
+ 'schema' => ['description' => 'The ID of the resource group to which the WAF instance belongs in Resource Management. This parameter is empty by default, which indicates that the instance belongs to the default resource group.'."\n"
+ ."\n"
+ .'For more information about resource groups, refer to [Create a resource group](~~94485~~).', 'type' => 'string', 'required' => false, 'example' => 'rg-acfm2pz25js****', 'title' => ''],
],
[
- 'name' => 'ResourceGroupId',
+ 'name' => 'PageNumber',
'in' => 'query',
+ 'schema' => ['description' => 'The page number. Default value: **1**.', 'type' => 'integer', 'format' => 'int32', 'required' => false, 'default' => '1', 'example' => '1', 'title' => ''],
+ ],
+ [
+ 'name' => 'PageSize',
+ 'in' => 'query',
+ 'schema' => ['description' => 'The number of entries per page in a paged query. Default value: **10**.', 'type' => 'integer', 'format' => 'int32', 'required' => false, 'default' => '10', 'example' => '10', 'title' => ''],
+ ],
+ [
+ 'name' => 'DomainNames',
+ 'in' => 'query',
+ 'style' => 'repeatList',
'schema' => [
- 'type' => 'string',
+ 'description' => 'The list of domain names to query. You can specify up to 10 domain names at a time. If you do not specify this parameter, all domain names are queried.'."\n"
+ ."\n"
+ .'> You can call [DescribeDomainNames](~~86373~~) to query all domain names that are added to the current WAF instance for protection.',
+ 'type' => 'array',
+ 'items' => ['description' => 'The domain name.', 'type' => 'string', 'required' => false, 'example' => 'www.aliyunXXXX.com', 'title' => ''],
+ 'required' => false,
+ 'maxItems' => 100,
+ 'title' => '',
+ 'example' => '',
],
],
[
'name' => 'RegionId',
'in' => 'query',
- 'schema' => [
- 'type' => 'string',
- 'default' => 'cn-hangzhou',
- ],
+ 'schema' => ['description' => 'The region where the WAF instance resides. Valid values:'."\n"
+ ."\n"
+ .'- **cn-hangzhou**: the Chinese mainland.'."\n"
+ ."\n"
+ .'- **ap-southeast-1**: outside the Chinese mainland.', 'type' => 'string', 'default' => 'cn-hangzhou', 'required' => false, 'example' => 'cn-hangzhou', 'title' => ''],
],
],
'responses' => [
@@ -3045,98 +3011,104 @@
'schema' => [
'type' => 'object',
'properties' => [
- 'ModuleStatus' => [
- 'description' => '',
- 'type' => 'integer',
- 'format' => 'int32',
- 'example' => '1',
- ],
- 'RequestId' => [
- 'description' => '',
- 'type' => 'string',
- 'example' => 'D7861F61-5B61-46CE-A47C-6B19160D5EB0',
+ 'TotalCount' => ['description' => 'The total number of entries returned.', 'type' => 'integer', 'format' => 'int32', 'example' => '63', 'title' => ''],
+ 'RequestId' => ['description' => 'The ID of the request.', 'type' => 'string', 'example' => 'D7861F61-5B61-46CE-A47C-6B19****5EB0', 'title' => ''],
+ 'DomainStatus' => [
+ 'description' => 'The log collection status of the domain names (whether log collection is enabled).',
+ 'type' => 'array',
+ 'items' => [
+ 'type' => 'object',
+ 'properties' => [
+ 'Domain' => ['description' => 'The domain name.', 'type' => 'string', 'example' => 'www.aliyun.com', 'title' => ''],
+ 'SlsLogActive' => ['description' => 'Indicates whether log collection is enabled for the domain name. Valid values:'."\n"
+ ."\n"
+ .'- **1**: enabled.'."\n"
+ .'- **0**: disabled.', 'type' => 'integer', 'format' => 'int32', 'example' => '1', 'title' => ''],
+ ],
+ 'description' => '',
+ 'title' => '',
+ 'example' => '',
+ ],
+ 'title' => '',
+ 'example' => '',
],
],
+ 'description' => '',
+ 'title' => '',
+ 'example' => '',
],
],
],
- 'errorCodes' => [],
- 'responseDemo' => '[{"type":"json","example":"{\\n \\"ModuleStatus\\": 1,\\n \\"RequestId\\": \\"D7861F61-5B61-46CE-A47C-6B19160D5EB0\\"\\n}","errorExample":""},{"type":"xml","example":"<DescribeProtectionModuleStatusResponse>\\n <ModuleStatus>1</ModuleStatus>\\n <RequestId>D7861F61-5B61-46CE-A47C-6B19160D5EB0</RequestId>\\n</DescribeProtectionModuleStatusResponse>","errorExample":""}]',
- 'title' => 'DescribeProtectionModuleStatus',
+ 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"TotalCount\\": 63,\\n \\"RequestId\\": \\"D7861F61-5B61-46CE-A47C-6B19****5EB0\\",\\n \\"DomainStatus\\": [\\n {\\n \\"Domain\\": \\"www.aliyun.com\\",\\n \\"SlsLogActive\\": 1\\n }\\n ]\\n}","type":"json"}]',
+ 'title' => 'Query log collection status',
+ 'summary' => 'Queries the log collection status (whether log collection is enabled) of domain names that are added to WAF for protection.',
+ 'requestParamsDescription' => 'When you call this operation, in addition to the request parameters described in this topic, you must include Alibaba Cloud API common request parameters. For more information about common request parameters, refer to [Common parameters](~~162719~~).'."\n"
+ ."\n"
+ .'For the request format, see the **request example** in this topic.',
'responseParamsDescription' => ' ',
'extraInfo' => ' ',
- ],
- 'ModifyProtectionModuleStatus' => [
- 'methods' => [
- 'post',
- 'get',
+ 'changeSet' => [
+ ['createdAt' => '2022-08-23T11:43:34.000Z', 'description' => 'Request parameters changed, Error codes changed'],
+ ],
+ 'flowControl' => [
+ 'flowControlList' => [
+ ['threshold' => '10', 'countWindow' => 1, 'regionId' => '*', 'api' => 'DescribeLogServiceStatus'],
+ ],
],
- 'schemes' => [
- 'http',
- 'https',
+ 'ramActions' => [
+ [
+ 'operationType' => 'get',
+ 'ramAction' => [
+ 'action' => 'yundun-waf:DescribeLogServiceStatus',
+ 'authLevel' => 'operate',
+ 'actionConditions' => [],
+ 'resources' => [
+ ['validationType' => 'always', 'product' => 'WAF', 'resourceType' => 'All Resource', 'arn' => '*'],
+ ],
+ ],
+ ],
],
+ ],
+ 'DescribeProtectionModuleCodeConfig' => [
+ 'methods' => ['post', 'get'],
+ 'schemes' => ['http', 'https'],
'security' => [
[
'AK' => [],
],
],
- 'systemTags' => [],
+ 'systemTags' => ['operationType' => 'get'],
'parameters' => [
[
- 'name' => 'Domain',
- 'in' => 'query',
- 'schema' => [
- 'description' => '',
- 'type' => 'string',
- 'required' => true,
- 'example' => 'www.aliyundoc.com',
- ],
- ],
- [
- 'name' => 'DefenseType',
+ 'name' => 'CodeType',
'in' => 'query',
- 'schema' => [
- 'description' => '',
- 'type' => 'string',
- 'required' => true,
- 'example' => 'waf',
- ],
+ 'schema' => ['description' => 'The type of code to query. Set the value to **14**, which indicates the region codes applicable to the WAF region-level IP blacklist configuration.', 'type' => 'integer', 'format' => 'int32', 'required' => true, 'example' => '14', 'title' => ''],
],
[
- 'name' => 'ModuleStatus',
+ 'name' => 'CodeValue',
'in' => 'query',
- 'schema' => [
- 'description' => '',
- 'type' => 'integer',
- 'format' => 'int32',
- 'required' => true,
- 'example' => '1',
- ],
+ 'schema' => ['description' => 'The type of region codes to query. Valid values:'."\n"
+ .'- **0**: region codes within China.'."\n"
+ .'- **1**: region codes outside China.'."\n"
+ ."\n"
+ .'If you do not set this parameter, all types of region codes are queried.', 'type' => 'integer', 'format' => 'int32', 'required' => false, 'example' => '0', 'title' => ''],
],
[
'name' => 'InstanceId',
'in' => 'query',
- 'schema' => [
- 'description' => '',
- 'type' => 'string',
- 'required' => true,
- 'example' => 'waf-cn-zz11sr5****',
- ],
+ 'schema' => ['description' => 'The ID of the WAF instance.'."\n"
+ ."\n"
+ .'> You can call [DescribeInstanceInfo](~~140857~~) to query the ID of the current WAF instance.', 'type' => 'string', 'required' => true, 'example' => 'waf-cn-tl32ast****', 'title' => ''],
],
[
'name' => 'ResourceGroupId',
'in' => 'query',
- 'schema' => [
- 'type' => 'string',
- ],
+ 'schema' => ['description' => 'The ID of the resource group to which the website domain name belongs in Resource Management. If you do not set this parameter, the default resource group is used.', 'type' => 'string', 'required' => false, 'example' => 'rg-acfm2pz25js****', 'title' => ''],
],
[
'name' => 'RegionId',
'in' => 'query',
- 'schema' => [
- 'type' => 'string',
- 'default' => 'cn-hangzhou',
- ],
+ 'schema' => ['type' => 'string', 'default' => 'cn-hangzhou', 'description' => '', 'required' => false, 'title' => '', 'example' => ''],
],
],
'responses' => [
@@ -3144,92 +3116,378 @@
'schema' => [
'type' => 'object',
'properties' => [
- 'RequestId' => [
- 'description' => '',
- 'type' => 'string',
- 'example' => 'D7861F61-5B61-46CE-A47C-6B19160D5EB0',
- ],
+ 'CodeConfigs' => ['description' => 'The specific configuration of region codes. The value is a string converted from a JSON array. Each element in the JSON array represents a type of region code and contains the following fields:'."\n"
+ ."\n"
+ .'- **code**: Integer | The type of region code. Valid values: **0** (region codes within China) | **1** (region codes outside China).'."\n"
+ ."\n"
+ .'- **name**: String | All region codes of this type. Multiple region codes are separated by commas (,). For the meanings of specific region codes, see the description below the **Response parameters** table.'."\n"
+ ."\n"
+ .'- **env**: String | Indicates whether the region code is available. Valid values: **online** (the region code is available) | **offline** (the region code is unavailable).', 'type' => 'string', 'example' => '[{"code":0,"name":"310000,530000,150000,110000,TW_01,220000,510000,120000,640000,340000,370000,140000,440000,450000,650000,320000,360000,130000,410000,330000,460000,420000,430000,MO_01,620000,350000,540000,520000,210000,500000,610000,630000,HK_01,230000","env":"online"}]', 'title' => ''],
+ 'RequestId' => ['description' => 'The ID of the request.', 'type' => 'string', 'example' => 'BE3911B8-9D96-5B39-8875-503BBC9DA4BF', 'title' => ''],
],
+ 'description' => '',
+ 'title' => '',
+ 'example' => '',
],
],
],
- 'errorCodes' => [],
- 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"RequestId\\": \\"D7861F61-5B61-46CE-A47C-6B19160D5EB0\\"\\n}","type":"json"}]',
- 'title' => 'ModifyProtectionModuleStatus',
- 'responseParamsDescription' => ' ',
- 'extraInfo' => ' ',
- ],
- 'ModifyProtectionModuleMode' => [
- 'methods' => [
- 'post',
- 'get',
+ 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"CodeConfigs\\": \\"[{\\\\\\"code\\\\\\":0,\\\\\\"name\\\\\\":\\\\\\"310000,530000,150000,110000,TW_01,220000,510000,120000,640000,340000,370000,140000,440000,450000,650000,320000,360000,130000,410000,330000,460000,420000,430000,MO_01,620000,350000,540000,520000,210000,500000,610000,630000,HK_01,230000\\\\\\",\\\\\\"env\\\\\\":\\\\\\"online\\\\\\"}]\\",\\n \\"RequestId\\": \\"BE3911B8-9D96-5B39-8875-503BBC9DA4BF\\"\\n}","type":"json"}]',
+ 'title' => 'Query WAF protection module code configuration',
+ 'summary' => 'Queries the region codes that can be configured in the WAF region-level IP blacklist.',
+ 'description' => 'This operation queries the region codes that can be configured in the WAF region-level IP blacklist.'."\n"
+ .'The queries per second (QPS) limit for a single user is 100. If this limit is exceeded, API calls are throttled, which may affect your business. Call this operation at an appropriate frequency.',
+ 'requestParamsDescription' => 'When you call this operation, you must include common request parameters in addition to the request parameters described in this topic. For more information about common request parameters, see [Common parameters](~~162719~~).'."\n"
+ ."\n"
+ .'For the request format, see the request example in the **Examples** section.',
+ 'responseParamsDescription' => '**Region codes within China (`"code": 0`)**.'."\n"
+ ."\n"
+ .'```'."\n"
+ .'{'."\n"
+ .' "310000": "Shanghai",'."\n"
+ .' "610000": "Shaanxi",'."\n"
+ .' "360000": "Jiangxi",'."\n"
+ .' "230000": "Heilongjiang",'."\n"
+ .' "530000": "Yunnan",'."\n"
+ .' "140000": "Shanxi",'."\n"
+ .' "440000": "Guangdong",'."\n"
+ .' "320000": "Jiangsu",'."\n"
+ .' "110000": "Beijing",'."\n"
+ .' "MO_01": "Macao (China)",'."\n"
+ .' "620000": "Gansu",'."\n"
+ .' "370000": "Shandong",'."\n"
+ .' "150000": "Inner Mongolia",'."\n"
+ .' "450000": "Guangxi",'."\n"
+ .' "410000": "Henan",'."\n"
+ .' "500000": "Chongqing",'."\n"
+ .' "120000": "Tianjin",'."\n"
+ .' "630000": "Qinghai",'."\n"
+ .' "460000": "Hainan",'."\n"
+ .' "640000": "Ningxia",'."\n"
+ .' "330000": "Zhejiang",'."\n"
+ .' "HK_01": "Hong Kong (China)",'."\n"
+ .' "420000": "Hubei",'."\n"
+ .' "430000": "Hunan",'."\n"
+ .' "130000": "Hebei",'."\n"
+ .' "510000": "Sichuan",'."\n"
+ .' "350000": "Fujian",'."\n"
+ .' "210000": "Liaoning",'."\n"
+ .' "220000": "Jilin",'."\n"
+ .' "340000": "Anhui",'."\n"
+ .' "520000": "Guizhou",'."\n"
+ .' "TW_01": "Taiwan (China)"'."\n"
+ .'}'."\n"
+ .'```'."\n"
+ ."\n"
+ .'**Region codes outside China (`"code": 1`)**.'."\n"
+ ."\n"
+ .'```'."\n"
+ .'{'."\n"
+ .' "KE": "Kenya",'."\n"
+ .' "KG": "Kyrgyzstan",'."\n"
+ .' "KH": "Cambodia",'."\n"
+ .' "KI": "Kiribati",'."\n"
+ .' "KM": "Comoros",'."\n"
+ .' "KN": "Saint Kitts and Nevis",'."\n"
+ .' "KP": "North Korea",'."\n"
+ .' "KR": "South Korea",'."\n"
+ .' "KW": "Kuwait",'."\n"
+ .' "KY": "Cayman Islands",'."\n"
+ .' "KZ": "Kazakhstan",'."\n"
+ .' "LA": "Laos",'."\n"
+ .' "LB": "Lebanon",'."\n"
+ .' "LC": "Saint Lucia",'."\n"
+ .' "LI": "Liechtenstein",'."\n"
+ .' "LK": "Sri Lanka",'."\n"
+ .' "LR": "Liberia",'."\n"
+ .' "LS": "Lesotho",'."\n"
+ .' "LT": "Lithuania",'."\n"
+ .' "LU": "Luxembourg",'."\n"
+ .' "LV": "Latvia",'."\n"
+ .' "LY": "Libya",'."\n"
+ .' "MA": "Morocco",'."\n"
+ .' "MC": "Monaco",'."\n"
+ .' "MD": "Moldova",'."\n"
+ .' "ME": "Montenegro",'."\n"
+ .' "MF": "Saint Martin",'."\n"
+ .' "MG": "Madagascar",'."\n"
+ .' "MH": "Marshall Islands",'."\n"
+ .' "MK": "North Macedonia",'."\n"
+ .' "ML": "Mali",'."\n"
+ .' "MM": "Myanmar",'."\n"
+ .' "MN": "Mongolia",'."\n"
+ .' "MP": "Northern Mariana Islands",'."\n"
+ .' "MQ": "Martinique",'."\n"
+ .' "MR": "Mauritania",'."\n"
+ .' "MS": "Montserrat",'."\n"
+ .' "MT": "Malta",'."\n"
+ .' "MU": "Mauritius",'."\n"
+ .' "MV": "Maldives",'."\n"
+ .' "MW": "Malawi",'."\n"
+ .' "MX": "Mexico",'."\n"
+ .' "MY": "Malaysia",'."\n"
+ .' "MZ": "Mozambique",'."\n"
+ .' "NA": "Namibia",'."\n"
+ .' "NC": "New Caledonia",'."\n"
+ .' "NE": "Niger",'."\n"
+ .' "NF": "Norfolk Island",'."\n"
+ .' "NG": "Nigeria",'."\n"
+ .' "NI": "Nicaragua",'."\n"
+ .' "NL": "Netherlands",'."\n"
+ .' "NO": "Norway",'."\n"
+ .' "NP": "Nepal",'."\n"
+ .' "NR": "Nauru",'."\n"
+ .' "NU": "Niue",'."\n"
+ .' "NZ": "New Zealand",'."\n"
+ .' "GA": "Gabon",'."\n"
+ .' "GB": "United Kingdom",'."\n"
+ .' "WS": "Samoa",'."\n"
+ .' "GD": "Grenada",'."\n"
+ .' "GE": "Georgia",'."\n"
+ .' "GF": "French Guiana",'."\n"
+ .' "GG": "Guernsey",'."\n"
+ .' "GH": "Ghana",'."\n"
+ .' "GI": "Gibraltar",'."\n"
+ .' "GL": "Greenland",'."\n"
+ .' "GM": "Gambia",'."\n"
+ .' "GN": "Guinea",'."\n"
+ .' "GP": "Guadeloupe",'."\n"
+ .' "GQ": "Equatorial Guinea",'."\n"
+ .' "GR": "Greece",'."\n"
+ .' "GT": "Guatemala",'."\n"
+ .' "GU": "Guam",'."\n"
+ .' "GW": "Guinea-Bissau",'."\n"
+ .' "GY": "Guyana",'."\n"
+ .' "HN": "Honduras",'."\n"
+ .' "HR": "Croatia",'."\n"
+ .' "HT": "Haiti",'."\n"
+ .' "YE": "Yemen",'."\n"
+ .' "HU": "Hungary",'."\n"
+ .' "YT": "Mayotte",'."\n"
+ .' "ID": "Indonesia",'."\n"
+ .' "IE": "Ireland",'."\n"
+ .' "IL": "Israel",'."\n"
+ .' "IM": "Isle of Man",'."\n"
+ .' "IN": "India",'."\n"
+ .' "IO": "British Indian Ocean Territory",'."\n"
+ .' "ZA": "South Africa",'."\n"
+ .' "IQ": "Iraq",'."\n"
+ .' "IR": "Iran",'."\n"
+ .' "IS": "Iceland",'."\n"
+ .' "IT": "Italy",'."\n"
+ .' "ZM": "Zambia",'."\n"
+ .' "JE": "Jersey",'."\n"
+ .' "ZW": "Zimbabwe",'."\n"
+ .' "JM": "Jamaica",'."\n"
+ .' "JO": "Jordan",'."\n"
+ .' "JP": "Japan",'."\n"
+ .' "SI": "Slovenia",'."\n"
+ .' "BY": "Belarus",'."\n"
+ .' "SK": "Slovakia",'."\n"
+ .' "BZ": "Belize",'."\n"
+ .' "SL": "Sierra Leone",'."\n"
+ .' "SM": "San Marino",'."\n"
+ .' "SN": "Senegal",'."\n"
+ .' "SO": "Somalia",'."\n"
+ .' "CA": "Canada",'."\n"
+ .' "SR": "Suriname",'."\n"
+ .' "SS": "South Sudan",'."\n"
+ .' "ST": "Sao Tome and Principe",'."\n"
+ .' "CD": "Democratic Republic of the Congo",'."\n"
+ .' "CF": "Central African Republic",'."\n"
+ .' "SV": "El Salvador",'."\n"
+ .' "CG": "Congo",'."\n"
+ .' "CH": "Switzerland",'."\n"
+ .' "SX": "Sint Maarten",'."\n"
+ .' "SY": "Syria",'."\n"
+ .' "CI": "Cote d\'Ivoire",'."\n"
+ .' "SZ": "Eswatini",'."\n"
+ .' "CK": "Cook Islands",'."\n"
+ .' "CL": "Chile",'."\n"
+ .' "CM": "Cameroon",'."\n"
+ .' "CN": "China",'."\n"
+ .' "CO": "Colombia",'."\n"
+ .' "TC": "Turks and Caicos Islands",'."\n"
+ .' "CR": "Costa Rica",'."\n"
+ .' "TD": "Chad",'."\n"
+ .' "CU": "Cuba",'."\n"
+ .' "CV": "Cabo Verde",'."\n"
+ .' "TG": "Togo",'."\n"
+ .' "CW": "Curacao",'."\n"
+ .' "TH": "Thailand",'."\n"
+ .' "CX": "Christmas Island",'."\n"
+ .' "TJ": "Tajikistan",'."\n"
+ .' "CY": "Cyprus",'."\n"
+ .' "CZ": "Czech Republic",'."\n"
+ .' "TK": "Tokelau",'."\n"
+ .' "TL": "Timor-Leste",'."\n"
+ .' "TM": "Turkmenistan",'."\n"
+ .' "TN": "Tunisia",'."\n"
+ .' "TO": "Tonga",'."\n"
+ .' "TR": "Turkey",'."\n"
+ .' "TT": "Trinidad and Tobago",'."\n"
+ .' "DE": "Germany",'."\n"
+ .' "TV": "Tuvalu",'."\n"
+ .' "DJ": "Djibouti",'."\n"
+ .' "TZ": "Tanzania",'."\n"
+ .' "DK": "Denmark",'."\n"
+ .' "DM": "Dominica",'."\n"
+ .' "DO": "Dominican Republic",'."\n"
+ .' "UA": "Ukraine",'."\n"
+ .' "UG": "Uganda",'."\n"
+ .' "DZ": "Algeria",'."\n"
+ .' "UM": "United States Minor Outlying Islands",'."\n"
+ .' "US": "United States",'."\n"
+ .' "EC": "Ecuador",'."\n"
+ .' "EE": "Estonia",'."\n"
+ .' "EG": "Egypt",'."\n"
+ .' "UY": "Uruguay",'."\n"
+ .' "UZ": "Uzbekistan",'."\n"
+ .' "VA": "Vatican City",'."\n"
+ .' "VC": "Saint Vincent and the Grenadines",'."\n"
+ .' "ER": "Eritrea",'."\n"
+ .' "ES": "Spain",'."\n"
+ .' "VE": "Venezuela",'."\n"
+ .' "ET": "Ethiopia",'."\n"
+ .' "VG": "British Virgin Islands",'."\n"
+ .' "VI": "United States Virgin Islands",'."\n"
+ .' "VN": "Vietnam",'."\n"
+ .' "VU": "Vanuatu",'."\n"
+ .' "FI": "Finland",'."\n"
+ .' "FJ": "Fiji",'."\n"
+ .' "FK": "Falkland Islands",'."\n"
+ .' "FM": "Micronesia",'."\n"
+ .' "FO": "Faroe Islands",'."\n"
+ .' "FR": "France",'."\n"
+ .' "WF": "Wallis and Futuna",'."\n"
+ .' "OM": "Oman",'."\n"
+ .' "PA": "Panama",'."\n"
+ .' "PE": "Peru",'."\n"
+ .' "PF": "French Polynesia",'."\n"
+ .' "PG": "Papua New Guinea",'."\n"
+ .' "PH": "Philippines",'."\n"
+ .' "PK": "Pakistan",'."\n"
+ .' "PL": "Poland",'."\n"
+ .' "PM": "Saint Pierre and Miquelon",'."\n"
+ .' "PR": "Puerto Rico",'."\n"
+ .' "PS": "Palestine",'."\n"
+ .' "PT": "Portugal",'."\n"
+ .' "PW": "Palau",'."\n"
+ .' "PY": "Paraguay",'."\n"
+ .' "QA": "Qatar",'."\n"
+ .' "AD": "Andorra",'."\n"
+ .' "AE": "United Arab Emirates",'."\n"
+ .' "AF": "Afghanistan",'."\n"
+ .' "AG": "Antigua and Barbuda",'."\n"
+ .' "AI": "Anguilla",'."\n"
+ .' "AL": "Albania",'."\n"
+ .' "AM": "Armenia",'."\n"
+ .' "AO": "Angola",'."\n"
+ .' "AP": "Asia Pacific",'."\n"
+ .' "AQ": "Antarctica",'."\n"
+ .' "AR": "Argentina",'."\n"
+ .' "AS": "American Samoa",'."\n"
+ .' "RE": "Reunion",'."\n"
+ .' "AT": "Austria",'."\n"
+ .' "AU": "Australia",'."\n"
+ .' "AW": "Aruba",'."\n"
+ .' "AX": "Aland Islands",'."\n"
+ .' "AZ": "Azerbaijan",'."\n"
+ .' "RO": "Romania",'."\n"
+ .' "BA": "Bosnia and Herzegovina",'."\n"
+ .' "BB": "Barbados",'."\n"
+ .' "RS": "Serbia",'."\n"
+ .' "BD": "Bangladesh",'."\n"
+ .' "BE": "Belgium",'."\n"
+ .' "RU": "Russia",'."\n"
+ .' "BF": "Burkina Faso",'."\n"
+ .' "RW": "Rwanda",'."\n"
+ .' "BG": "Bulgaria",'."\n"
+ .' "BH": "Bahrain",'."\n"
+ .' "BI": "Burundi",'."\n"
+ .' "BJ": "Benin",'."\n"
+ .' "BL": "Saint Barthelemy",'."\n"
+ .' "BM": "Bermuda",'."\n"
+ .' "BN": "Brunei",'."\n"
+ .' "BO": "Bolivia",'."\n"
+ .' "SA": "Saudi Arabia",'."\n"
+ .' "BQ": "Bonaire, Sint Eustatius and Saba",'."\n"
+ .' "SB": "Solomon Islands",'."\n"
+ .' "BR": "Brazil",'."\n"
+ .' "SC": "Seychelles",'."\n"
+ .' "SD": "Sudan",'."\n"
+ .' "BS": "Bahamas",'."\n"
+ .' "SE": "Sweden",'."\n"
+ .' "BT": "Bhutan",'."\n"
+ .' "SG": "Singapore",'."\n"
+ .' "BW": "Botswana"'."\n"
+ .'}.'."\n"
+ ."\n"
+ .'```.',
+ 'changeSet' => [
+ ['createdAt' => '2021-12-07T10:18:56.000Z', 'description' => 'Request parameters changed, Error codes changed'],
+ ],
+ 'flowControl' => [
+ 'flowControlList' => [
+ ['threshold' => '100', 'countWindow' => 1, 'regionId' => '*', 'api' => 'DescribeProtectionModuleCodeConfig'],
+ ],
],
- 'schemes' => [
- 'http',
- 'https',
+ 'ramActions' => [
+ [
+ 'operationType' => 'get',
+ 'ramAction' => [
+ 'action' => 'yundun-waf:DescribeProtectionModuleCodeConfig',
+ 'authLevel' => 'operate',
+ 'actionConditions' => [],
+ 'resources' => [
+ ['validationType' => 'always', 'product' => 'WAF', 'resourceType' => 'All Resource', 'arn' => '*'],
+ ],
+ ],
+ ],
],
+ ],
+ 'DescribeProtectionModuleMode' => [
+ 'methods' => ['post', 'get'],
+ 'schemes' => ['http', 'https'],
'security' => [
[
'AK' => [],
],
],
- 'systemTags' => [],
+ 'systemTags' => ['operationType' => 'get'],
'parameters' => [
[
'name' => 'Domain',
'in' => 'query',
- 'schema' => [
- 'description' => '',
- 'type' => 'string',
- 'required' => true,
- 'example' => 'www.example.com',
- ],
+ 'schema' => ['description' => 'The domain name of the website to query.'."\n"
+ .'> The domain name must have been added to WAF for protection. You can call [DescribeDomainList](~~255880~~) to query all domain names that have been added to WAF for protection.', 'type' => 'string', 'required' => true, 'example' => 'www.aliyundoc.com', 'title' => ''],
],
[
'name' => 'DefenseType',
'in' => 'query',
- 'schema' => [
- 'description' => '',
- 'type' => 'string',
- 'required' => true,
- 'example' => 'waf',
- ],
- ],
- [
- 'name' => 'Mode',
- 'in' => 'query',
- 'schema' => [
- 'description' => '',
- 'type' => 'integer',
- 'format' => 'int32',
- 'required' => true,
- 'example' => '0',
- ],
+ 'schema' => ['description' => 'The protection module whose pattern you want to query. Valid values:'."\n"
+ ."\n"
+ .'- **waf**: rule protection engine.'."\n"
+ .'- **dld**: deep learning engine.'."\n"
+ .'- **ac_cc**: HTTP flood protection.'."\n"
+ .'- **antifraud**: data risk control.'."\n"
+ .'- **normalized**: proactive defense.', 'type' => 'string', 'required' => true, 'example' => 'waf', 'title' => ''],
],
[
'name' => 'InstanceId',
'in' => 'query',
- 'schema' => [
- 'description' => '',
- 'type' => 'string',
- 'required' => true,
- 'example' => 'waf_elasticity-cn-0xldbqt****',
- ],
+ 'schema' => ['description' => 'The ID of the WAF instance.'."\n"
+ ."\n"
+ .'> You can call [DescribeInstanceInfo](~~140857~~) to query the ID of the current WAF instance.', 'type' => 'string', 'required' => true, 'example' => 'waf-cn-tl32ast****', 'title' => ''],
],
[
'name' => 'ResourceGroupId',
'in' => 'query',
- 'schema' => [
- 'type' => 'string',
- ],
+ 'schema' => ['description' => 'The ID of the resource group to which the domain name belongs in Resource Management. If you do not specify this parameter, the default resource group is used.', 'type' => 'string', 'required' => false, 'example' => 'rg-atstuj3rtop****', 'title' => ''],
],
[
'name' => 'RegionId',
'in' => 'query',
- 'schema' => [
- 'type' => 'string',
- 'default' => 'cn-hangzhou',
- ],
+ 'schema' => ['type' => 'string', 'default' => 'cn-hangzhou', 'description' => '', 'required' => false, 'title' => '', 'example' => ''],
],
],
'responses' => [
@@ -3237,129 +3495,236 @@
'schema' => [
'type' => 'object',
'properties' => [
- 'RequestId' => [
- 'description' => '',
- 'type' => 'string',
- 'example' => 'D7861F61-5B61-46CE-A47C-6B19160D5EB0',
- ],
+ 'RequestId' => ['description' => 'The ID of the request.', 'type' => 'string', 'example' => 'DE14845A-F46F-59BE-B8F7-6ED7A787D213', 'title' => ''],
+ 'Mode' => ['description' => 'The current protection pattern of the protection module. The valid values and meanings of this parameter vary based on the **DefenseType** request parameter. The following list describes the details:'."\n"
+ ."\n"
+ .'- If **DefenseType** is set to **waf** (rule protection engine), the valid values of **Mode** are:'."\n"
+ ."\n"
+ .' - **0**: Block Mode.'."\n"
+ .' - **1**: Alerting pattern.'."\n"
+ ."\n"
+ .'- If **DefenseType** is set to **dld** (deep learning engine), the valid values of **Mode** are:'."\n"
+ ."\n"
+ .' - **0**: Alerting pattern.'."\n"
+ .' - **1**: Block Mode.'."\n"
+ ."\n"
+ .'- If **DefenseType** is set to **ac_cc** (HTTP flood protection), the valid values of **Mode** are:'."\n"
+ ."\n"
+ .' - **0**: Defense mode.'."\n"
+ .' - **1**: Defense-emergency pattern.'."\n"
+ ."\n"
+ .'- If **DefenseType** is set to **antifraud** (data risk control), the valid values of **Mode** are:'."\n"
+ ."\n"
+ .' - **0**: Alerting pattern.'."\n"
+ .' - **1**: Block Mode.'."\n"
+ .' - **2**: Strict Block Mode.'."\n"
+ ."\n"
+ .'- If **DefenseType** is set to **normalized** (proactive defense), the valid values of **Mode** are:'."\n"
+ ."\n"
+ .' - **0**: Alerting pattern.'."\n"
+ .' - **1**: Block Mode.', 'type' => 'integer', 'format' => 'int32', 'example' => '0', 'title' => ''],
],
+ 'description' => '',
+ 'title' => '',
+ 'example' => '',
],
],
],
- 'errorCodes' => [],
- 'responseDemo' => '[{"type":"json","example":"{\\n \\"RequestId\\": \\"D7861F61-5B61-46CE-A47C-6B19****5EB0\\"\\n}","errorExample":""},{"type":"xml","example":"<?xml version=\\"1.0\\" encoding=\\"UTF-8\\" ?>\\r\\n<ModifyProtectionModuleModeResponse>\\r\\n\\t<RequestId>D7861F61-5B61-46CE-A47C-6B19160D5EB0</RequestId>\\r\\n</ModifyProtectionModuleModeResponse>","errorExample":""}]',
- 'title' => 'ModifyProtectionModuleMode',
- 'requestParamsDescription' => ' ',
+ 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"RequestId\\": \\"DE14845A-F46F-59BE-B8F7-6ED7A787D213\\",\\n \\"Mode\\": 0\\n}","type":"json"}]',
+ 'title' => 'Query the current protection pattern of a domain name',
+ 'summary' => 'Retrieves the current protection pattern of a specified domain name, such as the RegEx protection engine, big data deep learning engine, HTTP flood protection, data risk control, and proactive defense.',
+ 'description' => 'Queries the current protection pattern used by a specified protection module (including the rule protection engine, deep learning engine, HTTP flood protection, data risk control, and proactive defense) in the website Protection Settings.'."\n"
+ ."\n"
+ .'You can specify the protection module to query by setting the **DefenseType** parameter. For more information about the valid values, see the description of the **DefenseType** request parameter.'."\n"
+ ."\n"
+ .'Before calling this operation, you must have called [CreateDomain](~~160780~~) to create a Website Config and add the website domain name to WAF for protection.'."\n"
+ ."\n"
+ .'To ensure system stability, the queries per second (QPS) is limited to 10 per user. If the limit is exceeded, API calls are throttled, which may affect your business. Call this operation appropriately.',
+ 'requestParamsDescription' => 'When you call this operation, you must include the common request parameters of Alibaba Cloud APIs in addition to the request parameters described in this topic. For more information about common request parameters, see [Common parameters](~~162719~~).'."\n"
+ .'For the request format, see the request examples in the **Examples** section of this topic.',
'responseParamsDescription' => ' ',
'extraInfo' => ' ',
- ],
- 'DescribeProtectionModuleRules' => [
- 'methods' => [
- 'post',
- 'get',
+ 'changeSet' => [],
+ 'flowControl' => [
+ 'flowControlList' => [
+ ['threshold' => '10', 'countWindow' => 1, 'regionId' => '*', 'api' => 'DescribeProtectionModuleMode'],
+ ],
],
- 'schemes' => [
- 'http',
- 'https',
+ 'ramActions' => [
+ [
+ 'operationType' => 'get',
+ 'ramAction' => [
+ 'action' => 'yundun-waf:DescribeProtectionModuleMode',
+ 'authLevel' => 'operate',
+ 'actionConditions' => [],
+ 'resources' => [
+ ['validationType' => 'always', 'product' => 'WAF', 'resourceType' => 'All Resource', 'arn' => '*'],
+ ],
+ ],
+ ],
],
+ ],
+ 'DescribeProtectionModuleRules' => [
+ 'methods' => ['post', 'get'],
+ 'schemes' => ['http', 'https'],
'security' => [
[
'AK' => [],
],
],
- 'systemTags' => [
- 'operationType' => 'get',
- ],
+ 'systemTags' => ['operationType' => 'get'],
'parameters' => [
[
'name' => 'PageSize',
'in' => 'query',
- 'schema' => [
- 'description' => '',
- 'type' => 'integer',
- 'format' => 'int32',
- 'required' => false,
- 'example' => '10',
- ],
+ 'schema' => ['description' => 'The number of rules to return on each page in a paging query. Default value: **10**.', 'type' => 'integer', 'format' => 'int32', 'required' => false, 'example' => '10', 'title' => ''],
],
[
'name' => 'PageNumber',
'in' => 'query',
- 'schema' => [
- 'description' => '',
- 'type' => 'integer',
- 'format' => 'int32',
- 'required' => false,
- 'example' => '1',
- ],
+ 'schema' => ['description' => 'The current page number in a paging query. Default value: **1**.', 'type' => 'integer', 'format' => 'int32', 'required' => false, 'example' => '1', 'title' => ''],
],
[
'name' => 'Domain',
'in' => 'query',
- 'schema' => [
- 'description' => '',
- 'type' => 'string',
- 'required' => false,
- 'example' => 'www.aliyundoc.com',
- ],
+ 'schema' => ['description' => 'The domain name to query. Details:'."\n"
+ ."\n"
+ .'- When **DefenseType** is set to a value other than **ng_account** (querying website protection settings other than account security rules), this parameter is required.'."\n"
+ .' > You can invoke [DescribeDomainList](~~255880~~) to query all domain names that have been added to WAF for protection.'."\n"
+ ."\n"
+ .'- When **DefenseType** is set to **ng_account** (querying account security rule configurations), do not set this parameter. Otherwise, an error message is returned.', 'type' => 'string', 'required' => false, 'example' => 'www.aliyundoc.com', 'title' => ''],
],
[
'name' => 'DefenseType',
'in' => 'query',
- 'schema' => [
- 'description' => '',
- 'type' => 'string',
- 'required' => true,
- 'example' => 'ac_highfreq',
- ],
+ 'schema' => ['description' => 'The type of protection feature configuration to query. Valid values:'."\n"
+ ."\n"
+ .'- **waf-codec**: rule protection DPI engine decoding settings.'."\n"
+ ."\n"
+ .'- **tamperproof**: web tamper-proofing rule configurations.'."\n"
+ ."\n"
+ .'- **dlp**: sensitive information leak prevention rule configurations.'."\n"
+ ."\n"
+ .'- **ng_account**: account security rule configurations.'."\n"
+ ."\n"
+ .'- **bot_crawler**: legitimate crawler rule configurations.'."\n"
+ ."\n"
+ .'- **bot_intelligence**: crawler threat intelligence rule configurations.'."\n"
+ ."\n"
+ .'- **antifraud**: data risk control protection request configurations.'."\n"
+ ."\n"
+ .'- **antifraud_js**: data risk control JS insertion page configurations.'."\n"
+ ."\n"
+ .'- **bot_algorithm**: intelligent algorithm rule configurations.'."\n"
+ ."\n"
+ .'- **bot_wxbb_pkg**: app protection version protection rules.'."\n"
+ ."\n"
+ .'- **bot_wxbb**: app protection path protection rules.'."\n"
+ ."\n"
+ .'- **ac_blacklist**: IP blacklist rule configurations.'."\n"
+ ."\n"
+ .'- **ac_highfreq**: automatic blocking rules for high-frequency web attack IP addresses.'."\n"
+ ."\n"
+ .'- **ac_dirscan**: folder scan protection rule configurations.'."\n"
+ ."\n"
+ .'- **ac_custom**: custom mitigation policy rule configurations.'."\n"
+ ."\n"
+ .'- **whitelist**: protection whitelist rule configurations.', 'type' => 'string', 'required' => true, 'example' => 'ac_highfreq', 'title' => ''],
],
[
'name' => 'Query',
'in' => 'query',
- 'schema' => [
- 'description' => '',
- 'type' => 'string',
- 'required' => false,
- 'example' => 'e2ZpbHRlcjp7InJ1bGVJZCI6NDI3NTV9LG9yZGVyQnk6ImdtdF9tb2RpZmllZCIsZGVzYzp0cnVlfQ==',
- ],
+ 'schema' => ['description' => 'The filter and sorting settings for rules, expressed as a JSON format string. The following parameters are included:'."\n"
+ ."\n"
+ .'> This parameter must be in Base64-encoded format. Construct the JSON format string based on the following parameter description and then convert it to Base64 encoding.'."\n"
+ ."\n"
+ .'- **filter**: JSON format string | Optional | The filter condition. Described in JSON string format, which includes the following parameters:'."\n"
+ ."\n"
+ .' - **nameId**: String | Optional | Queries rules whose rule ID equals this parameter value or whose rule name contains this parameter value.'."\n"
+ ."\n"
+ .' - **scene**: String | Optional | The protection module to query. Valid values are the same as those of the **DefenseType** parameter.'."\n"
+ ."\n"
+ .' - **enabled**: Boolean | Optional | The rule status to query. Valid values:'."\n"
+ ."\n"
+ .' - **false**: Disabled.'."\n"
+ ."\n"
+ .' - **true**: Enabled.'."\n"
+ ."\n"
+ .' - **status**: Integer | Optional | The rule status to query. This parameter has the same meaning as the **enabled** parameter. Valid values:'."\n"
+ ."\n"
+ .' - **0**: Disabled.'."\n"
+ ."\n"
+ .' - **1**: Enabled.'."\n"
+ ."\n"
+ .' - **ruleId**: Integer | Optional | The rule ID to query.'."\n"
+ ."\n"
+ .' - **ruleIdList**: Array | Optional | The list of rule IDs to query. Separate multiple rule IDs with commas (,).'."\n"
+ ."\n"
+ .' - **sceneList**: Array | Optional | The list of protection modules to query. Valid values are the same as those of the **DefenseType** parameter. Separate multiple protection modules with commas (,).'."\n"
+ ."\n"
+ .' - **originList**: Array | Optional | The rule sources. Valid values: **system** (automatically generated by the system) and **custom** (custom-created). Separate multiple rule sources with commas (,).'."\n"
+ ."\n"
+ .' - **tag**: String | Optional | When the protection module is set to protection whitelist (**whitelist**), set this parameter to query protection whitelist rules that skip detection for a specified module. For the valid values and meanings of the **tag** parameter, refer to the description of the protection whitelist rule configuration in the response elements.'."\n"
+ ."\n"
+ .' - **origin**: String | Optional | When the protection module is set to protection whitelist (**whitelist**), set this parameter to query protection whitelist rules automatically added by the WAF intelligent rule hosting feature. The value is fixed as **ai**. If this parameter is not set, all protection whitelist rules are queried (including rules you manually added and rules automatically added by the intelligent rule hosting feature).'."\n"
+ ."\n"
+ .' - **category**: String | Optional | When the protection module is set to protection whitelist (**whitelist**), set this parameter to query a specified whitelist categorization. Valid values:'."\n"
+ ."\n"
+ .' - **waf**: website whitelist.'."\n"
+ ."\n"
+ .' - **ws**: Web Intrusion Prevention whitelist.'."\n"
+ ."\n"
+ .' - **ac**: Access Control/Rate Limiting whitelist.'."\n"
+ ."\n"
+ .' - **ds**: Data Security whitelist.'."\n"
+ ."\n"
+ .'- **orderBy**: String | Optional | The sorting field. Valid values:'."\n"
+ ."\n"
+ .' - **action**: the rule action. This value is valid only when querying custom mitigation policy rules.'."\n"
+ ."\n"
+ .' - **gmt_modified** (default): the last modification time.'."\n"
+ ."\n"
+ .' - **name**: the rule name.'."\n"
+ ."\n"
+ .' - **status**: the rule status.'."\n"
+ ."\n"
+ .'- **desc**: Boolean | Optional | Specifies whether to sort in descending order. Valid values:'."\n"
+ ."\n"
+ .' - **false**: Ascending order.'."\n"
+ ."\n"
+ .' - **true** (default): Descending order.', 'type' => 'string', 'required' => false, 'example' => 'e2ZpbHRlcjp7InJ1bGVJZCI6NDI3NTV9LG9yZGVyQnk6ImdtdF9tb2RpZmllZCIsZGVzYzp0cnVlfQ==', 'title' => ''],
],
[
'name' => 'Lang',
'in' => 'query',
- 'schema' => [
- 'description' => '',
- 'type' => 'string',
- 'required' => false,
- 'example' => 'zh',
- ],
+ 'schema' => ['description' => 'The language of the rule name. Valid values:'."\n"
+ ."\n"
+ .'- **zh**: Chinese.'."\n"
+ .'- **en**: English.'."\n"
+ .'- **ja**: Japanese.', 'type' => 'string', 'required' => false, 'example' => 'zh', 'title' => ''],
],
[
'name' => 'InstanceId',
'in' => 'query',
- 'schema' => [
- 'description' => '',
- 'type' => 'string',
- 'required' => true,
- 'example' => 'waf_elasticity-cn-0xldbqt****',
- ],
+ 'schema' => ['description' => 'The ID of the WAF instance.'."\n"
+ ."\n"
+ .'> You can call [DescribeInstanceInfo](~~140857~~) to query the ID of the current WAF instance.', 'type' => 'string', 'required' => true, 'example' => 'waf_elasticity-cn-0xldbqt****', 'title' => ''],
],
[
'name' => 'ResourceGroupId',
'in' => 'query',
- 'schema' => [
- 'description' => '',
- 'type' => 'string',
- 'required' => false,
- 'example' => 'rg-acfm2pz25js****',
- ],
+ 'schema' => ['description' => 'The ID of the resource group to which the WAF instance belongs in Resource Management.'."\n"
+ ."\n"
+ .'If this parameter is not set, the default resource group is used.', 'type' => 'string', 'required' => false, 'example' => 'rg-acfm2pz25js****', 'title' => ''],
],
[
'name' => 'RegionId',
'in' => 'query',
- 'schema' => [
- 'type' => 'string',
- 'default' => 'cn-hangzhou',
- ],
+ 'schema' => ['description' => 'The region where the WAF instance resides. Valid values:'."\n"
+ ."\n"
+ .'- **cn-hangzhou**: the Chinese mainland.'."\n"
+ ."\n"
+ .'- **ap-southeast-1**: outside the Chinese mainland.', 'type' => 'string', 'default' => 'cn-hangzhou', 'required' => false, 'example' => 'cn-hangzhou', 'title' => ''],
],
],
'responses' => [
@@ -3367,134 +3732,514 @@
'schema' => [
'type' => 'object',
'properties' => [
- 'TotalCount' => [
- 'description' => '',
- 'type' => 'integer',
- 'format' => 'int32',
- 'example' => '1',
- ],
- 'RequestId' => [
- 'description' => '',
- 'type' => 'string',
- 'example' => 'D7861F61-5B61-46CE-A47C-6B19160D5EB0',
- ],
+ 'TotalCount' => ['description' => 'The total number of rule configurations returned.', 'type' => 'integer', 'format' => 'int32', 'example' => '1', 'title' => ''],
+ 'RequestId' => ['description' => 'The ID of the request.', 'type' => 'string', 'example' => 'D7861F61-5B61-46CE-A47C-6B19160D5EB0', 'title' => ''],
'Rules' => [
- 'description' => '',
+ 'description' => 'The rule configuration information, including the rule ID, creation time, and status.',
'type' => 'array',
'items' => [
'type' => 'object',
'properties' => [
- 'Status' => [
- 'description' => '',
- 'type' => 'integer',
- 'format' => 'int64',
- 'example' => '1',
- ],
- 'Time' => [
- 'description' => '',
- 'type' => 'integer',
- 'format' => 'int64',
- 'example' => '1570700044',
- ],
- 'Content' => [
- 'description' => '',
- 'type' => 'object',
- 'example' => '{"count":60,"interval":60,"ttl":300}',
- ],
- 'Version' => [
- 'description' => '',
- 'type' => 'integer',
- 'format' => 'int64',
- 'example' => '2',
- ],
- 'RuleId' => [
- 'description' => '',
- 'type' => 'integer',
- 'format' => 'int64',
- 'example' => '42755',
- ],
+ 'Status' => ['description' => 'The rule status. Valid values:'."\n"
+ ."\n"
+ .'- **0**: Disabled.'."\n"
+ ."\n"
+ .'- **1**: Enabled.', 'type' => 'integer', 'format' => 'int64', 'example' => '1', 'title' => ''],
+ 'Time' => ['description' => 'The time when the rule was created. The value is a UNIX timestamp. Unit: seconds.', 'type' => 'integer', 'format' => 'int64', 'example' => '1570700044', 'title' => ''],
+ 'Content' => ['description' => 'The rule configuration content, expressed as a string converted from a JSON object constructed with a series of parameters.'."\n"
+ ."\n"
+ .'> The specific parameters vary depending on the protection feature module configuration (**DefenseType**). For more information, refer to the **Content parameter description**.', 'type' => 'object', 'example' => '{"count":60,"interval":60,"ttl":300}', 'title' => ''],
+ 'Version' => ['description' => 'The version number of the current rule configuration.', 'type' => 'integer', 'format' => 'int64', 'example' => '2', 'title' => ''],
+ 'RuleId' => ['description' => 'The rule ID.', 'type' => 'integer', 'format' => 'int64', 'example' => '42755', 'title' => ''],
],
+ 'description' => '',
+ 'title' => '',
+ 'example' => '',
],
+ 'title' => '',
+ 'example' => '',
],
],
+ 'description' => '',
+ 'title' => '',
+ 'example' => '',
],
],
],
'errorCodes' => [],
- 'responseDemo' => '[{"type":"json","example":"{\\n \\"TotalCount\\": 1,\\n \\"RequestId\\": \\"D7861F61-5B61-46CE-A47C-6B19160D5EB0\\",\\n \\"Rules\\": [\\n {\\n \\"Status\\": 1,\\n \\"Time\\": 1570700044,\\n \\"Content\\": {\\n \\"count\\": 60,\\n \\"interval\\": 60,\\n \\"ttl\\": 300\\n },\\n \\"Version\\": 2,\\n \\"RuleId\\": 42755\\n }\\n ]\\n}","errorExample":""},{"type":"xml","example":"<?xml version=\\"1.0\\" encoding=\\"UTF-8\\" ?>\\n<DescribeProtectionModuleRulesResponse>\\n\\t<TotalCount>1</TotalCount>\\n\\t<Rules>\\n\\t\\t<Version>2</Version>\\n\\t\\t<Status>1</Status>\\n\\t\\t<Content>\\n\\t\\t\\t<count>60</count>\\n\\t\\t\\t<interval>60</interval>\\n\\t\\t\\t<ttl>300</ttl>\\n\\t\\t</Content>\\n\\t\\t<RuleId>42755</RuleId>\\n\\t\\t<Time>1570700044</Time>\\n\\t</Rules>\\n\\t<RequestId>D7861F61-5B61-46CE-A47C-6B19160D5EB0</RequestId>\\n</DescribeProtectionModuleRulesResponse>","errorExample":""}]',
- 'title' => 'DescribeProtectionModuleRules',
+ 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"TotalCount\\": 1,\\n \\"RequestId\\": \\"D7861F61-5B61-46CE-A47C-6B19160D5EB0\\",\\n \\"Rules\\": [\\n {\\n \\"Status\\": 1,\\n \\"Time\\": 1570700044,\\n \\"Content\\": {\\n \\"count\\": 60,\\n \\"interval\\": 60,\\n \\"ttl\\": 300\\n },\\n \\"Version\\": 2,\\n \\"RuleId\\": 42755\\n }\\n ]\\n}","type":"json"}]',
+ 'title' => 'Query WAF protection feature rule configuration records',
+ 'summary' => 'Queries the rule configuration records of WAF protection features, such as Web Intrusion Prevention, Data Security, Bot Management, Access Control or Rate Limiting, and Website Whitelist.',
+ 'description' => 'This operation queries the rule configuration records of specified WAF protection feature modules (including Web Intrusion Prevention, Data Security, Bot Management, Access Control or Rate Limiting, and Website Whitelist) with paging.'."\n"
+ .'You can specify the protection feature module by setting the **DefenseType** parameter. For the meanings of specific parameter values, refer to the description of the **DefenseType** request parameter.'."\n"
+ .'To ensure system stability, the queries per second (QPS) is limited to 50 per user. If the limit is exceeded, API calls are throttled, which may affect your business. Invoke this operation appropriately.',
+ 'requestParamsDescription' => 'When you call this operation, you must include common Alibaba Cloud API request parameters in addition to the request parameters described in this topic. For more information about common request parameters, see [Common parameters](~~162719~~).'."\n"
+ ."\n"
+ .'For the request format, refer to the request example in the **Examples** section.',
+ 'responseParamsDescription' => '**Content parameter description**.'."\n"
+ ."\n"
+ .' - The JSON string for rule protection engine decoding settings (**waf-codec**) contains the following parameters:'."\n"
+ ."\n"
+ .' - **codecList**: String | Required | The enabled decoding configuration items.'."\n"
+ ."\n"
+ .' - **Example**.'."\n"
+ ."\n"
+ .' ```'."\n"
+ .' {'."\n"
+ .' "codecList":["url","base64"]'."\n"
+ .' }'."\n"
+ .' ```.'."\n"
+ ."\n"
+ .'- The JSON string for web tamper-proofing rule configurations (**tamperproof**) contains the following parameters:'."\n"
+ ."\n"
+ .' - **uri**: String | Required | The specific URL to protect.'."\n"
+ .' - **name**: String | Required | The rule name.'."\n"
+ .' - **status**: Integer | Optional | The protection status of the rule:'."\n"
+ .' - **0** (default): Not in effect.'."\n"
+ .' - **1**: In effect.'."\n"
+ ."\n"
+ .' - **Example**.'."\n"
+ ."\n"
+ .' ```'."\n"
+ .' {'."\n"
+ .' "name":"example",'."\n"
+ .' "uri":"http://www.example.com/example",'."\n"
+ .' "status":1'."\n"
+ .' }'."\n"
+ .' ```.'."\n"
+ ."\n"
+ .'- The JSON string for sensitive information leak prevention rule configurations (**dlp**) contains the following parameters:'."\n"
+ ."\n"
+ .' - **name**: String | Required | The rule name.'."\n"
+ .' - **conditions**: Array | Required | The match conditions described in JSON string format. A maximum of two match conditions can be set, and the relationship between conditions is AND. The following parameters are included:'."\n"
+ ."\n"
+ .' - **key**: The match field.'."\n"
+ .' - **0**: the protected URL.'."\n"
+ .' - **10**: sensitive information.'."\n"
+ .' - **11**: the response code.'."\n"
+ .' - **operation**: The match logic. The value is fixed as **1**, which indicates Contains.'."\n"
+ .' - **value**: The match condition values described in JSON string format. Multiple condition values are supported. The following parameters are included:'."\n"
+ .' - **v**: Applicable only when the match field (**key**) is URL (**0**) or response code (**11**).'."\n"
+ .' - URL: When `"key":0`, the value is a URL address.'."\n"
+ .' - Response code: When `"key":11`, valid values include **400**, **401**, **402**, **403**, **404**, **405-499**, **500**, **501**, **502**, **503**, **504**, and **505-599**.'."\n"
+ .' - **k**: Applicable only when the match field (**key**) is sensitive information (**10**). Valid values:'."\n"
+ .' - **100**: ID card.'."\n"
+ .' - **101**: credit card.'."\n"
+ .' - **102**: phone number.'."\n"
+ .' - **103**: default sensitive words.'."\n"
+ .' - **action**: The match action.'."\n"
+ .' - **3**: Alert.'."\n"
+ .' - **10**: Sensitive information filtering. This action is applicable only to match conditions that contain sensitive information (`"key":10`).'."\n"
+ .' - **11**: Return the built-in block page. This action is applicable only to match conditions that contain response codes (`"key":11`).'."\n"
+ ."\n"
+ .' - **Example**.'."\n"
+ ."\n"
+ .' ```'."\n"
+ .' {'."\n"
+ .' "name":"example",'."\n"
+ .' "conditions":[{"key":11,"operation":1,"value":[{"v":401}]},{"key":"0","operation":1,"value":[{"v":"www.example.com"}]}],'."\n"
+ .' "action":3'."\n"
+ .' }'."\n"
+ .' ```.'."\n"
+ ."\n"
+ .'- The JSON string for account security rule configurations (**ng_account**) contains the following parameters:'."\n"
+ ."\n"
+ .' - **domain**: String | Required | The protected domain name.'."\n"
+ ."\n"
+ .' - **method**: String | Required | The request method to detect, including POST, GET, PUT, and DELETE. Multiple request methods are supported, separated by commas (,).'."\n"
+ ."\n"
+ .' - **url_path**: String | Required | The detection interface, expressed as a URL path that must start with a forward slash (/).'."\n"
+ ."\n"
+ .' - **account_left**: String | Required | The account parameter name.'."\n"
+ ."\n"
+ .' - **password_left**: String | Optional | The password parameter name.'."\n"
+ ."\n"
+ .' - **action**: String | Required | The protection action. Valid values:'."\n"
+ .' - **monitor**: Alert.'."\n"
+ .' - **block**: Block.'."\n"
+ ."\n"
+ .' - **Example**.'."\n"
+ ."\n"
+ .' ```'."\n"
+ .' {'."\n"
+ .' "domain":"www.example.com",'."\n"
+ .' "method":"GET,POST",'."\n"
+ .' "url_path":"/example",'."\n"
+ .' "account_left":"aaa",'."\n"
+ .' "action":"monitor"'."\n"
+ .' }'."\n"
+ .' ```.'."\n"
+ ."\n"
+ .'- The JSON string for legitimate crawler rule configurations (**bot_crawler**) contains the following parameters:'."\n"
+ ."\n"
+ .' - **Status**: Integer | Required | Specifies whether to enable the rule. Valid values:'."\n"
+ .' - 0: Disabled.'."\n"
+ .' - 1: Enabled.'."\n"
+ .' - **Version**: Integer | Required | The rule version number.'."\n"
+ .' - **Content**: String | Required | The rule details described in JSON string format, which includes the following parameters:'."\n"
+ .' - **name**: String | Required | The rule name.'."\n"
+ .' - **conditions**: Array | Optional | The protection path conditions. In legitimate crawler rule configurations, this value is fixed as empty, indicating all paths.'."\n"
+ .' - **expressions**: Array | Required | The rule conditional expressions that represent all rule condition information in a more readable format.'."\n"
+ .' - **bypassTags**: String | Required | The modules to skip detection. In legitimate crawler rule configurations, this value is fixed as **antibot**, indicating the Bot Management module.'."\n"
+ .' - **tags**: Array | Required | The protection feature module to which the rule belongs. In legitimate crawler rule configurations, this value is fixed as `["antibot"]`, indicating the Bot Management module.'."\n"
+ .' - **RuleId**: Integer | Required | The rule ID.'."\n"
+ .' - **Time**: String | Required | The last modification time of the rule, expressed as a UNIX timestamp in seconds.'."\n"
+ ."\n"
+ .' - **Example**'."\n"
+ .' ```'."\n"
+ .' {'."\n"
+ .' "Status":0,'."\n"
+ .' "Version":1,'."\n"
+ .' "Content":{'."\n"
+ .' "name":"百度蜘蛛白名单",'."\n"
+ .' "conditions":[],'."\n"
+ .' "expressions":["remote_addr inl \'ioc.210d077a-cf34-49ad-a9b3-0aa48095c595\' && uri =^ \'/\'"],'."\n"
+ .' "bypassTags":"antibot",'."\n"
+ .' "tags":["antibot"]'."\n"
+ .' },'."\n"
+ .' "RuleId":20384,'."\n"
+ .' "Time":1585818161'."\n"
+ .' }'."\n"
+ .' ```'."\n"
+ .'- The JSON string for crawler threat intelligence rule configurations (**bot_intelligence**) contains the following parameters:'."\n"
+ ."\n"
+ .' - **Status**: Integer | Required | Specifies whether to enable the rule. Valid values:'."\n"
+ .' - 0: Disabled.'."\n"
+ .' - 1: Enabled.'."\n"
+ .' - **Version**: Integer | Required | The rule version number.'."\n"
+ .' - **Content**: String | Required | The rule details described in JSON string format, which includes the following parameters:'."\n"
+ .' - **name**: String | Required | The rule name.'."\n"
+ .' - **action**: String | Required | The action. Valid values:'."\n"
+ .' - **monitor**: Monitor.'."\n"
+ .' - **captcha**: Slider CAPTCHA.'."\n"
+ .' - **captcha_strict**: Strict slider CAPTCHA.'."\n"
+ .' - **js**: JavaScript verification.'."\n"
+ .' - **block**: Block.'."\n"
+ .' - **urlList**: Array | Required | The protection paths. A maximum of ten protection paths can be specified. Described in JSON string format, which includes the following parameters:'."\n"
+ .' - **mode**: String | Required | The match method, used together with the path keyword (**url**) parameter to specify the protection path. Valid values: **eq** (exact match), **prefix-match** (prefix match), and **regex** (regex match).'."\n"
+ .' - **url**: String | Required | The path keyword, which must start with a forward slash (/).'."\n"
+ .' - **keyType**: String | Required | The intelligence library type, which includes IP library (**ip**) and fingerprint library (**ua**).'."\n"
+ .' - **RuleId**: Integer | Required | The rule ID.'."\n"
+ .' - **Time**: String | Required | The last modification time of the rule, expressed as a UNIX timestamp in seconds.'."\n"
+ ."\n"
+ .' - **Example**'."\n"
+ .' ```'."\n"
+ .' {'."\n"
+ .' "Status":1,'."\n"
+ .' "Version":1,'."\n"
+ .' "Content":{'."\n"
+ .' "name":"IDC IP库-腾讯云",'."\n"
+ .' "action":"captcha_strict",'."\n"
+ .' "urlList":[{"mode":"prefix-match","url":"/indexa"}, {"mode":"regex","url":"/"},{"mode":"eq","url":"/"}],'."\n"
+ .' "keyType":"ip"'."\n"
+ .' },'."\n"
+ .' "RuleId":922777,'."\n"
+ .' "Time":1585907112'."\n"
+ .' }'."\n"
+ .' ```.'."\n"
+ ."\n"
+ .'- The JSON string for data risk control protection request rule configurations (**antifraud**) contains the following parameters:'."\n"
+ ."\n"
+ .' - **uri**: String | Required | The specific protection request URL.'."\n"
+ .' '."\n"
+ .' - **Example**.'."\n"
+ ."\n"
+ .' ```'."\n"
+ .' {'."\n"
+ .' "uri": "http://1.example.com/example"'."\n"
+ .' }'."\n"
+ .' ```.'."\n"
+ ."\n"
+ .'- The JSON string for data risk control JS insertion page configurations (**antifraud_js**) contains the following parameters:'."\n"
+ ."\n"
+ .' - **uri**: String | Required | The URL of the page where the data risk control JS is to be inserted. The system inserts the data risk control JS into all pages under the specified URL path.'."\n"
+ ."\n"
+ .' - **Example**.'."\n"
+ ."\n"
+ .' ```'."\n"
+ .' {'."\n"
+ .' "uri": "/example/example"'."\n"
+ .' }'."\n"
+ .' ```.'."\n"
+ ."\n"
+ .'- The JSON string for intelligent algorithm rule configurations (**bot_algorithm**) contains the following parameters:'."\n"
+ ."\n"
+ .' - **Status**: Integer | Required | Specifies whether to enable the rule. Valid values:'."\n"
+ .' - 0: Disabled.'."\n"
+ .' - 1: Enabled.'."\n"
+ .' - **Version**: Integer | Required | The rule version number.'."\n"
+ .' - **Content**: String | Required | The rule details described in JSON string format, which includes the following parameters:'."\n"
+ .' - **name**: String | Required | The rule name.'."\n"
+ .' - **timeInterval**: Integer | Required | The detection period. Valid values: 30, 60, 120, 300, and 600. Unit: seconds.'."\n"
+ .' - **action**: String | Required | The action. Valid values:'."\n"
+ .' - **monitor**: Monitor.'."\n"
+ .' - **captcha**: Slider CAPTCHA.'."\n"
+ .' - **js**: JavaScript verification.'."\n"
+ .' - **block**: Block. When Block is selected as the action, the block duration (**blocktime**) parameter must be set.'."\n"
+ .' - **blocktime**: Integer | Optional | The block duration. Unit: minutes. Valid values: 1 to 600.'."\n"
+ .' - **algorithmName**: String | Required | The algorithm name. Valid values:'."\n"
+ .' - **RR**: dedicated resource crawler identification algorithm.'."\n"
+ .' - **PR**: targeted path crawler identification algorithm.'."\n"
+ .' - **DPR**: parameter polling crawler identification algorithm.'."\n"
+ .' - **SR**: dynamic IP crawler identification algorithm.'."\n"
+ .' - **IND**: proxy device crawler identification algorithm.'."\n"
+ .' - **Periodicity**: periodicity crawler identification algorithm.'."\n"
+ .' - **config**: String | Required | The algorithm configuration information in JSON string format. The specific sub-parameters in the algorithm configuration depend on the selected algorithm name (**algorithmName**).'."\n"
+ .' - The configuration for the dedicated resource crawler identification algorithm (**RR**) includes the following sub-parameters:'."\n"
+ .' - **resourceType**: Integer | Optional | The requested resource type. Valid values:'."\n"
+ .' - **1**: dynamic resource type.'."\n"
+ .' - **2**: static resource type.'."\n"
+ .' - **-1**: custom resource type. When custom resource type is selected, set the **extensions** parameter to specify the resource suffixes in string format, separated by commas (,). For example, `css,jpg,xls`.'."\n"
+ .' - **minRequestCountPerIp**: Integer | Required | The range of IP addresses to detect during the detection period. Only IP addresses with a URI of the requests greater than or equal to this value are detected. Specify the minimum URI of the requests. Valid values: 5 to 10000.'."\n"
+ .' - **minRatio**: Float | Required | The risk determination condition, which is the threshold for the proportion of access requests to the specified resource type among all IP access requests. An IP address is determined as risky if the proportion exceeds this threshold. Valid values: 0.01 to 1.'."\n"
+ .' - The configuration for the targeted path crawler identification algorithm (**PR**) includes the following sub-parameters:'."\n"
+ .' - **keyPathConfiguration**: Array | Optional | The request path information. A maximum of 10 paths can be specified. This sub-parameter is required only when the targeted path crawler identification algorithm is used. Described in JSON string format, which includes the following parameters:'."\n"
+ .' - **method**: String | Required | The request method. Valid values: **POST**, **GET**, **PUT**, **DELETE**, **HEAD**, and **OPTIONS**.'."\n"
+ .' - **url**: String | Required | The request path keyword, which must start with a forward slash (/).'."\n"
+ .' - **matchType**: String | Required | The match method, used together with the request path keyword (**url**) parameter to specify the request path. Valid values: **all** (exact match), **prefix** (prefix match), and **regex** (regex match).'."\n"
+ .' - **minRequestCountPerIp**: Integer | Required | The range of IP addresses to detect during the detection period. Only IP addresses with a URI of the requests greater than or equal to this value are detected. Specify the minimum URI of the requests. Valid values: 5 to 10000.'."\n"
+ .' - **minRatio**: Float | Required | The risk determination condition, which is the threshold for the proportion of access requests to the specified paths among all IP access requests (for the targeted path crawler identification algorithm). An IP address is determined as risky if the proportion exceeds this threshold. Valid values: 0.01 to 1.'."\n"
+ .' - The configuration for the parameter polling crawler identification algorithm (**DPR**) includes the following sub-parameters:'."\n"
+ .' - **method**: String | Required | The request method. Valid values: **POST**, **GET**, **PUT**, **DELETE**, **HEAD**, and **OPTIONS**.'."\n"
+ .' - **urlPattern**: String | Required | The key parameter path, which must start with a forward slash (/). Use {} to represent key parameters. When multiple {} are configured, these parameters are concatenated as the key parameter. For example, `/company/{}/{}/{}/user.php?uid={}`.'."\n"
+ .' - **minRequestCountPerIp**: Integer | Required | The range of IP addresses to detect during the detection period. Only IP addresses with a URI of the requests greater than or equal to this value are detected. Specify the minimum URI of the requests. Valid values: 5 to 10000.'."\n"
+ .' - **minRatio**: Float | Required | The risk determination condition, which is the threshold for the proportion of distinct key parameter values among all IP access requests. An IP address is determined as risky if the proportion exceeds this threshold. Valid values: 0.01 to 1.'."\n"
+ .' - The configuration for the dynamic IP crawler identification algorithm (**SR**) includes the following sub-parameters:'."\n"
+ .' - **maxRequestCountPerSrSession**: Integer | Required | The minimum number of requests per session used to define an abnormal session. A session is determined as abnormal if the number of requests in a single session is less than this value. Valid values: 1 to 8.'."\n"
+ .' - **minSrSessionCountPerIp**: Integer | Required | The risk determination condition, which is the threshold for the number of abnormal sessions among IP access requests. An IP address is determined as risky if the number of abnormal sessions in a single IP access request exceeds this value. Valid values: 5 to 300.'."\n"
+ .' - The configuration for the proxy device crawler identification algorithm (**IND**) includes the following sub-parameters:'."\n"
+ .' - **minIpCount**: Integer | Required | The malicious device determination condition, which is the threshold for the number of IP address changes associated with the device via WIFI. A device is determined as risky if the number exceeds this threshold. Valid values: 5 to 500.'."\n"
+ .' - **keyPathConfiguration**: Array | Optional | The detection path information. A maximum of 10 paths can be specified. Described in JSON string format, which includes the following parameters:'."\n"
+ .' - **method**: String | Required | The request method. Valid values: **POST**, **GET**, **PUT**, **DELETE**, **HEAD**, and **OPTIONS**.'."\n"
+ .' - **url**: String | Required | The detection path keyword, which must start with a forward slash (/).'."\n"
+ .' - **matchType**: String | Required | The match method, used together with the detection path keyword (**url**) parameter to specify the request path. Valid values: **all** (exact match), **prefix** (prefix match), and **regex** (regex match).'."\n"
+ .' - The configuration for the periodicity crawler identification algorithm (**Periodicity**) includes the following sub-parameters:'."\n"
+ .' - **minRequestCountPerIp**: Integer | Required | The range of IP addresses to detect during the detection period. Only IP addresses with a URI of the requests greater than or equal to this value are detected. Specify the minimum URI of the requests. Valid values: 5 to 10000.'."\n"
+ .' - **level**: Integer | Required | The risk determination level, which indicates the degree of periodicity in the access IP pattern. Valid values:'."\n"
+ .' - **0**: Obvious.'."\n"
+ .' - **1**: Moderate.'."\n"
+ .' - **2**: Weak.'."\n"
+ .' - **RuleId**: Integer | Required | The rule ID.'."\n"
+ .' - **Time**: String | Required | The last modification time of the rule, expressed as a UNIX timestamp in seconds.'."\n"
+ ."\n"
+ .' - **Example**'."\n"
+ .' ```'."\n"
+ .' {'."\n"
+ .' "Status":1,'."\n"
+ .' "Version":1,'."\n"
+ .' "Content":{'."\n"
+ .' "name":"动态IP",'."\n"
+ .' "timeInterval":60,'."\n"
+ .' "action":"warn",'."\n"
+ .' "algorithmName":"IND",'."\n"
+ .' "config":{"minIpCount":5,"keyPathConfiguration":[{"method":"GET","matchType":"prefix","url":"/index"}]}'."\n"
+ .' },'."\n"
+ .' "RuleId":940180,'."\n"
+ .' "Time":1585832957'."\n"
+ .' }'."\n"
+ .' ```.'."\n"
+ ."\n"
+ .'- The JSON string for app protection version protection rule configurations (**bot_wxbb_pkg**) contains the following parameters:'."\n"
+ ."\n"
+ .' - **Version**: Integer | Required | The rule version number.'."\n"
+ .' - **Content**: String | Required | The rule details described in JSON string format, which includes the following parameters:'."\n"
+ .' - **name**: String | Required | The rule name.'."\n"
+ .' - **action**: String | Required | The action. Valid values:'."\n"
+ .' - **test**: Monitor.'."\n"
+ .' - **close**: Block.'."\n"
+ .' - **nameList**: Array | Required | The legitimate version information. A maximum of five rules can be specified. Described in JSON string format, which includes the following parameters:'."\n"
+ .' - **name**: String | Required | The legitimate package name.'."\n"
+ .' - **signList**: Array | Required | The corresponding package signatures. A maximum of 15 signatures are supported, separated by commas (,).'."\n"
+ .' - **RuleId**: Integer | Required | The rule ID.'."\n"
+ .' - **Time**: String | Required | The last modification time of the rule, expressed as a UNIX timestamp in seconds.'."\n"
+ ."\n"
+ .' - **Example**'."\n"
+ .' ```'."\n"
+ .' {'."\n"
+ .' "Version":0,'."\n"
+ .' "Content":{'."\n"
+ .' "nameList":[{"signList":["xxxxxx","xxxxx","xxxx","xx"],"name":"apk-xxxx"}],'."\n"
+ .' "name":"test",'."\n"
+ .' "action":"close"'."\n"
+ .' },'."\n"
+ .' "RuleId":271,'."\n"
+ .' "Time":1585836143'."\n"
+ .' }'."\n"
+ .' ```'."\n"
+ .'- The JSON string for app protection path protection rule configurations (**bot_wxbb**) contains the following parameters:'."\n"
+ ."\n"
+ .' - **Version**: Integer | Required | The rule version number.'."\n"
+ .' - **Content**: String | Required | The rule details described in JSON string format, which includes the following parameters:'."\n"
+ .' - **name**: String | Required | The rule name.'."\n"
+ .' - **uri**: String | Required | The protection path, which must start with a forward slash (/).'."\n"
+ .' - **matchType**: String | Required | The match method. Valid values: **all** (exact match), **prefix** (prefix match), and **regex** (regex match).'."\n"
+ .' - **arg**: String | Required | The parameter inclusion, used together with the match method (**matchType**) parameter to specify the protection path configuration.'."\n"
+ .' - **action**: String | Required | The action. Valid values:'."\n"
+ .' - **test**: Monitor.'."\n"
+ .' - **close**: Block.'."\n"
+ .' - **wxbbVmpFieldType**: Integer | Optional | The custom signing field type. This parameter is not returned if no custom signing field is set in the rule. Valid values:'."\n"
+ .' - **0**: header.'."\n"
+ .' - **1**: parameter.'."\n"
+ .' - **2**: cookie.'."\n"
+ .' - **wxbbVmpFieldValue**: String | Optional | The custom signing field value. This parameter is not returned if no custom signing field is set in the rule.'."\n"
+ .' - **blockInvalidSign**: Boolean | Required | Specifies whether to perform the action on invalid signatures.'."\n"
+ .' - **blockProxy**: Boolean | Required | Specifies whether to perform the action on proxies.'."\n"
+ .' - **blockSimulator**: Boolean | Required | Specifies whether to perform the action on simulators.'."\n"
+ .' - **RuleId**: Integer | Required | The rule ID.'."\n"
+ .' - **Time**: String | Required | The last modification time of the rule, expressed as a UNIX timestamp in seconds.'."\n"
+ ."\n"
+ .' - **Example**'."\n"
+ .' ```'."\n"
+ .' {'."\n"
+ .' "Version":6,'."\n"
+ .' "Content":{'."\n"
+ .' "blockInvalidSign":true,'."\n"
+ .' "wxbbVmpFieldValue":"test",'."\n"
+ .' "blockSimulator":true,'."\n"
+ .' "matchType":"all",'."\n"
+ .' "arg":"test",'."\n"
+ .' "name":"test",'."\n"
+ .' "action":"close",'."\n"
+ .' "blockProxy":true,'."\n"
+ .' "uri":"/index",'."\n"
+ .' "wxbbVmpFieldType":1'."\n"
+ .' },'."\n"
+ .' "RuleId":2585,'."\n"
+ .' "Time":1586241849'."\n"
+ .' }'."\n"
+ .' ```.'."\n"
+ ."\n"
+ .'- The JSON string for IP blacklist rule configurations (**ac_blacklist**) contains the following parameters:'."\n"
+ ."\n"
+ .' - **empty**: Boolean | Required | Indicates whether the blacklist is empty.'."\n"
+ .' - **remoteAddr**: Array | Required | The IP addresses in the blacklist.'."\n"
+ .' - **area**: String | Required | The Location Blacklist rule expressed as a JSON format string, which includes country codes (countryCodes), region codes (regionCodes), and whether to allow access (not) as specific parameters. Because the API operation returns blocked countries and regions in encoding format, view the specific blocked countries and regions in the console.'."\n"
+ ."\n"
+ .' - **Example**'."\n"
+ .' ```'."\n"
+ .' {'."\n"
+ .' "empty":false,'."\n"
+ .' "remoteAddr":["1.XX.XX.1","12.XX.XX.2"]'."\n"
+ .' }'."\n"
+ .' ```.'."\n"
+ ."\n"
+ .'- The JSON string for automatic blocking rules for high-frequency web attack IP addresses (**ac_highfreq**) contains the following parameters:'."\n"
+ ."\n"
+ .' - **interval**: Integer | Required | The detection time range. Unit: seconds. Valid values: 5 to 1800.'."\n"
+ .' - **ttl**: Integer | Required | The IP blocking duration. Unit: seconds. Valid values: 60 to 86400.'."\n"
+ .' - **count**: Integer | Required | The web attack count threshold. Blocking is triggered when the number of attacks within the detection time range exceeds this value. Valid values: 2 to 50000.'."\n"
+ ."\n"
+ .' - **Example**'."\n"
+ .' ```'."\n"
+ .' {'."\n"
+ .' "interval":60,'."\n"
+ .' "ttl":300,'."\n"
+ .' "count":60'."\n"
+ .' }'."\n"
+ .' ```.'."\n"
+ ."\n"
+ .'- The JSON string for directory scan protection rule configurations (**ac_dirscan**) contains the following parameters:'."\n"
+ ."\n"
+ .' - **interval**: Integer | Required | The detection time range. Unit: seconds. Valid values: 5 to 1800.'."\n"
+ .' - **ttl**: Integer | Required | The IP blocking duration. Unit: seconds.'."\n"
+ .' - **count**: Integer | Required | The access count threshold. Valid values: 2 to 50000.'."\n"
+ .' - **weight**: Float | Required | The 404 response code ratio threshold (percentage). Valid values: `(0,1]`.'."\n"
+ .' - **uriNum**: Integer | Required | The scanned directory count threshold. Valid values: 2 to 50000.'."\n"
+ ."\n"
+ .' - **Example**'."\n"
+ .' ```'."\n"
+ .' {'."\n"
+ .' "interval":10,'."\n"
+ .' "ttl":1800,'."\n"
+ .' "count":50,'."\n"
+ .' "weight":0.7,'."\n"
+ .' "u.',
'extraInfo' => ' ',
- ],
- 'CreateProtectionModuleRule' => [
- 'methods' => [
- 'post',
- 'get',
+ 'changeSet' => [],
+ 'flowControl' => [
+ 'flowControlList' => [
+ ['threshold' => '50', 'countWindow' => 1, 'regionId' => '*', 'api' => 'DescribeProtectionModuleRules'],
+ ],
],
- 'schemes' => [
- 'http',
- 'https',
+ 'ramActions' => [
+ [
+ 'operationType' => 'get',
+ 'ramAction' => [
+ 'action' => 'yundun-waf:DescribeProtectionModuleRules',
+ 'authLevel' => 'operate',
+ 'actionConditions' => [],
+ 'resources' => [
+ ['validationType' => 'always', 'product' => 'WAF', 'resourceType' => 'All Resource', 'arn' => '*'],
+ ],
+ ],
+ ],
],
+ ],
+ 'DescribeProtectionModuleStatus' => [
+ 'methods' => ['post', 'get'],
+ 'schemes' => ['http', 'https'],
'security' => [
[
'AK' => [],
],
],
- 'systemTags' => [],
+ 'systemTags' => ['operationType' => 'get'],
'parameters' => [
[
'name' => 'Domain',
'in' => 'query',
- 'schema' => [
- 'description' => '',
- 'type' => 'string',
- 'required' => true,
- 'example' => 'www.example.com',
- ],
+ 'schema' => ['description' => 'The domain name of the website to query.'."\n"
+ ."\n"
+ .'> You can call [DescribeDomainList](~~255880~~) to query all domain names that are added to WAF for protection.', 'type' => 'string', 'required' => true, 'example' => 'www.aliyundoc.com', 'title' => ''],
],
[
'name' => 'DefenseType',
'in' => 'query',
- 'schema' => [
- 'description' => '',
- 'type' => 'string',
- 'required' => true,
- 'example' => 'ac_custom',
- ],
- ],
- [
- 'name' => 'Rule',
- 'in' => 'query',
- 'schema' => [
- 'description' => '',
- 'type' => 'string',
- 'required' => true,
- 'example' => ' {"action":"monitor","name":"test","scene":"custom_acl","conditions":[{"opCode":1,"key":"URL","values":"/example"}]}',
- ],
+ 'schema' => ['description' => 'The WAF security protection feature module to query. Valid values:'."\n"
+ ."\n"
+ .'- **waf**: rule-based protection engine.'."\n"
+ .'- **dld**: deep learning engine.'."\n"
+ .'- **tamperproof**: web tamper-proofing.'."\n"
+ .'- **dlp**: sensitive information leak prevention.'."\n"
+ .'- **normalized**: proactive defense.'."\n"
+ .'- **bot_crawler**: legitimate crawlers.'."\n"
+ .'- **bot_intelligence**: crawler threat intelligence.'."\n"
+ .'- **antifraud**: data risk control.'."\n"
+ .'- **bot_algorithm**: intelligent algorithm.'."\n"
+ .'- **bot_wxbb**: app protection.'."\n"
+ .'- **bot_wxbb_pkg**: version protection in app protection.'."\n"
+ .'- **ac_cc**: HTTP flood protection.'."\n"
+ .'- **ac_blacklist**: IP blacklist.'."\n"
+ .'- **ac_highfreq**: blocking of high-frequency web attacks in scan protection.'."\n"
+ .'- **ac_dirscan**: directory traversal protection in scan protection.'."\n"
+ .'- **ac_scantools**: scan tool blocking in scan protection.'."\n"
+ .'- **ac_collaborative**: collaborative defense in scan protection.'."\n"
+ .'- **ac_custom**: custom protection policy.'."\n"
+ ."\n"
+ .'> Only one feature module can be set at a time.', 'type' => 'string', 'required' => true, 'example' => 'waf', 'title' => ''],
],
[
'name' => 'InstanceId',
'in' => 'query',
- 'schema' => [
- 'description' => '',
- 'type' => 'string',
- 'required' => true,
- 'example' => 'waf-cn-0xldbqt****',
- ],
+ 'schema' => ['description' => 'The ID of the WAF instance to query.'."\n"
+ ."\n"
+ .'> You can call [DescribeInstanceInfo](~~140857~~) to query the ID of the current WAF instance.', 'type' => 'string', 'required' => true, 'example' => 'waf-cn-zz11sr5****', 'title' => ''],
],
[
'name' => 'ResourceGroupId',
'in' => 'query',
- 'schema' => [
- 'type' => 'string',
- ],
+ 'schema' => ['description' => 'The ID of the resource group to which the WAF instance belongs in Resource Management. This parameter is empty by default, which indicates that the instance belongs to the default resource group.'."\n"
+ ."\n"
+ .'For more information about resource groups, see [Create a resource group](~~94485~~).', 'type' => 'string', 'required' => false, 'example' => 'rg-aek2hw7****ftqi', 'title' => ''],
],
[
'name' => 'RegionId',
'in' => 'query',
- 'schema' => [
- 'type' => 'string',
- 'default' => 'cn-hangzhou',
- ],
+ 'schema' => ['description' => 'The region where the WAF instance resides. Valid values:'."\n"
+ ."\n"
+ .'- **cn-hangzhou**: the Chinese mainland.'."\n"
+ ."\n"
+ .'- **ap-southeast-1**: outside the Chinese mainland.', 'type' => 'string', 'default' => 'cn-hangzhou', 'required' => false, 'example' => 'cn-hangzhou', 'title' => ''],
],
],
'responses' => [
@@ -3502,113 +4247,143 @@
'schema' => [
'type' => 'object',
'properties' => [
- 'RequestId' => [
- 'description' => '',
- 'type' => 'string',
- 'example' => 'D7861F61-5B61-46CE-A47C-6B19160D5EB0',
- ],
+ 'ModuleStatus' => ['description' => 'The enablement status of the protection feature module. Valid values:'."\n"
+ ."\n"
+ .'- **0**: The feature module is disabled.'."\n"
+ .'- **1**: The feature module is enabled.', 'type' => 'integer', 'format' => 'int32', 'example' => '1', 'title' => ''],
+ 'RequestId' => ['description' => 'The ID of the request.', 'type' => 'string', 'example' => 'D7861F61-5B61-46CE-A47C-6B19160D5EB0', 'title' => ''],
],
+ 'description' => '',
+ 'title' => '',
+ 'example' => '',
],
],
],
'errorCodes' => [],
- 'responseDemo' => '[{"type":"json","example":"{\\n \\"RequestId\\": \\"D7861F61-5B61-46CE-A47C-6B19****5EB0\\"\\n}","errorExample":""},{"type":"xml","example":"<CreateProtectionModuleRuleResponse>\\n <RequestId>D7861F61-5B61-46CE-A47C-6B19160D5EB0</RequestId>\\n</CreateProtectionModuleRuleResponse>","errorExample":""}]',
- 'title' => 'CreateProtectionModuleRule',
+ 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"ModuleStatus\\": 1,\\n \\"RequestId\\": \\"D7861F61-5B61-46CE-A47C-6B19160D5EB0\\"\\n}","type":"json"}]',
+ 'title' => 'Query the status of WAF protection features',
+ 'summary' => 'Queries the status of WAF protection features, including Web Intrusion Prevention, Data Security, Advanced Protection, Bot Management, Access Control, and Rate Limiting modules.',
+ 'description' => 'Queries the enablement status of a specified WAF protection feature module. You can set the **DefenseType** parameter to specify the protection feature module to query. For more information about the valid values, see the description of the **DefenseType** request parameter. To ensure system stability, the queries per second (QPS) for each user is limited to 50. If the limit is exceeded, API calls are throttled, which may affect your business. Call this operation appropriately.',
+ 'requestParamsDescription' => 'When you call this operation, you must include common Alibaba Cloud API request parameters in addition to the request parameters described in this topic. For more information about common request parameters, see [Common parameters](~~162719~~).'."\n"
+ ."\n"
+ .'For the request format, see the request example in the **Examples** section of this topic.',
'responseParamsDescription' => ' ',
'extraInfo' => ' ',
- ],
- 'ModifyProtectionModuleRule' => [
- 'methods' => [
- 'post',
- 'get',
+ 'changeSet' => [],
+ 'flowControl' => [
+ 'flowControlList' => [
+ ['threshold' => '50', 'countWindow' => 1, 'regionId' => '*', 'api' => 'DescribeProtectionModuleStatus'],
+ ],
],
- 'schemes' => [
- 'http',
- 'https',
+ 'ramActions' => [
+ [
+ 'operationType' => 'get',
+ 'ramAction' => [
+ 'action' => 'yundun-waf:DescribeProtectionModuleStatus',
+ 'authLevel' => 'operate',
+ 'actionConditions' => [],
+ 'resources' => [
+ ['validationType' => 'always', 'product' => 'WAF', 'resourceType' => 'All Resource', 'arn' => '*'],
+ ],
+ ],
+ ],
],
+ ],
+ 'DescribeRuleGroups' => [
+ 'methods' => ['post', 'get'],
+ 'schemes' => ['http', 'https'],
'security' => [
[
'AK' => [],
],
],
- 'systemTags' => [],
+ 'systemTags' => [
+ 'operationType' => 'get',
+ 'abilityTreeCode' => '93352',
+ 'abilityTreeNodes' => ['FEATUREwaf10VDFG'],
+ ],
'parameters' => [
[
- 'name' => 'Domain',
+ 'name' => 'SourceIp',
'in' => 'query',
- 'schema' => [
- 'description' => '',
- 'type' => 'string',
- 'required' => true,
- 'example' => 'www.example.com',
- ],
+ 'schema' => ['description' => 'The source IP address of the request. You do not need to specify this parameter. The system automatically obtains the value.', 'type' => 'string', 'required' => false, 'example' => '60.208.*.*', 'title' => ''],
],
[
- 'name' => 'DefenseType',
+ 'name' => 'Lang',
'in' => 'query',
- 'schema' => [
- 'description' => '',
- 'type' => 'string',
- 'required' => true,
- 'example' => 'ac_custom',
- ],
+ 'schema' => ['description' => 'The language of the response. Valid values:'."\n"
+ ."\n"
+ .'- **zh** (default): Chinese'."\n"
+ .'- **en**: English.', 'type' => 'string', 'required' => false, 'example' => 'zh', 'title' => ''],
],
[
- 'name' => 'Rule',
+ 'name' => 'PageSize',
'in' => 'query',
- 'schema' => [
- 'description' => '',
- 'type' => 'string',
- 'required' => true,
- 'example' => ' {"action":"monitor","name":"test","scene":"custom_acl","conditions":[{"opCode":1,"key":"URL","values":"/example"}]}',
- ],
+ 'schema' => ['description' => 'The number of entries per page in a paginated query. Default value: **10**.', 'type' => 'integer', 'format' => 'int32', 'required' => false, 'example' => '10', 'title' => ''],
],
[
- 'name' => 'RuleId',
+ 'name' => 'CurrentPage',
'in' => 'query',
- 'schema' => [
- 'description' => '',
- 'type' => 'integer',
- 'format' => 'int64',
- 'required' => true,
- 'example' => '369998',
- ],
+ 'schema' => ['description' => 'The page number of the current page in a paginated query. Default value: **1**.', 'type' => 'integer', 'format' => 'int32', 'required' => false, 'example' => '1', 'title' => ''],
],
[
- 'name' => 'LockVersion',
+ 'name' => 'WafLang',
+ 'in' => 'query',
+ 'schema' => ['description' => 'The language of the response. Valid values:'."\n"
+ ."\n"
+ .'- **ZH** (default): Chinese'."\n"
+ .'- **EN**: English.', 'type' => 'string', 'required' => false, 'example' => 'ZH', 'title' => ''],
+ ],
+ [
+ 'name' => 'Type',
'in' => 'query',
'schema' => [
- 'description' => '',
+ 'description' => 'The type of the rule group. Valid values:'."\n"
+ .'- Empty (default)'."\n"
+ .'- **10**: system rule group'."\n"
+ .'- **1**: custom rule group.',
'type' => 'integer',
- 'format' => 'int64',
- 'required' => true,
- 'example' => '2',
+ 'format' => 'int32',
+ 'required' => false,
+ 'enum' => ['1', '10'],
+ 'example' => '10',
+ 'title' => '',
],
],
[
+ 'name' => 'PolicyId',
+ 'in' => 'query',
+ 'schema' => ['description' => 'The ID of the rule group. Only a single value is supported.', 'type' => 'integer', 'format' => 'int64', 'required' => false, 'example' => '1011', 'title' => ''],
+ ],
+ [
'name' => 'InstanceId',
'in' => 'query',
- 'schema' => [
- 'description' => '',
- 'type' => 'string',
- 'required' => true,
- 'example' => 'waf-cn-0xldbqt****',
- ],
+ 'schema' => ['description' => 'The ID of the WAF instance.'."\n"
+ ."\n"
+ .'> You can call [DescribeInstanceInfo](~~140857~~) to query the ID of the current WAF instance.', 'type' => 'string', 'required' => true, 'example' => 'waf_cdnsdf3****', 'title' => ''],
+ ],
+ [
+ 'name' => 'Region',
+ 'in' => 'query',
+ 'schema' => ['description' => 'The region ID. Valid values: '."\n"
+ .'- **cn**: Chinese mainland (default)'."\n"
+ .'- **cn-hongkong**: outside the Chinese mainland.', 'type' => 'string', 'required' => false, 'default' => 'cn', 'example' => 'cn', 'title' => ''],
],
[
'name' => 'ResourceGroupId',
'in' => 'query',
- 'schema' => [
- 'type' => 'string',
- ],
+ 'schema' => ['description' => 'The ID of the resource group to which the WAF instance belongs in Resource Management.'."\n"
+ ."\n"
+ .'If you do not specify this parameter, the default resource group is used.', 'type' => 'string', 'required' => false, 'example' => 'rg-aek2**', 'title' => ''],
],
[
'name' => 'RegionId',
'in' => 'query',
- 'schema' => [
- 'type' => 'string',
- 'default' => 'cn-hangzhou',
- ],
+ 'schema' => ['description' => 'The region where the WAF instance resides. Valid values:'."\n"
+ ."\n"
+ .'- **cn-hangzhou**: Chinese mainland.'."\n"
+ ."\n"
+ .'- **ap-southeast-1**: outside the Chinese mainland.', 'type' => 'string', 'default' => 'cn-hangzhou', 'required' => false, 'example' => 'cn-hangzhou', 'title' => ''],
],
],
'responses' => [
@@ -3616,119 +4391,208 @@
'schema' => [
'type' => 'object',
'properties' => [
- 'RequestId' => [
- 'description' => '',
- 'type' => 'string',
- 'example' => 'D7861F61-5B61-46CE-A47C-6B19160D5EB0',
+ 'RequestId' => ['description' => 'The request ID.', 'type' => 'string', 'example' => '02E9A4B8-90FB-5F41-A049-*', 'title' => ''],
+ 'TaskStatus' => ['description' => 'The execution status of the current request. Valid values: '."\n"
+ .'- **0**: pending execution. '."\n"
+ .'- **1**: in progress. '."\n"
+ .'- **2**: completed.', 'type' => 'integer', 'format' => 'int32', 'example' => '2', 'title' => ''],
+ 'Total' => ['description' => 'The total number of entries returned.', 'type' => 'integer', 'format' => 'int32', 'example' => '1', 'title' => ''],
+ 'WafTaskId' => ['description' => 'The WAF request ID.', 'type' => 'string', 'example' => '123', 'title' => ''],
+ 'RuleGroups' => [
+ 'description' => 'The list of rule groups.',
+ 'type' => 'array',
+ 'items' => [
+ 'description' => 'The list of rule groups.',
+ 'type' => 'object',
+ 'properties' => [
+ 'Type' => ['description' => 'The type of the rule group. Valid values:'."\n"
+ .'- **10**: system rule group'."\n"
+ .'- **1**: custom rule group.', 'type' => 'integer', 'format' => 'int32', 'example' => '1', 'title' => ''],
+ 'RuleCnt' => ['description' => 'The number of rules in the current rule group.', 'type' => 'integer', 'format' => 'int32', 'example' => '1', 'title' => ''],
+ 'RuleGroupUpdateTime' => ['description' => 'The time when the rule group was last updated, in seconds (UNIX timestamp).', 'type' => 'integer', 'format' => 'int64', 'example' => '1711445265', 'title' => ''],
+ 'PolicyId' => ['description' => 'The ID of the rule group.', 'type' => 'integer', 'format' => 'int64', 'example' => '116562', 'title' => ''],
+ 'Name' => ['description' => 'The name of the rule group.', 'type' => 'string', 'example' => 'rule_group_test', 'title' => ''],
+ 'TemplatePolicyId' => ['description' => 'The template ID of the rule group.', 'type' => 'integer', 'format' => 'int64', 'example' => '1102', 'title' => ''],
+ 'RuleGroupTemplateName' => ['description' => 'The name of the rule group template.', 'type' => 'string', 'example' => 'rule_group_test', 'title' => ''],
+ 'Desc' => ['description' => 'The description of the rule group.', 'type' => 'string', 'example' => 'desc', 'title' => ''],
+ 'WafVersion' => ['description' => 'The version number of the current configuration, which is used for optimistic locking control.', 'type' => 'integer', 'format' => 'int64', 'example' => '11', 'title' => ''],
+ 'DomainList' => [
+ 'description' => 'The list of domain names that reference the current rule group.',
+ 'type' => 'array',
+ 'items' => ['description' => 'The domain name that references the current rule group.', 'type' => 'string', 'example' => 'test.aliyundome.com', 'title' => ''],
+ 'title' => '',
+ 'example' => '',
+ ],
+ ],
+ 'title' => '',
+ 'example' => '',
+ ],
+ 'title' => '',
+ 'example' => '',
],
],
+ 'description' => '',
+ 'title' => '',
+ 'example' => '',
],
],
],
- 'errorCodes' => [],
- 'responseDemo' => '[{"type":"json","example":"{\\n \\"RequestId\\": \\"D7861F61-5B61-46CE-A47C-6B19****5EB0\\"\\n}","errorExample":""},{"type":"xml","example":"<ModifyProtectionModuleRuleResponse>\\n <RequestId>D7861F61-5B61-46CE-A47C-6B19160D5EB0</RequestId>\\n</ModifyProtectionModuleRuleResponse>","errorExample":""}]',
- 'title' => 'ModifyProtectionModuleRule',
- 'responseParamsDescription' => ' ',
- 'extraInfo' => ' ',
- ],
- 'ModifyProtectionRuleStatus' => [
- 'methods' => [
- 'post',
- 'get',
- ],
- 'schemes' => [
- 'http',
- 'https',
+ 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"RequestId\\": \\"02E9A4B8-90FB-5F41-A049-*\\",\\n \\"TaskStatus\\": 2,\\n \\"Total\\": 1,\\n \\"WafTaskId\\": \\"123\\",\\n \\"RuleGroups\\": [\\n {\\n \\"Type\\": 1,\\n \\"RuleCnt\\": 1,\\n \\"RuleGroupUpdateTime\\": 1711445265,\\n \\"PolicyId\\": 116562,\\n \\"Name\\": \\"rule_group_test\\",\\n \\"TemplatePolicyId\\": 1102,\\n \\"RuleGroupTemplateName\\": \\"rule_group_test\\",\\n \\"Desc\\": \\"desc\\",\\n \\"WafVersion\\": 11,\\n \\"DomainList\\": [\\n \\"test.aliyundome.com\\"\\n ]\\n }\\n ]\\n}","type":"json"}]',
+ 'title' => 'Query regex rule groups by page',
+ 'changeSet' => [],
+ 'flowControl' => [
+ 'flowControlList' => [
+ ['threshold' => '10', 'countWindow' => 1, 'regionId' => '*', 'api' => 'DescribeRuleGroups'],
+ ],
+ ],
+ 'ramActions' => [
+ [
+ 'operationType' => 'get',
+ 'ramAction' => [
+ 'action' => 'yundun-waf:DescribeRuleGroups',
+ 'authLevel' => 'operate',
+ 'actionConditions' => [],
+ 'resources' => [
+ ['validationType' => 'always', 'product' => 'WAF', 'resourceType' => 'All Resource', 'arn' => '*'],
+ ],
+ ],
+ ],
],
+ 'summary' => '',
+ ],
+ 'DescribeRules' => [
+ 'methods' => ['post', 'get'],
+ 'schemes' => ['http', 'https'],
'security' => [
[
'AK' => [],
],
],
'systemTags' => [
- 'operationType' => 'update',
- 'abilityTreeCode' => '93408',
- 'abilityTreeNodes' => [
- 'FEATUREwafNZKQ0J',
- ],
+ 'operationType' => 'get',
+ 'abilityTreeCode' => '93355',
+ 'abilityTreeNodes' => ['FEATUREwaf10VDFG'],
],
'parameters' => [
[
- 'name' => 'Domain',
+ 'name' => 'SourceIp',
'in' => 'query',
- 'schema' => [
- 'description' => '',
- 'type' => 'string',
- 'required' => true,
- 'example' => 'www.example.com',
- ],
+ 'schema' => ['description' => 'The source IP address of the request. You do not need to specify this parameter. The system automatically obtains the value.', 'type' => 'string', 'required' => false, 'example' => '42.84.*.*', 'title' => ''],
],
[
- 'name' => 'DefenseType',
+ 'name' => 'PageSize',
'in' => 'query',
- 'schema' => [
- 'description' => '',
- 'type' => 'string',
- 'required' => true,
- 'example' => 'tamperproof',
- ],
+ 'schema' => ['description' => 'The number of entries per page when paging. Default value: **10**.', 'type' => 'integer', 'format' => 'int32', 'required' => false, 'example' => '10', 'title' => ''],
],
[
- 'name' => 'RuleId',
+ 'name' => 'PageNumber',
'in' => 'query',
- 'schema' => [
- 'description' => '',
- 'type' => 'integer',
- 'format' => 'int64',
- 'required' => true,
- 'example' => '42755',
- ],
+ 'schema' => ['description' => 'The page number. Default value: **1**.', 'type' => 'integer', 'format' => 'int32', 'required' => false, 'example' => '1', 'title' => ''],
],
[
- 'name' => 'RuleStatus',
+ 'name' => 'RuleIdKey',
'in' => 'query',
- 'schema' => [
- 'description' => '',
- 'type' => 'integer',
- 'format' => 'int32',
- 'required' => true,
- 'example' => '1',
- ],
+ 'schema' => ['description' => 'The ID of the rule. Fuzzy match is supported.', 'type' => 'string', 'required' => false, 'example' => ' 1131*0', 'title' => ''],
],
[
- 'name' => 'LockVersion',
+ 'name' => 'CveIdKey',
'in' => 'query',
- 'schema' => [
- 'description' => '',
- 'type' => 'integer',
- 'format' => 'int64',
- 'required' => true,
- 'example' => '2',
- ],
+ 'schema' => ['description' => 'The CVE ID.', 'type' => 'string', 'required' => false, 'example' => 'CVE-*-*5', 'title' => ''],
+ ],
+ [
+ 'name' => 'ProtectionType',
+ 'in' => 'query',
+ 'schema' => ['description' => 'The protection type. Valid values:'."\n"
+ .'- **11**: SQL injection '."\n"
+ .'- **12**: cross-site scripting (XSS) '."\n"
+ .'- **13**: code execution '."\n"
+ .'- **14**: CRLF '."\n"
+ .'- **15**: local file inclusion (LFI) '."\n"
+ .'- **16**: remote file inclusion (RFI)'."\n"
+ .'- **17**: webshell '."\n"
+ .'- **19**: cross-site request forgery '."\n"
+ .'- **20**: others '."\n"
+ .'- **21**: SEMA.', 'type' => 'integer', 'format' => 'int32', 'required' => false, 'example' => '11', 'title' => ''],
+ ],
+ [
+ 'name' => 'ApplicationType',
+ 'in' => 'query',
+ 'schema' => ['description' => 'The application type. Valid values:'."\n"
+ .'- **0**: general'."\n"
+ .'- **1**: wordpress'."\n"
+ .'- **2**: dedecms'."\n"
+ .'- **3**: Discuz'."\n"
+ .'- **4**: phpcms'."\n"
+ .'- **5**: ecshop'."\n"
+ .'- **6**: shopex'."\n"
+ .'- **7**: Drupal'."\n"
+ .'- **8**: joomla'."\n"
+ .'- **9**: Metinfo'."\n"
+ .'- **10**: Struts2'."\n"
+ .'- **11**: SpringBoot'."\n"
+ .'- **12**: Jboss'."\n"
+ .'- **13**: weblogic'."\n"
+ .'- **14**: websphere'."\n"
+ .'- **15**: tomcat'."\n"
+ .'- **16**: es'."\n"
+ .'- **17**: ThinkPHP'."\n"
+ .'- **18**: fastjosn'."\n"
+ .'- **19**: ImageMagick'."\n"
+ .'- **20**: PHPWind'."\n"
+ .'- **21**: PHPAdmin'."\n"
+ .'- **99**: others.', 'type' => 'integer', 'format' => 'int32', 'required' => false, 'example' => '0', 'title' => ''],
+ ],
+ [
+ 'name' => 'RiskLevel',
+ 'in' => 'query',
+ 'schema' => ['description' => 'The risk level of the check item to query. Valid values:'."\n"
+ ."\n"
+ .'- **0**: high'."\n"
+ .'- **1**: medium'."\n"
+ .'- **2**: low.', 'type' => 'integer', 'format' => 'int32', 'required' => false, 'example' => '0', 'title' => ''],
+ ],
+ [
+ 'name' => 'RuleGroupId',
+ 'in' => 'query',
+ 'schema' => ['description' => 'The ID of the regular expression rule group.', 'type' => 'integer', 'format' => 'int64', 'required' => true, 'example' => '1012', 'title' => ''],
+ ],
+ [
+ 'name' => 'Lang',
+ 'in' => 'query',
+ 'schema' => ['description' => 'The language of the rule name. Valid values:'."\n"
+ ."\n"
+ .'- **zh**: Chinese.'."\n"
+ .'- **en**: English.', 'type' => 'string', 'required' => false, 'example' => 'zh', 'title' => ''],
],
[
'name' => 'InstanceId',
'in' => 'query',
- 'schema' => [
- 'description' => '',
- 'type' => 'string',
- 'required' => true,
- 'example' => 'waf_elasticity-cn-0xldbqt****',
- ],
+ 'schema' => ['description' => 'Instance ID of the WAF instance.'."\n"
+ ."\n"
+ .'> You can call the [DescribeInstance](~~433756~~) operation to query instance ID of the WAF instance.', 'type' => 'string', 'required' => true, 'example' => 'waf-cn-*', 'title' => ''],
],
[
- 'name' => 'RegionId',
+ 'name' => 'Region',
'in' => 'query',
- 'schema' => [
- 'type' => 'string',
- ],
+ 'schema' => ['description' => 'The region ID. Valid values: '."\n"
+ .'- **cn**: the Chinese mainland (default)'."\n"
+ .'- **cn-hongkong**: outside the Chinese mainland.', 'type' => 'string', 'required' => false, 'default' => 'cn', 'example' => 'cn', 'title' => ''],
],
[
'name' => 'ResourceGroupId',
'in' => 'query',
- 'schema' => [
- 'type' => 'string',
- ],
+ 'schema' => ['description' => 'The ID of the resource group to which the WAF instance belongs in Resource Management. This parameter is empty by default, which indicates that the instance belongs to the default resource group.'."\n"
+ ."\n"
+ .'For more information about resource groups, see [Create a resource group](~~94485~~).', 'type' => 'string', 'required' => false, 'example' => 'rg-*', 'title' => ''],
+ ],
+ [
+ 'name' => 'RegionId',
+ 'in' => 'query',
+ 'schema' => ['description' => 'The region where the WAF instance is deployed. Valid values:'."\n"
+ ."\n"
+ .'- **cn-hangzhou**: the Chinese mainland.'."\n"
+ ."\n"
+ .'- **ap-southeast-1**: outside the Chinese mainland.', 'type' => 'string', 'default' => 'cn-hangzhou', 'required' => false, 'example' => 'cn-hangzhou', 'title' => ''],
],
],
'responses' => [
@@ -3736,73 +4600,140 @@
'schema' => [
'type' => 'object',
'properties' => [
- 'RequestId' => [
- 'description' => '',
- 'type' => 'string',
- 'example' => 'D7861F61-5B61-46CE-A47C-6B19160D5EB0',
+ 'RuleGroupTemplateId' => ['description' => 'The ID of the regular expression rule group.', 'type' => 'string', 'example' => '1012', 'title' => ''],
+ 'RuleGroupName' => ['description' => 'The name of the regular expression rule group.', 'type' => 'string', 'example' => 'test111', 'title' => ''],
+ 'RequestId' => ['description' => 'The request ID.', 'type' => 'string', 'example' => 'D7861F61-5B61-46CE-A47C-*', 'title' => ''],
+ 'TotalCount' => ['description' => 'The total number of rules returned.', 'type' => 'integer', 'format' => 'int32', 'example' => '1', 'title' => ''],
+ 'RuleGroupTemplateName' => ['description' => 'The name of the rule group.', 'type' => 'string', 'example' => 'rule_group_test', 'title' => ''],
+ 'IsSubscribe' => ['description' => 'The automatic update status of the rule group.'."\n"
+ ."\n"
+ .'- 1: Automatic update is enabled.'."\n"
+ ."\n"
+ .'- 2: Automatic update is disabled.', 'type' => 'integer', 'format' => 'int64', 'example' => '1', 'title' => ''],
+ 'Rules' => [
+ 'description' => 'The list of rules.',
+ 'type' => 'array',
+ 'items' => [
+ 'description' => 'The list of rules.',
+ 'type' => 'object',
+ 'properties' => [
+ 'RiskLevel' => ['description' => 'The risk level of the rule. Valid values:'."\n"
+ ."\n"
+ .'- **0**: High.'."\n"
+ .'- **1**: Medium.'."\n"
+ .'- **2**: Low.', 'type' => 'integer', 'format' => 'int32', 'example' => '0', 'title' => ''],
+ 'UpdateTime' => ['description' => 'The time when the rule was last updated.', 'type' => 'integer', 'format' => 'int64', 'example' => '1684120148.0', 'title' => ''],
+ 'Description' => ['description' => 'The description of the rule.', 'type' => 'string', 'example' => '默认', 'title' => ''],
+ 'CveUrl' => ['description' => 'The CVE URL.', 'type' => 'string', 'example' => 'https://avd.aliyun.com/', 'title' => ''],
+ 'ApplicationType' => ['description' => 'The application type. Valid values:'."\n"
+ .'- **0**: general'."\n"
+ .'- **1**: wordpress'."\n"
+ .'- **2**: dedecms'."\n"
+ .'- **3**: Discuz'."\n"
+ .'- **4**: phpcms'."\n"
+ .'- **5**: ecshop'."\n"
+ .'- **6**: shopex'."\n"
+ .'- **7**: Drupal'."\n"
+ .'- **8**: joomla'."\n"
+ .'- **9**: Metinfo'."\n"
+ .'- **10**: Struts2'."\n"
+ .'- **11**: SpringBoot'."\n"
+ .'- **12**: Jboss'."\n"
+ .'- **13**: weblogic'."\n"
+ .'- **14**: websphere'."\n"
+ .'- **15**: tomcat'."\n"
+ .'- **16**: es'."\n"
+ .'- **17**: ThinkPHP'."\n"
+ .'- **18**: fastjosn'."\n"
+ .'- **19**: ImageMagick'."\n"
+ .'- **20**: PHPWind'."\n"
+ .'- **21**: PHPAdmin'."\n"
+ .'- **99**: others.', 'type' => 'integer', 'format' => 'int32', 'example' => '15', 'title' => ''],
+ 'CveId' => ['description' => 'CVE ID。', 'type' => 'string', 'example' => 'CVE-2021-*', 'title' => ''],
+ 'ProtectionType' => ['description' => 'The protection type. Valid values:'."\n"
+ .'- **11**: SQL injection '."\n"
+ .'- **12**: cross-site scripting (XSS) '."\n"
+ .'- **13**: code execution '."\n"
+ .'- **14**: CRLF '."\n"
+ .'- **15**: local file inclusion (LFI) '."\n"
+ .'- **16**: remote file inclusion (RFI)'."\n"
+ .'- **17**: webshell '."\n"
+ .'- **19**: cross-site request forgery '."\n"
+ .'- **20**: others '."\n"
+ .'- **21**: SEMA.', 'type' => 'integer', 'format' => 'int32', 'example' => '11', 'title' => ''],
+ 'RuleName' => ['description' => 'The name of the rule.', 'type' => 'string', 'example' => 'rules_41', 'title' => ''],
+ 'RuleId' => ['description' => 'The ID of the rule.', 'type' => 'integer', 'format' => 'int64', 'example' => '42755', 'title' => ''],
+ ],
+ 'title' => '',
+ 'example' => '',
+ ],
+ 'title' => '',
+ 'example' => '',
],
],
+ 'description' => '',
+ 'title' => '',
+ 'example' => '',
],
],
],
- 'responseDemo' => '[{"type":"json","example":"{\\n \\"RequestId\\": \\"D7861F61-5B61-46CE-A47C-6B19****5EB0\\"\\n}","errorExample":""},{"type":"xml","example":"<?xml version=\\"1.0\\" encoding=\\"UTF-8\\" ?>\\r\\n<ModifyProtectionRuleStatusResponse>\\r\\n\\t<RequestId>D7861F61-5B61-46CE-A47C-6B19160D5EB0</RequestId>\\r\\n</ModifyProtectionRuleStatusResponse>","errorExample":""}]',
- 'title' => 'ModifyProtectionRuleStatus',
- 'requestParamsDescription' => ' ',
- 'responseParamsDescription' => ' ',
- 'extraInfo' => ' ',
- ],
- 'DescribeDomainRuleGroup' => [
- 'methods' => [
- 'post',
- 'get',
+ 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"RuleGroupTemplateId\\": \\"1012\\",\\n \\"RuleGroupName\\": \\"test111\\",\\n \\"RequestId\\": \\"D7861F61-5B61-46CE-A47C-*\\",\\n \\"TotalCount\\": 1,\\n \\"RuleGroupTemplateName\\": \\"rule_group_test\\",\\n \\"IsSubscribe\\": 1,\\n \\"Rules\\": [\\n {\\n \\"RiskLevel\\": 0,\\n \\"UpdateTime\\": 1684120148,\\n \\"Description\\": \\"默认\\",\\n \\"CveUrl\\": \\"https://avd.aliyun.com/\\",\\n \\"ApplicationType\\": 15,\\n \\"CveId\\": \\"CVE-2021-*\\",\\n \\"ProtectionType\\": 11,\\n \\"RuleName\\": \\"rules_41\\",\\n \\"RuleId\\": 42755\\n }\\n ]\\n}","type":"json"}]',
+ 'title' => 'List rules in a regular expression rule group by page',
+ 'changeSet' => [
+ ['createdAt' => '2024-05-27T10:59:51.000Z', 'description' => 'Request parameters changed, Error codes changed'],
],
- 'schemes' => [
- 'http',
- 'https',
+ 'flowControl' => [
+ 'flowControlList' => [
+ ['threshold' => '10', 'countWindow' => 1, 'regionId' => '*', 'api' => 'DescribeRules'],
+ ],
+ ],
+ 'ramActions' => [
+ [
+ 'operationType' => 'get',
+ 'ramAction' => [
+ 'action' => 'yundun-waf:DescribeRules',
+ 'authLevel' => 'operate',
+ 'actionConditions' => [],
+ 'resources' => [
+ ['validationType' => 'always', 'product' => 'WAF', 'resourceType' => 'All Resource', 'arn' => '*'],
+ ],
+ ],
+ ],
],
+ 'summary' => '',
+ ],
+ 'DescribeWafSourceIpSegment' => [
+ 'methods' => ['post', 'get'],
+ 'schemes' => ['http', 'https'],
'security' => [
[
'AK' => [],
],
],
- 'systemTags' => [
- 'operationType' => 'get',
- ],
+ 'systemTags' => ['operationType' => 'get'],
'parameters' => [
[
- 'name' => 'Domain',
- 'in' => 'query',
- 'schema' => [
- 'description' => '',
- 'type' => 'string',
- 'required' => true,
- 'example' => 'www.aliyundoc.com',
- ],
- ],
- [
'name' => 'InstanceId',
'in' => 'query',
- 'schema' => [
- 'description' => '',
- 'type' => 'string',
- 'required' => true,
- 'example' => 'waf-cn-tl32ast****',
- ],
+ 'schema' => ['description' => 'The ID of the WAF instance to query.'."\n"
+ ."\n"
+ .'> You can call [DescribeInstanceInfo](~~140857~~) to query the ID of the current WAF instance.', 'type' => 'string', 'required' => true, 'example' => 'waf-cn-zz11sr5****', 'title' => ''],
],
[
'name' => 'ResourceGroupId',
'in' => 'query',
- 'schema' => [
- 'type' => 'string',
- ],
+ 'schema' => ['description' => 'The ID of the resource group to which the WAF instance belongs in Resource Management. This parameter is empty by default, which indicates that the instance belongs to the default resource group.'."\n"
+ ."\n"
+ .'For more information about resource groups, see [Create a resource group](~~94485~~).', 'type' => 'string', 'required' => false, 'example' => 'rg-acfm2pz25js****', 'title' => ''],
],
[
'name' => 'RegionId',
'in' => 'query',
- 'schema' => [
- 'type' => 'string',
- 'default' => 'cn-hangzhou',
- ],
+ 'schema' => ['description' => 'The region where the WAF instance resides. Valid values:'."\n"
+ ."\n"
+ .'- **cn-hangzhou**: the Chinese mainland.'."\n"
+ ."\n"
+ .'- **ap-southeast-1**: outside the Chinese mainland.', 'type' => 'string', 'default' => 'cn-hangzhou', 'required' => false, 'example' => 'cn-hangzhou', 'title' => ''],
],
],
'responses' => [
@@ -3810,41 +4741,49 @@
'schema' => [
'type' => 'object',
'properties' => [
- 'RuleGroupId' => [
- 'description' => '',
- 'type' => 'integer',
- 'format' => 'int64',
- 'example' => '1012',
- ],
- 'RequestId' => [
- 'description' => '',
- 'type' => 'string',
- 'example' => 'D7861F61-5B61-46CE-A47C-6B19160D5EB0',
- ],
- 'WafAiStatus' => [
- 'description' => '',
- 'type' => 'integer',
- 'format' => 'int32',
- 'example' => '1',
- ],
+ 'RequestId' => ['description' => 'The ID of the request.', 'type' => 'string', 'example' => 'AB2F5E31-EE96-4FD7-9560-45FF****77FF', 'title' => ''],
+ 'Ips' => ['description' => 'The list of back-to-origin IP addresses and CIDR blocks used by the IPv4 WAF protection cluster.', 'type' => 'string', 'example' => '47.XXX.XXX.192/26,……,47.XXX.XXX.0/24', 'title' => ''],
+ 'IpV6s' => ['description' => 'The list of back-to-origin IP addresses and CIDR blocks used by the IPv6 WAF protection cluster.', 'type' => 'string', 'example' => '39.XXX.XXX.0/24,……,2408:400a:XXXX:XXXX::/56', 'title' => ''],
],
+ 'description' => '',
+ 'title' => '',
+ 'example' => '',
],
],
],
- 'responseDemo' => '[{"type":"json","example":"{\\n \\"RuleGroupId\\": 1012,\\n \\"RequestId\\": \\"D7861F61-5B61-46CE-A47C-6B19160D5EB0\\",\\n \\"WafAiStatus\\": 1\\n}","errorExample":""},{"type":"xml","example":"<DescribeDomainRuleGroupResponse>\\n <RuleGroupId>1012</RuleGroupId>\\n <RequestId>D7861F61-5B61-46CE-A47C-6B19160D5EB0</RequestId>\\n <WafAiStatus>1</WafAiStatus>\\n</DescribeDomainRuleGroupResponse>","errorExample":""}]',
- 'title' => 'DescribeDomainRuleGroup',
+ 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"RequestId\\": \\"AB2F5E31-EE96-4FD7-9560-45FF****77FF\\",\\n \\"Ips\\": \\"47.XXX.XXX.192/26,……,47.XXX.XXX.0/24\\",\\n \\"IpV6s\\": \\"39.XXX.XXX.0/24,……,2408:400a:XXXX:XXXX::/56\\"\\n}","type":"json"}]',
+ 'title' => 'Query back-to-origin CIDR blocks of a WAF instance',
+ 'summary' => 'Queries the back-to-origin IP addresses and CIDR blocks used by WAF protection clusters.',
+ 'requestParamsDescription' => 'When you call this operation, you must include common Alibaba Cloud API request parameters in addition to the operation-specific request parameters described in this topic. For more information about common request parameters, see [Common parameters](~~162719~~).'."\n"
+ ."\n"
+ .'For the request format, see the request example in the **Examples** section of this topic.',
'responseParamsDescription' => ' ',
'extraInfo' => ' ',
- ],
- 'SetDomainRuleGroup' => [
- 'methods' => [
- 'post',
- 'get',
+ 'changeSet' => [
+ ['createdAt' => '2022-09-08T14:06:07.000Z', 'description' => 'Error codes changed'],
],
- 'schemes' => [
- 'http',
- 'https',
+ 'flowControl' => [
+ 'flowControlList' => [
+ ['threshold' => '10', 'countWindow' => 1, 'regionId' => '*', 'api' => 'DescribeWafSourceIpSegment'],
+ ],
+ ],
+ 'ramActions' => [
+ [
+ 'operationType' => 'get',
+ 'ramAction' => [
+ 'action' => 'yundun-waf:DescribeWafSourceIpSegment',
+ 'authLevel' => 'operate',
+ 'actionConditions' => [],
+ 'resources' => [
+ ['validationType' => 'always', 'product' => 'WAF', 'resourceType' => 'All Resource', 'arn' => '*'],
+ ],
+ ],
+ ],
],
+ ],
+ 'ModifyDomain' => [
+ 'methods' => ['post', 'get'],
+ 'schemes' => ['http', 'https'],
'security' => [
[
'AK' => [],
@@ -3854,265 +4793,256 @@
'systemTags' => [],
'parameters' => [
[
- 'name' => 'Domains',
+ 'name' => 'InstanceId',
'in' => 'query',
- 'schema' => [
- 'description' => '',
- 'type' => 'string',
- 'required' => true,
- 'example' => '["www.aliyundoc.com"]',
- ],
+ 'schema' => ['description' => 'The ID of the WAF instance.'."\n"
+ ."\n"
+ .'> You can call [DescribeInstanceInfo](~~140857~~) to query the ID of the current WAF instance.', 'type' => 'string', 'required' => true, 'example' => 'waf-cn-7pp26f1****', 'title' => ''],
],
[
- 'name' => 'RuleGroupId',
+ 'name' => 'InstanceId',
'in' => 'query',
- 'schema' => [
- 'description' => '',
- 'type' => 'integer',
- 'format' => 'int64',
- 'required' => true,
- 'example' => '1012',
- ],
+ 'schema' => ['description' => 'The ID of the WAF instance.'."\n"
+ ."\n"
+ .'> You can call [DescribeInstanceInfo](~~140857~~) to query the ID of the current WAF instance.', 'type' => 'string', 'required' => true, 'example' => 'waf-cn-7pp26f1****', 'title' => ''],
],
[
- 'name' => 'WafVersion',
+ 'name' => 'Domain',
'in' => 'query',
- 'schema' => [
- 'description' => '',
- 'type' => 'integer',
- 'format' => 'int64',
- 'required' => false,
- 'example' => '1',
- ],
+ 'schema' => ['description' => 'The domain name to configure.'."\n"
+ ."\n"
+ .'> You can call [DescribeDomainNames](~~86373~~) to query all domain names that have been added to WAF for protection.', 'type' => 'string', 'required' => true, 'example' => 'www.example.com', 'title' => ''],
],
[
- 'name' => 'InstanceId',
+ 'name' => 'SourceIps',
'in' => 'query',
- 'schema' => [
- 'description' => '',
- 'type' => 'string',
- 'required' => true,
- 'example' => 'waf-cn-tl32ast****',
- ],
+ 'schema' => ['description' => 'The IP addresses or back-to-origin domain name of the origin server associated with the domain name. You can set only one of the two types:'."\n"
+ ."\n"
+ .'- To set origin server IP addresses, use the `["ip1","ip2",……]` format. You can add up to 20 IP addresses.'."\n"
+ .'- To set a back-to-origin domain name, use the `["domain"]` format. You can specify only one domain name.'."\n"
+ ."\n"
+ .'> This parameter is required only when **AccessType** is set to **waf-cloud-dns**, which indicates that the domain name is added by using the CNAME method.', 'type' => 'string', 'required' => false, 'example' => '["39.XX.XX.197"]', 'title' => ''],
],
[
- 'name' => 'ResourceGroupId',
+ 'name' => 'LoadBalancing',
'in' => 'query',
- 'schema' => [
- 'description' => '',
- 'type' => 'string',
- 'required' => false,
- 'example' => 'rg-acfm2pz25js****',
- ],
+ 'schema' => ['description' => 'The load balancing algorithm used for back-to-origin requests. Valid values:'."\n"
+ ."\n"
+ .'- **0**: IP Hash.'."\n"
+ .'- **1**: round-robin.'."\n"
+ .'- **2**: Least Time.'."\n"
+ ."\n"
+ .'> This parameter is required only when **AccessType** is set to **waf-cloud-dns**, which indicates that the domain name is added by using the CNAME method.', 'type' => 'integer', 'format' => 'int32', 'required' => false, 'default' => '0', 'example' => '0', 'title' => ''],
],
[
- 'name' => 'WafAiStatus',
+ 'name' => 'HttpPort',
'in' => 'query',
- 'schema' => [
- 'description' => '',
- 'type' => 'integer',
- 'format' => 'int32',
- 'required' => false,
- 'example' => '1',
- ],
+ 'schema' => ['description' => 'The list of HTTP ports, in the `[port1,port2,……]` format.'."\n"
+ ."\n"
+ .'> This parameter is required only when **AccessType** is set to **waf-cloud-dns**, which indicates that the domain name is added by using the CNAME method. Setting this parameter indicates that the domain name uses the HTTP protocol. **HttpPort** and **HttpsPort** cannot both be empty.', 'type' => 'string', 'required' => false, 'example' => '[80]', 'title' => ''],
],
[
- 'name' => 'RegionId',
+ 'name' => 'HttpsPort',
'in' => 'query',
- 'schema' => [
- 'type' => 'string',
- 'default' => 'cn-hangzhou',
- ],
+ 'schema' => ['description' => 'The list of HTTPS ports, in the `[port1,port2,……]` format.'."\n"
+ ."\n"
+ .'> This parameter is required only when **AccessType** is set to **waf-cloud-dns**, which indicates that the domain name is added by using the CNAME method. Setting this parameter indicates that the domain name uses the HTTPS protocol. **HttpPort** and **HttpsPort** cannot both be empty.', 'type' => 'string', 'required' => false, 'example' => '[443]', 'title' => ''],
],
- ],
- 'responses' => [
- 200 => [
- 'schema' => [
- 'type' => 'object',
- 'properties' => [
- 'RequestId' => [
- 'description' => '',
- 'type' => 'string',
- 'example' => 'D7861F61-5B61-46CE-A47C-6B19160D5EB0',
- ],
- ],
- ],
+ [
+ 'name' => 'Http2Port',
+ 'in' => 'query',
+ 'schema' => ['description' => 'The list of HTTP 2.0 ports, in the `[port1,port2,……]` format.'."\n"
+ ."\n"
+ .'> This parameter is required only when **AccessType** is set to **waf-cloud-dns**, which indicates that the domain name is added by using the CNAME method, and **HttpsPort** is not empty, which indicates that the domain name uses the HTTPS protocol.', 'type' => 'string', 'required' => false, 'example' => '[443]', 'title' => ''],
],
- ],
- 'responseDemo' => '[{"type":"json","example":"{\\n \\"RequestId\\": \\"D7861F61-5B61-46CE-A47C-6B19****5EB0\\"\\n}","errorExample":""},{"type":"xml","example":"<SetDomainRuleGroupResponse>\\n <RequestId>D7861F61-5B61-46CE-A47C-6B19160D5EB0</RequestId>\\n</SetDomainRuleGroupResponse>","errorExample":""}]',
- 'title' => 'SetDomainRuleGroup',
- 'responseParamsDescription' => ' ',
- 'extraInfo' => ' ',
- ],
- 'ModifyProtectionRuleCacheStatus' => [
- 'methods' => [
- 'post',
- 'get',
- ],
- 'schemes' => [
- 'http',
- 'https',
- ],
- 'security' => [
[
- 'AK' => [],
+ 'name' => 'HttpsRedirect',
+ 'in' => 'query',
+ 'schema' => ['description' => 'Specifies whether to enable HTTPS forced redirect. After HTTPS forced redirect is enabled, HTTP requests from clients are redirected to HTTPS requests. The default redirect port is 443. Valid values:'."\n"
+ ."\n"
+ .'- **0** (default): disabled.'."\n"
+ .'- **1**: enabled.'."\n"
+ ."\n"
+ .'> This parameter is required only when **AccessType** is set to **waf-cloud-dns**, which indicates that the domain name is added by using the CNAME method, and **HttpsPort** is not empty, which indicates that the domain name uses the HTTPS protocol.', 'type' => 'integer', 'format' => 'int32', 'required' => false, 'default' => '0', 'example' => '0', 'title' => ''],
],
- ],
- 'systemTags' => [
- 'operationType' => 'get',
- 'abilityTreeCode' => '93407',
- 'abilityTreeNodes' => [
- 'FEATUREwafI1HM4C',
+ [
+ 'name' => 'HttpToUserIp',
+ 'in' => 'query',
+ 'schema' => ['description' => 'Specifies whether to enable HTTP back-to-origin. After HTTP back-to-origin is enabled, HTTPS requests are forwarded to the origin server over HTTP. The default back-to-origin port is 80. Valid values:'."\n"
+ ."\n"
+ .'- **0** (default): disabled.'."\n"
+ .'- **1**: enabled.'."\n"
+ ."\n"
+ .'> This parameter is required only when **AccessType** is set to **waf-cloud-dns**, which indicates that the domain name is added by using the CNAME method, and **HttpsPort** is not empty, which indicates that the domain name uses the HTTPS protocol.', 'type' => 'integer', 'format' => 'int32', 'required' => false, 'default' => '0', 'example' => '0', 'title' => ''],
],
- ],
- 'parameters' => [
[
- 'name' => 'Domain',
+ 'name' => 'IsAccessProduct',
'in' => 'query',
- 'schema' => [
- 'description' => '',
- 'type' => 'string',
- 'required' => true,
- 'example' => 'www.example.com',
- ],
+ 'schema' => ['description' => 'Specifies whether a Layer 7 proxy such as Anti-DDoS Pro or CDN is deployed in front of WAF, meaning whether client traffic passes through another Layer 7 proxy before reaching WAF. Valid values:'."\n"
+ ."\n"
+ .'- **0**: no.'."\n"
+ .'- **1**: yes.', 'type' => 'integer', 'format' => 'int32', 'required' => true, 'example' => '0', 'title' => ''],
],
[
- 'name' => 'RuleId',
+ 'name' => 'AccessHeaderMode',
'in' => 'query',
- 'schema' => [
- 'description' => '',
- 'type' => 'integer',
- 'format' => 'int64',
- 'required' => true,
- 'example' => '42755',
- ],
+ 'schema' => ['description' => 'The method that WAF uses to obtain the originating IP address of the client. Valid values:'."\n"
+ ."\n"
+ .'- **0** (default): WAF reads the first value of the X-Forwarded-For (XFF) field in the request header as the client IP address.'."\n"
+ .'- **1**: WAF reads the value of a custom field that you specify in the request header as the client IP address.'."\n"
+ ."\n"
+ .'> This parameter is required only when **IsAccessProduct** is set to **1**, which indicates that a Layer 7 proxy is deployed in front of WAF.', 'type' => 'integer', 'format' => 'int32', 'required' => false, 'example' => '0', 'title' => ''],
],
[
- 'name' => 'DefenseType',
+ 'name' => 'AccessHeaders',
'in' => 'query',
- 'schema' => [
- 'description' => '',
- 'type' => 'string',
- 'required' => true,
- 'example' => 'tamperproof',
- ],
+ 'schema' => ['description' => 'The list of custom header fields used to obtain the originating IP address of the client, in the `["header1","header2",……]` format.'."\n"
+ ."\n"
+ .'> This parameter is required only when **AccessHeaderMode** is set to **1**, which indicates that WAF reads the value of a custom field that you specify in the request header as the client IP address.', 'type' => 'string', 'required' => false, 'example' => '["X-Client-IP"]', 'title' => ''],
],
[
- 'name' => 'InstanceId',
+ 'name' => 'LogHeaders',
'in' => 'query',
- 'schema' => [
- 'description' => '',
- 'type' => 'string',
- 'required' => true,
- 'example' => 'waf_elasticity-cn-0xldbqt****',
- ],
+ 'schema' => ['description' => 'The traffic tag field and value for the domain name, used to tag traffic processed by WAF.'."\n"
+ ."\n"
+ .'The value of this parameter is in the `[{"k":"_key_","v":"_value_"}]` format. `_key_` specifies the custom request header field, and `_value_` specifies the value of the field.'."\n"
+ ."\n"
+ .'By specifying a custom request header field and its value, WAF automatically adds the custom field value to the request header as a traffic tag when traffic for the domain name passes through WAF. This helps backend services collect relevant statistics.'."\n"
+ ."\n"
+ .'> If the custom header field already exists in the request, the system overwrites the existing value with the traffic tag value you specify.', 'type' => 'string', 'required' => false, 'example' => '[{"k":"ALIWAF-TAG","v":"Yes"}]', 'title' => ''],
],
[
- 'name' => 'RegionId',
+ 'name' => 'ClusterType',
'in' => 'query',
- 'schema' => [
- 'type' => 'string',
- ],
+ 'schema' => ['description' => 'The type of the WAF protection cluster. Valid values:'."\n"
+ ."\n"
+ .'- **0** (default): physical cluster.'."\n"
+ .'- **1**: virtual cluster, which is a WAF exclusive cluster.'."\n"
+ ."\n"
+ .'> This parameter is required only when **AccessType** is set to **waf-cloud-dns**, which indicates that the domain name is added by using the CNAME method.', 'type' => 'integer', 'format' => 'int32', 'required' => false, 'example' => '0', 'title' => ''],
],
[
- 'name' => 'ResourceGroupId',
+ 'name' => 'ConnectionTime',
'in' => 'query',
- 'schema' => [
- 'type' => 'string',
- ],
+ 'schema' => ['description' => 'The connection timeout period for the WAF exclusive cluster. Unit: seconds.'."\n"
+ ."\n"
+ .'> This parameter is required only when **AccessType** is set to **waf-cloud-dns**, which indicates that the domain name is added by using the CNAME method, and **ClusterType** is set to **1**, which indicates that the WAF exclusive cluster is used.', 'type' => 'integer', 'format' => 'int32', 'required' => false, 'default' => '5', 'example' => '5', 'title' => ''],
],
- ],
- 'responses' => [
- 200 => [
- 'schema' => [
- 'type' => 'object',
- 'properties' => [
- 'RequestId' => [
- 'description' => '',
- 'type' => 'string',
- 'example' => 'D7861F61-5B61-46CE-A47C-6B19160D5EB0',
- ],
- ],
- ],
+ [
+ 'name' => 'ReadTime',
+ 'in' => 'query',
+ 'schema' => ['description' => 'The read timeout period for the WAF exclusive cluster. Unit: seconds.'."\n"
+ ."\n"
+ .'> This parameter is required only when **AccessType** is set to **waf-cloud-dns**, which indicates that the domain name is added by using the CNAME method, and **ClusterType** is set to **1**, which indicates that the WAF exclusive cluster is used.', 'type' => 'integer', 'format' => 'int32', 'required' => false, 'default' => '120', 'example' => '120', 'title' => ''],
],
- ],
- 'responseDemo' => '[{"type":"json","example":"{\\n \\"RequestId\\": \\"D7861F61-5B61-46CE-A47C-6B19160D5EB0\\"\\n}","errorExample":""},{"type":"xml","example":"<?xml version=\\"1.0\\" encoding=\\"UTF-8\\" ?>\\r\\n<ModifyProtectionRuleCacheStatusResponse>\\r\\n\\t<RequestId>D7861F61-5B61-46CE-A47C-6B19160D5EB0</RequestId>\\r\\n</ModifyProtectionRuleCacheStatusResponse>","errorExample":""}]',
- 'title' => 'ModifyProtectionRuleCacheStatus',
- 'requestParamsDescription' => ' ',
- 'responseParamsDescription' => ' ',
- 'extraInfo' => ' ',
- ],
- 'DeleteProtectionModuleRule' => [
- 'methods' => [
- 'post',
- 'get',
- ],
- 'schemes' => [
- 'http',
- 'https',
- ],
- 'security' => [
[
- 'AK' => [],
+ 'name' => 'WriteTime',
+ 'in' => 'query',
+ 'schema' => ['description' => 'The write timeout period for the WAF exclusive cluster. Unit: seconds.'."\n"
+ ."\n"
+ .'> This parameter is required only when **AccessType** is set to **waf-cloud-dns**, which indicates that the domain name is added by using the CNAME method, and **ClusterType** is set to **1**, which indicates that the WAF exclusive cluster is used.', 'type' => 'integer', 'format' => 'int32', 'required' => false, 'default' => '120', 'example' => '120', 'title' => ''],
],
- ],
- 'systemTags' => [],
- 'parameters' => [
[
- 'name' => 'Domain',
+ 'name' => 'AccessType',
'in' => 'query',
- 'schema' => [
- 'description' => '',
- 'type' => 'string',
- 'required' => true,
- 'example' => 'www.aliyundoc.com',
- ],
+ 'schema' => ['description' => 'The Website Config method. Valid values:'."\n"
+ ."\n"
+ .'- **waf-cloud-dns** (default): CNAME record.'."\n"
+ ."\n"
+ .'- **waf-cloud-native**: transparent access.', 'type' => 'string', 'required' => false, 'example' => 'waf-cloud-dns', 'title' => ''],
],
[
- 'name' => 'DefenseType',
+ 'name' => 'CloudNativeInstances',
'in' => 'query',
- 'schema' => [
- 'description' => '',
- 'type' => 'string',
- 'required' => true,
- 'example' => 'ac_custom',
- ],
+ 'schema' => ['description' => 'The list of server and port configurations for transparent access. The value is a string converted from a JSON array. Each element in the JSON array is a struct that contains the following fields:'."\n"
+ ."\n"
+ .'- **ProtocolPortConfigs**: JSON Array type | Required | The list of protocol and port configurations. Each element in the JSON array is a struct that contains the following fields:'."\n"
+ .' - **Ports**: Array type | Required | The list of ports, in the `[port1,port2,……]` format.'."\n"
+ .' - **Protocol**: String type | Required | The protocol type. Valid values: **http**, **https**.'."\n"
+ .'- **CloudNativeProductName**: String type | Required | The type of the cloud service instance. Valid values: **ECS**, **SLB**, **ALB**.'."\n"
+ .'- **RedirectionTypeName**: String type | Required | The type of the traffic redirection port. Valid values: **ECS** (ECS port), **SLB-L4** (SLB Layer 4 port), **SLB-L7** (SLB Layer 7 port), **ALB** (ALB port).'."\n"
+ .'- **InstanceId**: String type | Required | The ID of the cloud service instance.'."\n"
+ .'- **IPAddressList**: Array type | Required | The list of public IP addresses of the cloud service instance, in the `["ip1","ip2",……]` format.'."\n"
+ ."\n"
+ .'> This parameter is required only when **AccessType** is set to **waf-cloud-native**, which indicates that the domain name is added by using the transparent access method.', 'type' => 'string', 'required' => false, 'example' => '[{"ProtocolPortConfigs":[{"Ports":[80],"Protocol":"http"}],"RedirectionTypeName":"ALB","InstanceId":"alb-s65nua68wdedsp****","IPAddressList":["182.XX.XX.113"],"CloudNativeProductName":"ALB"}]', 'title' => ''],
],
[
- 'name' => 'RuleId',
+ 'name' => 'IpFollowStatus',
'in' => 'query',
- 'schema' => [
- 'description' => '',
- 'type' => 'integer',
- 'format' => 'int64',
- 'required' => true,
- 'example' => '42754',
- ],
+ 'schema' => ['description' => 'Specifies whether to enable IPv4/IPv6 back-to-origin protocol following when the origin server addresses include both IPv4 and IPv6 addresses. After this feature is enabled, WAF forwards requests from IPv4 addresses to IPv4 origin servers and requests from IPv6 addresses to IPv6 origin servers. Valid values:'."\n"
+ ."\n"
+ .'- **0** (default): disabled.'."\n"
+ .'- **1**: enabled.'."\n"
+ ."\n"
+ .'> This parameter is required only when **AccessType** is set to **waf-cloud-dns**, which indicates that the domain name is added by using the CNAME method.', 'type' => 'integer', 'format' => 'int32', 'required' => false, 'example' => '0', 'title' => ''],
],
[
- 'name' => 'InstanceId',
+ 'name' => 'SniStatus',
'in' => 'query',
- 'schema' => [
- 'description' => '',
- 'type' => 'string',
- 'required' => true,
- 'example' => 'waf-cn-mp9153****',
- ],
+ 'schema' => ['description' => 'Specifies whether to enable back-to-origin Server Name Indication (SNI). Back-to-origin SNI means that when WAF forwards client requests to the origin server and performs a TLS handshake with the origin server, WAF specifies the host to access through the SNI extension field (Server Name Indicator extension) and establishes an HTTPS connection with that host. If your origin server hosts multiple virtual hosts (corresponding to different domain names), enable back-to-origin SNI. Valid values:'."\n"
+ .'- **0**: disabled.'."\n"
+ .'- **1**: enabled.'."\n"
+ ."\n"
+ .'For WAF instances in the Chinese mainland, back-to-origin SNI is disabled by default. For WAF instances outside the Chinese mainland, back-to-origin SNI is enabled by default.'."\n"
+ ."\n"
+ .'> This parameter is required only when **AccessType** is set to **waf-cloud-dns**, which indicates that the domain name is added by using the CNAME method, and **HttpsPort** is not empty, which indicates that the domain name uses the HTTPS protocol.', 'type' => 'integer', 'format' => 'int32', 'required' => false, 'example' => '1', 'title' => ''],
+ ],
+ [
+ 'name' => 'SniHost',
+ 'in' => 'query',
+ 'schema' => ['description' => 'The custom value of the SNI extension field. If you do not set this parameter, the value of the **Host** field in the request header is used as the SNI extension field value by default.'."\n"
+ ."\n"
+ .'In most cases, you do not need to customize the SNI value unless your service has special configuration requirements and you want WAF to use an SNI value in back-to-origin requests that differs from the actual request Host.'."\n"
+ ."\n"
+ .'> This parameter is required only when **SniStatus** is set to **1**, which indicates that back-to-origin SNI is enabled.', 'type' => 'string', 'required' => false, 'example' => 'waf.example.com', 'title' => ''],
+ ],
+ [
+ 'name' => 'Retry',
+ 'in' => 'query',
+ 'schema' => ['description' => 'Specifies whether WAF retries when back-to-origin fails. Valid values:'."\n"
+ ."\n"
+ .'- **true** (default): retry.'."\n"
+ ."\n"
+ .'- **false**: do not retry.', 'type' => 'boolean', 'default' => 'false', 'required' => false, 'example' => 'true', 'title' => ''],
+ ],
+ [
+ 'name' => 'Keepalive',
+ 'in' => 'query',
+ 'schema' => ['description' => 'Specifies whether to enable persistent connections. Valid values:'."\n"
+ ."\n"
+ .'- **true** (default): enabled.'."\n"
+ ."\n"
+ .'- **false**: disabled.', 'type' => 'boolean', 'default' => 'false', 'required' => false, 'example' => 'true', 'title' => ''],
+ ],
+ [
+ 'name' => 'KeepaliveRequests',
+ 'in' => 'query',
+ 'schema' => ['description' => 'The number of requests that reuse a persistent connection. Valid values: 60 to 1000.'."\n"
+ ."\n"
+ .'> This parameter specifies how many requests can reuse a persistent connection after persistent connections are enabled.', 'type' => 'integer', 'format' => 'int32', 'maximum' => '1000', 'minimum' => '60', 'default' => '1000', 'required' => false, 'example' => '1000', 'title' => ''],
+ ],
+ [
+ 'name' => 'KeepaliveTimeout',
+ 'in' => 'query',
+ 'schema' => ['description' => 'The idle timeout period for persistent connections. Valid values: 1 to 60. Default value: 15. Unit: seconds.'."\n"
+ ."\n"
+ .'> This parameter specifies how long an idle persistent connection is kept before it is released.', 'type' => 'integer', 'format' => 'int32', 'maximum' => '3600', 'minimum' => '1', 'default' => '15', 'required' => false, 'example' => '60', 'title' => ''],
],
[
'name' => 'ResourceGroupId',
'in' => 'query',
- 'schema' => [
- 'type' => 'string',
- ],
+ 'schema' => ['description' => 'The ID of the resource group to which the WAF instance belongs in Resource Management.'."\n"
+ ."\n"
+ .'If you do not set this parameter, the default resource group is used.', 'type' => 'string', 'required' => false, 'example' => 'rg-atstuj3rtop****', 'title' => ''],
],
[
'name' => 'RegionId',
'in' => 'query',
- 'schema' => [
- 'type' => 'string',
- 'default' => 'cn-hangzhou',
- ],
+ 'schema' => ['description' => 'The region where the WAF instance is deployed. Valid values:'."\n"
+ ."\n"
+ .'- **cn-hangzhou**: Chinese mainland.'."\n"
+ ."\n"
+ .'- **ap-southeast-1**: outside the Chinese mainland.', 'type' => 'string', 'default' => 'cn-hangzhou', 'required' => false, 'example' => 'cn-hangzhou', 'title' => ''],
],
],
'responses' => [
@@ -4120,88 +5050,93 @@
'schema' => [
'type' => 'object',
'properties' => [
- 'RequestId' => [
- 'description' => '',
- 'type' => 'string',
- 'example' => '1557B42F-B889-460A-B17F-1DE5C5AD7FF2',
- ],
+ 'RequestId' => ['description' => 'The ID of the request.', 'type' => 'string', 'example' => 'D7861F61-5B61-46CE-A47C-6B19****5EB0', 'title' => ''],
],
+ 'description' => '',
+ 'title' => '',
+ 'example' => '',
],
],
],
- 'errorCodes' => [],
- 'responseDemo' => '[{"type":"json","example":"{\\n \\"RequestId\\": \\"1557B42F-B889-460A-B17F-1DE5C5AD7FF2\\"\\n}","errorExample":""},{"type":"xml","example":"<DeleteProtectionModuleRuleResponse>\\n <RequestId>1557B42F-B889-460A-B17F-1DE5C5AD7FF2</RequestId>\\n</DeleteProtectionModuleRuleResponse>","errorExample":""}]',
- 'title' => 'DeleteProtectionModuleRule',
+ 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"RequestId\\": \\"D7861F61-5B61-46CE-A47C-6B19****5EB0\\"\\n}","type":"json"}]',
+ 'title' => 'Modify domain name configuration',
+ 'summary' => 'Modifies the configuration of a domain name that has been added to WAF.',
+ 'requestParamsDescription' => 'When you call this operation, you must include common Alibaba Cloud API request parameters in addition to the operation-specific request parameters described in this topic. For more information about common request parameters, see [Common parameters](~~162719~~).'."\n"
+ ."\n"
+ .'For the request format, see the request examples in the **Examples** section of this topic.',
'responseParamsDescription' => ' ',
'extraInfo' => ' ',
- ],
- 'DescribeProtectionModuleCodeConfig' => [
- 'methods' => [
- 'post',
- 'get',
+ 'changeSet' => [
+ ['createdAt' => '2023-08-28T12:42:34.000Z', 'description' => 'Request parameters changed'],
+ ['createdAt' => '2023-05-23T05:46:03.000Z', 'description' => 'Request parameters changed'],
+ ['createdAt' => '2022-08-22T10:01:08.000Z', 'description' => 'Request parameters changed, Error codes changed'],
],
- 'schemes' => [
- 'http',
- 'https',
+ 'flowControl' => [
+ 'flowControlList' => [
+ ['threshold' => '10', 'countWindow' => 1, 'regionId' => '*', 'api' => 'ModifyDomain'],
+ ],
+ ],
+ 'ramActions' => [
+ [
+ 'operationType' => '',
+ 'ramAction' => [
+ 'action' => 'yundun-waf:ModifyDomain',
+ 'authLevel' => 'operate',
+ 'actionConditions' => [],
+ 'resources' => [
+ ['validationType' => 'always', 'product' => 'WAF', 'resourceType' => 'All Resource', 'arn' => '*'],
+ ],
+ ],
+ ],
],
+ ],
+ 'ModifyDomainIpv6Status' => [
+ 'methods' => ['post', 'get'],
+ 'schemes' => ['http', 'https'],
'security' => [
[
'AK' => [],
],
],
- 'systemTags' => [
- 'operationType' => 'get',
- ],
+ 'deprecated' => false,
+ 'systemTags' => [],
'parameters' => [
[
- 'name' => 'CodeType',
+ 'name' => 'InstanceId',
'in' => 'query',
- 'schema' => [
- 'description' => '',
- 'type' => 'integer',
- 'format' => 'int32',
- 'required' => true,
- 'example' => '14',
- ],
+ 'schema' => ['description' => 'Instance ID of the WAF instance.'."\n"
+ ."\n"
+ .'> You can call the [DescribeInstanceInfo](~~140857~~) operation to query instance ID of the current WAF instance.', 'type' => 'string', 'required' => true, 'example' => 'waf-cn-mp9153****', 'title' => ''],
],
[
- 'name' => 'CodeValue',
+ 'name' => 'Domain',
'in' => 'query',
- 'schema' => [
- 'description' => '',
- 'type' => 'integer',
- 'format' => 'int32',
- 'required' => false,
- 'example' => '0',
- ],
+ 'schema' => ['description' => 'The domain name that has been added.', 'type' => 'string', 'required' => true, 'example' => 'www.example.com', 'title' => ''],
],
[
- 'name' => 'InstanceId',
+ 'name' => 'Enabled',
'in' => 'query',
- 'schema' => [
- 'description' => '',
- 'type' => 'string',
- 'required' => true,
- 'example' => '',
- ],
+ 'schema' => ['description' => 'Specifies whether to enable IPv6 security protection. Valid values:'."\n"
+ ."\n"
+ .'- **0**: Disabled.'."\n"
+ ."\n"
+ .'- **1**: Enabled.', 'type' => 'string', 'required' => true, 'example' => '0', 'title' => ''],
],
[
'name' => 'ResourceGroupId',
'in' => 'query',
- 'schema' => [
- 'description' => '',
- 'type' => 'string',
- 'required' => false,
- 'example' => 'rg-acfm2pz25js****',
- ],
+ 'schema' => ['description' => 'The ID of the resource group to which the WAF instance belongs in Resource Management.'."\n"
+ ."\n"
+ .'If you do not specify this parameter, the default resource group is used.', 'type' => 'string', 'required' => false, 'example' => 'rg-acfm2pz25js****', 'title' => ''],
],
[
'name' => 'RegionId',
'in' => 'query',
- 'schema' => [
- 'type' => 'string',
- 'default' => 'cn-hangzhou',
- ],
+ 'schema' => ['description' => 'The region where the WAF instance is deployed. Valid values:'."\n"
+ ."\n"
+ .'- **cn-hangzhou**: the Chinese mainland.'."\n"
+ ."\n"
+ .'- **ap-southeast-1**: outside the Chinese mainland.', 'type' => 'string', 'default' => 'cn-hangzhou', 'required' => false, 'example' => 'cn-hangzhou', 'title' => ''],
],
],
'responses' => [
@@ -4209,165 +5144,185 @@
'schema' => [
'type' => 'object',
'properties' => [
- 'CodeConfigs' => [
- 'description' => '',
- 'type' => 'string',
- 'example' => '[{"code":0,"name":"310000,530000,150000,110000,TW_01,220000,510000,120000,640000,340000,370000,140000,440000,450000,650000,320000,360000,130000,410000,330000,460000,420000,430000,MO_01,620000,350000,540000,520000,210000,500000,610000,630000,HK_01,230000","env":"online"}]',
- ],
- 'RequestId' => [
- 'description' => '',
- 'type' => 'string',
- 'example' => 'BE3911B8-9D96-5B39-8875-503BBC9DA4BF',
- ],
+ 'RequestId' => ['description' => 'The request ID.', 'type' => 'string', 'example' => 'D7861F61-5B61-46CE-A47C-6B19****5EB0', 'title' => ''],
],
+ 'description' => '',
+ 'title' => '',
+ 'example' => '',
],
],
],
- 'responseDemo' => '[{"type":"json","example":"{\\n \\"CodeConfigs\\": \\"[{\\\\\\"code\\\\\\":0,\\\\\\"name\\\\\\":\\\\\\"310000,530000,150000,110000,TW_01,220000,510000,120000,640000,340000,370000,140000,440000,450000,650000,320000,360000,130000,410000,330000,460000,420000,430000,MO_01,620000,350000,540000,520000,210000,500000,610000,630000,HK_01,230000\\\\\\",\\\\\\"env\\\\\\":\\\\\\"online\\\\\\"}]\\",\\n \\"RequestId\\": \\"BE3911B8-9D96-5B39-8875-503BBC9DA4BF\\"\\n}","errorExample":""},{"type":"xml","example":"<?xml version=\\"1.0\\" encoding=\\"UTF-8\\" ?>\\r\\n<DescribeProtectionModuleCodeConfigResponse>\\r\\n\\t<RequestId>BE3911B8-9D96-5B39-8875-503BBC9DA4BF</RequestId>\\r\\n\\t<CodeConfigs>\\r\\n\\t\\t<code>0</code>\\r\\n\\t\\t<name>310000,530000,150000,110000,TW_01,220000,510000,120000,640000,340000,370000,140000,440000,450000,650000,320000,360000,130000,410000,330000,460000,420000,430000,MO_01,620000,350000,540000,520000,210000,500000,610000,630000,HK_01,230000</name>\\r\\n\\t\\t<env>online</env>\\r\\n\\t</CodeConfigs>\\r\\n</DescribeProtectionModuleCodeConfigResponse>","errorExample":""}]',
- 'title' => 'DescribeProtectionModuleCodeConfig',
+ 'errorCodes' => [],
+ 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"RequestId\\": \\"D7861F61-5B61-46CE-A47C-6B19****5EB0\\"\\n}","type":"json"}]',
+ 'title' => 'Enable or disable iPv6 security protection for a domain name configuration',
+ 'summary' => 'Enables or disables the IPv6 security protection feature for a specified domain name configuration.',
+ 'requestParamsDescription' => ' ',
+ 'responseParamsDescription' => ' ',
'extraInfo' => ' ',
- ],
- 'DescribeRuleGroups' => [
- 'methods' => [
- 'post',
- 'get',
+ 'changeSet' => [],
+ 'flowControl' => [
+ 'flowControlList' => [
+ ['threshold' => '10', 'countWindow' => 1, 'regionId' => '*', 'api' => 'ModifyDomainIpv6Status'],
+ ],
],
- 'schemes' => [
- 'http',
- 'https',
+ 'ramActions' => [
+ [
+ 'operationType' => '',
+ 'ramAction' => [
+ 'action' => 'yundun-waf:ModifyDomainIpv6Status',
+ 'authLevel' => 'operate',
+ 'actionConditions' => [],
+ 'resources' => [
+ ['validationType' => 'always', 'product' => 'WAF', 'resourceType' => 'All Resource', 'arn' => '*'],
+ ],
+ ],
+ ],
],
+ ],
+ 'ModifyLogRetrievalStatus' => [
+ 'methods' => ['post', 'get'],
+ 'schemes' => ['http', 'https'],
'security' => [
[
'AK' => [],
],
],
- 'systemTags' => [
- 'operationType' => 'get',
- 'abilityTreeCode' => '93352',
- 'abilityTreeNodes' => [
- 'FEATUREwaf10VDFG',
- ],
- ],
+ 'systemTags' => [],
'parameters' => [
[
- 'name' => 'SourceIp',
+ 'name' => 'InstanceId',
'in' => 'query',
- 'schema' => [
- 'description' => '',
- 'type' => 'string',
- 'required' => false,
- 'example' => '60.208.111.213',
- ],
+ 'schema' => ['description' => 'Instance ID of the WAF instance.'."\n"
+ ."\n"
+ .'> You can call [DescribeInstanceInfo](~~140857~~) to query instance ID of the WAF instance.', 'type' => 'string', 'required' => true, 'example' => 'waf_elasticity-cn-0xldbqt****', 'title' => ''],
],
[
- 'name' => 'Lang',
+ 'name' => 'Domain',
'in' => 'query',
- 'schema' => [
- 'description' => '',
- 'type' => 'string',
- 'required' => false,
- 'example' => 'zh',
- ],
+ 'schema' => ['description' => 'The domain name that has been added.'."\n"
+ ."\n"
+ .'> You can call [DescribeDomainNames](~~86373~~) to query all added domain names.', 'type' => 'string', 'required' => true, 'example' => 'www.example.com', 'title' => ''],
],
[
- 'name' => 'PageSize',
+ 'name' => 'Enabled',
'in' => 'query',
- 'schema' => [
- 'description' => '',
- 'type' => 'integer',
- 'format' => 'int32',
- 'required' => false,
- 'example' => '10',
- ],
+ 'schema' => ['description' => 'Specifies whether to enable the log search feature. Valid values:'."\n"
+ ."\n"
+ .'- **0**: disables the feature.'."\n"
+ ."\n"
+ .'- **1**: enables the feature.'."\n"
+ ."\n"
+ .'> WAF records access request logs for a domain name only after the log search feature is enabled for the domain name. If you disable the log search feature, access request logs during the disabled period are not recorded. Even if you re-enable the log search feature, you cannot query access request logs generated during the disabled period.', 'type' => 'integer', 'format' => 'int32', 'required' => true, 'example' => '1', 'title' => ''],
],
[
- 'name' => 'CurrentPage',
+ 'name' => 'ResourceGroupId',
'in' => 'query',
- 'schema' => [
- 'description' => '',
- 'type' => 'integer',
- 'format' => 'int32',
- 'required' => false,
- 'example' => '1',
- ],
+ 'schema' => ['description' => 'The ID of the resource group to which the WAF instance belongs in Resource Management.'."\n"
+ ."\n"
+ .'If you do not specify this parameter, the default resource group is used.', 'type' => 'string', 'required' => false, 'example' => 'rg-acfm2pz25js****', 'title' => ''],
],
[
- 'name' => 'WafLang',
+ 'name' => 'RegionId',
'in' => 'query',
+ 'schema' => ['description' => 'The region where the WAF instance is deployed.', 'type' => 'string', 'default' => 'cn-hangzhou', 'required' => false, 'example' => 'cn-hangzhou', 'title' => ''],
+ ],
+ ],
+ 'responses' => [
+ 200 => [
'schema' => [
+ 'type' => 'object',
+ 'properties' => [
+ 'RequestId' => ['description' => 'The ID of the request.', 'type' => 'string', 'example' => 'D7861F61-5B61-46CE-A47C-6B19160D5EB0', 'title' => ''],
+ ],
'description' => '',
- 'type' => 'string',
- 'required' => false,
- 'example' => 'ZH',
+ 'title' => '',
+ 'example' => '',
],
],
+ ],
+ 'errorCodes' => [
+ 403 => [
+ ['errorCode' => 'Forbbiden', 'errorMessage' => 'User not authorized to operate on the specified resource.', 'description' => ''],
+ ],
+ 500 => [
+ ['errorCode' => 'InternalError', 'errorMessage' => 'The request processing has failed due to some unknown error.', 'description' => ''],
+ ],
+ ],
+ 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"RequestId\\": \\"D7861F61-5B61-46CE-A47C-6B19160D5EB0\\"\\n}","type":"json"}]',
+ 'title' => 'Enable or disable the log search feature for a specified domain name',
+ 'summary' => 'Enables or disables the log search feature for a specified domain name.',
+ 'description' => 'The log search feature has been upgraded to Simple Log Service for WAF. For more information, see [WAF Log Service](~~100503~~). This operation is applicable only to existing users who still have the log search feature. To enable or disable Simple Log Service for WAF for a domain name, call [ModifyLogServiceStatus](~~162742~~).',
+ 'requestParamsDescription' => 'When you call this operation, you must include the common request parameters of Alibaba Cloud APIs in addition to the request parameters described in this topic. For more information about common request parameters, see [Common parameters](~~162719~~).'."\n"
+ ."\n"
+ .'For the request format, see the request examples in the **Examples** section of this topic.',
+ 'responseParamsDescription' => ' ',
+ 'extraInfo' => ' ',
+ 'changeSet' => [],
+ 'flowControl' => [
+ 'flowControlList' => [
+ ['threshold' => '20', 'countWindow' => 1, 'regionId' => '*', 'api' => 'ModifyLogRetrievalStatus'],
+ ],
+ ],
+ 'ramActions' => [
[
- 'name' => 'Type',
- 'in' => 'query',
- 'schema' => [
- 'description' => '',
- 'type' => 'integer',
- 'format' => 'int32',
- 'required' => false,
- 'example' => '10',
- 'enum' => [
- '1',
- '10',
+ 'operationType' => '',
+ 'ramAction' => [
+ 'action' => 'yundun-waf:ModifyLogRetrievalStatus',
+ 'authLevel' => 'operate',
+ 'actionConditions' => [],
+ 'resources' => [
+ ['validationType' => 'always', 'product' => 'WAF', 'resourceType' => 'All Resource', 'arn' => '*'],
],
],
],
+ ],
+ ],
+ 'ModifyLogServiceStatus' => [
+ 'methods' => ['post', 'get'],
+ 'schemes' => ['http', 'https'],
+ 'security' => [
[
- 'name' => 'PolicyId',
- 'in' => 'query',
- 'schema' => [
- 'description' => '',
- 'type' => 'integer',
- 'format' => 'int64',
- 'required' => false,
- 'example' => '1011',
- ],
+ 'AK' => [],
],
+ ],
+ 'systemTags' => [],
+ 'parameters' => [
[
'name' => 'InstanceId',
'in' => 'query',
- 'schema' => [
- 'description' => '',
- 'type' => 'string',
- 'required' => true,
- 'example' => 'waf_cdnsdf3****',
- ],
+ 'schema' => ['description' => 'Instance ID of the WAF instance.'."\n"
+ ."\n"
+ .'You can call the [DescribeInstanceInfo](~~140857~~) operation to query instance ID of the current WAF instance.', 'type' => 'string', 'required' => true, 'example' => 'waf_elasticity-cn-0xldbqt****', 'title' => ''],
],
[
- 'name' => 'Region',
+ 'name' => 'Domain',
'in' => 'query',
- 'schema' => [
- 'description' => '',
- 'type' => 'string',
- 'required' => false,
- 'example' => 'cn',
- 'default' => 'cn',
- ],
+ 'schema' => ['description' => 'The domain name that has been added.', 'type' => 'string', 'required' => true, 'example' => 'www.example.com', 'title' => ''],
+ ],
+ [
+ 'name' => 'Enabled',
+ 'in' => 'query',
+ 'schema' => ['description' => 'Specifies whether to enable the log collection feature. Valid values:'."\n"
+ ."\n"
+ .'- **0**: disabled'."\n"
+ ."\n"
+ .'- **1**: enabled.', 'type' => 'integer', 'format' => 'int32', 'required' => true, 'example' => '1', 'title' => ''],
],
[
'name' => 'ResourceGroupId',
'in' => 'query',
- 'schema' => [
- 'description' => '',
- 'type' => 'string',
- 'required' => false,
- 'example' => 'rg-aek23puu7m3kmea',
- ],
+ 'schema' => ['description' => 'The ID of the resource group to which the WAF instance belongs in Resource Management. This parameter is empty by default, which indicates that the instance belongs to the default resource group.'."\n"
+ ."\n"
+ .'For more information about resource groups, see [Create a resource group](~~94485~~).', 'type' => 'string', 'required' => false, 'example' => 'rg-atstuj3rtop****', 'title' => ''],
],
[
'name' => 'RegionId',
'in' => 'query',
- 'schema' => [
- 'description' => '',
- 'type' => 'string',
- 'required' => false,
- 'example' => 'cn-hangzhou',
- 'default' => 'cn-hangzhou',
- ],
+ 'schema' => ['description' => 'The region where the WAF instance resides. Valid values:'."\n"
+ ."\n"
+ .'- **cn-hangzhou**: the Chinese mainland.'."\n"
+ ."\n"
+ .'- **ap-southeast-1**: outside the Chinese mainland.', 'type' => 'string', 'default' => 'cn-hangzhou', 'required' => false, 'example' => 'cn-hangzhou', 'title' => ''],
],
],
'responses' => [
@@ -4375,273 +5330,261 @@
'schema' => [
'type' => 'object',
'properties' => [
- 'RequestId' => [
- 'description' => '',
- 'type' => 'string',
- 'example' => '02E9A4B8-90FB-5F41-A049-C82277EB82FB',
- ],
- 'TaskStatus' => [
- 'description' => '',
- 'type' => 'integer',
- 'format' => 'int32',
- 'example' => '2',
- ],
- 'Total' => [
- 'description' => '',
- 'type' => 'integer',
- 'format' => 'int32',
- 'example' => '1',
- ],
- 'WafTaskId' => [
- 'description' => '',
- 'type' => 'string',
- 'example' => '123',
- ],
- 'RuleGroups' => [
- 'description' => '',
- 'type' => 'array',
- 'items' => [
- 'description' => '',
- 'type' => 'object',
- 'properties' => [
- 'Type' => [
- 'description' => '',
- 'type' => 'integer',
- 'format' => 'int32',
- 'example' => '1',
- ],
- 'RuleCnt' => [
- 'description' => '',
- 'type' => 'integer',
- 'format' => 'int32',
- 'example' => '1',
- ],
- 'RuleGroupUpdateTime' => [
- 'description' => '',
- 'type' => 'integer',
- 'format' => 'int64',
- 'example' => '1711445265',
- ],
- 'PolicyId' => [
- 'description' => '',
- 'type' => 'integer',
- 'format' => 'int64',
- 'example' => '116562',
- ],
- 'Name' => [
- 'description' => '',
- 'type' => 'string',
- 'example' => 'rule_group_test',
- ],
- 'TemplatePolicyId' => [
- 'description' => '',
- 'type' => 'integer',
- 'format' => 'int64',
- 'example' => '1102',
- ],
- 'RuleGroupTemplateName' => [
- 'description' => '',
- 'type' => 'string',
- 'example' => 'rule_group_test',
- ],
- 'Desc' => [
- 'description' => '',
- 'type' => 'string',
- 'example' => 'desc',
- ],
- 'WafVersion' => [
- 'description' => '',
- 'type' => 'integer',
- 'format' => 'int64',
- 'example' => '11',
- ],
- 'DomainList' => [
- 'description' => '',
- 'type' => 'array',
- 'items' => [
- 'description' => '',
- 'type' => 'string',
- 'example' => 'test.aliyundome.com',
- ],
- ],
- ],
- ],
- ],
+ 'RequestId' => ['description' => 'The request ID.', 'type' => 'string', 'example' => 'D7861F61-5B61-46CE-A47C-6B19160D5EB0', 'title' => ''],
],
+ 'description' => '',
+ 'title' => '',
+ 'example' => '',
],
],
],
- 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"RequestId\\": \\"02E9A4B8-90FB-5F41-A049-*\\",\\n \\"TaskStatus\\": 2,\\n \\"Total\\": 1,\\n \\"WafTaskId\\": \\"123\\",\\n \\"RuleGroups\\": [\\n {\\n \\"Type\\": 1,\\n \\"RuleCnt\\": 1,\\n \\"RuleGroupUpdateTime\\": 1711445265,\\n \\"PolicyId\\": 116562,\\n \\"Name\\": \\"rule_group_test\\",\\n \\"TemplatePolicyId\\": 1102,\\n \\"RuleGroupTemplateName\\": \\"rule_group_test\\",\\n \\"Desc\\": \\"desc\\",\\n \\"WafVersion\\": 11,\\n \\"DomainList\\": [\\n \\"test.aliyundome.com\\"\\n ]\\n }\\n ]\\n}","type":"json"}]',
- ],
- 'DescribeRules' => [
- 'methods' => [
- 'post',
- 'get',
+ 'errorCodes' => [
+ 403 => [
+ ['errorCode' => 'Forbbiden', 'errorMessage' => 'User not authorized to operate on the specified resource.', 'description' => ''],
+ ],
+ 500 => [
+ ['errorCode' => 'InternalError', 'errorMessage' => 'The request processing has failed due to some unknown error.', 'description' => ''],
+ ],
],
- 'schemes' => [
- 'http',
- 'https',
+ 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"RequestId\\": \\"D7861F61-5B61-46CE-A47C-6B19160D5EB0\\"\\n}","type":"json"}]',
+ 'title' => 'Enable or disable log collection for a specified domain name configuration',
+ 'summary' => 'Enables or disables the log collection feature for a specified domain name configuration by calling the ModifyLogServiceStatus operation.',
+ 'description' => 'Before you enable the log collection feature for a domain name configuration, make sure that the real-time log query and analysis feature is activated for the WAF instance and that WAF is authorized to deliver recorded logs to your dedicated Simple Log Service Logstore.'."\n"
+ ."\n"
+ .'For more information, see [Real-time log query and analysis](~~100503~~).',
+ 'requestParamsDescription' => ' ',
+ 'responseParamsDescription' => ' ',
+ 'extraInfo' => ' ',
+ 'changeSet' => [],
+ 'flowControl' => [
+ 'flowControlList' => [
+ ['threshold' => '10', 'countWindow' => 1, 'regionId' => '*', 'api' => 'ModifyLogServiceStatus'],
+ ],
],
- 'security' => [
+ 'ramActions' => [
[
- 'AK' => [],
+ 'operationType' => '',
+ 'ramAction' => [
+ 'action' => 'yundun-waf:ModifyLogServiceStatus',
+ 'authLevel' => 'operate',
+ 'actionConditions' => [],
+ 'resources' => [
+ ['validationType' => 'always', 'product' => 'WAF', 'resourceType' => 'All Resource', 'arn' => '*'],
+ ],
+ ],
],
],
- 'systemTags' => [
- 'operationType' => 'get',
- 'abilityTreeCode' => '93355',
- 'abilityTreeNodes' => [
- 'FEATUREwaf10VDFG',
+ ],
+ 'ModifyProtectionModuleMode' => [
+ 'methods' => ['post', 'get'],
+ 'schemes' => ['http', 'https'],
+ 'security' => [
+ [
+ 'AK' => [],
],
],
+ 'systemTags' => [],
'parameters' => [
[
- 'name' => 'SourceIp',
+ 'name' => 'Domain',
'in' => 'query',
- 'schema' => [
- 'description' => '',
- 'type' => 'string',
- 'required' => false,
- 'example' => '42.84.*.*',
- ],
+ 'schema' => ['description' => 'The domain name that has been added to WAF.', 'type' => 'string', 'required' => true, 'example' => 'www.example.com', 'title' => ''],
],
[
- 'name' => 'PageSize',
+ 'name' => 'DefenseType',
'in' => 'query',
- 'schema' => [
- 'description' => '',
- 'type' => 'integer',
- 'format' => 'int32',
- 'required' => false,
- 'example' => '10',
- ],
+ 'schema' => ['description' => 'The protection module. Valid values:'."\n"
+ ."\n"
+ .'- **waf**: RegEx protection engine'."\n"
+ ."\n"
+ .'- **dld**: big data deep learning engine'."\n"
+ ."\n"
+ .'- **ac_cc**: CC attack protection'."\n"
+ ."\n"
+ .'- **antifraud**: data risk control'."\n"
+ ."\n"
+ .'- **normalized**: proactive defense.', 'type' => 'string', 'required' => true, 'example' => 'waf', 'title' => ''],
],
[
- 'name' => 'PageNumber',
+ 'name' => 'Mode',
'in' => 'query',
- 'schema' => [
- 'description' => '',
- 'type' => 'integer',
- 'format' => 'int32',
- 'required' => false,
- 'example' => '1',
- ],
+ 'schema' => ['description' => 'The protection mode.'."\n"
+ ."\n"
+ .'> The meaning of the **Mode** value varies depending on the specified protection module (**DefenseType**).'."\n"
+ ."\n"
+ .'- RegEx protection engine (**waf**)'."\n"
+ .' - **0**: Block mode.'."\n"
+ .' - **1**: Warn mode.'."\n"
+ .'- Big data deep learning engine (**dld**)'."\n"
+ .' - **0**: Warn mode.'."\n"
+ .' - **1**: Block mode.'."\n"
+ .'- CC attack protection (**ac_cc**)'."\n"
+ .' - **0**: Protection mode.'."\n"
+ .' - **1**: Protection-emergency mode.'."\n"
+ .'- Data risk control (**antifraud**)'."\n"
+ .' - **0**: Warn mode.'."\n"
+ .' - **1**: Block mode.'."\n"
+ .' - **2**: Strict block mode.'."\n"
+ .'- Proactive defense (**normalized**)'."\n"
+ .' - **1**: Block mode.'."\n"
+ .' - **0**: Warn mode.', 'type' => 'integer', 'format' => 'int32', 'required' => true, 'example' => '0', 'title' => ''],
],
[
- 'name' => 'RuleIdKey',
+ 'name' => 'InstanceId',
'in' => 'query',
- 'schema' => [
- 'description' => '',
- 'type' => 'string',
- 'required' => false,
- 'example' => ' 1131*0',
- ],
+ 'schema' => ['description' => 'The ID of the WAF instance.'."\n"
+ ."\n"
+ .'> You can call the [DescribeInstanceInfo](~~140857~~) operation to query the ID of the current WAF instance.', 'type' => 'string', 'required' => true, 'example' => 'waf_elasticity-cn-0xldbqt****', 'title' => ''],
],
[
- 'name' => 'CveIdKey',
+ 'name' => 'ResourceGroupId',
'in' => 'query',
- 'schema' => [
- 'description' => 'CVE ID',
- 'type' => 'string',
- 'required' => false,
- 'example' => 'CVE-*-*5',
- ],
+ 'schema' => ['description' => 'The ID of the resource group to which the WAF instance belongs in Resource Management. Default value: empty, which indicates the default resource group.'."\n"
+ ."\n"
+ .'For more information about resource groups, see [Create a resource group](~~94485~~).', 'type' => 'string', 'required' => false, 'example' => 'rg-atstuj3rtop****', 'title' => ''],
],
[
- 'name' => 'ProtectionType',
+ 'name' => 'RegionId',
'in' => 'query',
+ 'schema' => ['description' => 'The region where the WAF instance is deployed. Valid values:'."\n"
+ ."\n"
+ .'- **cn-hangzhou**: Chinese mainland.'."\n"
+ ."\n"
+ .'- **ap-southeast-1**: outside the Chinese mainland.', 'type' => 'string', 'default' => 'cn-hangzhou', 'required' => false, 'example' => 'cn-hangzhou', 'title' => ''],
+ ],
+ ],
+ 'responses' => [
+ 200 => [
'schema' => [
+ 'type' => 'object',
+ 'properties' => [
+ 'RequestId' => ['description' => 'The request ID.', 'type' => 'string', 'example' => 'D7861F61-5B61-46CE-A47C-6B19****5EB0', 'title' => ''],
+ ],
'description' => '',
- 'type' => 'integer',
- 'format' => 'int32',
- 'required' => false,
- 'example' => '11',
+ 'title' => '',
+ 'example' => '',
],
],
+ ],
+ 'errorCodes' => [],
+ 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"RequestId\\": \\"D7861F61-5B61-46CE-A47C-6B19****5EB0\\"\\n}","type":"json"}]',
+ 'title' => 'Modify WAF protection mode',
+ 'summary' => 'Modifies the WAF protection mode for modules such as the RegEx protection engine, big data deep learning engine, CC attack protection, data risk control, and proactive defense.',
+ 'description' => 'You can specify the protection module by setting the **DefenseType** parameter. For more information about the valid values, see the description of the **DefenseType** request parameter.',
+ 'requestParamsDescription' => ' ',
+ 'responseParamsDescription' => ' ',
+ 'extraInfo' => ' ',
+ 'changeSet' => [],
+ 'flowControl' => [
+ 'flowControlList' => [
+ ['threshold' => '10', 'countWindow' => 1, 'regionId' => '*', 'api' => 'ModifyProtectionModuleMode'],
+ ],
+ ],
+ 'ramActions' => [
[
- 'name' => 'ApplicationType',
- 'in' => 'query',
- 'schema' => [
- 'description' => '',
- 'type' => 'integer',
- 'format' => 'int32',
- 'required' => false,
- 'example' => '0',
+ 'operationType' => '',
+ 'ramAction' => [
+ 'action' => 'yundun-waf:ModifyProtectionModuleMode',
+ 'authLevel' => 'operate',
+ 'actionConditions' => [],
+ 'resources' => [
+ ['validationType' => 'always', 'product' => 'WAF', 'resourceType' => 'All Resource', 'arn' => '*'],
+ ],
],
],
+ ],
+ ],
+ 'ModifyProtectionModuleRule' => [
+ 'methods' => ['post', 'get'],
+ 'schemes' => ['http', 'https'],
+ 'security' => [
+ [
+ 'AK' => [],
+ ],
+ ],
+ 'systemTags' => [],
+ 'parameters' => [
[
- 'name' => 'RiskLevel',
+ 'name' => 'Domain',
'in' => 'query',
- 'schema' => [
- 'description' => '',
- 'type' => 'integer',
- 'format' => 'int32',
- 'required' => false,
- 'example' => '0',
- ],
+ 'schema' => ['description' => 'The domain name whose rule configurations you want to modify.'."\n"
+ ."\n"
+ .'> You can call [DescribeDomainNames](~~86373~~) to query all domain names that are added to WAF for protection.', 'type' => 'string', 'required' => true, 'example' => 'www.example.com', 'title' => ''],
],
[
- 'name' => 'RuleGroupId',
+ 'name' => 'DefenseType',
'in' => 'query',
- 'schema' => [
- 'description' => '',
- 'type' => 'integer',
- 'format' => 'int64',
- 'required' => true,
- 'example' => '1012',
- ],
+ 'schema' => ['description' => 'The protection feature module to which the rule configuration belongs. Valid values:'."\n"
+ ."\n"
+ .'- **tamperproof**: web tamper-proofing rules.'."\n"
+ ."\n"
+ .'- **dlp**: sensitive information leak prevention rules.'."\n"
+ ."\n"
+ .'- **ng_account**: account security rules.'."\n"
+ ."\n"
+ .'- **bot_intelligence**: crawler threat intelligence.'."\n"
+ ."\n"
+ .'- **antifraud**: data risk control protection requests.'."\n"
+ ."\n"
+ .'- **antifraud_js**: data risk control JS insertion pages.'."\n"
+ ."\n"
+ .'- **bot_algorithm**: intelligent algorithm rules for bot management.'."\n"
+ ."\n"
+ .'- **bot_wxbb_pkg**: version protection rules for app protection.'."\n"
+ ."\n"
+ .'- **bot_wxbb**: path protection rules for app protection.'."\n"
+ ."\n"
+ .'- **ac_blacklist**: IP blacklist rules.'."\n"
+ ."\n"
+ .'- **ac_highfreq**: automatic blocking rules for high-frequency web attack IP addresses.'."\n"
+ ."\n"
+ .'- **ac_dirscan**: folder scan protection rules.'."\n"
+ ."\n"
+ .'- **ac_custom**: custom mitigation policy rules.'."\n"
+ ."\n"
+ .'- **whitelist**: whitelist rules.', 'type' => 'string', 'required' => true, 'example' => 'ac_custom', 'title' => ''],
],
[
- 'name' => 'Lang',
+ 'name' => 'Rule',
'in' => 'query',
- 'schema' => [
- 'description' => '',
- 'type' => 'string',
- 'required' => false,
- 'example' => 'zh',
- ],
+ 'schema' => ['description' => 'The rule configuration content, specified as a string converted from a JSON object constructed with a series of parameters.'."\n"
+ ."\n"
+ .'> The specific parameters vary depending on the protection module configuration (**DefenseType**) you specify. For more information, see the detailed description of the Rule parameter.', 'type' => 'string', 'required' => true, 'example' => ' {"action":"monitor","name":"test","scene":"custom_acl","conditions":[{"opCode":1,"key":"URL","values":"/example"}]}', 'title' => ''],
],
[
- 'name' => 'InstanceId',
+ 'name' => 'RuleId',
'in' => 'query',
- 'schema' => [
- 'description' => '',
- 'type' => 'string',
- 'required' => true,
- 'example' => 'waf-cn-*',
- ],
+ 'schema' => ['description' => 'The ID of the rule configuration to modify.'."\n"
+ ."\n"
+ .'> You can call [DescribeProtectionModuleRules](~~100398~~) to query the IDs of all created rules.', 'type' => 'integer', 'format' => 'int64', 'required' => true, 'example' => '369998', 'title' => ''],
],
[
- 'name' => 'Region',
+ 'name' => 'LockVersion',
'in' => 'query',
- 'schema' => [
- 'description' => '',
- 'type' => 'string',
- 'required' => false,
- 'example' => 'cn',
- 'default' => 'cn',
- ],
+ 'schema' => ['description' => 'The version number of the rule configuration to modify.'."\n"
+ ."\n"
+ .'> You can call [DescribeProtectionModuleRules](~~100398~~) to query the version number of a rule configuration.', 'type' => 'integer', 'format' => 'int64', 'required' => true, 'example' => '2', 'title' => ''],
+ ],
+ [
+ 'name' => 'InstanceId',
+ 'in' => 'query',
+ 'schema' => ['description' => 'Instance ID of the WAF instance.'."\n"
+ ."\n"
+ .'> You can call [DescribeInstanceInfo](~~140857~~) to query instance ID of the current WAF instance.', 'type' => 'string', 'required' => true, 'example' => 'waf-cn-0xldbqt****', 'title' => ''],
],
[
'name' => 'ResourceGroupId',
'in' => 'query',
- 'schema' => [
- 'description' => '',
- 'type' => 'string',
- 'required' => false,
- 'example' => 'rg-*',
- ],
+ 'schema' => ['description' => 'The ID of the resource group.', 'type' => 'string', 'required' => false, 'example' => 'rg-aek2lav****s77i', 'title' => ''],
],
[
'name' => 'RegionId',
'in' => 'query',
- 'schema' => [
- 'description' => '',
- 'type' => 'string',
- 'required' => false,
- 'example' => 'cn-hangzhou',
- 'default' => 'cn-hangzhou',
- ],
+ 'schema' => ['description' => 'The region where the WAF instance resides. Valid values:'."\n"
+ ."\n"
+ .'- **cn-hangzhou**: the Chinese mainland.'."\n"
+ ."\n"
+ .'- **ap-southeast-1**: outside the Chinese mainland.', 'type' => 'string', 'default' => 'cn-hangzhou', 'required' => false, 'example' => 'cn-hangzhou', 'title' => ''],
],
],
'responses' => [
@@ -4649,112 +5592,564 @@
'schema' => [
'type' => 'object',
'properties' => [
- 'RuleGroupTemplateId' => [
- 'description' => '',
- 'type' => 'string',
- 'example' => '1012',
- ],
- 'RuleGroupName' => [
- 'description' => '',
- 'type' => 'string',
- 'example' => 'test111',
- ],
- 'RequestId' => [
- 'description' => '',
- 'type' => 'string',
- 'example' => 'D7861F61-5B61-46CE-A47C-*',
- ],
- 'TotalCount' => [
- 'description' => '',
- 'type' => 'integer',
- 'format' => 'int32',
- 'example' => '1',
- ],
- 'RuleGroupTemplateName' => [
- 'description' => '',
- 'type' => 'string',
- 'example' => 'rule_group_test',
- ],
- 'IsSubscribe' => [
- 'description' => '',
- 'type' => 'integer',
- 'format' => 'int64',
- 'example' => '1',
- ],
- 'Rules' => [
- 'description' => '',
- 'type' => 'array',
- 'items' => [
- 'description' => '',
- 'type' => 'object',
- 'properties' => [
- 'RiskLevel' => [
- 'description' => '',
- 'type' => 'integer',
- 'format' => 'int32',
- 'example' => '0',
- ],
- 'UpdateTime' => [
- 'description' => '',
- 'type' => 'integer',
- 'format' => 'int64',
- 'example' => '1684120148.0',
- ],
- 'Description' => [
- 'description' => '',
- 'type' => 'string',
- 'example' => '',
- ],
- 'CveUrl' => [
- 'description' => '',
- 'type' => 'string',
- ],
- 'ApplicationType' => [
- 'description' => '',
- 'type' => 'integer',
- 'format' => 'int32',
- 'example' => '15',
- ],
- 'CveId' => [
- 'description' => 'CVE ID。',
- 'type' => 'string',
- 'example' => 'CVE-2021-*',
- ],
- 'ProtectionType' => [
- 'description' => '',
- 'type' => 'integer',
- 'format' => 'int32',
- 'example' => '11',
- ],
- 'RuleName' => [
- 'description' => '',
- 'type' => 'string',
- 'example' => 'rules_41',
- ],
- 'RuleId' => [
- 'description' => '',
- 'type' => 'integer',
- 'format' => 'int64',
- 'example' => '42755',
- ],
- ],
- ],
- ],
+ 'RequestId' => ['description' => 'The ID of the request.', 'type' => 'string', 'example' => 'D7861F61-5B61-46CE-A47C-6B19****5EB0', 'title' => ''],
],
+ 'description' => '',
+ 'title' => '',
+ 'example' => '',
],
],
],
- 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"RuleGroupTemplateId\\": \\"1012\\",\\n \\"RuleGroupName\\": \\"test111\\",\\n \\"RequestId\\": \\"D7861F61-5B61-46CE-A47C-*\\",\\n \\"TotalCount\\": 1,\\n \\"RuleGroupTemplateName\\": \\"rule_group_test\\",\\n \\"IsSubscribe\\": 1,\\n \\"Rules\\": [\\n {\\n \\"RiskLevel\\": 0,\\n \\"UpdateTime\\": 1684120148,\\n \\"Description\\": \\"默认\\",\\n \\"CveUrl\\": \\"https://avd.aliyun.com/\\",\\n \\"ApplicationType\\": 15,\\n \\"CveId\\": \\"CVE-2021-*\\",\\n \\"ProtectionType\\": 11,\\n \\"RuleName\\": \\"rules_41\\",\\n \\"RuleId\\": 42755\\n }\\n ]\\n}","type":"json"}]',
- ],
- 'ModifyLogRetrievalStatus' => [
- 'methods' => [
- 'post',
- 'get',
- ],
- 'schemes' => [
- 'http',
- 'https',
+ 'errorCodes' => [],
+ 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"RequestId\\": \\"D7861F61-5B61-46CE-A47C-6B19****5EB0\\"\\n}","type":"json"}]',
+ 'title' => 'Modify WAF protection feature configuration rules',
+ 'summary' => 'Modifies the configuration rules of WAF protection features, such as web intrusion prevention, data security, advanced protection, bot management, access control, throttling, and whitelists.',
+ 'description' => 'This operation modifies the rule configurations of a specified WAF protection module, including web intrusion prevention, data security, advanced protection, bot management, access control or throttling, and whitelist modules. You can specify the protection module by setting the **DefenseType** parameter. For more information about the valid values, see the description of the **DefenseType** request parameter.'."\n"
+ .'To ensure system stability, the queries per second (QPS) is limited to 10 per user. If the limit is exceeded, API calls are throttled, which may affect your business. Call this operation appropriately.',
+ 'requestParamsDescription' => '**Detailed description of the Rule parameter**.'."\n"
+ ."\n"
+ .' - The JSON string for web tamper-proofing rule configuration (**tamperproof**) contains the following parameters:'."\n"
+ ."\n"
+ .' - **uri**: String | Required | The specific URL to protect.'."\n"
+ .' - **name**: String | Required | The rule name.'."\n"
+ .' - **status**: Integer | Optional | The protection status of the rule. Valid values:'."\n"
+ .' - **0** (default): Not in effect.'."\n"
+ .' - **1**: In effect.'."\n"
+ ."\n"
+ .' - **Example**.'."\n"
+ ."\n"
+ .' ```'."\n"
+ .' {'."\n"
+ .' "name":"example",'."\n"
+ .' "uri":"http://www.example.com/example",'."\n"
+ .' "status":1 '."\n"
+ .' }'."\n"
+ .' ```.'."\n"
+ ."\n"
+ .'- The JSON string for sensitive information leak prevention rule configuration (**dlp**) contains the following parameters:'."\n"
+ ."\n"
+ .' - **name**: String | Required | The rule name.'."\n"
+ .' - **conditions**: Array | Required | The match conditions described in JSON string format. You can specify up to two match conditions, and the conditions have an AND relationship. The following parameters are included:'."\n"
+ .' - **key**: The match item.'."\n"
+ .' - **0**: the URL to protect.'."\n"
+ .' - **10**: sensitive information.'."\n"
+ .' - **11**: the response code.'."\n"
+ .' > You cannot set match conditions for both the response code (**11**) and sensitive information (**10**) in the **conditions** parameter at the same time.'."\n"
+ .' - **operation**: The match logic. The value is fixed as **1**, which indicates Contains.'."\n"
+ .' - **value**: The match condition values described in JSON string format. Multiple condition values are supported. The following parameters are included:'."\n"
+ .' - **v**: Applicable only when the match item (**key**) is URL (**0**) or response code (**11**).'."\n"
+ .' - URL: When `"key":0`, the value is a URL address.'."\n"
+ .' - Response code: When `"key":11`, valid values include **400**, **401**, **402**, **403**, **404**, **405-499**, **500**, **501**, **502**, **503**, **504**, and **505-599**.'."\n"
+ .' - **k**: Applicable only when the match item (**key**) is sensitive information (**10**). Valid values:'."\n"
+ .' - **100**: ID card.'."\n"
+ .' - **101**: credit card.'."\n"
+ .' - **102**: phone number.'."\n"
+ .' - **103**: default sensitive words.'."\n"
+ .' - **action**: The match action.'."\n"
+ .' - **3**: alert.'."\n"
+ .' - **10**: sensitive information filtering. This action applies only to match conditions that contain sensitive information (`"key":10`).'."\n"
+ .' - **11**: return the built-in block page. This action applies only to match conditions that contain a response code (`"key":11`).'."\n"
+ ."\n"
+ .' - **Example**.'."\n"
+ ."\n"
+ .' ```'."\n"
+ .' {'."\n"
+ .' "name":"example",'."\n"
+ .' "conditions":[{"key":11,"operation":1,"value":[{"v":401}]},{"key":"0","operation":1,"value":[{"v":"www.example.com"}]}],'."\n"
+ .' "action":3'."\n"
+ .' }'."\n"
+ .' ```.'."\n"
+ ."\n"
+ .'- The JSON string for account security rule configuration (**ng_account**) contains the following parameters:'."\n"
+ ."\n"
+ .' - **url_path**: String | Required | The detection interface, expressed as a URL path. It must start with a forward slash (/).'."\n"
+ .' - **method**: String | Required | The request method to detect, including POST, GET, PUT, and DELETE. Multiple request methods are supported and separated by commas (,).'."\n"
+ .' - **account_left**: String | Required | The account parameter name.'."\n"
+ .' - **password_left**: String | Optional | The password parameter name.'."\n"
+ .' - **action**: String | Required | The protection action. Valid values:'."\n"
+ .' - **monitor**: alert.'."\n"
+ .' - **block**: block.'."\n"
+ ."\n"
+ .' - **Example**.'."\n"
+ ."\n"
+ .' ```'."\n"
+ .' {'."\n"
+ .' "url_path":"/example",'."\n"
+ .' "method":"POST,GET,PUT,DELETE",'."\n"
+ .' "account_left":"aaa",'."\n"
+ .' "password_left:"123",'."\n"
+ .' "action":"monitor"'."\n"
+ .' }'."\n"
+ .' ```.'."\n"
+ ."\n"
+ .'- The JSON string for crawler threat intelligence configuration in bot management (**bot_intelligence**) contains the following parameters:'."\n"
+ ."\n"
+ .' - **name**: String | Required | The rule name. It must correspond to the rule ID (**RuleId**) parameter.'."\n"
+ .' - **urlList**: Array | Required | The protection paths. You can specify up to 10 protection paths. Expressed in JSON string format with the following parameters:'."\n"
+ .' - **mode**: String | Required | The match method, used in combination with the path keyword (**url**) parameter to specify the protection path. Valid values: **eq** (exact match), **prefix-match** (prefix match), **regex** (regular expression match).'."\n"
+ .' - **url**: String | Required | The path keyword. It must start with a forward slash (/).'."\n"
+ .' - **action**: String | Required | The disposition action. Valid values:'."\n"
+ .' - **monitor**: monitor.'."\n"
+ .' - **captcha**: slider CAPTCHA.'."\n"
+ .' - **captcha_strict**: strict slider CAPTCHA. '."\n"
+ .' - **js**: JavaScript verification.'."\n"
+ .' - **block**: block.'."\n"
+ .' - **status**: Integer | Required | The enabled status. Valid values:'."\n"
+ .' - **0**: disabled.'."\n"
+ .' - **1**: enabled.'."\n"
+ .' - **Example**'."\n"
+ .' ```'."\n"
+ .' {'."\n"
+ .' "urlList":['."\n"
+ .' {"mode":"prefix-match","url":"/indexa"},'."\n"
+ .' {"mode":"regex","url":"/"},'."\n"
+ .' {"mode":"eq","url":"/"}],'."\n"
+ .' "name":"IDC IP库-腾讯云",'."\n"
+ .' "action":"captcha_strict",'."\n"
+ .' "status":1'."\n"
+ .' }'."\n"
+ .' ```.'."\n"
+ ."\n"
+ .'- The JSON string for intelligent algorithm rule configuration in bot management (**bot_algorithm**) contains the following parameters:'."\n"
+ ."\n"
+ .' - **name**: String | Required | The rule name.'."\n"
+ .' - **algorithmName**: String | Required | The algorithm name. Valid values:'."\n"
+ .' - **RR**: dedicated resource crawler identification algorithm.'."\n"
+ .' - **PR**: targeted path crawler identification algorithm.'."\n"
+ .' - **DPR**: parameter polling crawler identification algorithm.'."\n"
+ .' - **SR**: dynamic IP crawler identification algorithm.'."\n"
+ .' - **IND**: proxy device crawler identification algorithm.'."\n"
+ .' - **Periodicity**: periodicity crawler identification algorithm.'."\n"
+ .' - **timeInterval**: Integer | Required | The detection interval. Unit: seconds. Valid values: 30, 60, 120, 300, and 600.'."\n"
+ .' - **action**: String | Required | The disposition action. Valid values:'."\n"
+ .' - **monitor**: monitor.'."\n"
+ .' - **captcha**: slider CAPTCHA.'."\n"
+ .' - **js**: JavaScript verification.'."\n"
+ .' - **block**: block. If you select block as the disposition action, you must specify the block duration (**blocktime**) parameter.'."\n"
+ .' - **blocktime**: Integer | Optional | The block duration. Unit: minutes. Valid values: 1 to 600.'."\n"
+ .' - **config**: String | Required | The algorithm configuration information, expressed in JSON string format. The specific sub-parameters in the algorithm configuration vary depending on the selected algorithm name (**algorithmName**).'."\n"
+ .' - The configuration information for the dedicated resource crawler identification algorithm (**RR**) contains the following sub-parameters:'."\n"
+ .' - **resourceType**: Integer | Optional | The type of requested resource. Valid values:'."\n"
+ .' - **1**: dynamic resource type.'."\n"
+ .' - **2**: static resource type.'."\n"
+ .' - **-1**: custom resource type. If you select custom resource type, you must also specify the **extensions** parameter to define specific resource suffixes in string format, separated by commas (,). Example: `css,jpg,xls`.'."\n"
+ .' - **minRequestCountPerIp**: Integer | Required | The scope of IP addresses to detect within the detection interval. Only IP addresses with a URI of the requests greater than or equal to the specified value are detected. This parameter specifies the minimum URI of the requests. Valid values: 5 to 10000.'."\n"
+ .' - **minRatio**: Float | Required | The risk determination condition, which is the threshold for the proportion of access requests to the specified resource type among all IP access requests. An IP address is determined as risky if the proportion exceeds this threshold. Valid values: 0.01 to 1.'."\n"
+ .' - The configuration information for the targeted path crawler identification algorithm (**PR**) contains the following sub-parameters:'."\n"
+ .' - **keyPathConfiguration**: Array | Optional | The request path information. You can specify up to 10 paths. This sub-parameter is required only when using the targeted path crawler identification algorithm. Expressed in JSON string format with the following parameters:'."\n"
+ .' - **method**: String | Required | The request method. Valid values: **POST**, **GET**, **PUT**, **DELETE**, **HEAD**, and **OPTIONS**.'."\n"
+ .' - **url**: String | Required | The request path keyword. It must start with a forward slash (/).'."\n"
+ .' - **matchType**: String | Required | The match method, used in combination with the request path keyword (**url**) parameter to specify the request path. Valid values: **all** (exact match), **prefix** (prefix match), **regex** (regular expression match).'."\n"
+ .' - **minRequestCountPerIp**: Integer | Required | The scope of IP addresses to detect within the detection interval. Only IP addresses with a URI of the requests greater than or equal to the specified value are detected. This parameter specifies the minimum URI of the requests. Valid values: 5 to 10000.'."\n"
+ .' - **minRatio**: Float | Required | The risk determination condition, which is the threshold for the proportion of access requests to the specified paths among all IP access requests. An IP address is determined as risky if the proportion exceeds this threshold. Valid values: 0.01 to 1.'."\n"
+ .' - The configuration information for the parameter polling crawler identification algorithm (**DPR**) contains the following sub-parameters:'."\n"
+ .' - **method**: String | Required | The request method. Valid values: **POST**, **GET**, **PUT**, **DELETE**, **HEAD**, and **OPTIONS**.'."\n"
+ .' - **urlPattern**: String | Required | The key parameter path. It must start with a forward slash (/). Use {} to represent key parameters. When multiple {} are configured, these parameters are concatenated as the key parameter. Example: `/company/{}/{}/{}/user.php?uid={}`.'."\n"
+ .' - **minRequestCountPerIp**: Integer | Required | The scope of IP addresses to detect within the detection interval. Only IP addresses with a URI of the requests greater than or equal to the specified value are detected. This parameter specifies the minimum URI of the requests. Valid values: 5 to 10000.'."\n"
+ .' - **minRatio**: Float | Required | The risk determination condition, which is the threshold for the proportion of distinct key parameter values among all IP access requests. An IP address is determined as risky if the proportion exceeds this threshold. Valid values: 0.01 to 1.'."\n"
+ .' - The configuration information for the dynamic IP crawler identification algorithm (**SR**) contains the following sub-parameters:'."\n"
+ .' - **maxRequestCountPerSrSession**: Integer | Required | Defines an abnormal session by setting the minimum number of requests per session. A session is determined as abnormal if the number of requests in a single session is less than this value. Valid values: 1 to 8.'."\n"
+ .' - **minSrSessionCountPerIp**: Integer | Required | The risk determination condition, which is the threshold for the number of abnormal sessions in IP access requests. An IP address is determined as risky if the number of abnormal sessions in a single IP access request exceeds this value. Valid values: 5 to 300.'."\n"
+ .' - The configuration information for the proxy device crawler identification algorithm (**IND**) contains the following sub-parameters:'."\n"
+ .' - **minIpCount**: Integer | Required | The malicious device determination condition, which is the threshold for the number of IP address changes associated with the device through Wi-Fi. A device is determined as risky if the number exceeds this threshold. Valid values: 5 to 500.'."\n"
+ .' - **keyPathConfiguration**: Array | Optional | The detection path information. You can specify up to 10 paths. Expressed in JSON string format with the following parameters:'."\n"
+ .' - **method**: String | Required | The request method. Valid values: **POST**, **GET**, **PUT**, **DELETE**, **HEAD**, and **OPTIONS**.'."\n"
+ .' - **url**: String | Required | The detection path keyword. It must start with a forward slash (/).'."\n"
+ .' - **matchType**: String | Required | The match method, used in combination with the detection path keyword (**url**) parameter to specify the request path. Valid values: **all** (exact match), **prefix** (prefix match), **regex** (regular expression match).'."\n"
+ .' - The configuration information for the periodicity crawler identification algorithm (**Periodicity**) contains the following sub-parameters:'."\n"
+ .' - **minRequestCountPerIp**: Integer | Required | The scope of IP addresses to detect within the detection interval. Only IP addresses with a URI of the requests greater than or equal to the specified value are detected. This parameter specifies the minimum URI of the requests. Valid values: 5 to 10000.'."\n"
+ .' - **level**: Integer | Required | The risk determination level, which indicates the degree of periodicity in the access IP pattern. Valid values:'."\n"
+ .' - **0**: obvious.'."\n"
+ .' - **1**: moderate.'."\n"
+ .' - **2**: weak.'."\n"
+ .' - **Example**'."\n"
+ .' ```'."\n"
+ .' {'."\n"
+ .' "name":"代理设备爬虫识别",'."\n"
+ .' "algorithmName":"IND",'."\n"
+ .' "timeInterval":"60",'."\n"
+ .' "action":"warn",'."\n"
+ .' "config":{'."\n"
+ .' "minIpCount":5,'."\n"
+ .' "keyPathConfiguration":[{"url":"/index","method":"GET","matchType":"prefix"}]'."\n"
+ .' }'."\n"
+ .' }'."\n"
+ .' ```.'."\n"
+ ."\n"
+ .'- The JSON string for version protection rule configuration in app protection (**bot_wxbb_pkg**) contains the following parameters:'."\n"
+ ."\n"
+ .' - **name**: String | Required | The rule name.'."\n"
+ .' - **action**: String | Required | The disposition action. Valid values:'."\n"
+ .' - **test**: monitor.'."\n"
+ .' - **close**: block.'."\n"
+ .' - **nameList**: Array | Required | The legitimate version information. You can specify up to five rules. Expressed in JSON string format with the following parameters:'."\n"
+ .' - **name**: String | Required | The legitimate package name.'."\n"
+ .' - **signList**: Array | Required | The corresponding package signatures. You can specify up to 15 signatures, separated by commas (,).'."\n"
+ .' - **Example**'."\n"
+ .' ```'."\n"
+ .' {'."\n"
+ .' "name":"test",'."\n"
+ .' "action":"close",'."\n"
+ .' "nameList":[{'."\n"
+ .' "name":"apk-xxxx",'."\n"
+ .' "signList":["xxxxxx","xxxxx","xxxx","xx"]'."\n"
+ .' }]'."\n"
+ .' }'."\n"
+ .' ```.'."\n"
+ ."\n"
+ .'- The JSON string for path protection rule configuration in app protection (**bot_wxbb**) contains the following parameters:'."\n"
+ ."\n"
+ .' - **name**: String | Required | The rule name.'."\n"
+ .' - **uri**: String | Required | The protection path. It must start with a forward slash (/).'."\n"
+ .' - **matchType**: String | Required | The match method. Valid values: **all** (exact match), **prefix** (prefix match), **regex** (regular expression match).'."\n"
+ .' - **arg**: String | Required | The parameter inclusion, used in combination with the match method (**matchType**) parameter to specify the protection path configuration.'."\n"
+ .' - **action**: String | Required | The disposition action. Valid values:'."\n"
+ .' - **test**: monitor.'."\n"
+ .' - **close**: block.'."\n"
+ .' - **hasTag**: Boolean | Required | Specifies whether a custom signature field is required.'."\n"
+ .' - **true**: Yes. If you select this option, you must specify the **wxbbVmpFieldType** and **wxbbVmpFieldValue** parameters to define the type and value of the signature field.'."\n"
+ .' - **false**: No.'."\n"
+ .' - **wxbbVmpFieldType**: Integer | Optional | The type of the custom signature field. Required when the **hasTag** parameter is set to **true**. Valid values:'."\n"
+ .' - **0**: header.'."\n"
+ .' - **1**: parameter.'."\n"
+ .' - **2**: cookie.'."\n"
+ .' - **wxbbVmpFieldValue**: String | Optional | The value of the custom signature field. Required when the **hasTag** parameter is set to **true**.'."\n"
+ .' - **blockInvalidSign**: Integer | Required | Specifies whether to apply the disposition action to invalid signatures. The value is fixed as **1**. This is the default mitigation policy for path protection rules.'."\n"
+ .' - **blockProxy**: Integer | Optional | Specifies whether to apply the disposition action to proxies. The value is fixed as **1**. Do not specify this parameter if you do not need to apply the disposition action to proxy behavior.'."\n"
+ .' - **blockSimulator**: Integer | Optional | Specifies whether to apply the disposition action to simulators. The value is fixed as **1**. Do not specify this parameter if you do not need to apply the disposition action to simulator behavior.'."\n"
+ .' - **Example**'."\n"
+ .' ```'."\n"
+ .' {'."\n"
+ .' "name":"test",'."\n"
+ .' "uri":"/index",'."\n"
+ .' "matchType":"all",'."\n"
+ .' "arg":"test",'."\n"
+ .' "action":"close",'."\n"
+ .' "hasTag":true,'."\n"
+ .' "wxbbVmpFieldType":2,'."\n"
+ .' "wxbbVmpFieldValue":"test",'."\n"
+ .' "blockInvalidSign":1,'."\n"
+ .' "blockProxy":1'."\n"
+ .' }'."\n"
+ .' ```'."\n"
+ ."\n"
+ .'- The JSON string for data risk control protection request configuration (**antifraud**) contains the following parameters:'."\n"
+ ."\n"
+ .' - **uri**: String | Required | The specific protection request URL.'."\n"
+ .' '."\n"
+ .' - **Example**.'."\n"
+ ."\n"
+ .' ```'."\n"
+ .' {'."\n"
+ .' "uri": "http://1.example.com/example"'."\n"
+ .' }'."\n"
+ .' ```.'."\n"
+ ."\n"
+ .'- The JSON string for data risk control JS insertion page configuration (**antifraud_js**) contains the following parameters:'."\n"
+ ."\n"
+ .' - **uri**: String | Required | The URL of the page where the data risk control JS is to be inserted. The system inserts the data risk control JS into all pages under the specified URL path. The value must start with a forward slash (/).'."\n"
+ ."\n"
+ .' - **Example**.'."\n"
+ ."\n"
+ .' ```'."\n"
+ .' {'."\n"
+ .' "uri": "/example/example"'."\n"
+ .' }'."\n"
+ .' ```.'."\n"
+ ."\n"
+ .'- The JSON string for IP blacklist rule configuration (**ac_blacklist**) contains the following parameters:'."\n"
+ ."\n"
+ .' - **remoteAddr**: Array | Optional | The IP addresses in the blacklist. IP addresses and CIDR blocks are supported. Separate multiple IP addresses with commas (,). You can add up to 200 IP addresses. An empty value clears the IP blacklist.'."\n"
+ ."\n"
+ .' - **area**: Array | Optional | The regions in the region-level IP blacklist. Expressed as a string converted from a JSON array. Each element in the JSON array is a structure that contains the following fields:'."\n"
+ ."\n"
+ .' - **countryCodes**: Array | Required | The country codes. If only `["CN"]` is specified, it indicates blocking regions within the Chinese mainland, and you must also specify **regionCodes**. If a value other than `["CN"]` is specified, it indicates blocking regions outside China, and **regionCodes** is not required. You can call [DescribeProtectionModuleCodeConfig](~~201108~~) to query region codes within and outside China.'."\n"
+ ."\n"
+ .' - **regionCodes**: Array | Optional | The region codes within China.'."\n"
+ ."\n"
+ .' - **Example**'."\n"
+ .' ```'."\n"
+ .' {'."\n"
+ .' { "remoteAddr": [ "1.XX.XX.1", "2.XX.XX.2" ], "area": [ { "countryCodes": [ "CN" ], "regionCodes": [ "310000", "530000" ] }, { "countryCodes": [ "AD", "AL" ] } ] }'."\n"
+ .' }'."\n"
+ .' ```'."\n"
+ .'- The JSON string for automatic blocking rule configuration for high-frequency web attack IP addresses (**ac_highfreq**) contains the following parameters:'."\n"
+ ."\n"
+ .' - **interval**: Integer | Required | The detection time range. Unit: seconds. Valid values: 5 to 1800.'."\n"
+ .' - **ttl**: Integer | Required | The IP blocking duration. Unit: seconds. Valid values: 60 to 86400.'."\n"
+ .' - **count**: Integer | Required | The web attack count threshold. If the number of attacks within the detection time range exceeds this value, blocking is triggered. Valid values: 2 to 50000.'."\n"
+ ."\n"
+ .' - **Example**'."\n"
+ .' ```'."\n"
+ .' {'."\n"
+ .' "interval":60,'."\n"
+ .' "ttl":300,'."\n"
+ .' "count":60'."\n"
+ .' }'."\n"
+ .' ```.'."\n"
+ ."\n"
+ .'- The JSON string for directory scan protection rule configuration (**ac_dirscan**) contains the following parameters:'."\n"
+ ."\n"
+ .' - **interval**: Integer | Required | The detection time range. Unit: seconds. Valid values: 5 to 1800.'."\n"
+ .' - **ttl**: Integer | Required | The IP blocking duration. Unit: seconds. Valid values: 60 to 86400.'."\n"
+ .' - **count**: Integer | Required | The access count threshold. Valid values: 2 to 50000.'."\n"
+ .' - **weight**: Float | Required | The 404 response code ratio threshold (percentage). Valid values: 0 to 1.'."\n"
+ .' - **uriNum**: Integer | Required | The scanned directory count threshold. Valid values: 2 to 50000.'."\n"
+ ."\n"
+ .' - **Example**'."\n"
+ .' ```'."\n"
+ .' {'."\n"
+ .' "interval":10,'."\n"
+ .' "ttl":1800,'."\n"
+ .' "count":50,'."\n"
+ .' "weight":0.7,'."\n"
+ .' "uriNum":20 '."\n"
+ .' }'."\n"
+ .' ```.'."\n"
+ ."\n"
+ .'- The custom mitigation policy rule configuration (**ac_custom**) uses the **scene** parameter in its corresponding JSON string to set ACL access control rules and CC attack protection rules.'."\n"
+ ."\n"
+ .' - To set an ACL access control rule (the **scene** parameter value is **custom_acl**), the corresponding JSON string contains the following parameters:'."\n"
+ ."\n"
+ .' - **name**: String | Required | The rule name.'."\n"
+ .' - **scene**: String | Required | The protection type. When setting an ACL access control rule, the value is fixed as **custom_acl**.'."\n"
+ .' - **action**: String | Required | The disposition action. Valid values:'."\n"
+ .' - **monitor**: monitor.'."\n"
+ .' - **captcha**: slider CAPTCHA.'."\n"
+ .' - **captcha_strict**: strict slider CAPTCHA.'."\n"
+ .' - **js**: JavaScript verification.'."\n"
+ .' - **block**: block.'."\n"
+ .' - **conditions**: Array | Required | The match conditions. You can specify up to 5 match conditions. Described in JSON string format with the following parameters:'."\n"
+ ."\n"
+ .' - **key**: The match field. Valid values: **URL**, **IP**, **Referer**, **User-Agent**, **Params**, **Cookie**, **Content-Type**, **Content-Length**, **X-Forwarded-For**, **Post-Body**, **Http-Method**, **Header**, and **URLPath**.'."\n"
+ ."\n"
+ .' - **opCode**: The logical operator. Valid values:'."\n"
+ .' - **0**: does not contain or does not belong to.'."\n"
+ .' - **1**: contains or belongs to.'."\n"
+ .' - **2**: does not exist.'."\n"
+ .' - **10**: does not equal.'."\n"
+ .' - **11**: equals.'."\n"
+ .' - **20**: length is less than.'."\n"
+ .' - **21**: length equals.'."\n"
+ .' - **22**: length is greater than.'."\n"
+ .' - **30**: value is less than.'."\n"
+ .' - **31**: value equals.'."\n"
+ .' - **32**: value is greater than.'."\n"
+ ."\n"
+ .' - **values**: The match content. Specify the appropriate content as needed, expressed as a String type.'."\n"
+ ."\n"
+ .' > The valid values of the logical operator (**opCode**) and match content (**values**) parameters depend on the specified match field (**key**). For more information about supported match condition configurations, see [Match condition field description](~~147945~~).'."\n"
+ ."\n"
+ .' - **Example**'."\n"
+ .' ```'."\n"
+ .' {'."\n"
+ .' "action":"monitor",'."\n"
+ .' "name":"test",'."\n"
+ .' "scene":"custom_acl",'."\n"
+ .' "conditions":[{"opCode":1,"key":"URL","values":"/example"}]'."\n"
+ .' }'."\n"
+ .' ```.'."\n"
+ ."\n"
+ .' - To set a CC attack protection rule (the **scene** parameter value is **custom_cc**), the corresponding JSON string contains the following parameters:'."\n"
+ ."\n"
+ .' - **name**: String | Required | The rule name.'."\n"
+ .' - **scene**: String | Required | The protection type. When setting a CC attack protection rule, the value is fixed as **custom_cc**.'."\n"
+ .' - **conditions**: Array | Required | The match conditions. You can specify up to 5 match conditions. Described in JSON string format with the following parameters:'."\n"
+ ."\n"
+ .' - **key**: The match field. Valid values: **URL**, **IP**, **Referer**, **User-Agent**, **Params**, **Cookie**, **Content-Type**, **Content-Length**, **X-Forwarded-For**, **Post-Body**, **Http-Method**, **Header**, and **URLPath**.'."\n"
+ ."\n"
+ .' - **opCode**: The logical operator. Valid values:'."\n"
+ ."\n"
+ .' - **0**: does not contain or does not belong to.'."\n"
+ .' - **1**: contains or belongs to.'."\n"
+ .' - **2**: does not exist.'."\n"
+ .' - **10**: does not equal.'."\n"
+ .' - **11**: equals.'."\n"
+ .' - **20**: length is less than.'."\n"
+ .' - **21**: length equals.'."\n"
+ .' - **22**: length is greater than.'."\n"
+ .' - **30**: value is less than.'."\n"
+ .' - **31**: value equals.'."\n"
+ .' - **32**: value is greater than.'."\n"
+ ."\n"
+ .' - **values**: The match content. Specify the appropriate content as needed, expressed as a String type.'."\n"
+ ."\n"
+ .' > The valid values of the logical operator (**opCode**) and match content (**values**) parameters depend on the specified match field (**key**).'."\n"
+ ."\n"
+ .' - **action**: String | Required | The disposition action. Valid values:'."\n"
+ ."\n"
+ .' - **monitor**: monitor.'."\n"
+ .' - **captcha**: slider CAPTCHA.'."\n"
+ .' - **captcha_strict**: strict slider CAPTCHA.'."\n"
+ .' - **js**: JavaScript verification.'."\n"
+ .' - **block**: block.'."\n"
+ ."\n"
+ .' - **ratelimit**: JSON format | Required | The frequency settings. Described in JSON string format with the following parameters:'."\n"
+ ."\n"
+ .' - **target**: String | Required | The type of statistical object. Valid values:'."\n"
+ .' - **remote_addr**: IP.'."\n"
+ .' - **cookie.acw_tc**: session.'."\n"
+ .' - **queryarg**: custom parameter. If you select custom parameter, you must specify the name of the custom parameter in the **subkey** parameter.'."\n"
+ .' - **cookie**: custom cookie. If you select custom cookie, you must specify the cookie content in the **subkey** parameter.'."\n"
+ .' - **header**: custom header. If you select custom header, you must specify the header content in the **subkey** parameter.'."\n"
+ .' - **subkey**: String | Optional | Required when the **target** parameter is set to **cookie**, **header**, or **queryarg**. Specify the corresponding information in the **subkey** parameter.'."\n"
+ ."\n"
+ .' - **interval**: Integer | Required | The statistical duration (unit: seconds), which is the statistical period for access counts. Used in combination with the threshold (**threshold**) parameter.'."\n"
+ ."\n"
+ .' - **threshold**: Integer | Required | The threshold for the number of times a single statistical object can access the protected address within the detection duration.'."\n"
+ ."\n"
+ .' - **status**: JSON format | Optional | The response code frequency settings. Described in JSON string format with the following parameters:'."\n"
+ ."\n"
+ .' - **code**: Integer | Required | The specified response code.'."\n"
+ ."\n"
+ .' - **count**: Integer | Optional | The occurrence count threshold. The protection rule is triggered when the specified response code occurs more than this threshold number of times. Valid values: 1 to 999999999. You can specify either the **count** parameter or the **ratio** parameter, but not both.'."\n"
+ ."\n"
+ .' - **ratio**: Integer | Optional | The occurrence ratio threshold (percentage). The protection rule is triggered when the proportion of the specified response code exceeds this threshold. Valid values: 1 to 100. You can specify either the **count** parameter or the **ratio** parameter, but not both.'."\n"
+ ."\n"
+ .' - **scope**: String | Required | The effective scope. Valid values:'."\n"
+ ."\n"
+ .' - **rule**: within the current feature match scope.'."\n"
+ ."\n"
+ .' - **domain**: within the domain name scope of the current rule.'."\n"
+ .' '."\n"
+ .' - **ttl**: Integer | Required | The duration for which the disposition action takes effect. Unit: seconds. Valid values: 60 to 86400.'."\n"
+ ."\n"
+ .' - **Example**'."\n"
+ .' ```'."\n"
+ .' {'."\n"
+ .' "name":"CC 防护",'."\n"
+ .' "conditions":[{"opCode":1,"key":"URL","values":"/example"}],'."\n"
+ .' "action":"block", '."\n"
+ .' "scene":"custom_cc", '."\n"
+ .' "ratelimit":{'."\n"
+ .' "target": "remote_addr", '."\n"
+ .' "interval": 300,'."\n"
+ .' "threshold": 2000,'."\n"
+ .' "status": {'."\n"
+ .' "code": 404,'."\n"
+ .' "count": 200'."\n"
+ .' },'."\n"
+ .' "scope": "rule",'."\n"
+ .' "ttl": 1800'."\n"
+ .' }'."\n"
+ .' ```'."\n"
+ ."\n"
+ .'- The JSON string for website whitelist rule configuration (**whitelist**) contains the following parameters:'."\n"
+ ."\n"
+ .' - **name**: String | Required | The rule name.'."\n"
+ ."\n"
+ .' - **tags**: Array | Required | The modules to skip. The modules that can be skipped (**tags**) vary depending on the type of whitelist rule. The details are as follows:'."\n"
+ ."\n"
+ .' > The values of **tags** can only include the values listed under the specific whitelist type. For example, the **tags** values cannot contain both **regular** and **cc** at the same time, because **regular** belongs to the web intrusion prevention whitelist and **cc** belongs to the access control or throttling whitelist.'."\n"
+ ."\n"
+ .' - To set a global whitelist, set **tags** to:'."\n"
+ .' - **waf**: skips all protection modules.'."\n"
+ ."\n"
+ .' - To set a web intrusion prevention whitelist, set **tags** to one or more of the following values:'."\n"
+ .' - **regular**: skips the protection rules engine, which includes all protection rules.'."\n"
+ .' - **regular_rule**: skips the specified protection rules in the protection rules engine. If you select this value, you must set the rule IDs to skip by using the **regularRules** parameter.'."\n"
+ .' - **regular_type**: skips the specified types of protection rules in the protection rules engine. If you select this value, you must set the rule types to skip by using the **regularTypes** parameter.'."\n"
+ .' - **deeplearning**: skips the deep learning engine.'."\n"
+ ."\n"
+ .' - To set an access control or throttling whitelist, set **tags** to one or more of the following values:'."\n"
+ .' - **cc**: skips the CC security protection module.'."\n"
+ .' - **customrule**: skips the custom mitigation policy module.'."\n"
+ .' - **blacklist**: skips the IP blacklist module.'."\n"
+ .' - **antiscan**: skips the scan protection module.'."\n"
+ ."\n"
+ .' - To set a data security whitelist, set **tags** to one or more of the following values:'."\n"
+ .' - **dlp**: skips the sensitive information leak prevention module.'."\n"
+ .' - **tamperproof**: skips the website tamper-proofing module.'."\n"
+ .' - **account**: skips the account security module.'."\n"
+ ."\n"
+ .' - To set a bot management whitelist, set **tags** to one or more of the following values:'."\n"
+ .' - **bot_intelligence**: skips the crawler threat intelligence module.'."\n"
+ .' - **bot_algorithm**: skips the typical crawler behavior identification module.'."\n"
+ .' - **bot_wxbb**: skips the app protection module.'."\n"
+ .' - **antifraud**: skips the data risk control module.'."\n"
+ ."\n"
+ .' - **regularRules**: Array | Optional | The list of protection rule IDs to skip. Required if the value of the **tags** parameter contains **regular_rule**. You can go to the **Protection Rule Group** page in the [WAF console](https://yundun.console.aliyun.com/?p=wafnext) and create a rule group to query all web attack protection rules and obtain their IDs. For more information, see [Customize protection rule groups](~~99262~~).'."\n"
+ .' - **regularTypes**: Array | Optional | The list of protection rule types to skip. Required if the value of the **tags** parameter contains **regular_type**. Valid values:'."\n"
+ .' - **sqli**: SQL injection.'."\n"
+ .' - **xss**: cross-site scripting.'."\n"
+ .' - **code_exec**: code execution.'."\n"
+ .' - **lfilei**: local file inclusion.'."\n"
+ .' - **rfilei**: remote file inclusion.'."\n"
+ .' - **webshell**: WebShell.'."\n"
+ .' - **vvip**: custom protection rules.'."\n"
+ .' - **other**: other types.'."\n"
+ ."\n"
+ .' - **conditions**: Array | Required | The match conditions. You can specify up to 5 match conditions. Described in JSON string format with the following parameters:'."\n"
+ ."\n"
+ .' - **key**: The match field. Valid values: **URL**, **IP**, **Referer**, **User-Agent**, **Params**, **Cookie**, **Content-Type**, **Content-Length**, **X-Forwarded-For**, **Post-Body**, **Http-Method**, **Header**, and **URLPath**.'."\n"
+ ."\n"
+ .' - **opCode**: The logical operator. Valid values:'."\n"
+ ."\n"
+ .' - **0**: does not contain or does not belong to.'."\n"
+ ."\n"
+ .' - **1**: contains or belongs to.'."\n"
+ ."\n"
+ .' - **2**: does not exist.'."\n"
+ ."\n"
+ .' - **10**: does not equal.'."\n"
+ ."\n"
+ .' - **11**: equals.'."\n"
+ ."\n"
+ .' - **20**: length is less than.'."\n"
+ ."\n"
+ .' - **21**: length equals.'."\n"
+ ."\n"
+ .' - **22**: length is greater than.'."\n"
+ ."\n"
+ .' - **30**: value is less than.'."\n"
+ ."\n"
+ .' - **31**: value equals.'."\n"
+ ."\n"
+ .' - **32**: value is greater than.'."\n"
+ ."\n"
+ .' '."\n"
+ ."\n"
+ .' - **values**: The match content. Specify the appropriate content as needed, expressed as a String type.'."\n"
+ ."\n"
+ .' > The valid values of the logical operator (**opCode**) and match content (**values**) parameters depend on the specified match field (**key**).'."\n"
+ ."\n"
+ .' - **Example**'."\n"
+ .' '."\n"
+ .' ```'."\n"
+ .' {'."\n"
+ .' "name": "test",'."\n"
+ .' "tags": ["cc","customrule"],'."\n"
+ .' "conditions":[{"opCode":1,"key":"URL","values":"/example"}],'."\n"
+ .' }'."\n"
+ .' ```'."\n"
+ ."\n\n"
+ ."\n"
+ .'When calling this operation, in addition to the request parameters described in this topic, you must also include the Alibaba Cloud common request parameters. For more information about common request parameters, see [Common parameters](~~162719~~).'."\n"
+ ."\n"
+ .'For the format of API requests, see the request examples in the **Examples** section of this topic.',
+ 'changeSet' => [],
+ 'flowControl' => [
+ 'flowControlList' => [
+ ['threshold' => '10', 'countWindow' => 1, 'regionId' => '*', 'api' => 'ModifyProtectionModuleRule'],
+ ],
+ ],
+ 'ramActions' => [
+ [
+ 'operationType' => '',
+ 'ramAction' => [
+ 'action' => 'yundun-waf:ModifyProtectionModuleRule',
+ 'authLevel' => 'operate',
+ 'actionConditions' => [],
+ 'resources' => [
+ ['validationType' => 'always', 'product' => 'WAF', 'resourceType' => 'All Resource', 'arn' => '*'],
+ ],
+ ],
+ ],
],
+ ],
+ 'ModifyProtectionModuleStatus' => [
+ 'methods' => ['post', 'get'],
+ 'schemes' => ['http', 'https'],
'security' => [
[
'AK' => [],
@@ -4763,50 +6158,68 @@
'systemTags' => [],
'parameters' => [
[
- 'name' => 'InstanceId',
+ 'name' => 'Domain',
'in' => 'query',
- 'schema' => [
- 'description' => '',
- 'type' => 'string',
- 'required' => true,
- 'example' => 'waf_elasticity-cn-0xldbqt****',
- ],
+ 'schema' => ['description' => 'The domain name of the website to operate on.'."\n"
+ ."\n"
+ .'> You can call [DescribeDomainList](~~255880~~) to query all domain names that are added to WAF for protection.', 'type' => 'string', 'required' => true, 'example' => 'www.aliyundoc.com', 'title' => ''],
],
[
- 'name' => 'Domain',
+ 'name' => 'DefenseType',
'in' => 'query',
- 'schema' => [
- 'description' => '',
- 'type' => 'string',
- 'required' => true,
- 'example' => 'www.example.com',
- ],
+ 'schema' => ['description' => 'The WAF security protection module to operate on. Valid values:'."\n"
+ ."\n"
+ .'- **waf**: rule-based protection policy engine.'."\n"
+ .'- **dld**: deep learning engine.'."\n"
+ .'- **tamperproof**: web tamper-proofing.'."\n"
+ .'- **dlp**: sensitive information leak prevention.'."\n"
+ .'- **normalized**: proactive defense.'."\n"
+ .'- **bot_crawler**: legitimate crawlers.'."\n"
+ .'- **bot_intelligence**: crawler threat intelligence.'."\n"
+ .'- **antifraud**: data risk control.'."\n"
+ .'- **bot_algorithm**: intelligent algorithm.'."\n"
+ .'- **bot_wxbb**: app protection.'."\n"
+ .'- **bot_wxbb_pkg**: version protection in app protection.'."\n"
+ .'- **ac_cc**: HTTP flood protection.'."\n"
+ .'- **ac_blacklist**: IP blacklist.'."\n"
+ .'- **ac_highfreq**: blocking of high-frequency web attacks in scan protection.'."\n"
+ .'- **ac_dirscan**: folder traverse protection in scan protection.'."\n"
+ .'- **ac_scantools**: scan tool blocking in scan protection.'."\n"
+ .'- **ac_collaborative**: collaborative defense in scan protection.'."\n"
+ .'- **ac_custom**: custom protection policy.'."\n"
+ ."\n"
+ .'> You can set only one feature module at a time.', 'type' => 'string', 'required' => true, 'example' => 'waf', 'title' => ''],
],
[
- 'name' => 'Enabled',
+ 'name' => 'ModuleStatus',
'in' => 'query',
- 'schema' => [
- 'description' => '',
- 'type' => 'integer',
- 'format' => 'int32',
- 'required' => true,
- 'example' => '1',
- ],
+ 'schema' => ['description' => 'The status of the protection module. Valid values:'."\n"
+ ."\n"
+ .'- **0**: Disabled.'."\n"
+ .'- **1**: Enabled.', 'type' => 'integer', 'format' => 'int32', 'required' => true, 'example' => '1', 'title' => ''],
+ ],
+ [
+ 'name' => 'InstanceId',
+ 'in' => 'query',
+ 'schema' => ['description' => 'The ID of the WAF instance to operate on.'."\n"
+ ."\n"
+ .'> You can call [DescribeInstanceInfo](~~140857~~) to query the ID of the current WAF instance.', 'type' => 'string', 'required' => true, 'example' => 'waf-cn-zz11sr5****', 'title' => ''],
],
[
'name' => 'ResourceGroupId',
'in' => 'query',
- 'schema' => [
- 'type' => 'string',
- ],
+ 'schema' => ['description' => 'The ID of the resource group to which the WAF instance belongs in Resource Management.'."\n"
+ ."\n"
+ .'If you do not specify this parameter, the default resource group is used.', 'type' => 'string', 'required' => false, 'example' => 'rg-aekztsixucs****', 'title' => ''],
],
[
'name' => 'RegionId',
'in' => 'query',
- 'schema' => [
- 'type' => 'string',
- 'default' => 'cn-hangzhou',
- ],
+ 'schema' => ['description' => 'The region where the WAF instance resides. Valid values:'."\n"
+ ."\n"
+ .'- **cn-hangzhou**: the Chinese mainland.'."\n"
+ ."\n"
+ .'- **ap-southeast-1**: outside the Chinese mainland.', 'type' => 'string', 'default' => 'cn-hangzhou', 'required' => false, 'example' => 'cn-hangzhou', 'title' => ''],
],
],
'responses' => [
@@ -4814,95 +6227,98 @@
'schema' => [
'type' => 'object',
'properties' => [
- 'RequestId' => [
- 'description' => '',
- 'type' => 'string',
- 'example' => 'D7861F61-5B61-46CE-A47C-6B19160D5EB0',
- ],
+ 'RequestId' => ['description' => 'The ID of the request.', 'type' => 'string', 'example' => 'D7861F61-5B61-46CE-A47C-6B19160D5EB0', 'title' => ''],
],
+ 'description' => '',
+ 'title' => '',
+ 'example' => '',
],
],
],
- 'errorCodes' => [
- 403 => [
- [
- 'errorCode' => 'Forbbiden',
- 'errorMessage' => 'User not authorized to operate on the specified resource.',
- ],
+ 'errorCodes' => [],
+ 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"RequestId\\": \\"D7861F61-5B61-46CE-A47C-6B19160D5EB0\\"\\n}","type":"json"}]',
+ 'title' => 'Enable or disable a specified WAF protection feature',
+ 'summary' => 'Enables or disables a specified WAF protection feature, such as web intrusion prevention, data security, advanced protection, bot management, access control, or throttling.',
+ 'description' => 'This operation enables or disables a specified WAF protection module.'."\n"
+ .'You can set the **DefenseType** parameter to specify the protection module to operate on. For more information about the valid values, see the description of the **DefenseType** request parameter.'."\n"
+ .'To ensure system stability, the China Chinese mainland per-user queries per second (QPS) limit is 20. If this limit is exceeded, API calls are throttled, which may affect your business. Call this operation at a reasonable frequency.',
+ 'requestParamsDescription' => 'In addition to the request parameters described in this topic, you must include Alibaba Cloud API common parameters in your request. For more information about common parameters, see [Common parameters](~~162719~~).'."\n"
+ ."\n"
+ .'For the request format, see the request example in the **Examples** section of this topic.',
+ 'responseParamsDescription' => ' ',
+ 'extraInfo' => ' ',
+ 'changeSet' => [],
+ 'flowControl' => [
+ 'flowControlList' => [
+ ['threshold' => '20', 'countWindow' => 1, 'regionId' => '*', 'api' => 'ModifyProtectionModuleStatus'],
],
- 500 => [
- [
- 'errorCode' => 'InternalError',
- 'errorMessage' => 'The request processing has failed due to some unknown error.',
+ ],
+ 'ramActions' => [
+ [
+ 'operationType' => '',
+ 'ramAction' => [
+ 'action' => 'yundun-waf:ModifyProtectionModuleStatus',
+ 'authLevel' => 'operate',
+ 'actionConditions' => [],
+ 'resources' => [
+ ['validationType' => 'always', 'product' => 'WAF', 'resourceType' => 'All Resource', 'arn' => '*'],
+ ],
],
],
],
- 'responseDemo' => '[{"type":"json","example":"{\\n \\"RequestId\\": \\"D7861F61-5B61-46CE-A47C-6B19160D5EB0\\"\\n}","errorExample":""},{"type":"xml","example":"<?xml version=\\"1.0\\" encoding=\\"UTF-8\\" ?>\\r\\n<ModifyLogRetrievalStatusResponse>\\r\\n\\t<RequestId>D7861F61-5B61-46CE-A47C-6B19160D5EB0</RequestId>\\r\\n</ModifyLogRetrievalStatusResponse>","errorExample":""}]',
- 'title' => 'ModifyLogRetrievalStatus',
- 'responseParamsDescription' => ' ',
- 'extraInfo' => ' ',
],
- 'ModifyLogServiceStatus' => [
- 'methods' => [
- 'post',
- 'get',
- ],
- 'schemes' => [
- 'http',
- 'https',
- ],
+ 'ModifyProtectionRuleCacheStatus' => [
+ 'methods' => ['post', 'get'],
+ 'schemes' => ['http', 'https'],
'security' => [
[
'AK' => [],
],
],
- 'systemTags' => [],
+ 'systemTags' => [
+ 'operationType' => 'get',
+ 'abilityTreeCode' => '93407',
+ 'abilityTreeNodes' => ['FEATUREwafI1HM4C'],
+ ],
'parameters' => [
[
- 'name' => 'InstanceId',
+ 'name' => 'Domain',
'in' => 'query',
- 'schema' => [
- 'description' => '',
- 'type' => 'string',
- 'required' => true,
- 'example' => 'waf_elasticity-cn-0xldbqt****',
- ],
+ 'schema' => ['description' => 'The domain name that has been added.', 'type' => 'string', 'required' => true, 'example' => 'www.example.com', 'title' => ''],
],
[
- 'name' => 'Domain',
+ 'name' => 'RuleId',
'in' => 'query',
- 'schema' => [
- 'description' => '',
- 'type' => 'string',
- 'required' => true,
- 'example' => 'www.example.com',
- ],
+ 'schema' => ['description' => 'The ID of the rule.'."\n"
+ .'> Call the [DescribeProtectionModuleRules](~~100398~~) operation to query the IDs of all rules.', 'type' => 'integer', 'format' => 'int64', 'required' => true, 'example' => '42755', 'title' => ''],
],
[
- 'name' => 'Enabled',
+ 'name' => 'DefenseType',
'in' => 'query',
- 'schema' => [
- 'description' => '',
- 'type' => 'integer',
- 'format' => 'int32',
- 'required' => true,
- 'example' => '1',
- ],
+ 'schema' => ['description' => 'The protection module. Set the value to **tamperproof**.', 'type' => 'string', 'required' => true, 'example' => 'tamperproof', 'title' => ''],
],
[
- 'name' => 'ResourceGroupId',
+ 'name' => 'InstanceId',
'in' => 'query',
- 'schema' => [
- 'type' => 'string',
- ],
+ 'schema' => ['description' => 'Instance ID of the WAF instance.'."\n"
+ .'> Call the [DescribeInstanceInfo](~~140857~~) operation to query instance ID of the current WAF instance.', 'type' => 'string', 'required' => true, 'example' => 'waf_elasticity-cn-0xldbqt****', 'title' => ''],
],
[
'name' => 'RegionId',
'in' => 'query',
- 'schema' => [
- 'type' => 'string',
- 'default' => 'cn-hangzhou',
- ],
+ 'schema' => ['description' => 'The region where the WAF instance is deployed. Valid values:'."\n"
+ ."\n"
+ .'- **cn-hangzhou**: the Chinese mainland.'."\n"
+ ."\n"
+ .'- **ap-southeast-1**: outside the Chinese mainland.', 'type' => 'string', 'required' => false, 'example' => 'cn-hangzhou', 'title' => ''],
+ ],
+ [
+ 'name' => 'ResourceGroupId',
+ 'in' => 'query',
+ 'schema' => ['description' => "\n"
+ .'The ID of the resource group to which the WAF instance belongs in Resource Management. This parameter is empty by default, which indicates that the instance belongs to the default resource group.'."\n"
+ ."\n"
+ .'For more information about resource groups, see [Create a resource group](~~94485~~).', 'type' => 'string', 'required' => false, 'example' => 'rg-atstuj3rtop****', 'title' => ''],
],
],
'responses' => [
@@ -4910,130 +6326,118 @@
'schema' => [
'type' => 'object',
'properties' => [
- 'RequestId' => [
- 'description' => '',
- 'type' => 'string',
- 'example' => 'D7861F61-5B61-46CE-A47C-6B19160D5EB0',
- ],
+ 'RequestId' => ['description' => 'The request ID.', 'type' => 'string', 'example' => 'D7861F61-5B61-46CE-A47C-6B19160D5EB0', 'title' => ''],
],
+ 'description' => '',
+ 'title' => '',
+ 'example' => '',
],
],
],
- 'errorCodes' => [
- 403 => [
- [
- 'errorCode' => 'Forbbiden',
- 'errorMessage' => 'User not authorized to operate on the specified resource.',
- ],
- ],
- 500 => [
- [
- 'errorCode' => 'InternalError',
- 'errorMessage' => 'The request processing has failed due to some unknown error.',
- ],
- ],
- ],
- 'responseDemo' => '[{"type":"json","example":"{\\n \\"RequestId\\": \\"D7861F61-5B61-46CE-A47C-6B19160D5EB0\\"\\n}","errorExample":""},{"type":"xml","example":"<?xml version=\\"1.0\\" encoding=\\"UTF-8\\" ?>\\r\\n<ModifyLogServiceStatusResponse>\\r\\n\\t<RequestId>D7861F61-5B61-46CE-A47C-6B19160D5EB0</RequestId>\\r\\n</ModifyLogServiceStatusResponse>","errorExample":""}]',
- 'title' => 'ModifyLogServiceStatus',
+ 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"RequestId\\": \\"D7861F61-5B61-46CE-A47C-6B19160D5EB0\\"\\n}","type":"json"}]',
+ 'title' => 'Update the cache of a page protected by a web tamper-proofing rule',
+ 'summary' => 'Updates the cache of a page protected by a specified web tamper-proofing rule.',
'requestParamsDescription' => ' ',
'responseParamsDescription' => ' ',
'extraInfo' => ' ',
- ],
- 'DescribeLogServiceStatus' => [
- 'methods' => [
- 'post',
- 'get',
+ 'changeSet' => [
+ ['createdAt' => '2024-06-25T11:40:13.000Z', 'description' => 'Request parameters changed, Error codes changed'],
+ ],
+ 'flowControl' => [
+ 'flowControlList' => [
+ ['threshold' => '10', 'countWindow' => 1, 'regionId' => '*', 'api' => 'ModifyProtectionRuleCacheStatus'],
+ ],
],
- 'schemes' => [
- 'http',
- 'https',
+ 'ramActions' => [
+ [
+ 'operationType' => 'get',
+ 'ramAction' => [
+ 'action' => 'yundun-waf:ModifyProtectionRuleCacheStatus',
+ 'authLevel' => 'operate',
+ 'actionConditions' => [],
+ 'resources' => [
+ ['validationType' => 'always', 'product' => 'WAF', 'resourceType' => 'All Resource', 'arn' => '*'],
+ ],
+ ],
+ ],
],
+ ],
+ 'ModifyProtectionRuleStatus' => [
+ 'methods' => ['post', 'get'],
+ 'schemes' => ['http', 'https'],
'security' => [
[
'AK' => [],
],
],
'systemTags' => [
- 'operationType' => 'get',
+ 'operationType' => 'update',
+ 'abilityTreeCode' => '93408',
+ 'abilityTreeNodes' => ['FEATUREwafNZKQ0J'],
],
'parameters' => [
[
- 'name' => 'InstanceId',
+ 'name' => 'Domain',
'in' => 'query',
- 'schema' => [
- 'description' => '',
- 'type' => 'string',
- 'required' => true,
- 'example' => 'waf-cn-zz11sr5****',
- ],
+ 'schema' => ['description' => 'The domain name that has been added.', 'type' => 'string', 'required' => true, 'example' => 'www.example.com', 'title' => ''],
],
[
- 'name' => 'Region',
+ 'name' => 'DefenseType',
'in' => 'query',
- 'schema' => [
- 'description' => '',
- 'type' => 'string',
- 'required' => false,
- 'example' => 'cn',
- 'default' => 'cn',
- ],
+ 'schema' => ['description' => 'The protection feature module. Valid values:'."\n"
+ ."\n"
+ .'- **tamperproof**: web tamper-proofing'."\n"
+ ."\n"
+ .'- **bot_crawler**: the legitimate search engine whitelist in the legitimate crawlers feature module'."\n"
+ ."\n"
+ .'- **bot_intelligence**: crawler threat intelligence'."\n"
+ ."\n"
+ .'- **ac_custom**: custom protection policy'."\n"
+ ."\n"
+ .'- **whitelist**: website whitelist', 'type' => 'string', 'required' => true, 'example' => 'tamperproof', 'title' => ''],
],
[
- 'name' => 'ResourceGroupId',
+ 'name' => 'RuleId',
'in' => 'query',
- 'schema' => [
- 'description' => '',
- 'type' => 'string',
- 'required' => false,
- 'example' => 'rg-acfm2pz25js****',
- ],
+ 'schema' => ['description' => 'The ID of the protection rule.'."\n"
+ ."\n"
+ .'> You can call the [DescribeProtectionModuleRules](~~100398~~) operation to query all rule IDs.', 'type' => 'integer', 'format' => 'int64', 'required' => true, 'example' => '42755', 'title' => ''],
],
[
- 'name' => 'PageNumber',
+ 'name' => 'RuleStatus',
'in' => 'query',
- 'schema' => [
- 'description' => '',
- 'type' => 'integer',
- 'format' => 'int32',
- 'required' => false,
- 'example' => '1',
- 'default' => '1',
- ],
+ 'schema' => ['description' => 'The status of the protection rule. Valid values:'."\n"
+ ."\n"
+ .'- **0**: disabled'."\n"
+ .'- **1**: enabled.', 'type' => 'integer', 'format' => 'int32', 'required' => true, 'example' => '1', 'title' => ''],
],
[
- 'name' => 'PageSize',
+ 'name' => 'LockVersion',
'in' => 'query',
- 'schema' => [
- 'description' => '',
- 'type' => 'integer',
- 'format' => 'int32',
- 'required' => false,
- 'example' => '10',
- 'default' => '10',
- ],
+ 'schema' => ['description' => 'The version number of the rule configuration record.', 'type' => 'integer', 'format' => 'int64', 'required' => true, 'example' => '2', 'title' => ''],
],
[
- 'name' => 'DomainNames',
+ 'name' => 'InstanceId',
'in' => 'query',
- 'style' => 'repeatList',
- 'schema' => [
- 'description' => '',
- 'type' => 'array',
- 'items' => [
- 'type' => 'string',
- ],
- 'required' => false,
- 'example' => 'www.aliyun.com',
- 'maxItems' => 100,
- ],
+ 'schema' => ['description' => 'Instance ID of the WAF instance.'."\n"
+ ."\n"
+ .'> You can call the [DescribeInstanceInfo](~~140857~~) operation to query instance ID of the current WAF instance.', 'type' => 'string', 'required' => true, 'example' => 'waf_elasticity-cn-0xldbqt****', 'title' => ''],
],
[
'name' => 'RegionId',
'in' => 'query',
- 'schema' => [
- 'type' => 'string',
- 'default' => 'cn-hangzhou',
- ],
+ 'schema' => ['description' => 'The region where the WAF instance is deployed. Valid values:'."\n"
+ ."\n"
+ .'- **cn-hangzhou**: the Chinese mainland.'."\n"
+ ."\n"
+ .'- **ap-southeast-1**: outside the Chinese mainland.', 'type' => 'string', 'required' => false, 'example' => 'cn-hangzhou', 'title' => ''],
+ ],
+ [
+ 'name' => 'ResourceGroupId',
+ 'in' => 'query',
+ 'schema' => ['description' => 'The ID of the resource group to which the WAF instance belongs in Resource Management. By default, this parameter is empty, which indicates that the instance belongs to the default resource group.'."\n"
+ ."\n"
+ .'For more information about resource groups, see [Create a resource group](~~94485~~).', 'type' => 'string', 'required' => false, 'example' => 'rg-atstuj3rtop****', 'title' => ''],
],
],
'responses' => [
@@ -5041,91 +6445,88 @@
'schema' => [
'type' => 'object',
'properties' => [
- 'TotalCount' => [
- 'description' => '',
- 'type' => 'integer',
- 'format' => 'int32',
- 'example' => '1',
- ],
- 'RequestId' => [
- 'description' => '',
- 'type' => 'string',
- 'example' => 'C2E97B3F-1623-4CDF-A7E2-FD9D4CF1027A',
- ],
- 'DomainStatus' => [
- 'description' => '',
- 'type' => 'array',
- 'items' => [
- 'type' => 'object',
- 'properties' => [
- 'Domain' => [
- 'description' => '',
- 'type' => 'string',
- 'example' => 'www.aliyun.com',
- ],
- 'SlsLogActive' => [
- 'description' => '',
- 'type' => 'integer',
- 'format' => 'int32',
- 'example' => '1',
- ],
- ],
- ],
- ],
+ 'RequestId' => ['description' => 'The request ID.', 'type' => 'string', 'example' => 'D7861F61-5B61-46CE-A47C-6B19****5EB0', 'title' => ''],
],
+ 'description' => '',
+ 'title' => '',
+ 'example' => '',
],
],
],
- 'responseDemo' => '[{"type":"json","example":"{\\n \\"TotalCount\\": 63,\\n \\"RequestId\\": \\"D7861F61-5B61-46CE-A47C-6B19****5EB0\\",\\n \\"DomainStatus\\": [\\n {\\n \\"Domain\\": \\"www.aliyun.com\\",\\n \\"SlsLogActive\\": 1\\n }\\n ]\\n}","errorExample":""},{"type":"xml","example":"<?xml version=\\"1.0\\" encoding=\\"UTF-8\\" ?>\\r\\n<DescribeLogServiceStatusResponse>\\r\\n\\t<RequestId>C2E97B3F-1623-4CDF-A7E2-FD9D4CF1027A</RequestId>\\r\\n\\t<TotalCount>1</TotalCount>\\r\\n\\t<DomainStatus>\\r\\n\\t\\t<Domain>www.aliyun.com</Domain>\\r\\n\\t\\t<SlsLogActive>1</SlsLogActive>\\r\\n\\t</DomainStatus>\\r\\n</DescribeLogServiceStatusResponse>","errorExample":""}]',
- 'title' => 'DescribeLogServiceStatus',
+ 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"RequestId\\": \\"D7861F61-5B61-46CE-A47C-6B19****5EB0\\"\\n}","type":"json"}]',
+ 'title' => 'Enable or disable WAF protection modules for a domain name',
+ 'summary' => 'Enables or disables WAF protection feature modules for a domain name, such as web tamper-proofing, legitimate crawlers, crawler threat intelligence, custom protection policies, and website whitelists.',
+ 'description' => 'You can specify the protection module by setting the **DefenseType** parameter. For more information about the valid values, see the description of the **DefenseType** request parameter.',
+ 'requestParamsDescription' => ' ',
'responseParamsDescription' => ' ',
'extraInfo' => ' ',
- ],
- 'DescribeWafSourceIpSegment' => [
- 'methods' => [
- 'post',
- 'get',
+ 'changeSet' => [
+ ['createdAt' => '2024-06-25T11:40:13.000Z', 'description' => 'Request parameters changed, Error codes changed'],
],
- 'schemes' => [
- 'http',
- 'https',
+ 'flowControl' => [
+ 'flowControlList' => [
+ ['threshold' => '10', 'countWindow' => 1, 'regionId' => '*', 'api' => 'ModifyProtectionRuleStatus'],
+ ],
+ ],
+ 'ramActions' => [
+ [
+ 'operationType' => 'update',
+ 'ramAction' => [
+ 'action' => 'yundun-waf:ModifyProtectionRuleStatus',
+ 'authLevel' => 'operate',
+ 'actionConditions' => [],
+ 'resources' => [
+ ['validationType' => 'always', 'product' => 'WAF', 'resourceType' => 'All Resource', 'arn' => '*'],
+ ],
+ ],
+ ],
],
+ ],
+ 'MoveResourceGroup' => [
+ 'methods' => ['post', 'get'],
+ 'schemes' => ['http', 'https'],
'security' => [
[
'AK' => [],
],
],
- 'systemTags' => [
- 'operationType' => 'get',
- ],
+ 'systemTags' => [],
'parameters' => [
[
- 'name' => 'InstanceId',
+ 'name' => 'ResourceId',
'in' => 'query',
- 'schema' => [
- 'description' => '',
- 'type' => 'string',
- 'required' => true,
- 'example' => 'waf-cn-zz11sr5****',
- ],
+ 'schema' => ['description' => 'The ID of the WAF resource to move.'."\n"
+ ."\n"
+ .'After you configure a Website Config for a domain name in WAF, the domain name represents a WAF resource. A WAF resource uses a resource ID (ResourceId) as its unique identity in Resource Management. The resource ID of a WAF resource is in the format of `<InstanceId>~<Domain>`:'."\n"
+ ."\n"
+ .'- `<InstanceId>` specifies the ID of the current WAF instance. You can invoke the [DescribeInstanceInfo](~~140857~~) operation in the WAF API to query the ID of the current WAF instance.'."\n"
+ ."\n"
+ .'- `<Domain>` specifies the website domain name that is added to the WAF instance for protection. You can invoke the [DescribeDomainList](~~255880~~) operation in the WAF API to query all domain names added to the WAF instance for protection.'."\n"
+ ."\n"
+ .'- `<InstanceId>` and `<Domain>` are connected by `~` to form the resource ID of the WAF domain name resource.', 'type' => 'string', 'required' => true, 'example' => 'waf-cn-09k1rd5****~www.example.com', 'title' => ''],
],
[
'name' => 'ResourceGroupId',
'in' => 'query',
- 'schema' => [
- 'description' => '',
- 'type' => 'string',
- 'required' => false,
- 'example' => 'rg-acfm2pz25js****',
- ],
+ 'schema' => ['description' => 'The ID of the resource group to which you want to move the WAF resource.'."\n"
+ ."\n"
+ .'After you create a resource group in Resource Management, a unique identifier is generated for the resource group, which is the resource group ID (ResourceGroupId).'."\n"
+ ."\n"
+ .'You can view all resource group IDs on the **Resource Group** page in the [Resource Management console](https://resourcemanager.console.aliyun.com/resource-groups), or call the [ListResourceGroups](~~158855~~) operation provided by Resource Management to query all resource group IDs.', 'type' => 'string', 'required' => true, 'example' => 'rg-atstuj3rtop****', 'title' => ''],
+ ],
+ [
+ 'name' => 'ResourceType',
+ 'in' => 'query',
+ 'schema' => ['description' => 'The type of the WAF resource. Set the value to **domain**, which indicates that the WAF resource type is domain name only.', 'type' => 'string', 'required' => true, 'example' => 'domain', 'title' => ''],
],
[
'name' => 'RegionId',
'in' => 'query',
- 'schema' => [
- 'type' => 'string',
- 'default' => 'cn-hangzhou',
- ],
+ 'schema' => ['description' => 'The region where the WAF instance resides. Valid values:'."\n"
+ ."\n"
+ .'- **cn-hangzhou**: the Chinese mainland.'."\n"
+ ."\n"
+ .'- **ap-southeast-1**: outside the Chinese mainland.', 'type' => 'string', 'default' => 'cn-hangzhou', 'required' => false, 'example' => 'cn-hangzhou', 'title' => ''],
],
],
'responses' => [
@@ -5133,86 +6534,112 @@
'schema' => [
'type' => 'object',
'properties' => [
- 'RequestId' => [
- 'description' => '',
- 'type' => 'string',
- 'example' => 'AB2F5E31-EE96-4FD7-9560-45FF5D5377FF',
- ],
- 'Ips' => [
- 'description' => '',
- 'type' => 'string',
- 'example' => '47.XXX.XXX.192/26,……,47.XXX.XXX.0/24',
- ],
- 'IpV6s' => [
- 'description' => '',
- 'type' => 'string',
- 'example' => '39.XXX.XXX.0/24,……,2408:400a:XXXX:XXXX::/56',
- ],
+ 'RequestId' => ['description' => 'The ID of the request. Alibaba Cloud generates a unique identifier for each request. You can use the request ID to troubleshoot issues.', 'type' => 'string', 'example' => 'C33EB3D5-AF96-43CA-9C7E-37A8****6A1E', 'title' => ''],
],
+ 'description' => '',
+ 'title' => '',
+ 'example' => '',
],
],
],
- 'responseDemo' => '[{"type":"json","example":"{\\n \\"RequestId\\": \\"AB2F5E31-EE96-4FD7-9560-45FF****77FF\\",\\n \\"Ips\\": \\"47.XXX.XXX.192/26,……,47.XXX.XXX.0/24\\",\\n \\"IpV6s\\": \\"39.XXX.XXX.0/24,……,2408:400a:XXXX:XXXX::/56\\"\\n}","errorExample":""},{"type":"xml","example":"<?xml version=\\"1.0\\" encoding=\\"UTF-8\\" ?>\\r\\n<DescribeWafSourceIpSegmentResponse>\\r\\n\\t<RequestId>AB2F5E31-EE96-4FD7-9560-45FF5D5377FF</RequestId>\\r\\n\\t<IpV6s>39.XXX.XXX.0/24,……,2408:400a:XXXX:XXXX::/56</IpV6s>\\r\\n\\t<Ips>47.XXX.XXX.192/26,……,47.XXX.XXX.0/24</Ips>\\r\\n</DescribeWafSourceIpSegmentResponse>\\t","errorExample":""}]',
- 'title' => 'DescribeWafSourceIpSegment',
- 'responseParamsDescription' => ' ',
- 'extraInfo' => ' ',
- ],
- 'MoveResourceGroup' => [
- 'methods' => [
- 'post',
- 'get',
- ],
- 'schemes' => [
- 'http',
- 'https',
+ 'errorCodes' => [],
+ 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"RequestId\\": \\"C33EB3D5-AF96-43CA-9C7E-37A8****6A1E\\"\\n}","type":"json"}]',
+ 'title' => 'Move a resource to a new resource group',
+ 'summary' => 'Moves a WAF resource to a different resource group.',
+ 'description' => 'A WAF resource represents a domain name that is added to WAF for protection. A resource group is a mechanism for organizing and managing resources within an Alibaba Cloud account. Resource groups help you manage resources across multiple projects or applications and simplify user authorization management within a single account. Domain name resources added to WAF belong to the default resource group by default. You can move WAF domain name resources to a custom resource group for grouped resource management.'."\n"
+ ."\n"
+ .'You can create a resource group in the Alibaba Cloud Management Console. For related operations, see [Create a resource group](https://www.alibabacloud.com/help/en/resource-management/user-guide/create-a-resource-group). You can also create a resource group by invoking the Resource Management API. For more information, see [CreateResourceGroup](https://www.alibabacloud.com/help/en/resource-management/api-createresourcegroup).'."\n"
+ ."\n"
+ .'For more information about resource groups, see [What is Resource Management?](https://www.alibabacloud.com/help/en/resource-management/product-overview/what-is-resource-management).',
+ 'changeSet' => [],
+ 'flowControl' => [
+ 'flowControlList' => [
+ ['threshold' => '10', 'countWindow' => 1, 'regionId' => '*', 'api' => 'MoveResourceGroup'],
+ ],
+ ],
+ 'ramActions' => [
+ [
+ 'operationType' => '',
+ 'ramAction' => [
+ 'action' => 'yundun-waf:MoveResourceGroup',
+ 'authLevel' => 'operate',
+ 'actionConditions' => [],
+ 'resources' => [
+ ['validationType' => 'always', 'product' => 'WAF', 'resourceType' => 'All Resource', 'arn' => '*'],
+ ],
+ ],
+ ],
],
+ ],
+ 'SetDomainRuleGroup' => [
+ 'methods' => ['post', 'get'],
+ 'schemes' => ['http', 'https'],
'security' => [
[
'AK' => [],
],
],
+ 'deprecated' => false,
'systemTags' => [],
'parameters' => [
[
- 'name' => 'ResourceId',
+ 'name' => 'Domains',
'in' => 'query',
- 'schema' => [
- 'description' => '',
- 'type' => 'string',
- 'required' => true,
- 'example' => 'waf-cn-09k1rd5****~www.example.com',
- ],
+ 'schema' => ['description' => 'The list of domain names for which you want to configure the protection rule group. Specify the value as a string converted from an array.'."\n"
+ ."\n"
+ .'You can specify multiple domain names at a time in the following format: `["<Domain name 1>","<Domain name 2>",...]`.'."\n"
+ ."\n"
+ .'> You can call [DescribeDomainList](~~255880~~) to query all domain names that have been added to WAF for protection.', 'type' => 'string', 'required' => true, 'example' => '["www.aliyundoc.com"]', 'title' => ''],
+ ],
+ [
+ 'name' => 'RuleGroupId',
+ 'in' => 'query',
+ 'schema' => ['description' => 'The ID of the protection rule group to apply to the rule-based protection engine. Valid values:'."\n"
+ ."\n"
+ .'- **1011**: the built-in Strict rule group of WAF.'."\n"
+ .'- **1012**: the built-in Medium rule group of WAF.'."\n"
+ .'- **1013**: the built-in Loose rule group of WAF.'."\n"
+ ."\n"
+ .'In addition to the built-in rule groups listed above, you can also specify the ID of a custom rule group.'."\n"
+ ."\n"
+ .'> You can obtain the ID of a custom rule group on the **Protection Rule Group** page in the [Web Application Firewall console](https://yundun.console.aliyun.com/?p=wafnext).', 'type' => 'integer', 'format' => 'int64', 'required' => true, 'example' => '1012', 'title' => ''],
+ ],
+ [
+ 'name' => 'WafVersion',
+ 'in' => 'query',
+ 'schema' => ['description' => 'The version number for the current configuration, which is used for optimistic locking control.', 'type' => 'integer', 'format' => 'int64', 'required' => false, 'example' => '1', 'title' => ''],
+ ],
+ [
+ 'name' => 'InstanceId',
+ 'in' => 'query',
+ 'schema' => ['description' => 'The ID of the WAF instance.'."\n"
+ ."\n"
+ .'> You can call [DescribeInstanceInfo](~~140857~~) to query the ID of the current WAF instance.', 'type' => 'string', 'required' => true, 'example' => 'waf-cn-tl32ast****', 'title' => ''],
],
[
'name' => 'ResourceGroupId',
'in' => 'query',
- 'schema' => [
- 'description' => '',
- 'type' => 'string',
- 'required' => true,
- 'example' => 'rg-atstuj3rtop****',
- ],
+ 'schema' => ['description' => 'The ID of the resource group to which the domain name belongs in Resource Management.'."\n"
+ ."\n"
+ .'If you do not specify this parameter, the default resource group is used.', 'type' => 'string', 'required' => false, 'example' => 'rg-acfm2pz25js****', 'title' => ''],
],
[
- 'name' => 'ResourceType',
+ 'name' => 'WafAiStatus',
'in' => 'query',
- 'schema' => [
- 'description' => '',
- 'type' => 'string',
- 'required' => true,
- 'example' => 'domain',
- ],
+ 'schema' => ['description' => 'Specifies whether to enable the intelligent rule hosting feature. Valid values:'."\n"
+ .'- **0**: disabled.'."\n"
+ .'- **1** (default): enabled.'."\n"
+ ."\n"
+ .'Intelligent rule hosting means that WAF intelligently learns the behavior patterns of historical business traffic, identifies protection rules that may cause false positives for normal business, and automatically configures web intrusion protection whitelists to block the corresponding protection rules in specific business protection scenarios. After the false positive risk is eliminated, the blocked protection rules are restored.', 'type' => 'integer', 'format' => 'int32', 'required' => false, 'example' => '1', 'title' => ''],
],
[
'name' => 'RegionId',
'in' => 'query',
- 'schema' => [
- 'description' => '',
- 'type' => 'string',
- 'required' => true,
- 'example' => 'cn-hangzhou',
- 'default' => 'cn-hangzhou',
- ],
+ 'schema' => ['description' => 'The region where the WAF instance is deployed. Valid values:'."\n"
+ ."\n"
+ .'- **cn-hangzhou**: Chinese mainland.'."\n"
+ ."\n"
+ .'- **ap-southeast-1**: outside the Chinese mainland.', 'type' => 'string', 'default' => 'cn-hangzhou', 'required' => false, 'example' => 'cn-hangzhou', 'title' => ''],
],
],
'responses' => [
@@ -5220,30 +6647,1319 @@
'schema' => [
'type' => 'object',
'properties' => [
- 'RequestId' => [
- 'description' => '',
- 'type' => 'string',
- 'example' => 'C33EB3D5-AF96-43CA-9C7E-37A81BC06A1E',
- ],
+ 'RequestId' => ['description' => 'The ID of the request.', 'type' => 'string', 'example' => 'D7861F61-5B61-46CE-A47C-6B19****5EB0', 'title' => ''],
],
+ 'description' => '',
+ 'title' => '',
+ 'example' => '',
],
],
],
- 'errorCodes' => [],
- 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"RequestId\\": \\"C33EB3D5-AF96-43CA-9C7E-37A8****6A1E\\"\\n}","type":"json"}]',
- 'title' => 'MoveResourceGroup',
+ 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"RequestId\\": \\"D7861F61-5B61-46CE-A47C-6B19****5EB0\\"\\n}","type":"json"}]',
+ 'title' => 'Configure a protection rule group for a domain name',
+ 'summary' => 'Configures the protection rule group used by the regular expression protection engine for a specified domain name. In addition to the three system default protection rule groups, you can also select a custom rule group.',
+ 'description' => 'Configures the protection rule group for the rule-based protection engine and the status of the intelligent rule hosting feature for a specified domain name.'."\n"
+ .'When configuring a protection rule group, you can use the built-in Normal, Strict, and Loose protection rule groups provided by WAF, or select a custom rule group. To ensure system stability, the queries per second (QPS) is limited to 10 per user. If the limit is exceeded, API calls are throttled, which may affect your business. Call this operation at an appropriate frequency.'."\n"
+ ."\n"
+ .'><notice> Creating custom rule groups through the API is not currently supported. You must first create a rule group and obtain the corresponding rule group ID on the **System Management** > **Protection Rule Group** page in the [Web Application Firewall console](https://yundun.console.aliyun.com/?p=wafnext) before you can call this operation to apply a custom rule group to a domain name.'."\n"
+ .'></notice>.',
+ 'requestParamsDescription' => 'When you call this operation, you must include common Alibaba Cloud API request parameters in addition to the operation-specific request parameters described in this topic. For more information about common parameters, see [Common parameters](~~162719~~).'."\n"
+ ."\n"
+ .'For the request format, see the request examples in the **Examples** section of this topic.',
'responseParamsDescription' => ' ',
'extraInfo' => ' ',
+ 'changeSet' => [
+ ['createdAt' => '2022-01-18T08:24:59.000Z', 'description' => 'Request parameters changed, Error codes changed'],
+ ],
+ 'flowControl' => [
+ 'flowControlList' => [
+ ['threshold' => '10', 'countWindow' => 1, 'regionId' => '*', 'api' => 'SetDomainRuleGroup'],
+ ],
+ ],
+ 'ramActions' => [
+ [
+ 'operationType' => '',
+ 'ramAction' => [
+ 'action' => 'yundun-waf:SetDomainRuleGroup',
+ 'authLevel' => 'operate',
+ 'actionConditions' => [],
+ 'resources' => [
+ ['validationType' => 'always', 'product' => 'WAF', 'resourceType' => 'All Resource', 'arn' => '*'],
+ ],
+ ],
+ ],
+ ],
],
],
'endpoints' => [
+ ['regionId' => 'ap-southeast-1', 'regionName' => 'Singapore', 'areaId' => 'asiaPacific', 'areaName' => 'Asia Pacific', 'public' => 'wafopenapi.ap-southeast-1.aliyuncs.com', 'endpoint' => 'wafopenapi.ap-southeast-1.aliyuncs.com', 'vpc' => 'wafopenapi-intl.vpc-proxy.aliyuncs.com'],
+ ['regionId' => 'cn-hangzhou', 'regionName' => 'China (Hangzhou)', 'areaId' => 'asiaPacific', 'areaName' => 'Asia Pacific', 'public' => 'wafopenapi.cn-hangzhou.aliyuncs.com', 'endpoint' => 'wafopenapi.cn-hangzhou.aliyuncs.com', 'vpc' => 'wafopenapi.vpc-proxy.aliyuncs.com'],
+ ],
+ 'errorCodes' => [
+ ['code' => '10900', 'message' => 'Invalid parameter', 'http_code' => 400, 'description' => 'Invalid parameter'],
+ ['code' => '11001', 'message' => 'Internal server error', 'http_code' => 400, 'description' => 'System internal error'],
+ ['code' => '500', 'message' => 'Internal server error', 'http_code' => 500, 'description' => 'Internal System Error'],
+ ['code' => 'AccountSafeUsed', 'message' => 'The feature of account security is being used.', 'http_code' => 400, 'description' => 'The account security feature is in use.'],
+ ['code' => 'AclIpCountOverLimit', 'message' => 'Ip count in ACL rule is over limit.', 'http_code' => 400, 'description' => 'The number of IP addresses in the custom rule (ACL) exceeds the limit.'],
+ ['code' => 'AclParamError', 'message' => 'Acl param invalid.', 'http_code' => 400, 'description' => 'The ACL parameter is invalid.'],
+ ['code' => 'AntifraudOrAntifriaudJsUsed', 'message' => 'The feature of data risk control is being used.', 'http_code' => 400, 'description' => 'The data risk control feature is in use.'],
+ ['code' => 'BotAlgorithmUsed', 'message' => 'The feature of crawler behavior algorithm is being used.', 'http_code' => 400, 'description' => 'The typical bot behavior identification feature is in effect.'],
+ ['code' => 'BusinessDomainNotRecord', 'message' => 'The specified domain name is not ICP filed.', 'http_code' => 400, 'description' => 'The specified domain name does not have an ICP filing.'],
+ ['code' => 'BusinessInvalidArgument', 'message' => 'The specified parameters are invalid.', 'http_code' => 403, 'description' => 'The specified parameter is invalid.'],
+ ['code' => 'BusinessInvalidDomainIpInvalid', 'message' => 'The IP address cannot be added.', 'http_code' => 403, 'description' => 'The IP address cannot be added.'],
+ ['code' => 'BusinessInvalidIpv6', 'message' => 'Back-to-origin IPv6 addresses are not supported. To add these IP addresses, you must enable the feature of forwarding requests to origin servers over IPv6.', 'http_code' => 403, 'description' => 'Back-to-origin IPv6 addresses are not supported. To add these IP addresses, you must enable the feature of forwarding requests to origin servers over IPv6.'],
+ ['code' => 'BusinessInvalidSourceIp', 'message' => 'The origin fetch address includes disallowed IP addresses or domains.', 'http_code' => 400, 'description' => 'The back-to-origin addresses include IP addresses and domain names that are not allowed.'],
+ ['code' => 'BusinessIpDomain', 'message' => 'The current access domain does not support in IP format.', 'http_code' => 400, 'description' => 'The IP address format is not supported.'],
+ ['code' => 'BusinessMainDomainNotSupport', 'message' => 'The added primary domain name is not supported.', 'http_code' => 403, 'description' => 'The added second-level domain name is not supported.'],
+ ['code' => 'BusinessSourceIpSupportVirtuaIp', 'message' => 'You can only add wan net ip.', 'http_code' => 403, 'description' => 'Currently, it is a customized version of shared virtual host, and only the IP address of Wanwang virtual host can be added.'],
+ ['code' => 'BusinessViolation', 'message' => 'The domain-related business is suspected of violating regulations. If you have any questions, please follow the ticket process.', 'http_code' => 400, 'description' => 'The domain-related business is suspected of violating regulations. If you have any questions, please follow the ticket process.'],
+ ['code' => 'CertDomainNotMatch', 'message' => 'The certificate does not include this domain.', 'http_code' => 400, 'description' => 'This certificate does not contain the domain name.'],
+ ['code' => 'CertExpiredError', 'message' => 'The certificate has expired. Do not continue using this certificate.', 'http_code' => 400, 'description' => 'The certificate is expired. You can no longer use this certificate.'],
+ ['code' => 'CertFormatError', 'message' => 'The certificate is malformed.', 'http_code' => 400, 'description' => 'The format of the certificate is invalid.'],
+ ['code' => 'CertKeyNotMatch', 'message' => 'The certificate file and private key do not match.', 'http_code' => 400, 'description' => 'The certificate file does not match the private key of the certificate.'],
+ ['code' => 'CertNameDuplicateError', 'message' => 'The certificate name already exists.', 'http_code' => 400, 'description' => 'The name of the certificate already exists.'],
+ ['code' => 'CertNameExisted', 'message' => 'The certificate name already exists.', 'http_code' => 400, 'description' => 'The name of the certificate already exists.'],
+ ['code' => 'CertNotExist', 'message' => 'The certificate is not exist.', 'http_code' => 400, 'description' => 'The certificate does not exist.'],
+ ['code' => 'ComboError', 'message' => 'No package information is available.', 'http_code' => 400, 'description' => 'No software package information is available.'],
+ ['code' => 'CustomAclOrCcUsed', 'message' => 'The feature of advanced conditions is being used.', 'http_code' => 400, 'description' => 'The custom rule (ACL) is in use.'],
+ ['code' => 'CustomRulesGroupUsed', 'message' => 'The feature of custom rule group is being used.', 'http_code' => 400, 'description' => 'The custom policy group is in use.'],
+ ['code' => 'CustomSpeedLimitUsed', 'message' => 'The feature of custom throttling is being used.', 'http_code' => 400, 'description' => 'The custom rule (throttling) is in use.'],
+ ['code' => 'Defense.Contro.DefenseTemplateSubSceneNotExist', 'message' => 'The protection scenario template sub-scene does not exist.', 'http_code' => 400, 'description' => 'The protection scenario template sub-scene does not exist.'],
+ ['code' => 'Defense.Control.DefenseActonExpiredTimeInvalid', 'message' => 'The expiration time of the rule action is invalid.', 'http_code' => 400, 'description' => 'The expiration time of the rule action is invalid.'],
+ ['code' => 'Defense.Control.DefenseAddressBookInUse', 'message' => 'The address book is in use and cannot be deleted.', 'http_code' => 400, 'description' => 'The address book is in use and cannot be deleted. Rules for using this address book: %s.'],
+ ['code' => 'Defense.Control.DefenseAddressFileFormatError', 'message' => 'The format of the uploaded address book file is incorrect.', 'http_code' => 400, 'description' => 'The format of the uploaded address book file is incorrect.'],
+ ['code' => 'Defense.Control.DefenseAddressInvalid', 'message' => 'The address in the address book is illegal.', 'http_code' => 400, 'description' => 'The address in the address book is illegal.'],
+ ['code' => 'Defense.Control.DefenseAddressOperationTooFrequent', 'message' => 'Address book operations are too frequent.', 'http_code' => 400, 'description' => 'Address book operations are too frequent. Please try again later.'],
+ ['code' => 'Defense.Control.DefenseAddressOversize', 'message' => 'The number of addresses in the address book exceeds the limit.', 'http_code' => 400, 'description' => 'The number of addresses in the address book exceeds the limit.'],
+ ['code' => 'Defense.Control.DefenseAddressUploading', 'message' => 'The address book file is being uploaded, please try again later.', 'http_code' => 400, 'description' => 'The address book file is being uploaded, please try again later.'],
+ ['code' => 'Defense.Control.DefenseAiAssetPositionInvalid', 'message' => 'The position parameter of the large model protection asset is incorrect.', 'http_code' => 400, 'description' => 'The position parameter of the large model protection asset is incorrect.'],
+ ['code' => 'Defense.Control.DefenseAiWhitelistStatusInvalid', 'message' => 'The status of ai whitelist is invalid.', 'http_code' => 400, 'description' => 'The status of the intelligent whitelist is invalid.'],
+ ['code' => 'Defense.Control.DefenseAntiscanRuleConfigInvalid', 'message' => 'The configuration of anti scanning rules in the scanning protection policy is illegal.', 'http_code' => 400, 'description' => 'The configuration of the scan protection rule is invalid.'],
+ ['code' => 'Defense.Control.DefenseAntiscanRuleConfigInvalid', 'message' => 'The configuration of the scan protection rule is invalid.', 'http_code' => 400, 'description' => 'The configuration of the scan protection rule is invalid.'],
+ ['code' => 'Defense.Control.DefenseApisecRuleRegexInvalid', 'message' => 'The regular expression in the API security rule is invalid. Error reason: %s.', 'http_code' => 400, 'description' => 'The regular expression in an API security rule is invalid. Error reason:%s.'],
+ ['code' => 'Defense.Control.DefenseAssetConditionDuplicate', 'message' => 'The match conditions of the asset is duplicated with other assets.', 'http_code' => 400, 'description' => 'The match conditions of the asset is duplicated with other assets.'],
+ ['code' => 'Defense.Control.DefenseAssetConditionInvalid', 'message' => 'The protection asset flow matching condition is incorrect.', 'http_code' => 400, 'description' => 'The protection asset flow matching condition is incorrect.'],
+ ['code' => 'Defense.Control.DefenseAssetConfigInvalid', 'message' => 'The protection asset is configured incorrectly.', 'http_code' => 400, 'description' => 'The protection asset is configured incorrectly.'],
+ ['code' => 'Defense.Control.DefenseAssetCountOversize', 'message' => 'The number of protected assets exceeds the limit.', 'http_code' => 400, 'description' => 'The number of protected assets exceeds the limit.'],
+ ['code' => 'Defense.Control.DefenseAssetExist', 'message' => 'Protective asset configuration already exists.', 'http_code' => 400, 'description' => 'Protective asset configuration already exists.'],
+ ['code' => 'Defense.Control.DefenseAssetNameComplicate', 'message' => 'The name of the asset duplicates another asset.', 'http_code' => 400, 'description' => 'The name of the asset duplicates another asset.'],
+ ['code' => 'Defense.Control.DefenseAssetNameInvalid', 'message' => 'The asset name is illegal.', 'http_code' => 400, 'description' => 'The asset name is illegal.'],
+ ['code' => 'Defense.Control.DefenseAssetNotExist', 'message' => 'Protective asset does not exist.', 'http_code' => 400, 'description' => 'Protective asset does not exist.'],
+ ['code' => 'Defense.Control.DefenseAssetNotSupported', 'message' => 'The protected assets feature is not supported.', 'http_code' => 400, 'description' => 'The protected assets feature is not supported.'],
+ ['code' => 'Defense.Control.DefenseAssetStatusInvalid', 'message' => 'The asset status is illegal.', 'http_code' => 400, 'description' => 'The asset status is illegal.'],
+ ['code' => 'Defense.Control.DefenseBookTypeInvalid', 'message' => 'The address book type is illegal.', 'http_code' => 400, 'description' => 'The address book type is illegal.'],
+ ['code' => 'Defense.Control.DefenseBotManagerWebSdkNotSupport', 'message' => 'Fencing object does not support automatic integration with WebSdk.', 'http_code' => 400, 'description' => 'Fencing object does not support automatic integration with WebSdk.'],
+ ['code' => 'Defense.Control.DefenseBotResourceCrossBindError', 'message' => 'The same protection object in a Bot scene cannot be integrated and bound at the same time.', 'http_code' => 400, 'description' => 'The protected object in which the SDK is integrated cannot be the same as the protected object to which protection rules are applied in the scenario-specific configuration.'],
+ ['code' => 'Defense.Control.DefenseBotResourceCrossBindError', 'message' => 'The protected object in which the SDK is integrated cannot be the same as the protected object to which protection rules are applied in the scenario-specific configuration.', 'http_code' => 400, 'description' => 'The protected object in which the SDK is integrated cannot be the same as the protected object to which protection rules are applied in the scenario-specific configuration.'],
+ ['code' => 'Defense.Control.DefenseClientSideDetectionConfigInvalid', 'message' => 'The client-side protection detection rule is incorrectly configured.', 'http_code' => 400, 'description' => 'The client-side protection detection rule is incorrectly configured.'],
+ ['code' => 'Defense.Control.DefenseCodecRuleAlreadyExist', 'message' => 'Duplicate anti scanning rules in the scanning protection strategy.', 'http_code' => 400, 'description' => 'The scan protection rule exists.'],
+ ['code' => 'Defense.Control.DefenseCodecRuleAlreadyExist', 'message' => 'The scan protection rule exists.', 'http_code' => 400, 'description' => 'The scan protection rule exists.'],
+ ['code' => 'Defense.Control.DefenseConfigNotSupported', 'message' => 'The defense configuration is not supported.', 'http_code' => 400, 'description' => 'The protection feature is not supported.'],
+ ['code' => 'Defense.Control.DefenseCustomResponseHeadersOutOfSize', 'message' => 'The number of custom headers of custom response rules in the protection policy exceeds the limit.', 'http_code' => 400, 'description' => 'The number of custom Header fields in the custom response rule exceeds the upper limit.'],
+ ['code' => 'Defense.Control.DefenseCustomResponseHeadersOutOfSize', 'message' => 'The number of custom Header fields in the custom response rule exceeds the limit.', 'http_code' => 400, 'description' => 'The number of custom Header fields in the custom response rule exceeds the limit.'],
+ ['code' => 'Defense.Control.DefenseCustomResponseRuleActionInvalid', 'message' => 'The custom response rule action does not match the rule action.', 'http_code' => 400, 'description' => 'Custom response rule action does not match rule action'],
+ ['code' => 'Defense.Control.DefenseCustomResponseRuleConfigInvalid', 'message' => 'Illegal configuration of custom response rule in protection policy.', 'http_code' => 400, 'description' => 'The configuration of the custom response rule is invalid.'],
+ ['code' => 'Defense.Control.DefenseCustomResponseRuleConfigInvalid', 'message' => 'The configuration of the custom response rule is invalid.', 'http_code' => 400, 'description' => 'The configuration of the custom response rule is invalid.'],
+ ['code' => 'Defense.Control.DefenseCustomResponseRuleExist', 'message' => 'The custom response rule in the protection policy already exists.', 'http_code' => 400, 'description' => 'The custom response rule exists.'],
+ ['code' => 'Defense.Control.DefenseCustomResponseRuleExist', 'message' => 'The custom response rule exists.', 'http_code' => 400, 'description' => 'The custom response rule exists.'],
+ ['code' => 'Defense.Control.DefenseCustomResponseRuleInUse', 'message' => 'The custom response rule is in use and cannot be deleted.', 'http_code' => 400, 'description' => 'Custom response rule in use, list of associated rules:%s, list of associated objects:%s'],
+ ['code' => 'Defense.Control.DefenseCustomResponseRuleNotExist', 'message' => 'The custom response rule does not exist.', 'http_code' => 400, 'description' => 'The custom response rule does not exist.'],
+ ['code' => 'Defense.Control.DefenseCustomResponseRuleNotPermitDelete', 'message' => 'The custom response rule in the protection policy cannot be deleted', 'http_code' => 400, 'description' => 'You cannot delete custom response rules.'],
+ ['code' => 'Defense.Control.DefenseCustomResponseRuleNotPermitDelete', 'message' => 'You cannot delete custom response rules.', 'http_code' => 400, 'description' => 'You cannot delete custom response rules.'],
+ ['code' => 'Defense.Control.DefenseDownloadOssFileFailed', 'message' => 'Failed to parse OSS files.', 'http_code' => 400, 'description' => 'Failed to parse OSS files.'],
+ ['code' => 'Defense.Control.DefenseExtensionPluginContentNotEmpty', 'message' => 'Extension content cannot be empty.', 'http_code' => 400, 'description' => 'Extension content cannot be empty.'],
+ ['code' => 'Defense.Control.DefenseExtensionPluginIdInvalid', 'message' => 'Invalid extension ID.', 'http_code' => 400, 'description' => 'Invalid extension ID.'],
+ ['code' => 'Defense.Control.DefenseExtensionPluginIdNotEmpty', 'message' => 'Extension ID is not allowed to be empty.', 'http_code' => 400, 'description' => 'Extension ID is not allowed to be empty.'],
+ ['code' => 'Defense.Control.DefenseExtensionPluginParamsNotEmpty', 'message' => 'Extension parameter cannot be empty.', 'http_code' => 400, 'description' => 'Extension parameter cannot be empty.'],
+ ['code' => 'Defense.Control.DefenseExtensionPluginParamsTypeNotSupport', 'message' => 'The extension parameter type is not supported.', 'http_code' => 400, 'description' => 'The extension parameter type is not supported.'],
+ ['code' => 'Defense.Control.DefenseExtensionPluginParamsValueTypeNotMatch', 'message' => 'Extension parameter value does not match type.', 'http_code' => 400, 'description' => 'Extension parameter value does not match type.'],
+ ['code' => 'Defense.Control.DefenseExtensionPluginRuleInUse', 'message' => 'The Extension rule is in use and cannot be deleted.', 'http_code' => 400, 'description' => 'Extension rule in use, association rule list:%s'],
+ ['code' => 'Defense.Control.DefenseExtensionPluginRuleInUse', 'message' => 'Extension rule in use, list of association rules:%s.', 'http_code' => 400, 'description' => 'Extension rule in use, list of association rules:%s.'],
+ ['code' => 'Defense.Control.DefenseInOperation', 'message' => 'Protection configuration is operating, please try again later.', 'http_code' => 400, 'description' => 'Protection configuration is operating, please try again later.'],
+ ['code' => 'Defense.Control.DefenseIpBlacklistIpEmpty', 'message' => 'The IP in the IP blacklist cannot be empty.', 'http_code' => 400, 'description' => 'You must add IP addresses to the IP address blacklist.'],
+ ['code' => 'Defense.Control.DefenseIpBlacklistIpEmpty', 'message' => 'You must add IP addresses to the IP address blacklist.', 'http_code' => 400, 'description' => 'You must add IP addresses to the IP address blacklist.'],
+ ['code' => 'Defense.Control.DefenseIpBlacklistIpInvalid', 'message' => 'Illegal IP in IP blacklist.', 'http_code' => 400, 'description' => 'The IP addresses in the IP address blacklist are invalid.'],
+ ['code' => 'Defense.Control.DefenseIpBlacklistIpInvalid', 'message' => 'The IP addresses in the IP address blacklist are invalid.', 'http_code' => 400, 'description' => 'The IP addresses in the IP address blacklist are invalid.'],
+ ['code' => 'Defense.Control.DefenseIpBlacklistIpOutOfRange', 'message' => 'The number of IPS in the IP blacklist exceeds the limit.', 'http_code' => 400, 'description' => 'The number of IP addresses in the IP address blacklist exceeds the limit.'],
+ ['code' => 'Defense.Control.DefenseIpBlacklistIpOutOfRange', 'message' => 'The number of IP addresses in the IP address blacklist exceeds the limit.', 'http_code' => 400, 'description' => 'The number of IP addresses in the IP address blacklist exceeds the limit.'],
+ ['code' => 'Defense.Control.DefenseIpCountOversize', 'message' => 'The number of IPs exceeds the limit.', 'http_code' => 400, 'description' => 'The number of IPs exceeds the limit.'],
+ ['code' => 'Defense.Control.DefenseLogModifyStatusFailed', 'message' => 'Failed to modify protected object state through log service.', 'http_code' => 400, 'description' => 'Failed to change the Log Service configuration for the protected object.'],
+ ['code' => 'Defense.Control.DefenseLogModifyStatusFailed', 'message' => 'Failed to change the status of the protected object.', 'http_code' => 400, 'description' => 'Failed to change the status of the protected object.'],
+ ['code' => 'Defense.Control.DefenseLogTimeExpired', 'message' => 'The time for querying logs has expired.', 'http_code' => 400, 'description' => 'The query log time has expired.'],
+ ['code' => 'Defense.Control.DefenseMajorProtectionRuleConfigInvalid', 'message' => 'The rules that are configured in the protection template for major events are invalid.', 'http_code' => 400, 'description' => 'The rules that are configured in the protection template for major events are invalid.'],
+ ['code' => 'Defense.Control.DefenseMajorProtectionRuleExist', 'message' => 'The rules that are configured in the protection template for major events already exist.', 'http_code' => 400, 'description' => 'The rules that are configured in the protection template for major events already exist.'],
+ ['code' => 'Defense.Control.DefenseOssFileNotFound', 'message' => 'Failed to find the OSS files that are uploaded.', 'http_code' => 400, 'description' => 'Failed to find the OSS files that are uploaded.'],
+ ['code' => 'Defense.Control.DefensePolicyInUse', 'message' => 'The custom regular rule group is referenced by the template and cannot be deleted.', 'http_code' => 400, 'description' => 'The custom regular expression rule group is referenced by the template and cannot be deleted.'],
+ ['code' => 'Defense.Control.DefensePolicyNotFound', 'message' => 'Regular rule group does not exist.', 'http_code' => 400, 'description' => 'The regular expression rule group does not exist.'],
+ ['code' => 'Defense.Control.DefensePolicyNotFound', 'message' => 'The regular expression rule group does not exist.', 'http_code' => 400, 'description' => 'The regular expression rule group does not exist.'],
+ ['code' => 'Defense.Control.DefensePolicyOwnedByAnotherUser', 'message' => 'Custom regular rule group does not belong to this user.', 'http_code' => 400, 'description' => 'The regular expression rule group does not belong to the user.'],
+ ['code' => 'Defense.Control.DefensePolicyOwnedByAnotherUser', 'message' => 'The regular expression rule group does not belong to the user.', 'http_code' => 400, 'description' => 'The regular expression rule group does not belong to the user.'],
+ ['code' => 'Defense.Control.DefensePolicyRuleAlreadyExist', 'message' => 'Regular rule group rule in basic protection policy already exists.', 'http_code' => 400, 'description' => 'Regular expression rules exist in the basic protection rule module.'],
+ ['code' => 'Defense.Control.DefensePolicyRuleAlreadyExist', 'message' => 'Regular expression rules exist.', 'http_code' => 400, 'description' => 'Regular expression rules exist.'],
+ ['code' => 'Defense.Control.DefenseResourceAccessNotDelete', 'message' => 'The protection object from access cannot be deleted.', 'http_code' => 400, 'description' => 'You cannot delete the protected objects that are automatically synchronized.'],
+ ['code' => 'Defense.Control.DefenseResourceAccessNotDelete', 'message' => 'You cannot delete the protected objects that are automatically synchronized.', 'http_code' => 400, 'description' => 'You cannot delete the protected objects that are automatically synchronized.'],
+ ['code' => 'Defense.Control.DefenseResourceAddDeleteSameTime', 'message' => 'The protected objects in the protection group cannot be bound and unbound at the same time.', 'http_code' => 400, 'description' => 'You cannot add a protected object to a protected object group and remove the protected object from a protected object group at the same time.'],
+ ['code' => 'Defense.Control.DefenseResourceAddDeleteSameTime', 'message' => 'You cannot add a protected object to a protected object group and remove the protected object from a protected object group at the same time.', 'http_code' => 400, 'description' => 'You cannot add a protected object to a protected object group and remove the protected object from a protected object group at the same time.'],
+ ['code' => 'Defense.Control.DefenseResourceAlreadyInCustom', 'message' => 'The protection object has been bound with a custom protection policy.', 'http_code' => 400, 'description' => 'The protected object is bound to a custom protection rule.'],
+ ['code' => 'Defense.Control.DefenseResourceAlreadyInCustom', 'message' => 'The protected object is bound to a custom protection template.', 'http_code' => 400, 'description' => 'The protected object is bound to a custom protection template.'],
+ ['code' => 'Defense.Control.DefenseResourceAndGroupConflict', 'message' => 'The name of the protected object is the same as the name of the protected object group.', 'http_code' => 400, 'description' => 'The name of the protected object is the same as the name of the protected object group.'],
+ ['code' => 'Defense.Control.DefenseResourceCountOverSize', 'message' => 'The number of protected objects exceeds the limit.', 'http_code' => 400, 'description' => 'The number of protected objects exceeds the limit.'],
+ ['code' => 'Defense.Control.DefenseResourceDetailInvalid', 'message' => 'The detail field of the protected object is illegal.', 'http_code' => 400, 'description' => 'The detail field for the protected object is invalid.'],
+ ['code' => 'Defense.Control.DefenseResourceDetailInvalid', 'message' => 'The detail field of the protected object is invalid.', 'http_code' => 400, 'description' => 'The detail field for the protected object is invalid.'],
+ ['code' => 'Defense.Control.DefenseResourceDetailNotEmpty', 'message' => 'The details of the protected object cannot be empty.', 'http_code' => 400, 'description' => 'You must configure the detail field for the protected object.'],
+ ['code' => 'Defense.Control.DefenseResourceDetailNotEmpty', 'message' => 'You must configure the detail field of the protected object.', 'http_code' => 400, 'description' => 'You must configure the detail field for the protected object.'],
+ ['code' => 'Defense.Control.DefenseResourceExist', 'message' => 'Protection object already exists.', 'http_code' => 400, 'description' => 'The protected object exists.'],
+ ['code' => 'Defense.Control.DefenseResourceExist', 'message' => 'The protected object exists.', 'http_code' => 400, 'description' => 'The protected object exists.'],
+ ['code' => 'Defense.Control.DefenseResourceGroupCountOverSize', 'message' => 'The number of protection groups exceeds the limit.', 'http_code' => 400, 'description' => 'The number of protected object groups exceeds the upper limit.'],
+ ['code' => 'Defense.Control.DefenseResourceGroupCountOverSize', 'message' => 'The number of protected object groups exceeds the limit.', 'http_code' => 400, 'description' => 'The number of protected object groups exceeds the limit.'],
+ ['code' => 'Defense.Control.DefenseResourceGroupDescriptionInvalid', 'message' => 'Illegal protection group description information.', 'http_code' => 400, 'description' => 'The description of the protected object group is invalid.'],
+ ['code' => 'Defense.Control.DefenseResourceGroupDescriptionInvalid', 'message' => 'The description of the protected object group is invalid.', 'http_code' => 400, 'description' => 'The description of the protected object group is invalid.'],
+ ['code' => 'Defense.Control.DefenseResourceGroupExist', 'message' => 'Protection group already exists.', 'http_code' => 400, 'description' => 'The protected object group exists.'],
+ ['code' => 'Defense.Control.DefenseResourceGroupExist', 'message' => 'The protected object group exists.', 'http_code' => 400, 'description' => 'The protected object group exists.'],
+ ['code' => 'Defense.Control.DefenseResourceGroupNameInvalid', 'message' => 'Illegal protection group name.', 'http_code' => 400, 'description' => 'The name of the protected object group is invalid.'],
+ ['code' => 'Defense.Control.DefenseResourceGroupNameInvalid', 'message' => 'The name of the protected object group is invalid.', 'http_code' => 400, 'description' => 'The name of the protected object group is invalid.'],
+ ['code' => 'Defense.Control.DefenseResourceGroupNotExist', 'message' => 'Protection group does not exist.', 'http_code' => 400, 'description' => 'The protected object group does not exist.'],
+ ['code' => 'Defense.Control.DefenseResourceGroupNotExist', 'message' => 'The protected object group does not exist.', 'http_code' => 400, 'description' => 'The protected object group does not exist.'],
+ ['code' => 'Defense.Control.DefenseResourceInGroupCountOverSize', 'message' => 'The number of protected objects in the protection group exceeds the limit.', 'http_code' => 400, 'description' => 'The number of protected objects in the protected object group exceeds the upper limit.'],
+ ['code' => 'Defense.Control.DefenseResourceInGroupCountOverSize', 'message' => 'The number of protected objects in the protected object group exceeds the limit.', 'http_code' => 400, 'description' => 'The number of protected objects in the protected object group exceeds the limit.'],
+ ['code' => 'Defense.Control.DefenseResourceInTemplateCountOverSize', 'message' => 'The number of protected objects in the protection template exceeds the limit.', 'http_code' => 400, 'description' => 'The number of protected objects in the protection template exceeds the limit.'],
+ ['code' => 'Defense.Control.DefenseResourceInvalid', 'message' => 'The name of the protected object is illegal.', 'http_code' => 400, 'description' => 'The name of the protected object is invalid.'],
+ ['code' => 'Defense.Control.DefenseResourceInvalid', 'message' => 'The name of the protected object is invalid.', 'http_code' => 400, 'description' => 'The name of the protected object is invalid.'],
+ ['code' => 'Defense.Control.DefenseResourceModelInvalid', 'message' => 'The model of the protected object is illegal.', 'http_code' => 400, 'description' => 'The model of the protected object is invalid.'],
+ ['code' => 'Defense.Control.DefenseResourceModelInvalid', 'message' => 'The model of the protected object is invalid.', 'http_code' => 400, 'description' => 'The model of the protected object is invalid.'],
+ ['code' => 'Defense.Control.DefenseResourceNameAndAssetConflict', 'message' => 'The protected object or protection group name is the same as the protected asset ID.', 'http_code' => 400, 'description' => 'The protected object or protection group name is the same as the protected asset ID.'],
+ ['code' => 'Defense.Control.DefenseResourceNotExist', 'message' => 'Protection object does not exist.', 'http_code' => 400, 'description' => 'The protected object does not exist.'],
+ ['code' => 'Defense.Control.DefenseResourceNotExist', 'message' => 'The protected object does not exist.', 'http_code' => 400, 'description' => 'The protected object does not exist.'],
+ ['code' => 'Defense.Control.DefenseResourcePatternNotEmpty', 'message' => 'The protection form of the protected object cannot be empty.', 'http_code' => 400, 'description' => 'You must configure the protection pattern of the protected object.'],
+ ['code' => 'Defense.Control.DefenseResourcePatternNotEmpty', 'message' => 'You must configure the protection pattern of the protected object.', 'http_code' => 400, 'description' => 'You must configure the protection pattern of the protected object.'],
+ ['code' => 'Defense.Control.DefenseResourcePatternNotFound', 'message' => 'The protection form of the protected object is illegal.', 'http_code' => 400, 'description' => 'The protection pattern of the protected object is invalid.'],
+ ['code' => 'Defense.Control.DefenseResourcePatternNotFound', 'message' => 'The protection pattern of the protected object is invalid.', 'http_code' => 400, 'description' => 'The protection pattern of the protected object is invalid.'],
+ ['code' => 'Defense.Control.DefenseResourceProductNotEmpty', 'message' => 'The product information of the protection object cannot be empty.', 'http_code' => 400, 'description' => 'You must configure the service information about the protected object.'],
+ ['code' => 'Defense.Control.DefenseResourceProductNotEmpty', 'message' => 'You must configure the service information about the protected object.', 'http_code' => 400, 'description' => 'You must configure the service information about the protected object.'],
+ ['code' => 'Defense.Control.DefenseResourceRelationExist', 'message' => 'The protection object has been bound.', 'http_code' => 400, 'description' => 'The protected object is added to a protected object group.'],
+ ['code' => 'Defense.Control.DefenseResourceRelationExist', 'message' => 'The protected object is added to a protected object group.', 'http_code' => 400, 'description' => 'The protected object is added to a protected object group.'],
+ ['code' => 'Defense.Control.DefenseResourceRelationNotExist', 'message' => 'The protected object is not added to the protected object group.', 'http_code' => 400, 'description' => 'The fencing object is not added to the fencing object group'],
+ ['code' => 'Defense.Control.DefenseResourceRuleAccountDecodeTypeInvalid', 'message' => 'The decoding type in the account extraction rule is invalid.', 'http_code' => 400, 'description' => 'The decoding type in the account extraction rule is invalid.'],
+ ['code' => 'Defense.Control.DefenseResourceRuleAccountOversize', 'message' => 'The number of extracted configurations in the account extraction rule exceeds the limit.', 'http_code' => 400, 'description' => 'The number of extracted configurations in the account extraction rule exceeds the limit.'],
+ ['code' => 'Defense.Control.DefenseResourceRuleAccountPriorityInvalid', 'message' => 'The configuration priority in the account extraction rule is invalid.', 'http_code' => 400, 'description' => 'The configuration priority in the account extraction rule is invalid.'],
+ ['code' => 'Defense.Control.DefenseResourceRuleNotPermitModify', 'message' => 'This protected resource rule cannot be modified.', 'http_code' => 400, 'description' => 'This protected resource rule cannot be modified.'],
+ ['code' => 'Defense.Control.DefenseResourceRuleNotPermitUpdateStatus', 'message' => 'This protected resource rule does not allow update status.', 'http_code' => 400, 'description' => 'This protected resource rule does not allow update status'],
+ ['code' => 'Defense.Control.DefenseResourceTemplateIdInvalid', 'message' => 'When querying the protection objects or protection groups that can be bound in the protection policy, the protection policy ID is invalid.', 'http_code' => 400, 'description' => 'The ID of the protection rule is invalid when you query the protected objects or protected object groups that can be bound to the protection rule.'],
+ ['code' => 'Defense.Control.DefenseResourceTemplateIdInvalid', 'message' => 'The ID of the protection rule is invalid when you query the protected objects or protected object groups that can be bound to the protection rule.', 'http_code' => 400, 'description' => 'The ID of the protection rule is invalid when you query the protected objects or protected object groups that can be bound to the protection rule.'],
+ ['code' => 'Defense.Control.DefenseResponseStatusInvalid', 'message' => 'Response log switch status is illegal.', 'http_code' => 400, 'description' => 'The status of the response log switch is invalid.'],
+ ['code' => 'Defense.Control.DefenseRuleAccountProtectorConfigInvalid', 'message' => 'Account Security Rule configuration error.', 'http_code' => 400, 'description' => 'Error configuring account security rules in protection rules. %s'],
+ ['code' => 'Defense.Control.DefenseRuleActionInvalid', 'message' => 'Illegal action of protection rules.', 'http_code' => 400, 'description' => 'The action that is defined in the protection rule is invalid.'],
+ ['code' => 'Defense.Control.DefenseRuleActionInvalid', 'message' => 'The action that is defined in the protection rule is invalid.', 'http_code' => 400, 'description' => 'The action that is defined in the protection rule is invalid.'],
+ ['code' => 'Defense.Control.DefenseRuleAttackLevelConflict', 'message' => 'The attack level of the large model prompt word attack protection rule is repeated.', 'http_code' => 400, 'description' => 'The attack level of the large model prompt word attack protection rule is repeated.'],
+ ['code' => 'Defense.Control.DefenseRuleAutoOriginInvalid', 'message' => 'The origin of auto rules is invalid.', 'http_code' => 400, 'description' => 'The origin of the protection rule is invalid.'],
+ ['code' => 'Defense.Control.DefenseRuleAutoUpdateInvalid', 'message' => 'Invalid automatic update configuration.', 'http_code' => 400, 'description' => 'Invalid automatic update configuration.'],
+ ['code' => 'Defense.Control.DefenseRuleBotConfigInvalid', 'message' => 'Illegal Bot Scene Rule Configuration.', 'http_code' => 400, 'description' => 'The scenario-specific configuration is invalid.'],
+ ['code' => 'Defense.Control.DefenseRuleBotTrafficInvalid', 'message' => 'Illegal traffic characteristics in Bot scene.', 'http_code' => 400, 'description' => 'The traffic characteristics in the scenario-specific configuration are invalid.'],
+ ['code' => 'Defense.Control.DefenseRuleConditionEmpty', 'message' => 'The flow characteristic in the protection rule cannot be empty.', 'http_code' => 400, 'description' => 'You must configure traffic characteristics in the protection rule.'],
+ ['code' => 'Defense.Control.DefenseRuleConditionEmpty', 'message' => 'You must configure the traffic characteristics in the protection rule.', 'http_code' => 400, 'description' => 'You must configure traffic characteristics in the protection rule.'],
+ ['code' => 'Defense.Control.DefenseRuleConditionKeyInvalid', 'message' => 'Invalid flow characteristic matching field of protection rule.', 'http_code' => 400, 'description' => 'The match field in the protection rule is invalid.'],
+ ['code' => 'Defense.Control.DefenseRuleConditionKeyInvalid', 'message' => 'The match field in the protection rule is invalid.', 'http_code' => 400, 'description' => 'The match field in the protection rule is invalid.'],
+ ['code' => 'Defense.Control.DefenseRuleConditionOpValueInvalid', 'message' => 'Invalid protection rule flow characteristic logic symbol.', 'http_code' => 400, 'description' => 'The logical operator in the protection rule is invalid.'],
+ ['code' => 'Defense.Control.DefenseRuleConditionOpValueInvalid', 'message' => 'The logical operator in the protection rule is invalid.', 'http_code' => 400, 'description' => 'The logical operator in the protection rule is invalid.'],
+ ['code' => 'Defense.Control.DefenseRuleConditionOversize', 'message' => 'The number of flow characteristics of the protection rule exceeds the limit.', 'http_code' => 400, 'description' => 'The number of traffic features in the protection rule exceeds the upper limit.'],
+ ['code' => 'Defense.Control.DefenseRuleConditionValueInvalid', 'message' => 'Matching content of flow characteristics of invalid protection rules.', 'http_code' => 400, 'description' => 'The match content in the protection rule is invalid.'],
+ ['code' => 'Defense.Control.DefenseRuleConditionValueInvalid', 'message' => 'The match content in the protection rule is invalid.', 'http_code' => 400, 'description' => 'The match content in the protection rule is invalid.'],
+ ['code' => 'Defense.Control.DefenseRuleConfigNotPermitModify', 'message' => 'The protection scenario rule cannot be modified.', 'http_code' => 400, 'description' => 'The protection scenario rule cannot be modified.'],
+ ['code' => 'Defense.Control.DefenseRuleContentModerationConfigInvalid', 'message' => 'Large model content security scenario protection rule configuration error.', 'http_code' => 400, 'description' => 'Large model content security scenario protection rule configuration error.'],
+ ['code' => 'Defense.Control.DefenseRuleCountOverSize', 'message' => 'The number of protection rules exceeds the limit.', 'http_code' => 400, 'description' => 'The number of protection rules exceeds the limit.'],
+ ['code' => 'Defense.Control.DefenseRuleCreateModifyCountEmpty', 'message' => 'Number of protection rules created or modified at a time cannot be empty.', 'http_code' => 400, 'description' => 'You must specify the number of protection rules that you want to create or modify at the same time.'],
+ ['code' => 'Defense.Control.DefenseRuleCreateModifyCountEmpty', 'message' => 'You must specify the number of protection rules that you want to create or modify at the same time.', 'http_code' => 400, 'description' => 'You must specify the number of protection rules that you want to create or modify at the same time.'],
+ ['code' => 'Defense.Control.DefenseRuleCreateModifyCountOverSize', 'message' => 'The number of protection resources in the protection template exceeds the limit.', 'http_code' => 400, 'description' => 'The number of protected resources in the protection template exceeds the upper limit.'],
+ ['code' => 'Defense.Control.DefenseRuleCreateModifyCountOverSize', 'message' => 'The number of protected resources in the protection template exceeds the limit.', 'http_code' => 400, 'description' => 'The number of protected resources in the protection template exceeds the limit.'],
+ ['code' => 'Defense.Control.DefenseRuleDetectAttackLevelConflict', 'message' => 'The detection type and attack level in the content security protection rules of the large model are the same.', 'http_code' => 400, 'description' => 'The detection type and attack level in the content security protection rules of the large model are the same.'],
+ ['code' => 'Defense.Control.DefenseRuleDistinctConditionOpValueInvalid', 'message' => 'Invalid traffic feature logic symbol for protection deduplication statistics rule.', 'http_code' => 400, 'description' => 'Invalid traffic feature logic symbol for protection deduplication statistics rule'],
+ ['code' => 'Defense.Control.DefenseRuleDistinctConditionValueInvalid', 'message' => 'The threshold configuration of the deduplication statistics of the protection rule is invalid.', 'http_code' => 400, 'description' => 'The threshold configuration of the deduplication statistics of the protection rule is invalid.'],
+ ['code' => 'Defense.Control.DefenseRuleGrayConfigInvalid', 'message' => 'The gray-scale effective configuration of the rule is invalid.', 'http_code' => 400, 'description' => 'Invalid canary release configurations for protection rules'],
+ ['code' => 'Defense.Control.DefenseRuleIdConflict', 'message' => 'The protection rule ID is duplicate.', 'http_code' => 400, 'description' => 'The protection rule ID is duplicate.'],
+ ['code' => 'Defense.Control.DefenseRuleNameAlreadyInUse', 'message' => 'Protection rule duplicate name.', 'http_code' => 400, 'description' => 'The name of the protection rule exists.'],
+ ['code' => 'Defense.Control.DefenseRuleNameAlreadyInUse', 'message' => 'The name of the protection rule exists.', 'http_code' => 400, 'description' => 'The name of the protection rule exists.'],
+ ['code' => 'Defense.Control.DefenseRuleNameConflict', 'message' => 'Duplicate protection rule name in batch request.', 'http_code' => 400, 'description' => 'Duplicate protection rule names are specified in the batch of requests.'],
+ ['code' => 'Defense.Control.DefenseRuleNameConflict', 'message' => 'Duplicate protection rule names are specified in the batch of requests.', 'http_code' => 400, 'description' => 'Duplicate protection rule names are specified in the batch of requests.'],
+ ['code' => 'Defense.Control.DefenseRuleNameInvalid', 'message' => 'Illegal protection rule name.', 'http_code' => 400, 'description' => 'The name of the protection rule is invalid.'],
+ ['code' => 'Defense.Control.DefenseRuleNameInvalid', 'message' => 'The name of the protection rule is invalid.', 'http_code' => 400, 'description' => 'The name of the protection rule is invalid.'],
+ ['code' => 'Defense.Control.DefenseRuleNotExist', 'message' => 'Protection rule does not exist.', 'http_code' => 400, 'description' => 'The protection rule does not exist.'],
+ ['code' => 'Defense.Control.DefenseRuleNotExist', 'message' => 'The protection rule does not exist.', 'http_code' => 400, 'description' => 'The protection rule does not exist.'],
+ ['code' => 'Defense.Control.DefenseRuleNotPermitCreate', 'message' => 'This protection scenario rule is not allowed to be created.', 'http_code' => 400, 'description' => 'This protection scenario rule is not allowed to be created.'],
+ ['code' => 'Defense.Control.DefenseRuleNotPermitDelete', 'message' => 'The protection scenario rule cannot be deleted.', 'http_code' => 400, 'description' => 'The protection scenario rule cannot be deleted.'],
+ ['code' => 'Defense.Control.DefenseRuleOriginEmpty', 'message' => 'The source of protection rule cannot be empty.', 'http_code' => 400, 'description' => 'You must specify the source of the protection rule.'],
+ ['code' => 'Defense.Control.DefenseRuleOriginEmpty', 'message' => 'You must specify the source of the protection rule.', 'http_code' => 400, 'description' => 'You must specify the source of the protection rule.'],
+ ['code' => 'Defense.Control.DefenseRuleRateLimitInvalid', 'message' => 'Speed limit configuration of invalid protection rules.', 'http_code' => 400, 'description' => 'The rate-limiting configuration of the protection rule is invalid.'],
+ ['code' => 'Defense.Control.DefenseRuleRateLimitInvalid', 'message' => 'The rate-limiting configuration of the protection rule is invalid.', 'http_code' => 400, 'description' => 'The rate-limiting configuration of the protection rule is invalid.'],
+ ['code' => 'Defense.Control.DefenseRuleRateLimitTargetInvalid', 'message' => 'Invalid protection rule speed limit target.', 'http_code' => 400, 'description' => 'The rate-limiting statistical object of the protection rule is invalid.'],
+ ['code' => 'Defense.Control.DefenseRuleRateLimitTargetInvalid', 'message' => 'The rate-limiting threshold of the protection rule is invalid.', 'http_code' => 400, 'description' => 'The rate-limiting threshold of the protection rule is invalid.'],
+ ['code' => 'Defense.Control.DefenseRuleStatusInvalid', 'message' => 'Illegal protection rule status.', 'http_code' => 400, 'description' => 'The status of the protection rule is invalid.'],
+ ['code' => 'Defense.Control.DefenseRuleStatusInvalid', 'message' => 'The status of the protection rule is invalid.', 'http_code' => 400, 'description' => 'The status of the protection rule is invalid.'],
+ ['code' => 'Defense.Control.DefenseRuleStatusNotSupported', 'message' => 'The operation is not supported in the current protection rule state.', 'http_code' => 400, 'description' => 'The operation is not supported in the current protection rule state'],
+ ['code' => 'Defense.Control.DefenseRuleTamperProofConfigInvalid', 'message' => 'Site tamper prevention configuration error in protection rules.', 'http_code' => 400, 'description' => 'The website tamper-proofing configuration is invalid.'],
+ ['code' => 'Defense.Control.DefenseRuleTamperProofProtocolConflict', 'message' => 'Site tamper-proof protocol conflict in protection rules.', 'http_code' => 400, 'description' => 'The protocol in the website tamper-proofing rule conflicts.'],
+ ['code' => 'Defense.Control.DefenseRuleTimeConfigInvalid', 'message' => 'The timing configuration of the rule is invalid.', 'http_code' => 400, 'description' => 'Invalid validity period configurations for protection rules'],
+ ['code' => 'Defense.Control.DefenseRuleUpstreamActionConfigInvalid', 'message' => 'The configuration of the upstream tagging action is invalid.', 'http_code' => 400, 'description' => 'Invalid configurations for marking back-to-origin requests'],
+ ['code' => 'Defense.Control.DefenseRuleUrlConflict', 'message' => 'Page tamper-proof rule URL duplication.', 'http_code' => 400, 'description' => 'The protected URL in the website tamper-proofing rule already exists.'],
+ ['code' => 'Defense.Control.DefenseSaleSpecValueInvalid', 'message' => 'Sales Rule Configuration Exception.', 'http_code' => 400, 'description' => 'The configuration of the sales rule is abnormal.'],
+ ['code' => 'Defense.Control.DefenseSaleSpecValueInvalid', 'message' => 'The configuration of the sales rule is abnormal.', 'http_code' => 400, 'description' => 'The configuration of the sales rule is abnormal.'],
+ ['code' => 'Defense.Control.DefenseSceneNotSupported', 'message' => 'This protection scenario is not supported.', 'http_code' => 400, 'description' => 'The protection scenario is not supported.'],
+ ['code' => 'Defense.Control.DefenseSceneNotSupported', 'message' => 'The protection scenario is not supported.', 'http_code' => 400, 'description' => 'The protection scenario is not supported.'],
+ ['code' => 'Defense.Control.DefenseTemplateBindUnbindNotSupportAsset', 'message' => 'The protection template does not support binding or unbinding protected assets. Only protected objects and protected groups are supported.', 'http_code' => 400, 'description' => 'The protection template does not support binding or unbinding protected assets. Only protected objects and protected groups are supported.'],
+ ['code' => 'Defense.Control.DefenseTemplateBindUnbindOnlySupportAsset', 'message' => 'The protection template only supports binding or unbinding protected assets, but does not support binding or unbinding protected objects and protected groups.', 'http_code' => 400, 'description' => 'The protection template only supports binding or unbinding protected assets, but does not support binding or unbinding protected objects and protection groups.'],
+ ['code' => 'Defense.Control.DefenseTemplateBindUnbindResourceInvalid', 'message' => 'If the resource bound or unbound by the protection template is invalid, it may have been added to other user-defined templates or protection groups.', 'http_code' => 400, 'description' => 'The protected resource that is bound to or unbound from the protection template is invalid. The protected resource is bound to other custom templates or added to protected object groups.'],
+ ['code' => 'Defense.Control.DefenseTemplateBindUnbindResourceInvalid', 'message' => 'The protected object that is bound to or unbound from the protection template is invalid. The protected object is bound to other custom templates or added to protected object groups.', 'http_code' => 400, 'description' => 'The protected resource that is bound to or unbound from the protection template is invalid. The protected resource is bound to other custom templates or added to protected object groups.'],
+ ['code' => 'Defense.Control.DefenseTemplateBindUnbindResourceNotFound', 'message' => 'The resource bound or unbound by the protection template was not found.', 'http_code' => 400, 'description' => 'Failed to find the protected resource that is bound to or unbound from the protection template.'],
+ ['code' => 'Defense.Control.DefenseTemplateBindUnbindResourceNotFound', 'message' => 'Failed to find the protected object that is bound to or unbound from the protection template.', 'http_code' => 400, 'description' => 'Failed to find the protected resource that is bound to or unbound from the protection template.'],
+ ['code' => 'Defense.Control.DefenseTemplateCountOverSize', 'message' => 'The number of protective templates exceeds the limit.', 'http_code' => 400, 'description' => 'The number of protection templates exceeds the upper limit.'],
+ ['code' => 'Defense.Control.DefenseTemplateCountOverSize', 'message' => 'The number of protection templates exceeds the limit.', 'http_code' => 400, 'description' => 'The number of protection templates exceeds the limit.'],
+ ['code' => 'Defense.Control.DefenseTemplateDescriptionInvalid', 'message' => 'Illegal protection template description.', 'http_code' => 400, 'description' => 'The description of the protection template is invalid.'],
+ ['code' => 'Defense.Control.DefenseTemplateDetailInvalid', 'message' => 'Protection template configuration details field is invalid.', 'http_code' => 400, 'description' => 'Protection template configuration details field is invalid'],
+ ['code' => 'Defense.Control.DefenseTemplateInGrayOperation', 'message' => 'Protection template grayscale upgrade operation, please try again later.', 'http_code' => 400, 'description' => 'Protection template grayscale upgrade operation, please try again later'],
+ ['code' => 'Defense.Control.DefenseTemplateInOperation', 'message' => 'Protective template operation, please try again later.', 'http_code' => 400, 'description' => 'The protection template is in use. Try again later.'],
+ ['code' => 'Defense.Control.DefenseTemplateNameInUse', 'message' => 'Protection template name has been used.', 'http_code' => 400, 'description' => 'The name of the protection template is being used.'],
+ ['code' => 'Defense.Control.DefenseTemplateNameInUse', 'message' => 'The name of the protection template is being used.', 'http_code' => 400, 'description' => 'The name of the protection template is being used.'],
+ ['code' => 'Defense.Control.DefenseTemplateNotExist', 'message' => 'Protective template does not exist.', 'http_code' => 400, 'description' => 'The protection template does not exist.'],
+ ['code' => 'Defense.Control.DefenseTemplateNotExist', 'message' => 'The protection template does not exist.', 'http_code' => 400, 'description' => 'The protection template does not exist.'],
+ ['code' => 'Defense.Control.DefenseTemplateOwnedByAnotherUser', 'message' => 'Protection template does not belong to this user.', 'http_code' => 400, 'description' => 'The protection template does not belong to the user.'],
+ ['code' => 'Defense.Control.DefenseTemplateOwnedByAnotherUser', 'message' => 'The protection template does not belong to the user.', 'http_code' => 400, 'description' => 'The protection template does not belong to the user.'],
+ ['code' => 'Defense.Control.DefenseTemplateRuleNotPermitCreate', 'message' => 'You cannot create protection rules.', 'http_code' => 400, 'description' => 'This protection module rule does not allow creation'],
+ ['code' => 'Defense.Control.DefenseTemplateRuleNotPermitDelete', 'message' => 'Rules in this protection policy are not allowed to be deleted.', 'http_code' => 400, 'description' => 'You cannot delete protection rules from the protection template.'],
+ ['code' => 'Defense.Control.DefenseTemplateRuleNotPermitDelete', 'message' => 'You cannot delete protection rules.', 'http_code' => 400, 'description' => 'You cannot delete protection rules.'],
+ ['code' => 'Defense.Control.DefenseTemplateRuleStatusNotPermitModify', 'message' => 'The status of this protection rule cannot be modified.', 'http_code' => 400, 'description' => 'The status of the protection rule cannot be modified.'],
+ ['code' => 'Defense.Control.DefenseTemplateStatusInvalid', 'message' => 'Illegal status of protective template.', 'http_code' => 400, 'description' => 'The status of the protection template is invalid.'],
+ ['code' => 'Defense.Control.DefenseTemplateStatusInvalid', 'message' => 'The status of the protection template is invalid.', 'http_code' => 400, 'description' => 'The status of the protection template is invalid.'],
+ ['code' => 'Defense.Control.DefenseTemplateTypeBindUnbindResourceInvalid', 'message' => 'Only user-defined protection templates can bind or unbind protection resources.', 'http_code' => 400, 'description' => 'Only custom protection templates can be bound to or unbound from protected resources.'],
+ ['code' => 'Defense.Control.DefenseTemplateTypeBindUnbindResourceInvalid', 'message' => 'Only custom protection templates can be bound to or unbound from protected resources.', 'http_code' => 400, 'description' => 'Only custom protection templates can be bound to or unbound from protected resources.'],
+ ['code' => 'Defense.Control.DefenseTemplateUserDefaultExist', 'message' => 'User default protection template already exists.', 'http_code' => 400, 'description' => 'The default protection template exists.'],
+ ['code' => 'Defense.Control.DefenseTemplateUserDefaultExist', 'message' => 'The default protection template exists.', 'http_code' => 400, 'description' => 'The default protection template exists.'],
+ ['code' => 'Defense.Control.DefenseTemplateUserDefaultNotSupport', 'message' => 'The default protection template is not supported.', 'http_code' => 400, 'description' => 'The default protection template is not supported.'],
+ ['code' => 'Defense.Control.DefenseTestActionInvalid', 'message' => 'Illegal test of protective function action.', 'http_code' => 400, 'description' => 'The action that is used to test the protection feature is invalid.'],
+ ['code' => 'Defense.Control.DefenseTestExpiredTimeInvalid', 'message' => 'Illegal timeout for testing protective functions.', 'http_code' => 400, 'description' => 'The timeout period to test the protection feature is invalid.'],
+ ['code' => 'Defense.Control.DefenseTestUserIpInvalid', 'message' => 'Illegal user IP to test protection function.', 'http_code' => 400, 'description' => 'The IP address that is used to test the protection feature is invalid.'],
+ ['code' => 'Defense.Control.DefenseThreatIntelligenceConfigInvalid', 'message' => 'Threat Intelligence Rule configuration error.', 'http_code' => 400, 'description' => 'Threat Intelligence Rule configuration error. %s'],
+ ['code' => 'Defense.Control.DefenseTraceIdInvalid', 'message' => 'The format of the log request ID is incorrect.', 'http_code' => 400, 'description' => 'The log request ID format is incorrect'],
+ ['code' => 'Defense.Control.DefenseTrafficGuideAlreadyExist', 'message' => 'Drainage strategy already exists.', 'http_code' => 400, 'description' => 'Drainage strategy already exists.'],
+ ['code' => 'Defense.Control.DefenseTrafficGuideConfigModelInvalid', 'message' => 'Drainage strategy mode is invalid.', 'http_code' => 400, 'description' => 'Drainage strategy mode is invalid.'],
+ ['code' => 'Defense.Control.DefenseTrafficGuideConfigProductInvalid', 'message' => 'Drainage strategy products are ineffective.', 'http_code' => 400, 'description' => 'The traffic‑generation strategy product is ineffective.'],
+ ['code' => 'Defense.Control.DefenseTrafficGuideConfigStrategyInvalid', 'message' => 'The drainage strategy is ineffective.', 'http_code' => 400, 'description' => 'The drainage strategy is ineffective.'],
+ ['code' => 'Defense.Control.DefenseTrafficGuideCountOverSize', 'message' => 'Only one drainage strategy is supported.', 'http_code' => 400, 'description' => 'Only one drainage strategy is supported.'],
+ ['code' => 'Defense.Control.DefenseTrafficGuideRuleCountOverSize', 'message' => 'The number of regular or precise rules for drainage policies exceeds the limit.', 'http_code' => 400, 'description' => 'The number of regular or precise rules for drainage policies exceeds the limit.'],
+ ['code' => 'Defense.Control.DefenseUploadOssFileFailed', 'message' => 'Failed to upload OSS files.', 'http_code' => 400, 'description' => 'Failed to upload the OSS file.'],
+ ['code' => 'Defense.Control.DefenseVastIpDescriptionInvalid', 'message' => 'The description of the IP address blacklist is invalid.', 'http_code' => 400, 'description' => 'The description of the IP address blacklist is invalid.'],
+ ['code' => 'Defense.Control.DefenseVastIpExpiredTimeInvalid', 'message' => 'The expiration time of the IP address blacklist for protection for major events is invalid.', 'http_code' => 400, 'description' => 'The expiration time of the IP address blacklist for protection for major events is invalid.'],
+ ['code' => 'Defense.Control.DefenseVastIpFileEmpty', 'message' => 'The content of the IP address blacklist file for protection for major events is empty.', 'http_code' => 400, 'description' => 'The IP address blacklist file for protection for major events is empty.'],
+ ['code' => 'Defense.Control.DefenseVastIpFileFormatError', 'message' => 'The format of the IP address blacklist file for protection for major events is invalid.', 'http_code' => 400, 'description' => 'The format of the IP address blacklist file for protection for major events is invalid.'],
+ ['code' => 'Defense.Control.DefenseVastIpFileOversize', 'message' => 'The number of IP addresses in the IP address blacklist file for protection for major events exceeds the upper limit.', 'http_code' => 400, 'description' => 'The number of IP addresses in the IP address blacklist file for protection for major events exceeds the upper limit.'],
+ ['code' => 'Defense.Control.DefenseVastIpOperationCountOversize', 'message' => 'The number of IP addresses that are operated each time exceeds the upper limit. The IP addresses are the IP addresses in the IP address blacklist for protection for major events.', 'http_code' => 400, 'description' => 'The number of IP addresses that are operated each time exceeds the upper limit. The IP addresses are the IP addresses in the IP address blacklist for protection for major events.'],
+ ['code' => 'Defense.Control.DefenseVastIpTotalCountOversize', 'message' => 'The total number of IP addresses in the IP address blacklist for protection for major events exceeds the upper limit.', 'http_code' => 400, 'description' => 'The total number of IP addresses in the IP address blacklist for protection for major events exceeds the upper limit.'],
+ ['code' => 'Defense.Control.DefenseVastIpUploadFormError', 'message' => 'Failed to obtain the information about the uploaded IP address blacklist file for protection for major events.', 'http_code' => 400, 'description' => 'Failed to obtain the information about the uploaded IP address blacklist file for protection for major events.'],
+ ['code' => 'Defense.Control.DefenseWafCustomRuleCompileFailed', 'message' => 'Custom regular rule compilation failed.', 'http_code' => 400, 'description' => 'Custom regular rule compilation failed'],
+ ['code' => 'Defense.Control.DefenseWafCustomRuleConfigInvalid', 'message' => 'Invalid custom regular rule configuration.', 'http_code' => 400, 'description' => 'Invalid custom regular rule configuration.'],
+ ['code' => 'Defense.Control.DefenseWhitelistBypassRuleNotExist', 'message' => 'The whitelist protection rule does not exist.', 'http_code' => 400, 'description' => 'The whitelist protection rule does not exist. Rule ID:%s.'],
+ ['code' => 'Defense.Control.DefenseWhitelistBypassTagInvalid', 'message' => 'The white mark in the white list is invalid.', 'http_code' => 400, 'description' => 'The whitelist tag is invalid.'],
+ ['code' => 'Defense.Control.DefenseWhitelistBypassTagInvalid', 'message' => 'The whitelist parameter is invalid.', 'http_code' => 400, 'description' => 'The whitelist parameter is invalid.'],
+ ['code' => 'Defense.Control.DefenseWhitelistCategoryInvalid', 'message' => 'Invalid whitelist whitelist policy module.', 'http_code' => 400, 'description' => 'Protection modules defined in the whitelist are invalid.'],
+ ['code' => 'Defense.Control.DefenseWhitelistCategoryInvalid', 'message' => 'Protection modules defined in the whitelist are invalid.', 'http_code' => 400, 'description' => 'Protection modules that are defined in the whitelist are invalid.'],
+ ['code' => 'Defense.Control.DefenseWhitelistConfigInvalid', 'message' => 'The whitelist rule is misconfigured.', 'http_code' => 400, 'description' => 'Error configuring whitelist rule: %s.'],
+ ['code' => 'Defense.Control.DefenseWhitelistRegularRuleSize', 'message' => 'The number of white regular rule IDS in the white list exceeds the limit.', 'http_code' => 400, 'description' => 'The number of regular expression rules in the whitelist exceeds the upper limit.'],
+ ['code' => 'Defense.Control.DefenseWhitelistRegularRuleSize', 'message' => 'The number of regular expression rules in the whitelist exceeds the limit.', 'http_code' => 400, 'description' => 'The number of regular expression rules in the whitelist exceeds the limit.'],
+ ['code' => 'Defense.Control.DefenseWhitelistRegularTypeSize', 'message' => 'The number of white regular rule types in the white list exceeds the limit.', 'http_code' => 400, 'description' => 'The number of types of regular expression rules in the whitelist exceeds the upper limit.'],
+ ['code' => 'Defense.Control.DefenseWhitelistRegularTypeSize', 'message' => 'The number of types of regular expression rules in the whitelist exceeds the limit.', 'http_code' => 400, 'description' => 'The number of types of regular expression rules in the whitelist exceeds the limit.'],
+ ['code' => 'Defense.Control.InvalidDefenseRuleID', 'message' => 'The protection rule ID is invalid.', 'http_code' => 400, 'description' => 'The protection rule ID is invalid.'],
+ ['code' => 'Defense.Control.InvalidParameter', 'message' => 'Invalid parameter.', 'http_code' => 400, 'description' => 'The parameter is invalid.'],
+ ['code' => 'Defense.Control.InvalidParameter', 'message' => 'The parameter is invalid.', 'http_code' => 400, 'description' => 'The parameter is invalid.'],
+ ['code' => 'Defense.Control.ProductNotSupportRule', 'message' => 'Access mode does not support this protection scenario rule.%s.', 'http_code' => 400, 'description' => 'Access mode does not support this protection scenario rule.%s.'],
+ ['code' => 'DlpUsed', 'message' => 'The feature of data leakage prevention is being used.', 'http_code' => 400, 'description' => 'The data leakage prevention feature is in effect.'],
+ ['code' => 'DomainDuplicateError', 'message' => 'The domain has been configured.', 'http_code' => 400, 'description' => 'The configuration of the domain name is complete.'],
+ ['code' => 'DomainNotBeianOrInBlackList', 'message' => 'The domain does not have an ICP filling or has been blacklisted.', 'http_code' => 400, 'description' => 'The domain name does not have an ICP filing or is added to the blacklist.'],
+ ['code' => 'DomainNotBeianOrInBlackList', 'message' => 'Blacklist or Domain Names That Do Not Have ICP Filings', 'http_code' => 400, 'description' => 'The domain name does not have an ICP filing or has committed a penalty.'],
+ ['code' => 'DomainNotExist', 'message' => 'The specified domain does not exist.', 'http_code' => 400, 'description' => 'The specified domain name does not exist.'],
+ ['code' => 'DomainQuotaExceed', 'message' => 'Domain Quota Exceed.', 'http_code' => 400, 'description' => 'The quota of domain names is reached.'],
+ ['code' => 'DomainRetSourceNotSupport', 'message' => 'Your waf does not support return to domain.', 'http_code' => 400, 'description' => 'Your WAF instance does not support back-to-origin domain names.'],
+ ['code' => 'DomainUsedByOthers', 'message' => 'The domain name is being used by another owner.', 'http_code' => 400, 'description' => 'The domain name is being used by another user.'],
+ ['code' => 'DrainageOverrun', 'message' => 'The number of ports for which WAF protection is enabled exceeds the quota.', 'http_code' => 403, 'description' => 'The number of connected ports exceeds the system limit.'],
+ ['code' => 'ExtensiveDomainUsedError', 'message' => 'Another user has used this wildcard domain in Waf.', 'http_code' => 400, 'description' => 'The wildcard domain is already used.'],
+ ['code' => 'FunctionAvailableError', 'message' => 'The function is not available.', 'http_code' => 403, 'description' => 'The function is not available.'],
+ ['code' => 'IllegalDefaultCertificate', 'message' => 'The default certificate does not exist.', 'http_code' => 403, 'description' => 'The default certificate for transparent access is invalid.'],
+ ['code' => 'InternalError', 'message' => 'Unknown error.', 'http_code' => 500, 'description' => 'Request processing failed due to unknown error'],
+ ['code' => 'InvalidIncludeSubDomainWithPreload', 'message' => 'The parameter HstsIncludeSubDomain is invalid. When the parameter HstsPreload is true, the HstsIncludeSubDomain must be true.', 'http_code' => 400, 'description' => 'The parameter HstsIncludeSubDomain is invalid. When the parameter HstsPreload is true, the HstsIncludeSubDomain must be true.'],
+ ['code' => 'InvalidParameter', 'message' => 'Invalid parameter.', 'http_code' => 400, 'description' => 'Invalid parameter'],
+ ['code' => 'InvalidParameters', 'message' => 'Invalid parameters.', 'http_code' => 400, 'description' => 'The parameters are illegal.'],
+ ['code' => 'Log.Control.ApisecSpecInfoNotFound', 'message' => 'API security service has not been activated.', 'http_code' => 400, 'description' => 'API security service has not been activated.'],
+ ['code' => 'Log.Control.AssumeRoleFailed', 'message' => 'Insufficient permissions, please authorize.', 'http_code' => 400, 'description' => 'You do not have the required permissions. Obtain the required permissions.'],
+ ['code' => 'Log.Control.AssumeRoleFailed', 'message' => 'You do not have the required permissions. Obtain the required permissions.', 'http_code' => 400, 'description' => 'You do not have the required permissions. Obtain the required permissions.'],
+ ['code' => 'Log.Control.BatchDescribeSlsDispatchStatusFailed', 'message' => 'Query whether SLS service is open error.', 'http_code' => 400, 'description' => 'Failed to check whether Log Service is activated.'],
+ ['code' => 'Log.Control.BatchDescribeSlsDispatchStatusFailed', 'message' => 'Failed to check whether Log Service is activated.', 'http_code' => 400, 'description' => 'Failed to check whether Log Service is activated.'],
+ ['code' => 'Log.Control.BatchDescribeSlsLogStoreFailed', 'message' => 'Failed to obtain the logstore list of Log Service SLS.', 'http_code' => 400, 'description' => 'Failed to obtain the logstore list of Log Service SLS.'],
+ ['code' => 'Log.Control.BatchDescribeSlsProjectFailed', 'message' => 'Failed to obtain the project list of Log Service SLS.', 'http_code' => 400, 'description' => 'Failed to obtain the project list of Log Service SLS.'],
+ ['code' => 'Log.Control.ClusterDeliveryNameEmpty', 'message' => 'When you enable WAF cluster outgoing logs, the outgoing configuration name cannot be empty.', 'http_code' => 400, 'description' => 'When you enable WAF cluster outgoing logs, the outgoing configuration name cannot be empty.'],
+ ['code' => 'Log.Control.CreateEtlMetaFailed', 'message' => 'Open Log Distribution Failed.', 'http_code' => 400, 'description' => 'Failed to enable the Log Service for WAF feature.'],
+ ['code' => 'Log.Control.CreateEtlMetaFailed', 'message' => 'Failed to enable the Log Service for WAF feature.', 'http_code' => 400, 'description' => 'Failed to enable the Log Service for WAF feature.'],
+ ['code' => 'Log.Control.CreateProjectLogstoreFailed', 'message' => 'Failed to create Projects and Logstores.', 'http_code' => 400, 'description' => 'Failed to create a project and a Logstore.'],
+ ['code' => 'Log.Control.CreateProjectLogstoreFailed', 'message' => 'Failed to create a project and a Logstore.', 'http_code' => 400, 'description' => 'Failed to create a project and a Logstore.'],
+ ['code' => 'Log.Control.DeleteEtlMetaFailed', 'message' => 'Failed to close log distribution.', 'http_code' => 400, 'description' => 'Failed to disable the Log Service for WAF feature.'],
+ ['code' => 'Log.Control.DeleteEtlMetaFailed', 'message' => 'Failed to disable the Log Service for WAF feature.', 'http_code' => 400, 'description' => 'Failed to disable the Log Service for WAF feature.'],
+ ['code' => 'Log.Control.DeleteLogStoreFailed', 'message' => 'Failed to delete LogStore.', 'http_code' => 400, 'description' => 'Failed to delete the Logstore.'],
+ ['code' => 'Log.Control.DeleteLogStoreFailed', 'message' => 'Failed to delete the Logstore.', 'http_code' => 400, 'description' => 'Failed to delete the Logstore.'],
+ ['code' => 'Log.Control.DeliveryConfigCountExceed', 'message' => 'The count of WAF outgoing configurations exceeds the limit.', 'http_code' => 400, 'description' => 'The number of WAF outgoing configurations exceeds the limit.'],
+ ['code' => 'Log.Control.DeliveryConfigInUse', 'message' => 'WAF cluster outgoing configuration is in use and cannot be deleted.', 'http_code' => 400, 'description' => 'The delivery configuration is in use and cannot be deleted.'],
+ ['code' => 'Log.Control.DeliveryConfigNameDuplicate', 'message' => 'WAF outgoing configuration name is duplicate.', 'http_code' => 400, 'description' => 'WAF outgoing configuration name is duplicate.'],
+ ['code' => 'Log.Control.DeliveryConfigNotExist', 'message' => 'The WAF cluster log outgoing configuration does not exist.', 'http_code' => 400, 'description' => 'The WAF cluster log outgoing configuration does not exist.'],
+ ['code' => 'Log.Control.DescribeLogstoreInfoFailed', 'message' => 'Failed to view LogStore information.', 'http_code' => 400, 'description' => 'Failed to view the Logstore information.'],
+ ['code' => 'Log.Control.DescribeLogstoreInfoFailed', 'message' => 'Failed to view the Logstore information.', 'http_code' => 400, 'description' => 'Failed to view the Logstore information.'],
+ ['code' => 'Log.Control.DescribeSlsAuthFailed', 'message' => 'Error querying user for authorization to operate SLS resource.', 'http_code' => 400, 'description' => 'Failed to check whether a user is authorized to manage Log Service resources.'],
+ ['code' => 'Log.Control.DescribeSlsAuthFailed', 'message' => 'Failed to check whether a user is authorized to manage Log Service resources.', 'http_code' => 400, 'description' => 'Failed to check whether a user is authorized to manage Log Service resources.'],
+ ['code' => 'Log.Control.DescribeSlsDispatchStatusFailed', 'message' => 'Query Log Distribution Status Error.', 'http_code' => 400, 'description' => 'Failed to query the status of the Log Service for WAF feature.'],
+ ['code' => 'Log.Control.DescribeSlsDispatchStatusFailed', 'message' => 'Failed to query the status of the Log Service for WAF feature.', 'http_code' => 400, 'description' => 'Failed to query the status of the Log Service for WAF feature.'],
+ ['code' => 'Log.Control.EtlMetaExistError', 'message' => 'Log distribution already exists.', 'http_code' => 400, 'description' => 'The Log Service for WAF feature is enabled.'],
+ ['code' => 'Log.Control.EtlMetaExistError', 'message' => 'The Log Service for WAF feature is enabled.', 'http_code' => 400, 'description' => 'The Log Service for WAF feature is enabled.'],
+ ['code' => 'Log.Control.EtlMetaNotExist', 'message' => 'Log distribution configuration does not exist.', 'http_code' => 400, 'description' => 'The Log Service for WAF feature is not enabled.'],
+ ['code' => 'Log.Control.EtlMetaNotExist', 'message' => 'The Log Service for WAF feature is not enabled.', 'http_code' => 400, 'description' => 'The Log Service for WAF feature is not enabled.'],
+ ['code' => 'Log.Control.HybridCloudNotSupport', 'message' => 'The hybrid cloud extension node is not supported. Please purchase and try again.', 'http_code' => 400, 'description' => 'The hybrid cloud extension node is not supported. Please purchase and try again.'],
+ ['code' => 'Log.Control.HybridClusterNotExist', 'message' => 'The hybrid cloud cluster does not exist.', 'http_code' => 400, 'description' => 'The hybrid cloud cluster does not exist.'],
+ ['code' => 'Log.Control.InDebtError', 'message' => 'You have a bill in arrears and do not meet the requirements for automatic logging service. Please recharge your bill and settle it before trying again.', 'http_code' => 400, 'description' => 'You have overdue payments in your account. The Log Service for WAF feature cannot be automatically enabled. Top up your account, settle the payments, and try again.'],
+ ['code' => 'Log.Control.InDebtError', 'message' => 'You have overdue payments in your account. The Log Service for WAF feature cannot be automatically enabled. Top up your account, settle the payments, and try again.', 'http_code' => 400, 'description' => 'You have overdue payments in your account. The Log Service for WAF feature cannot be automatically enabled. Top up your account, settle the payments, and try again.'],
+ ['code' => 'Log.Control.InvalidAssertKey', 'message' => 'The AssertKey is invalid.', 'http_code' => 400, 'description' => 'Invalid AssertKey parameter'],
+ ['code' => 'Log.Control.InvalidInstanceId', 'message' => 'The instance ID is invalid.', 'http_code' => 400, 'description' => 'The instance ID is invalid.'],
+ ['code' => 'Log.Control.InvalidParameter', 'message' => 'The parameter is invalid.', 'http_code' => 400, 'description' => 'The request parameter is invalid. Please verify the request parameter.'],
+ ['code' => 'Log.Control.InvalidParameter', 'message' => 'Parameter error. Check and correct the parameter and try again.', 'http_code' => 400, 'description' => 'Parameter error. Check and correct the parameter and try again.'],
+ ['code' => 'Log.Control.InvalidSlsParam', 'message' => 'Invalid parameters for Log Service SLS.', 'http_code' => 400, 'description' => 'Invalid parameters for Log Service SLS'],
+ ['code' => 'Log.Control.InvalidUserId', 'message' => 'Invalid user id.', 'http_code' => 400, 'description' => 'The user ID is invalid.'],
+ ['code' => 'Log.Control.InvalidUserId', 'message' => 'The user ID is invalid.', 'http_code' => 400, 'description' => 'The user ID is invalid.'],
+ ['code' => 'Log.Control.KafkaConfigParamError', 'message' => 'The Kafka log outgoing configuration parameter is incorrect.', 'http_code' => 400, 'description' => 'The Kafka log outgoing configuration parameter is incorrect.'],
+ ['code' => 'Log.Control.LogServiceNotSupport', 'message' => 'Log Service is not supported. Please try again after purchasing.', 'http_code' => 400, 'description' => 'Log Service is not supported. Please try again after purchasing.'],
+ ['code' => 'Log.Control.ModifyEtlMetaFailed', 'message' => 'Failed to modify log distribution configuration.', 'http_code' => 400, 'description' => 'Failed to modify the configuration of the Log Service for WAF feature.'],
+ ['code' => 'Log.Control.ModifyEtlMetaFailed', 'message' => 'Failed to modify the configuration of the Log Service for WAF feature.', 'http_code' => 400, 'description' => 'Failed to modify the configuration of the Log Service for WAF feature.'],
+ ['code' => 'Log.Control.ModifyUserLogFieldConfigError', 'message' => 'The user failed to modify the log field.', 'http_code' => 400, 'description' => 'Failed to modify the log fields.'],
+ ['code' => 'Log.Control.ModifyUserLogFieldConfigError', 'message' => 'Failed to modify the log fields.', 'http_code' => 400, 'description' => 'Failed to modify the log fields.'],
+ ['code' => 'Log.Control.ModifyUserLogSpecError', 'message' => 'modify user log spec code failed, please try again later.', 'http_code' => 400, 'description' => 'Failed to enable the Log Service for WAF feature.'],
+ ['code' => 'Log.Control.OpenSlsServiceFailed', 'message' => 'Failed to open SLS.', 'http_code' => 400, 'description' => 'Failed to activate Log Service.'],
+ ['code' => 'Log.Control.OpenSlsServiceFailed', 'message' => 'Failed to activate Log Service.', 'http_code' => 400, 'description' => 'Failed to activate Log Service.'],
+ ['code' => 'Log.Control.ResourceCountTooMuch', 'message' => 'When querying the log delivery status of protected resources, the number of protected resources exceeds the limit.', 'http_code' => 400, 'description' => 'When querying the log delivery status of protected resources, the number of protected resources exceeds the limit.'],
+ ['code' => 'Log.Control.ResourceDeliveryNameEmpty', 'message' => 'When you enable external log delivery for protected resources, the external delivery configuration name cannot be empty.', 'http_code' => 400, 'description' => 'When you enable external log delivery for protected resources, the external delivery configuration name cannot be empty.'],
+ ['code' => 'Log.Control.ResourceNotExist', 'message' => 'The protected resource does not exist.', 'http_code' => 400, 'description' => 'The protected object does not exist.'],
+ ['code' => 'Log.Control.ResourceNotSupportDelivery', 'message' => 'The protected resource does not support enabling external log delivery.', 'http_code' => 400, 'description' => 'The protected resource does not support enabling external log delivery.'],
+ ['code' => 'Log.Control.SlsLogStoreNotExist', 'message' => 'LogStore for SLS does not exist.', 'http_code' => 400, 'description' => 'The Logstore does not exist.'],
+ ['code' => 'Log.Control.SlsLogStoreNotExist', 'message' => 'The Logstore does not exist.', 'http_code' => 400, 'description' => 'The Logstore does not exist.'],
+ ['code' => 'Log.Control.SlsProjectNotExist', 'message' => 'Projects for SLS do not exist.', 'http_code' => 400, 'description' => 'The project does not exist.'],
+ ['code' => 'Log.Control.SlsProjectNotExist', 'message' => 'The project does not exist.', 'http_code' => 400, 'description' => 'The project does not exist.'],
+ ['code' => 'Log.Control.SyslogConfigParamError', 'message' => 'Syslog outgoing configuration parameter error.', 'http_code' => 400, 'description' => 'Syslog outgoing configuration parameter error.'],
+ ['code' => 'Log.Control.UserLogFieldIsUpdating', 'message' => 'The user log field is being configured.', 'http_code' => 400, 'description' => 'The log fields are being configured.'],
+ ['code' => 'Log.Control.UserLogFieldIsUpdating', 'message' => 'The log field is being configured.', 'http_code' => 400, 'description' => 'The log field is being configured.'],
+ ['code' => 'Log.Control.UserLogOpenedError', 'message' => 'Log Service activation failed.', 'http_code' => 400, 'description' => 'Log Service activation failed.'],
+ ['code' => 'Log.Control.UserRegionNotFound', 'message' => 'User region not found.', 'http_code' => 400, 'description' => 'User region not found.'],
+ ['code' => 'NoPermission', 'message' => 'The current operation is not authorized. Please contact the main account to perform authorization after the RAM console is authorized.', 'http_code' => 400, 'description' => 'You are not authorized to perform this operation. Contact the owner of the Alibaba Cloud account to obtain authorization in the RAM console.'],
+ ['code' => 'NoPermissonCreatesServiceLinkedRole', 'message' => 'No Permisson Create Service Linked Role.', 'http_code' => 400, 'description' => 'You do not have the permissions to create the service-linked role.'],
+ ['code' => 'NormalizedUsed', 'message' => 'The feature of positive security model is being used.', 'http_code' => 400, 'description' => 'The positive security model is in use'],
+ ['code' => 'ParamError', 'message' => 'The parameters of your request are invalid.', 'http_code' => 400, 'description' => 'The requested parameter is invalid.'],
+ ['code' => 'PropertyConvertFailed', 'message' => 'The property convert failed.', 'http_code' => 400, 'description' => 'Request processing failed due to an unknown error.'],
+ ['code' => 'Rasp.Attach.DeleteFail', 'message' => 'The access record in the access switch ON state cannot be deleted.', 'http_code' => 200, 'description' => 'The access record in the access switch ON state cannot be deleted.'],
+ ['code' => 'Rasp.Sale.NotExist', 'message' => 'User not purchased.', 'http_code' => 400, 'description' => 'The user has not purchased a RASP instance.'],
+ ['code' => 'Rasp.UnexpectedError', 'message' => 'Unknown error.', 'http_code' => 500, 'description' => 'Request processing failed due to unknown error'],
+ ['code' => 'RedirectionStarting', 'message' => 'WAF protection is being enabled for the port. Try again later.', 'http_code' => 403, 'description' => 'WAF protection is being enabled for the port. Try again later.'],
+ ['code' => 'RequestError', 'message' => 'The system is unavailable. Please try again later.', 'http_code' => 400, 'description' => 'The system is unavailable. Try again later.'],
+ ['code' => 'RiskyDomain', 'message' => 'The domain name you added may be at risk. If you have any questions, please submit a work order.', 'http_code' => 400, 'description' => 'The domain name you added may be at risk. If you have any questions, please submit a work order.'."\n"],
+ ['code' => 'RoleAlreadyExists', 'message' => 'Service Linked Role Already Exists.', 'http_code' => 400, 'description' => 'The role already exists.'],
+ ['code' => 'RsListenPortError', 'message' => 'The specified origin server listening port is invalid.', 'http_code' => 403, 'description' => 'The specified origin server listening port is invalid.'],
+ ['code' => 'Rule.Service.CustomRuleGroupCountGreaterMaxCapacity', 'message' => 'The number of custom rule groups exceeds the purchase limit.', 'http_code' => 400, 'description' => 'The number of custom rule groups exceeds the upper limit.'],
+ ['code' => 'Rule.Service.CustomRuleGroupCountGreaterMaxCapacity', 'message' => 'The number of custom rule groups exceeds the upper limit.', 'http_code' => 400, 'description' => 'The number of custom rule groups exceeds the upper limit.'],
+ ['code' => 'Rule.Service.GenericException', 'message' => 'Internal error.', 'http_code' => 400, 'description' => 'An internal error occurred.'],
+ ['code' => 'Rule.Service.GenericException', 'message' => 'A system error occurred.', 'http_code' => 400, 'description' => 'A system error occurred.'],
+ ['code' => 'Rule.Service.InternalUnknownError', 'message' => 'Unknown error.', 'http_code' => 400, 'description' => 'An unknown error occurred.'],
+ ['code' => 'Rule.Service.InternalUnknownError', 'message' => 'An unknown error occurred.', 'http_code' => 400, 'description' => 'An unknown error occurred.'],
+ ['code' => 'Rule.Service.InvalidParameter', 'message' => 'Parameter check failed.', 'http_code' => 400, 'description' => 'Failed to verify parameters.'],
+ ['code' => 'Rule.Service.InvalidParameter', 'message' => 'Failed to verify parameters.', 'http_code' => 400, 'description' => 'Failed to verify parameters.'],
+ ['code' => 'Rule.Service.NotFoundObject', 'message' => 'No corresponding data found.', 'http_code' => 400, 'description' => 'Failed to find the specified data.'],
+ ['code' => 'Rule.Service.NotFoundObject', 'message' => 'Failed to find the specified data.', 'http_code' => 400, 'description' => 'Failed to find the specified data.'],
+ ['code' => 'Rule.Service.NotFoundPolicy', 'message' => 'Rule group not found.', 'http_code' => 400, 'description' => 'No rule groups found.'],
+ ['code' => 'Rule.Service.NotFoundPolicy', 'message' => 'No rule groups found.', 'http_code' => 400, 'description' => 'No rule groups are found.'],
+ ['code' => 'Rule.Service.NotFoundRule', 'message' => 'No rules found.', 'http_code' => 400, 'description' => 'No rules are found.'],
+ ['code' => 'Rule.Service.NotSupportedCustomRuleGroup', 'message' => 'Custom rule group not purchased, please upgrade.', 'http_code' => 400, 'description' => 'The custom rule group is not supported. Upgrade your instance and try again.'],
+ ['code' => 'Rule.Service.NotSupportedCustomRuleGroup', 'message' => 'The custom rule group is not supported.', 'http_code' => 400, 'description' => 'The custom rule group is not supported.'],
+ ['code' => 'Rule.Service.NotSupportedOperation', 'message' => 'This operation is not supported.', 'http_code' => 400, 'description' => 'The operation is not supported.'],
+ ['code' => 'Rule.Service.NotSupportedOperation', 'message' => 'The operation is not supported.', 'http_code' => 400, 'description' => 'The operation is not supported.'],
+ ['code' => 'Rule.Service.ParameterFormatError', 'message' => 'Parameter format error.', 'http_code' => 400, 'description' => 'The parameter format is invalid.'],
+ ['code' => 'Rule.Service.ParameterFormatError', 'message' => 'The format of the parameter is invalid.', 'http_code' => 400, 'description' => 'The format of the parameter is invalid.'],
+ ['code' => 'Rule.Service.ParameterIsEmpty', 'message' => 'Empty parameter.', 'http_code' => 400, 'description' => 'You must configure the parameter.'],
+ ['code' => 'Rule.Service.ParameterIsEmpty', 'message' => 'You must configure the parameter.', 'http_code' => 400, 'description' => 'You must configure the parameter.'],
+ ['code' => 'Rule.Service.ParameterNotInRange', 'message' => 'Parameter exceeded expected range.', 'http_code' => 400, 'description' => 'The parameter value is invalid.'],
+ ['code' => 'Rule.Service.ParameterNotInRange', 'message' => 'The parameter value is invalid.', 'http_code' => 400, 'description' => 'The parameter value is invalid.'],
+ ['code' => 'Rule.Service.PolicyNameAlreadyExist', 'message' => 'Rule group name already exists.', 'http_code' => 400, 'description' => 'The group name already exists.'],
+ ['code' => 'Rule.Service.PolicyNameAlreadyExist', 'message' => 'The group name already exists.', 'http_code' => 400, 'description' => 'The group name already exists.'],
+ ['code' => 'Rule.Service.PolicyStatusError', 'message' => 'Rule group in use, unable to operate.', 'http_code' => 400, 'description' => 'The rule group is in use and cannot be applied.'],
+ ['code' => 'Rule.Service.PolicyStatusError', 'message' => 'The rule group is in use and cannot be operated.', 'http_code' => 400, 'description' => 'The rule group is in use and cannot be operated.'],
+ ['code' => 'RuleNameDuplicated', 'message' => 'Rule name already in use.', 'http_code' => 400, 'description' => 'The name of the rule is used.'],
+ ['code' => 'RuleNameInvalidError', 'message' => 'The name of rule is invalid.', 'http_code' => 400, 'description' => 'The name of the protection rule is invalid.'],
+ ['code' => 'RuleNotExist', 'message' => 'The specified rule does not exist.', 'http_code' => 400, 'description' => 'The specified protection rule does not exist.'],
+ ['code' => 'RuleQueryParamError', 'message' => 'The request parameter is invalid.', 'http_code' => 403, 'description' => 'The request parameter is invalid.'],
+ ['code' => 'SecondLevelDomainQuotaExceed', 'message' => 'Second Level Domain Quota Exceed.', 'http_code' => 403, 'description' => 'Second Level Domain Quota Exceed.'],
+ ['code' => 'TamperproofUsed', 'message' => 'The feature of website tamper-proofing is being used.', 'http_code' => 400, 'description' => 'The website tamper-proofing feature is in use.'],
+ ['code' => 'TestErrorCode.%s.', 'message' => 'TestErrorMsg.%s.', 'http_code' => 400, 'description' => 'Error code of the test'],
+ ['code' => 'UnderDDoS', 'message' => 'The current WAF instance is in the defense/blackhole state, and it is not allowed to enable the Exclusive IP/GSLB configuration', 'http_code' => 400, 'description' => 'Traffic scrubbing or blackhole filtering is triggered for the WAF instance. You cannot enable Exclusive IP Address or Shared Cluster-based Intelligent Load Balancing.'],
+ ['code' => 'UserMigrating', 'message' => 'WAF user is migrating, the operation of resource does not support.', 'http_code' => 400, 'description' => 'WAF users are being migrated and cannot access resources.'],
+ ['code' => 'UserNotFound', 'message' => 'The specified user does not exist.', 'http_code' => 403, 'description' => 'The specified user does not exist.'],
+ ['code' => 'VasdUsedUp', 'message' => 'The resource package has been used up. For example, all VIP addresses are used.', 'http_code' => 403, 'description' => 'The resource package has been used up. For example, all VIP addresses are used.'],
+ ['code' => 'VerifyDomainCountExceed', 'message' => 'The number of domain names exceeds the limit. You can upgrade the domain package.', 'http_code' => 400, 'description' => 'The number of domain names exceeds the upper limit. You can upgrade the extra domain package.'],
+ ['code' => 'VerifyHttpPortNotSupport', 'message' => 'An invalid HTTP port is specified.', 'http_code' => 400, 'description' => 'The specified HTTP port is invalid.'],
+ ['code' => 'VerifyInfoLeakageNotSupport', 'message' => 'Information leakage prevention is not supported.', 'http_code' => 403, 'description' => 'Data leak prevention is not supported.'],
+ ['code' => 'VerifyMainDomainCountExceed', 'message' => 'The number of primary domains exceeds the limit. You can upgrade the domain package.', 'http_code' => 400, 'description' => 'The number of second-level domain names exceeds the upper limit. You can upgrade the domain name package.'],
+ ['code' => 'VerifyRuleCountExceed', 'message' => 'The number of rules exceeds the limit.', 'http_code' => 400, 'description' => 'The number of rules exceeds the upper limit.'],
+ ['code' => 'VerifyScreenNotSupport', 'message' => 'Large screens are not supported.', 'http_code' => 403, 'description' => 'The data visualization feature is not supported.'],
+ ['code' => 'VerifyTamperproofNotSupport', 'message' => 'Tamper resistance is not supported.', 'http_code' => 403, 'description' => 'Website tamper-proofing is not supported.'],
+ ['code' => 'Waf.Control.AllAccessCnameNeedMigrate', 'message' => 'The user access configuration has not been migrated yet. Please confirm after migration.', 'http_code' => 400, 'description' => 'The migration of domain name configurations is not complete.'],
+ ['code' => 'Waf.Control.ApisecDefaultRuleNotSupportDelete', 'message' => 'The default rules for API security do not support deletion.', 'http_code' => 400, 'description' => 'The default rules for API security do not support deletion.'],
+ ['code' => 'Waf.Control.ApisecExportTypeExist', 'message' => 'API security export task already exists.', 'http_code' => 400, 'description' => 'API security export task already exists.'],
+ ['code' => 'Waf.Control.ApisecInSystemUpdate', 'message' => 'API security service upgrade, expected to last 90 minutes, please try again later.', 'http_code' => 400, 'description' => 'API security service upgrade, expected to last 90 minutes, please try again later.'],
+ ['code' => 'Waf.Control.ApisecIsInitializing', 'message' => 'API security service initialization, expected to last for 1 minute, please try again later.', 'http_code' => 400, 'description' => 'API security service initialization, expected to last for 1 minute, please try again later.'],
+ ['code' => 'Waf.Control.ApisecNotSupport', 'message' => 'The API security module is not supported.', 'http_code' => 400, 'description' => 'The API security module is not supported.'],
+ ['code' => 'Waf.Control.ApisecRuleHostParameterConflict', 'message' => 'The content of the domain name field in the API security rule is duplicate.', 'http_code' => 400, 'description' => 'The content of the domain name field in the API security rule is duplicate.'],
+ ['code' => 'Waf.Control.ApisecRuleInOperation', 'message' => 'The API security policy configuration is operating, please try again later.', 'http_code' => 400, 'description' => 'The API security policy configuration is operating, please try again later.'],
+ ['code' => 'Waf.Control.ApisecRuleNotExist', 'message' => 'API security rule does not exist.', 'http_code' => 400, 'description' => 'API security rule does not exist.'],
+ ['code' => 'Waf.Control.CloudProductInfoEmpty', 'message' => 'The resource Id of the cloud product accessing WAF is null or null values exist in the three input parameters of the cloud product name, port, and cloud product instance.', 'http_code' => 400, 'description' => 'The resource Id of the cloud product accessing WAF is null or null values exist in the three input parameters of the cloud product name, port, and cloud product instance.'."\n"],
+ ['code' => 'Waf.Control.CloudProductInfoNotMartch', 'message' => 'The value of the cloud product, port, instance, and input parameter to which the resource ID of the cloud product is connected to WAF does not match.', 'http_code' => 400, 'description' => 'The value of the cloud product, port, instance, and input parameter to which the resource ID of the cloud product is connected to WAF does not match.'],
+ ['code' => 'Waf.Control.CnameBatchOpsFailedDomains', 'message' => 'Failed to upgrade the domain name to WAF3.0 or roll back the domain name to WAF2.0.', 'http_code' => 400, 'description' => 'Failed to upgrade the domain name to WAF3.0 or roll back the domain name to WAF2.0.'],
+ ['code' => 'Waf.Control.Conflict', 'message' => 'Configuration Conflict', 'http_code' => 400, 'description' => 'A configuration conflict occurs. Try again later.'],
+ ['code' => 'Waf.Control.DefenseResourceCountOverSize', 'message' => 'The maximum number of protected objects is exceeded.', 'http_code' => 400, 'description' => 'The number of protected objects exceeds the upper limit.'],
+ ['code' => 'Waf.Control.DefenseResourceEmpty', 'message' => 'CloudResourceId parameter is illegal.', 'http_code' => 400, 'description' => 'CloudResourceId parameter is illegal'],
+ ['code' => 'Waf.Control.DomainAndDomainIdBothEmpty', 'message' => 'domain and domainId cannot be empty at the same time.', 'http_code' => 400, 'description' => 'The domain name and domain name ID cannot be empty at the same time.'."\n"],
+ ['code' => 'Waf.Control.DomainAndDomainIdNotMatch', 'message' => 'domain and domainId do not match.', 'http_code' => 400, 'description' => 'The input parameters Domain and DomainId do not match'."\n"],
+ ['code' => 'Waf.Control.DomainExist', 'message' => 'The domain has been configured.', 'http_code' => 400, 'description' => 'The domain name already exists. Select an appropriate domain name again.'],
+ ['code' => 'Waf.Control.DomainExist', 'message' => 'The domain name already exists.', 'http_code' => 400, 'description' => 'The domain name already exists.'],
+ ['code' => 'Waf.Control.DomainFormatInvalid', 'message' => 'Incorrect domain name format.', 'http_code' => 400, 'description' => 'Incorrect domain name format.'],
+ ['code' => 'Waf.Control.DomainIdIsIllegal', 'message' => 'The input parameter, the domainId is illegal.', 'http_code' => 400, 'description' => 'Illegal entry DomainId'],
+ ['code' => 'Waf.Control.DomainNotEmpty', 'message' => 'The domain name must be specified.', 'http_code' => 400, 'description' => 'The domain name is not specified.'],
+ ['code' => 'Waf.Control.DomainOwnerNotVerify', 'message' => 'The user domain ownership is not verified.', 'http_code' => 400, 'description' => 'The ownership of the domain name is not verified.'],
+ ['code' => 'Waf.Control.DomainsNotEmpty', 'message' => 'The domain name list cannot be empty.', 'http_code' => 400, 'description' => 'You must select at least one domain name.'],
+ ['code' => 'Waf.Control.DomainTxtRecordValidateFailed', 'message' => 'Failed to verify the ownership of the primary domain name', 'http_code' => 400, 'description' => 'Failed to verify the ownership of the second-level domain name. Enter the second-level domain name that you own.'],
+ ['code' => 'Waf.Control.ExportDomainsExist', 'message' => 'The domain name export task is in progress. Please do not export it repeatedly.', 'http_code' => 400, 'description' => 'The task of exporting domain names is running. Do not repeat the export.'],
+ ['code' => 'Waf.Control.ExportingTasksMoreThanFifty', 'message' => 'The number of tasks being exported cannot exceed 50', 'http_code' => 400, 'description' => 'The number of tasks being exported cannot exceed 50.'],
+ ['code' => 'Waf.Control.FingerStatusNotEmpty', 'message' => 'The parameters of your request are invalid.', 'http_code' => 400, 'description' => 'The request parameters are invalid. Verify the request parameters.'],
+ ['code' => 'Waf.Control.InstanceExpired', 'message' => 'The instance has expired and does not support POC.', 'http_code' => 400, 'description' => 'The instance has expired and does not support POC.'],
+ ['code' => 'Waf.Control.InstanceStatusNotSupport', 'message' => 'Migration is not supported in the current instance state.', 'http_code' => 400, 'description' => 'Instances in this state cannot be migrated.'],
+ ['code' => 'Waf.Control.InsufficientPocQuota', 'message' => 'Insufficient POC quota.', 'http_code' => 400, 'description' => 'Insufficient POC quota.'],
+ ['code' => 'Waf.Control.InvalidApisecComplianceCode', 'message' => 'The information data type in the compliance check rule is invalid.', 'http_code' => 400, 'description' => 'The information data type in the compliance check rule is invalid.'],
+ ['code' => 'Waf.Control.InvalidApisecRuleCondition', 'message' => 'The condition parameter in the API security rule is invalid.', 'http_code' => 400, 'description' => 'The condition parameter in the API security rule is invalid.'],
+ ['code' => 'Waf.Control.InvalidApisecRuleParam', 'message' => 'The API security rule parameter is invalid.', 'http_code' => 400, 'description' => 'The API security rule parameter is invalid.'],
+ ['code' => 'Waf.Control.InvalidApisecTrafficTime', 'message' => 'The time parameter for API security compliance check is invalid.', 'http_code' => 400, 'description' => 'The time parameter for API security compliance check is invalid.'],
+ ['code' => 'Waf.Control.InvalidApisecWhitelistTags', 'message' => 'The tags parameter in the API security whitelist rule is invalid.', 'http_code' => 400, 'description' => 'The tags parameter in the API security whitelist rule is invalid.'],
+ ['code' => 'Waf.Control.InvalidDelegatedUserId', 'message' => 'Invalid delegated administrator user ID.', 'http_code' => 400, 'description' => 'Invalid delegated administrator user ID.'],
+ ['code' => 'Waf.Control.InvalidMemberUserId', 'message' => 'Invalid member account user ID.', 'http_code' => 400, 'description' => 'Invalid member account user ID.'],
+ ['code' => 'Waf.Control.InvalidParameter', 'message' => 'The parameters of your request are invalid.', 'http_code' => 400, 'description' => 'The request parameters are invalid. Verify the request parameters.'],
+ ['code' => 'Waf.Control.MemberHasWafInstance', 'message' => 'The member account already holds a WAF instance and cannot be managed by a delegated administrator account.', 'http_code' => 400, 'description' => 'The member account already holds a WAF instance and cannot be managed by an administrator account.'],
+ ['code' => 'Waf.Control.MemberNotExist', 'message' => 'The member account does not exist. Please check and try again.', 'http_code' => 400, 'description' => 'The member account does not exist. Please check and try again.'],
+ ['code' => 'Waf.Control.MemberUserInBatchTooMuch', 'message' => 'The number of member accounts for batch operations exceeds the limit.', 'http_code' => 400, 'description' => 'The number of member accounts for batch operations exceeds the limit.'],
+ ['code' => 'Waf.Control.MemberUserOverLimit', 'message' => 'The number of managed member accounts has exceeded the WAF instance specification limit. Please upgrade and try again.', 'http_code' => 400, 'description' => 'The number of managed member accounts exceeds the WAF instance specification limit. Upgrade and try again.'],
+ ['code' => 'Waf.Control.MigrateTaskExist', 'message' => 'The migration task already exists.', 'http_code' => 400, 'description' => 'The migration task already exists.'],
+ ['code' => 'Waf.Control.ModuleCodeInvalid', 'message' => 'The code of the pricing module is incorrect.', 'http_code' => 400, 'description' => 'The code of the pricing module is incorrect.'],
+ ['code' => 'Waf.Control.NotRollBack', 'message' => 'During the migration, the domain name has been modified or added to the access configuration in V3. You cannot roll back or abort the upgrade.', 'http_code' => 400, 'description' => 'During the migration, the domain name has been modified or added to the access configuration in V3. You cannot roll back or abort the upgrade.'],
+ ['code' => 'Waf.Control.NotSupportRd', 'message' => 'The user\'s WAF instance does not support multi-account management. Please upgrade and try again.', 'http_code' => 400, 'description' => 'The user\'s WAF instance does not support multi-account management. Please upgrade and try again.'],
+ ['code' => 'Waf.Control.PocFunctionBought', 'message' => 'The function specified to enable POC has already been purchased.', 'http_code' => 400, 'description' => 'The function specified to enable POC has already been purchased.'],
+ ['code' => 'Waf.Control.PocIllegalType', 'message' => 'Type field value is incorrect when enabling POC.', 'http_code' => 400, 'description' => 'Type field value is incorrect when enabling POC.'],
+ ['code' => 'Waf.Control.PocInvalidEdition', 'message' => 'The WAF version does not support the POC function.', 'http_code' => 400, 'description' => 'The WAF version does not support the POC function.'],
+ ['code' => 'Waf.Control.PocRepeatedEnable', 'message' => 'POC has been enabled and cannot be repeated.', 'http_code' => 400, 'description' => 'POC has been enabled and cannot be repeated.'],
+ ['code' => 'Waf.Control.ResourceDirectoryNotExist', 'message' => 'The user has not activated the resource directory. Please try again after activating.', 'http_code' => 400, 'description' => 'The user has not activated the resource directory. Please try again after activating.'],
+ ['code' => 'Waf.Control.TopDomainNotEmpty', 'message' => 'The top-level domain must be specified.', 'http_code' => 400, 'description' => 'The second-level domain name is not specified.'],
+ ['code' => 'Waf.Control.UserAlreadyMigrated', 'message' => 'The user configuration has been migrated to the new version of WAF.', 'http_code' => 400, 'description' => 'User configurations are migrated to WAF 3.0.'],
+ ['code' => 'Waf.Control.UserMigrating', 'message' => 'The user is not allowed to access the configuration during the migration.', 'http_code' => 400, 'description' => 'The user is not allowed to access the configuration during the migration.'],
+ ['code' => 'Waf.Control.VerifyRecordNotFound', 'message' => 'The verification record does not exist.', 'http_code' => 400, 'description' => 'The verification record does not exist.'],
+ ['code' => 'Waf.HybridCloud.AccessModeInvalid', 'message' => 'The access type is invalid.', 'http_code' => 400, 'description' => 'The access type is invalid.'],
+ ['code' => 'Waf.HybridCloud.AccessModeIsEmpty', 'message' => 'The access mode cannot be empty.', 'http_code' => 400, 'description' => 'The access mode cannot be empty.'],
+ ['code' => 'Waf.HybridCloud.AccessRegionInvalid', 'message' => 'The access region is invalid.', 'http_code' => 400, 'description' => 'The region is invalid.'],
+ ['code' => 'Waf.HybridCloud.ApisecRuleConfigConflict', 'message' => 'API security rule configuration conflicts.', 'http_code' => 400, 'description' => 'API security rule configuration conflicts'],
+ ['code' => 'Waf.HybridCloud.ApisecRuleParamError', 'message' => 'API security rule parameter exception.', 'http_code' => 400, 'description' => 'API security rule parameter exception'],
+ ['code' => 'Waf.HybridCloud.ApisecRuleServiceError', 'message' => 'API security rule service exception.', 'http_code' => 400, 'description' => 'API security rule service exception'],
+ ['code' => 'Waf.HybridCloud.ClusterIdNotEmpty', 'message' => 'The cluster ID cannot be empty.', 'http_code' => 400, 'description' => 'The cluster ID cannot be empty.'],
+ ['code' => 'Waf.HybridCloud.ClusterNameEmpty', 'message' => 'The cluster name cannot be empty.', 'http_code' => 400, 'description' => 'The cluster name cannot be empty.'],
+ ['code' => 'Waf.HybridCloud.ClusterNameExist', 'message' => 'The cluster name already exists.', 'http_code' => 400, 'description' => 'The cluster name already exists.'],
+ ['code' => 'Waf.HybridCloud.ClusterNotFound', 'message' => 'No cluster information found.', 'http_code' => 400, 'description' => 'No cluster information is found.'],
+ ['code' => 'Waf.HybridCloud.ClusterRuleAlreadyExists', 'message' => 'Cluster rule already exists.', 'http_code' => 400, 'description' => 'Cluster rule already exists.'],
+ ['code' => 'Waf.HybridCloud.ClusterRuleContentEmpty', 'message' => 'Cluster rule content cannot be empty.', 'http_code' => 400, 'description' => 'Cluster rule content cannot be empty.'],
+ ['code' => 'Waf.HybridCloud.ClusterRuleDontUsed', 'message' => 'Cluster rules have been updated to a new version. For more information, see the latest API documentation.', 'http_code' => 400, 'description' => 'Cluster rules have been updated to a new version. For more information, see the latest API documentation.'],
+ ['code' => 'Waf.HybridCloud.ClusterRuleNotFound', 'message' => 'The cluster rule resource ID does not exist.', 'http_code' => 400, 'description' => 'The cluster rule resource ID does not exist.'],
+ ['code' => 'Waf.HybridCloud.ClusterRuleResourceIdEmpty', 'message' => 'Cluster rule resource ID cannot be empty.', 'http_code' => 400, 'description' => 'Cluster rule resource ID cannot be empty'],
+ ['code' => 'Waf.HybridCloud.ClusterRuleStatusIsEmpty', 'message' => 'The rule status of the service-oriented cluster cannot be empty', 'http_code' => 400, 'description' => 'The rule status must be specified.'],
+ ['code' => 'Waf.HybridCloud.ClusterRuleTypeDontUpdate', 'message' => 'The cluster rule type cannot be modified.', 'http_code' => 400, 'description' => 'The cluster rule type cannot be modified.'],
+ ['code' => 'Waf.HybridCloud.ClusterRuleTypeIsEmpty', 'message' => 'The service-oriented cluster rule type cannot be empty', 'http_code' => 400, 'description' => 'The rule type must be specified.'],
+ ['code' => 'Waf.HybridCloud.ClusterRuleTypeNotExist', 'message' => 'The cluster rule type is incorrect.', 'http_code' => 400, 'description' => 'The cluster rule type is incorrect.'],
+ ['code' => 'Waf.HybridCloud.ExactRuleCountOverSize', 'message' => 'The number of precise matching rules exceeds the limit', 'http_code' => 400, 'description' => 'The number of exact match rules exceeds the limit.'],
+ ['code' => 'Waf.HybridCloud.GroupCreationError', 'message' => 'You must create storage groups, management groups, and protection groups in sequence.', 'http_code' => 400, 'description' => 'You must create groups in sequence.'],
+ ['code' => 'Waf.HybridCloud.GroupDeleteDomainReferError', 'message' => 'You cannot delete the group because the domain names in the group are in use. Remove the domain names from the group first.', 'http_code' => 400, 'description' => 'You cannot delete the group because the domain names in the group are in use. Remove the domain names from the group first.'],
+ ['code' => 'Waf.HybridCloud.GroupDeleteDomainReferError', 'message' => 'A domain name is currently using this protection group. Please delete the domain name reference relationship before proceeding.', 'http_code' => 400, 'description' => 'A domain name is currently using this protection group. Delete the domain name reference relationship before performing the operation.'],
+ ['code' => 'Waf.HybridCloud.GroupDeleteNodeInError', 'message' => 'You cannot delete the group. Remove the nodes from the group first.', 'http_code' => 400, 'description' => 'The group cannot be deleted. Remove nodes from the group first.'],
+ ['code' => 'Waf.HybridCloud.GroupDeletionError', 'message' => 'You must delete protection groups, management groups, and storage groups in sequence.', 'http_code' => 400, 'description' => 'Delete groups in sequence.'],
+ ['code' => 'Waf.HybridCloud.GroupIdInvalid', 'message' => 'The group ID is invalid.', 'http_code' => 400, 'description' => 'The group ID is invalid.'],
+ ['code' => 'Waf.HybridCloud.GroupLocationNotEmpty', 'message' => 'The group region cannot be empty.', 'http_code' => 400, 'description' => 'The group region cannot be empty.'],
+ ['code' => 'Waf.HybridCloud.GroupNameNotEmpty', 'message' => 'The group name cannot be empty.', 'http_code' => 400, 'description' => 'The group name cannot be empty.'],
+ ['code' => 'Waf.HybridCloud.GroupProtectionNodeOverrun', 'message' => 'The number of protected nodes exceeds the upper limit.', 'http_code' => 400, 'description' => 'The number of protected nodes exceeds the upper limit.'],
+ ['code' => 'Waf.HybridCloud.GroupVagentIdInvalid', 'message' => 'The group ID is invalid.', 'http_code' => 400, 'description' => 'The group ID is invalid.'],
+ ['code' => 'Waf.HybridCloud.HttpPortIsEmpty', 'message' => 'The HTTP ports cannot be empty.', 'http_code' => 400, 'description' => 'The HTTP ports cannot be empty.'],
+ ['code' => 'Waf.HybridCloud.HttpsPortIsEmpty', 'message' => 'The HTTPS ports cannot be empty.', 'http_code' => 400, 'description' => 'The HTTPS ports cannot be empty.'],
+ ['code' => 'Waf.HybridCloud.HybridCloudApisecNotSupport', 'message' => 'WAF instances do not support hybrid cloud API security.', 'http_code' => 400, 'description' => 'WAF instances do not support hybrid cloud API security'],
+ ['code' => 'Waf.HybridCloud.HybridCloudNotsupport', 'message' => 'Hybrid cloud is not supported.', 'http_code' => 400, 'description' => 'Hybrid clouds are not supported.'],
+ ['code' => 'Waf.HybridCloud.InternalError', 'message' => 'Internal service error.', 'http_code' => 400, 'description' => 'Internal Service Error'],
+ ['code' => 'Waf.HybridCloud.InvalidGroupType', 'message' => 'The group type is invalid.', 'http_code' => 400, 'description' => 'The group type is invalid.'],
+ ['code' => 'Waf.HybridCloud.InvalidHttpPort', 'message' => 'The HTTP port is invalid.', 'http_code' => 400, 'description' => 'The HTTP port is invalid.'],
+ ['code' => 'Waf.HybridCloud.InvalidHttpsPort', 'message' => 'The HTTPS port is invalid.', 'http_code' => 400, 'description' => 'The HTTPS port is invalid.'],
+ ['code' => 'Waf.HybridCloud.LoadBalanceIpNotEmpty', 'message' => 'The server IP address for load balancing cannot be empty.', 'http_code' => 400, 'description' => 'The server IP address for load balancing cannot be empty.'],
+ ['code' => 'Waf.HybridCloud.ProtectionCountOrverLoad', 'message' => 'The number of protected domains exceeds the upper limit.', 'http_code' => 400, 'description' => 'The number of protected nodes exceeds the specification.'],
+ ['code' => 'Waf.HybridCloud.ProtectionServerCountInvalid', 'message' => 'The number of protected domains is invalid.', 'http_code' => 400, 'description' => 'The number of protected nodes is invalid.'],
+ ['code' => 'Waf.HybridCloud.PullinRuleFormatInvalid', 'message' => 'Incorrect format of drainage rules', 'http_code' => 400, 'description' => 'The format of traffic redirection rules is invalid.'],
+ ['code' => 'Waf.HybridCloud.RegexRuleCountOverSize', 'message' => 'The number of regular matching rules exceeds the limit', 'http_code' => 400, 'description' => 'The number of regular expression rules exceeds the limit.'],
+ ['code' => 'Waf.HybridCloud.SdkInfoNotExist', 'message' => 'SDK info not exist.', 'http_code' => 400, 'description' => 'The traffic redirection node does not exist.'],
+ ['code' => 'Waf.HybridCloud.SdkMidIsEmpty', 'message' => 'Machine unique identifier mid cannot be empty', 'http_code' => 400, 'description' => 'The machine ID must be specified.'],
+ ['code' => 'Waf.HybridCloud.ServerContinentsInvalid', 'message' => 'The continent is invalid.', 'http_code' => 400, 'description' => 'The continent is invalid.'],
+ ['code' => 'Waf.HybridCloud.ServerContinestsUnuseable', 'message' => 'The continent is not supported.', 'http_code' => 400, 'description' => 'The continent is not supported.'],
+ ['code' => 'Waf.HybridCloud.ServerMidInvalid', 'message' => 'The machine ID is invalid.', 'http_code' => 400, 'description' => 'The machine ID is invalid.'],
+ ['code' => 'Waf.HybridCloud.ServerMidNotExist', 'message' => 'The machine ID does not exist.', 'http_code' => 400, 'description' => 'The machine ID does not exist.'],
+ ['code' => 'Waf.HybridCloud.ServerOperatorInvalid', 'message' => 'The operator is invalid.', 'http_code' => 400, 'description' => 'The operator is invalid.'],
+ ['code' => 'Waf.HybridCloud.ServerOperatorUnuseable', 'message' => 'The operator is not supported.', 'http_code' => 400, 'description' => 'The operator is not supported.'],
+ ['code' => 'Waf.HybridCloud.ServerRegionCodeInvalid', 'message' => 'The city is invalid.', 'http_code' => 400, 'description' => 'The city is invalid.'],
+ ['code' => 'Waf.HybridCloud.ServerRegionCodeUnuseable', 'message' => 'The city is not supported.', 'http_code' => 400, 'description' => 'The city is not supported.'],
+ ['code' => 'Waf.HybridCloud.ServerRegionTypeInvalid', 'message' => 'The region type is invalid.', 'http_code' => 400, 'description' => 'The region type is invalid.'],
+ ['code' => 'Waf.HybridCloud.ServerUpdateFailed', 'message' => 'Failed to update the server information.', 'http_code' => 400, 'description' => 'Failed to update the server information.'],
+ ['code' => 'Waf.HybridCloud.UniqueClusterGroupType', 'message' => 'You can create only one group of this type in a cluster.', 'http_code' => 400, 'description' => 'You can create only one group of this type in a cluster.'],
+ ['code' => 'Waf.HybridCloud.UniqueGroupName', 'message' => 'The group name already exists.', 'http_code' => 400, 'description' => 'The group name already exists.'],
+ ['code' => 'Waf.HybridCloud.UserNoPermission', 'message' => 'You do not have the permissions to perform this operation.', 'http_code' => 400, 'description' => 'You do not have the permissions to perform this operation.'],
+ ['code' => 'Waf.Instance.MaxTransparentIpPortCountLimit', 'message' => 'The number of transparent access exceeds the current maximum number that can be added', 'http_code' => 400, 'description' => 'The maximum number of instances that you can add to WAF in transparent proxy mode is exceeded.'],
+ ['code' => 'Waf.Instance.ValidFaild', 'message' => 'WAF instance check failed. Check whether the instance ID is correct.', 'http_code' => 400, 'description' => 'WAF instance check failed. Check whether the instance ID is correct.'],
+ ['code' => 'Waf.Pullin.AbnormalStatus', 'message' => 'The status of the access resource is abnormal. Resource:%s.', 'http_code' => 400, 'description' => 'The status of the access resource is abnormal. Resource:%s.'],
+ ['code' => 'Waf.Pullin.AlreadyAccessed', 'message' => 'The cloud product has been accessed. Instance ID:%s, Port:%s, Product Type:%s.', 'http_code' => 400, 'description' => 'The cloud product has been accessed. Instance ID:%s, Port:%s, Product Type:%s.'],
+ ['code' => 'Waf.Pullin.BackedInBacklist', 'message' => 'The input back-to-source IP is in the system blacklist, please update the back-to-source IP.', 'http_code' => 400, 'description' => 'The back-to-origin IP address is in the blacklist. Change the back-to-origin IP address.'],
+ ['code' => 'Waf.Pullin.BackendPortIncompatible', 'message' => 'The back-to-source port is incompatible with the listening port, listening protocol:%s, listening port:%s, back-to-source port:%s.', 'http_code' => 400, 'description' => 'The back-to-source port is incompatible with the listening port, listening protocol:%s, listening port:%s, back-to-source port:%s.'],
+ ['code' => 'Waf.Pullin.BackendPortNotMatched', 'message' => 'The back-to-source port does not match the listening port. Listening protocol:%s, listening port:%s, back-to-source port:%s.', 'http_code' => 400, 'description' => 'The back-to-source port does not match the listening port. Listening protocol:%s, listening port:%s, back-to-source port:%s.'],
+ ['code' => 'Waf.Pullin.BackupBackendConflict', 'message' => 'The backup backend configuration conflicts.', 'http_code' => 400, 'description' => 'The backup link back-to-source configuration conflicts.'],
+ ['code' => 'Waf.Pullin.BatchDnsScheduleCheckFailed', 'message' => 'Batch dns scheduling is in progress, and access related operations are prohibited.', 'http_code' => 400, 'description' => 'batch dns scheduling is in progress, and access-related operations are prohibited.'],
+ ['code' => 'Waf.Pullin.BusinessDomainNotRecord', 'message' => 'The domain name does not have an ICP filing.', 'http_code' => 400, 'description' => 'The domain name does not have an ICP filing.'],
+ ['code' => 'Waf.Pullin.BusinessViolation', 'message' => 'The domain-related business is suspected of violating regulations. If you have any questions, please follow the ticket process.', 'http_code' => 400, 'description' => 'Domain name business is suspected of violating regulations. If you have any questions, please go through the work order process.'],
+ ['code' => 'Waf.Pullin.BusinessViolation', 'message' => 'Domain services are suspected of violating regulations. If you have any questions, please submit a work order. Violating resource: %s.', 'http_code' => 400, 'description' => 'Domain services are suspected of violating regulations. If you have any questions, please submit a work order. Violating resource: %s.'],
+ ['code' => 'Waf.Pullin.BusinessViolation', 'message' => 'The web services are suspected of violating regulations. If you have any questions, please submit a work order. Violating resource: %s.', 'http_code' => 400, 'description' => 'The web services are suspected of violating regulations. If you have any questions, please submit a work order. Violating resource: %s.'],
+ ['code' => 'Waf.Pullin.CertAuthFailed', 'message' => 'Certificate authorization failed.', 'http_code' => 400, 'description' => 'Failed to perform certificate authentication.'],
+ ['code' => 'Waf.Pullin.CertAuthFailed', 'message' => 'Failed to perform certificate authentication.', 'http_code' => 400, 'description' => 'Failed to perform certificate authentication.'],
+ ['code' => 'Waf.Pullin.CertExist', 'message' => 'Certificate already exists.', 'http_code' => 400, 'description' => 'The certificate exists.'],
+ ['code' => 'Waf.Pullin.CertExist', 'message' => 'The certificate exists.', 'http_code' => 400, 'description' => 'The certificate exists.'],
+ ['code' => 'Waf.Pullin.CertExpired', 'message' => 'Certificate has expired.', 'http_code' => 400, 'description' => 'The certificate is expired.'],
+ ['code' => 'Waf.Pullin.CertExpired', 'message' => 'The certificate has expired.', 'http_code' => 400, 'description' => 'The certificate has expired.'],
+ ['code' => 'Waf.Pullin.CertExpired', 'message' => 'Certificate expired, certificate ID:%s .', 'http_code' => 400, 'description' => 'Certificate expired, certificate ID:%s.'],
+ ['code' => 'Waf.Pullin.CertKeyEmpty', 'message' => 'Certificate private key is empty.', 'http_code' => 400, 'description' => 'The private key of the certificate is empty.'],
+ ['code' => 'Waf.Pullin.CertKeyEmpty', 'message' => 'The private key of the certificate is empty.', 'http_code' => 400, 'description' => 'The private key of the certificate is empty.'],
+ ['code' => 'Waf.Pullin.CertKeyNotMatch', 'message' => 'Certificate file does not match private key.', 'http_code' => 400, 'description' => 'The certificate file does not match the private key.'],
+ ['code' => 'Waf.Pullin.CertKeyNotMatch', 'message' => 'The certificate file does not match the private key.', 'http_code' => 400, 'description' => 'The certificate file does not match the private key.'],
+ ['code' => 'Waf.Pullin.CertNameExist', 'message' => 'Certificate name already exists.', 'http_code' => 400, 'description' => 'The name of the certificate is being used.'],
+ ['code' => 'Waf.Pullin.CertNameExist', 'message' => 'The name of the certificate is being used.', 'http_code' => 400, 'description' => 'The name of the certificate is being used.'],
+ ['code' => 'Waf.Pullin.CertNotExist', 'message' => 'Certificate does not exist.', 'http_code' => 400, 'description' => 'The certificate does not exist.'],
+ ['code' => 'Waf.Pullin.CertNotExist', 'message' => 'The certificate does not exist.', 'http_code' => 400, 'description' => 'The certificate does not exist.'],
+ ['code' => 'Waf.Pullin.CertNotExist', 'message' => 'Certificate does not exist in SSL Certificate Center, certificate type:%s, certificate ID:%s.', 'http_code' => 400, 'description' => 'Certificate does not exist in SSL Certificate Center, certificate type:%s, certificate ID:%s.'],
+ ['code' => 'Waf.Pullin.CertNotMatchDomain', 'message' => 'The domain name is not included in the certificate.', 'http_code' => 400, 'description' => 'The domain name is not included in the certificate.'],
+ ['code' => 'Waf.Pullin.CertSaveFailed', 'message' => 'Certificate save failed.', 'http_code' => 400, 'description' => 'Failed to store the certificate.'],
+ ['code' => 'Waf.Pullin.CertSaveFailed', 'message' => 'Failed to store the certificate.', 'http_code' => 400, 'description' => 'Failed to store the certificate.'],
+ ['code' => 'Waf.Pullin.ClientCertificateOpened', 'message' => 'Clb Instance port Client Certiticate is opened.', 'http_code' => 400, 'description' => 'Mutual authentication is enabled for the ports of CLB instances. The ports cannot be added to WAF.'],
+ ['code' => 'Waf.Pullin.CloudProductParamEmpty', 'message' => 'The resource Id of the cloud product accessing WAF is null or null values exist in the three input parameters of the cloud product name, port, and cloud product instance.', 'http_code' => 400, 'description' => 'The resource Id of the cloud product accessing WAF is null or null values exist in the three input parameters of the cloud product name, port, and cloud product instance.'],
+ ['code' => 'Waf.Pullin.CloudProductParamNotMarch', 'message' => 'The value of the cloud product, port, instance, and input parameter to which the resource ID of the cloud product is connected to WAF does not match.', 'http_code' => 400, 'description' => 'The value of the cloud product, port, instance, and input parameter to which the resource ID of the cloud product is connected to WAF does not match.'],
+ ['code' => 'Waf.Pullin.CloudProductParamNotMatch', 'message' => 'The value of the cloud product, port, instance, and input parameter to which the resource ID of the cloud product is connected to WAF does not match.', 'http_code' => 400, 'description' => 'The value of the cloud product, port, instance, and input parameter to which the resource ID of the cloud product is connected to WAF does not match.'."\n"],
+ ['code' => 'Waf.Pullin.CloudResourceInvalid', 'message' => 'CloudResourceId parameter is illegal.', 'http_code' => 400, 'description' => 'CloudResourceId parameter is illegal'],
+ ['code' => 'Waf.Pullin.DomainAndDomainIdBothEmpty', 'message' => 'domain and domainId cannot be empty at the same time.', 'http_code' => 400, 'description' => 'The domain name and domain name ID cannot be empty at the same time.'],
+ ['code' => 'Waf.Pullin.DomainAndDomainIdNotMatch', 'message' => 'domain and domainId do not match.', 'http_code' => 400, 'description' => 'The input parameters Domain and DomainId do not match.'],
+ ['code' => 'Waf.Pullin.DomainExistInOldWaf', 'message' => 'Domain name exists in WAF 2.0.', 'http_code' => 400, 'description' => 'The domain name is added to WAF of the earlier version.'],
+ ['code' => 'Waf.Pullin.DomainExistInOldWaf', 'message' => 'The domain name is added to WAF of the earlier version.', 'http_code' => 403, 'description' => 'The domain name is already configured in WAF 2.0.'],
+ ['code' => 'Waf.Pullin.DomainIdIsIllegal', 'message' => 'The input parameter, the domainId is illegal.', 'http_code' => 400, 'description' => 'Illegal entry DomainId'],
+ ['code' => 'Waf.Pullin.DomainNotBeianOrInBlackList', 'message' => 'The domain does not have an ICP filling or has been blacklisted.', 'http_code' => 400, 'description' => 'The domain name is not filed or is on the blacklist.'],
+ ['code' => 'Waf.Pullin.DomainNotBeianOrInBlackList', 'message' => 'Blacklist or Domain Names That Do Not Have ICP Filings', 'http_code' => 400, 'description' => 'The domain name does not have an ICP filing or has committed a penalty.'],
+ ['code' => 'Waf.Pullin.DomainOwnedByOtherUser', 'message' => 'The domain name is already in use by another user.', 'http_code' => 400, 'description' => 'The domain name is used by another user.'],
+ ['code' => 'Waf.Pullin.DomainOwnedByOtherUser', 'message' => 'The domain name is used by other users.', 'http_code' => 400, 'description' => 'The domain name is used by another user.'],
+ ['code' => 'Waf.Pullin.DuplicateCertificateId', 'message' => 'Duplicate certificate ID', 'http_code' => 400, 'description' => 'The ID of the certificate already exists.'],
+ ['code' => 'Waf.Pullin.ExtensiveDomainUsedError', 'message' => 'The generic domain name is already in use by other users.', 'http_code' => 400, 'description' => 'The wildcard domain name is used by another user.'],
+ ['code' => 'Waf.Pullin.ExtensiveDomainUsedError', 'message' => 'The wildcard domain name is used by other users.', 'http_code' => 400, 'description' => 'The wildcard domain name is used by other users.'],
+ ['code' => 'Waf.Pullin.Http2OriginEnabledFocusHttpBackendForbidden', 'message' => 'When HTTP2 origin is enabled, HTTP origin cannot be enabled.', 'http_code' => 400, 'description' => 'When HTTP2 origin is enabled, HTTP origin cannot be enabled.'],
+ ['code' => 'Waf.Pullin.Http2OriginMustOnHttp2Enable', 'message' => 'When HTTP2 origin is enabled, HTTP2 listening must be enabled.', 'http_code' => 400, 'description' => 'When HTTP2 back-to-source is enabled, HTTP2 listening must be enabled.'],
+ ['code' => 'Waf.Pullin.Http2OriginMustOnKeepaliveEnable', 'message' => 'When the HTTP2 origin is turned on, the keepalive must be turned on.', 'http_code' => 400, 'description' => 'When the HTTP2 origin is turned on, the keepalive must be turned on.'],
+ ['code' => 'Waf.Pullin.InsufficientExclusiveVip', 'message' => 'The number of exclusive IP addresses that you have purchased is insufficient. Purchase more on the upgrade page.', 'http_code' => 400, 'description' => 'The number of exclusive IP addresses that you have purchased is insufficient. Purchase more on the upgrade page.'],
+ ['code' => 'Waf.Pullin.InvalidAttachKey', 'message' => 'Invalid parameter name.', 'http_code' => 400, 'description' => 'The name of the parameter is invalid.'],
+ ['code' => 'Waf.Pullin.InvalidAttachKey', 'message' => 'The name of the parameter is invalid.', 'http_code' => 400, 'description' => 'The name of the parameter is invalid.'],
+ ['code' => 'Waf.Pullin.InvalidAttachValue', 'message' => 'Invalid parameter value.', 'http_code' => 400, 'description' => 'The value of the parameter is invalid.'],
+ ['code' => 'Waf.Pullin.InvalidAttachValue', 'message' => 'The value of the parameter is invalid.', 'http_code' => 400, 'description' => 'The value of the parameter is invalid.'],
+ ['code' => 'Waf.Pullin.InvalidBackend', 'message' => 'Invalid return information.', 'http_code' => 400, 'description' => 'The back-to-origin information is invalid.'],
+ ['code' => 'Waf.Pullin.InvalidBackend', 'message' => 'The back-to-origin information is invalid.', 'http_code' => 400, 'description' => 'The back-to-origin information is invalid.'],
+ ['code' => 'Waf.Pullin.InvalidCertByHttpProtocol', 'message' => 'HTTP protocol cannot enter certificate', 'http_code' => 400, 'description' => 'You cannot enter a certificate for the HTTP protocol.'],
+ ['code' => 'Waf.Pullin.InvalidCertByHttpsProtocol', 'message' => 'HTTPS protocol must enter a certificate', 'http_code' => 400, 'description' => 'You must enter a certificate for the HTTPS protocol.'],
+ ['code' => 'Waf.Pullin.InvalidCertFormat', 'message' => 'Certificate format error.', 'http_code' => 400, 'description' => 'The format of the certificate is invalid.'],
+ ['code' => 'Waf.Pullin.InvalidCertFormat', 'message' => 'The format of the certificate is invalid.', 'http_code' => 400, 'description' => 'The format of the certificate is invalid.'],
+ ['code' => 'Waf.Pullin.InvalidCertIdentifier', 'message' => 'Invalid certificate ID, certificate ID:%s.', 'http_code' => 400, 'description' => 'Invalid certificate ID, certificate ID:%s.'],
+ ['code' => 'Waf.Pullin.InvalidCipherSuit', 'message' => 'Invalid CipherSuit', 'http_code' => 400, 'description' => 'The cipher suite is invalid.'],
+ ['code' => 'Waf.Pullin.InvalidClusterPort', 'message' => 'The cluster port is invalid.', 'http_code' => 400, 'description' => 'HybridCloud cluster port is invalid.'],
+ ['code' => 'Waf.Pullin.InvalidCustomCiphers', 'message' => 'Invalid custom cipher suite.', 'http_code' => 400, 'description' => 'Invalid custom cipher suite.'],
+ ['code' => 'Waf.Pullin.InvalidDefaultCert', 'message' => 'Invalid default certificate.', 'http_code' => 400, 'description' => 'The default certificate is invalid.'],
+ ['code' => 'Waf.Pullin.InvalidDomain', 'message' => 'Invalid domain name.', 'http_code' => 400, 'description' => 'The domain name is invalid.'],
+ ['code' => 'Waf.Pullin.InvalidDomain', 'message' => 'The domain name is invalid.', 'http_code' => 400, 'description' => 'The domain name is invalid.'],
+ ['code' => 'Waf.Pullin.InvalidHttp2OriginWithProxyProtocol', 'message' => 'http2Origin and proxyProtocol cannot be opened at the same time.', 'http_code' => 400, 'description' => 'http2Origin and proxyProtocol cannot be opened at the same time.'],
+ ['code' => 'Waf.Pullin.InvalidIncludeSubDomainWithPreload', 'message' => 'The parameter HstsIncludeSubDomain is invalid. When the parameter HstsPreload is true, the HstsIncludeSubDomain must be true.', 'http_code' => 400, 'description' => 'The parameter HstsIncludeSubDomain is invalid. When the parameter HstsPreload is true, the HstsIncludeSubDomain must be true.'],
+ ['code' => 'Waf.Pullin.InvalidMaxAgeWithPreload', 'message' => 'HstsMaxAge the parameter is incorrect, when the HstsPreload is True, the HstsMaxAge must be greater than or equal to 31536000.', 'http_code' => 400, 'description' => 'HstsMaxAge the parameter is incorrect, when the HstsPreload is True, the HstsMaxAge must be greater than or equal to 31536000'],
+ ['code' => 'Waf.Pullin.InvalidProtocolPort', 'message' => 'Protocol port not entered.', 'http_code' => 400, 'description' => 'You must specify the port.'],
+ ['code' => 'Waf.Pullin.InvalidProtocolPort', 'message' => 'The port is not specified.', 'http_code' => 400, 'description' => 'The port is not specified.'],
+ ['code' => 'Waf.Pullin.InvalidPunishScope', 'message' => 'The punish scope parameter is invalid.', 'http_code' => 400, 'description' => 'The penalty dimension parameter is invalid.'],
+ ['code' => 'Waf.Pullin.InvalidRequestHeader', 'message' => 'Invalid Enable Traffic Marker parameter.', 'http_code' => 400, 'description' => 'The Enable Traffic Mark parameter is invalid.'],
+ ['code' => 'Waf.Pullin.InvalidRequestHeader', 'message' => 'The Enable Traffic Mark parameter is invalid.', 'http_code' => 400, 'description' => 'The Enable Traffic Mark parameter is invalid.'],
+ ['code' => 'Waf.Pullin.InvalidResource', 'message' => 'Invalid resource.', 'http_code' => 400, 'description' => 'The resource is invalid.'],
+ ['code' => 'Waf.Pullin.InvalidResource', 'message' => 'The resource is invalid.', 'http_code' => 400, 'description' => 'The resource is invalid.'],
+ ['code' => 'Waf.Pullin.InvalidResourceProduct', 'message' => 'Invalid cloud product type.', 'http_code' => 400, 'description' => 'The cloud service type is invalid.'],
+ ['code' => 'Waf.Pullin.InvalidResourceStatus', 'message' => 'Invalid resource state.', 'http_code' => 400, 'description' => 'The status of the resource is invalid.'],
+ ['code' => 'Waf.Pullin.InvalidResourceStatus', 'message' => 'The status of the resource is invalid.', 'http_code' => 400, 'description' => 'The status of the resource is invalid.'],
+ ['code' => 'Waf.Pullin.InvalidServiceAttachData', 'message' => 'Invalid cloud product parameters.', 'http_code' => 400, 'description' => 'The cloud service parameter is invalid.'],
+ ['code' => 'Waf.Pullin.InvalidServiceAttachData', 'message' => 'The Cloud Service parameter is invalid.', 'http_code' => 400, 'description' => 'The Cloud Service parameter is invalid.'],
+ ['code' => 'Waf.Pullin.InvalidTLS', 'message' => 'invalid TLS', 'http_code' => 400, 'description' => 'The TLS parameter is invalid.'],
+ ['code' => 'Waf.Pullin.InvalidUserStatus', 'message' => 'Invalid user state.', 'http_code' => 400, 'description' => 'The status of the user is invalid.'],
+ ['code' => 'Waf.Pullin.InvalidUserStatus', 'message' => 'The status of the user is invalid.', 'http_code' => 400, 'description' => 'The status of the user is invalid.'],
+ ['code' => 'Waf.Pullin.MaxCertCountLimit', 'message' => 'The number of selected certificate IDs exceeds the maximum number in the system.', 'http_code' => 400, 'description' => 'The number of selected certificate IDs exceeds the maximum number in the system.'],
+ ['code' => 'Waf.Pullin.MaxDomainCountLimit', 'message' => 'Exceeds the maximum number of domain names that can be entered', 'http_code' => 400, 'description' => 'The maximum number of domain names that you can enter is exceeded.'],
+ ['code' => 'Waf.Pullin.MaxProductCountLimit', 'message' => '可接入的云产品数不足', 'http_code' => 400, 'description' => 'The maximum number of instances that you can add to WAF is exceeded.'],
+ ['code' => 'Waf.Pullin.MustListenHTTPS', 'message' => 'The domain name must listen to the HTTPS protocol. Domain:%s.', 'http_code' => 400, 'description' => 'The domain name must listen to the HTTPS protocol. Domain name:%s.'],
+ ['code' => 'Waf.Pullin.OnlyBeOneDefaultCert', 'message' => 'There can be only one default certificate.', 'http_code' => 400, 'description' => 'There can be only one default certificate.'],
+ ['code' => 'Waf.Pullin.OpenExclusiveIpInNotShare', 'message' => 'Turn on exclusive IP, only share cluster can be selected.', 'http_code' => 400, 'description' => 'If you turn on Exclusive IP Address, you can select only a shared cluster.'],
+ ['code' => 'Waf.Pullin.OpenExclusiveIpInNotShare', 'message' => 'If you turn on Exclusive IP Address, you can select only a shared cluster.', 'http_code' => 400, 'description' => 'If you turn on Exclusive IP Address, you can select only a shared cluster.'],
+ ['code' => 'Waf.Pullin.OpenExclusiveIpIPv6', 'message' => 'Exclusive IP and Ipv6, cannot be enabled at the same time.', 'http_code' => 400, 'description' => 'Exclusive IP and Ipv6 cannot be enabled at the same time.'],
+ ['code' => 'Waf.Pullin.OpenIPv6InNotShare', 'message' => 'Turn on IPv6, share cluster is the only option.', 'http_code' => 400, 'description' => 'If you turn on IPv6, you can select only a shared cluster.'],
+ ['code' => 'Waf.Pullin.OpenIPv6InNotShare', 'message' => 'If you turn on IPv6, you can select only a shared cluster.', 'http_code' => 400, 'description' => 'If you turn on IPv6, you can select only a shared cluster.'],
+ ['code' => 'Waf.Pullin.PortProcessing', 'message' => 'Port is processing', 'http_code' => 400, 'description' => 'The port is being processed. Try again later.'],
+ ['code' => 'Waf.Pullin.PortProcessing', 'message' => 'The port is being processed, please try again later.', 'http_code' => 400, 'description' => 'The port is being processed, please try again later.'],
+ ['code' => 'Waf.Pullin.ProtocolNotSet', 'message' => 'Protocol not entered.', 'http_code' => 400, 'description' => 'You must specify the protocol.'],
+ ['code' => 'Waf.Pullin.ProtocolNotSet', 'message' => 'You must specify the protocol.', 'http_code' => 400, 'description' => 'You must specify the protocol.'],
+ ['code' => 'Waf.Pullin.ResourceAllocationFailed', 'message' => 'Failed to allocate resources.', 'http_code' => 400, 'description' => 'Failed to allocate resources.'],
+ ['code' => 'Waf.Pullin.ResourceCreating', 'message' => 'Accessed resources are being created.', 'http_code' => 400, 'description' => 'The resource is being created.'],
+ ['code' => 'Waf.Pullin.ResourceCreating', 'message' => 'The resource is being created.', 'http_code' => 400, 'description' => 'The resource is being created.'],
+ ['code' => 'Waf.Pullin.ResourceExsit', 'message' => 'Accessed resource already exists.', 'http_code' => 400, 'description' => 'The resource exists.'],
+ ['code' => 'Waf.Pullin.ResourceExsit', 'message' => 'The resource exists.', 'http_code' => 400, 'description' => 'The resource exists.'],
+ ['code' => 'Waf.Pullin.ResourceExsit', 'message' => 'Access resource already exists, resource:%s.', 'http_code' => 400, 'description' => 'Access resource already exists, existing resource:%s.'],
+ ['code' => 'Waf.Pullin.ResourceInstanceIdNotExist', 'message' => 'The instance ID does not exist.', 'http_code' => 400, 'description' => 'The instance ID does not exist.'],
+ ['code' => 'Waf.Pullin.ResourceInstanceIpNotMatched', 'message' => 'The instance does not match the Public IP, please click Synchronize and try again.', 'http_code' => 400, 'description' => 'The ID of the instance does not match the IP address of the instance. Click Synchronize Instances and retry.'],
+ ['code' => 'Waf.Pullin.ResourceInstancePortNotExist', 'message' => 'The port of the instance does not exist.', 'http_code' => 400, 'description' => 'The port number does not exist.'],
+ ['code' => 'Waf.Pullin.ResourceNotExist', 'message' => 'Access resource does not exist.', 'http_code' => 400, 'description' => 'The resource does not exist.'],
+ ['code' => 'Waf.Pullin.ResourceNotExist', 'message' => 'The resource does not exist.', 'http_code' => 400, 'description' => 'The resource does not exist.'],
+ ['code' => 'Waf.Pullin.ResourceNotExist', 'message' => 'The accessed resource already exists. Resource:%s.', 'http_code' => 400, 'description' => 'The accessed resource already exists. Resource:%s.'],
+ ['code' => 'Waf.Pullin.ResourceOwnerError', 'message' => 'Resource attribution user is incorrect.', 'http_code' => 400, 'description' => 'The user to which the resource belongs is invalid.'],
+ ['code' => 'Waf.Pullin.ResourceOwnerError', 'message' => 'The user to which the resource belongs is invalid.', 'http_code' => 400, 'description' => 'The user to which the resource belongs is invalid.'],
+ ['code' => 'Waf.Pullin.ResourceProcessing', 'message' => 'The resource is in operation, please try again later.', 'http_code' => 400, 'description' => 'The resource is in operation, please try again later.'],
+ ['code' => 'Waf.Pullin.RiskyDomain', 'message' => 'RT001, sorry, this domain name cannot be added due to security problems. You can appeal through the work order.', 'http_code' => 400, 'description' => 'The domain name you added may be at risk. If you have any questions, please submit a work order.'],
+ ['code' => 'Waf.Pullin.UnderDDoS', 'message' => 'The current WAF instance is in the defense/blackhole state, and it is not allowed to enable the Exclusive IP/GSLB configuration', 'http_code' => 400, 'description' => 'Traffic scrubbing or blackhole filtering is triggered for the WAF instance. You cannot enable Exclusive IP Address or Shared Cluster-based Intelligent Load Balancing.'],
+ ['code' => 'Waf.Pullin.UnSupportedPort', 'message' => 'Return port not supported.', 'http_code' => 400, 'description' => 'The port over which requests are redirected to the origin server is not supported.'],
+ ['code' => 'Waf.Pullin.UnSupportedPort', 'message' => 'The port over which requests are redirected to the origin server is not supported.', 'http_code' => 400, 'description' => 'The port over which requests are redirected to the origin server is not supported.'],
+ ['code' => 'Waf.Report.%s', 'message' => 'Invalid parameter:%s.', 'http_code' => 400, 'description' => 'Invalid parameter:%s'],
+ ['code' => 'Waf.Report.InternalError', 'message' => 'Server error occurred in report service.', 'http_code' => 400, 'description' => 'Report Service Internal Error'],
+ ['code' => 'WafMigrating', 'message' => 'WAF user is migrating, the operation of resource does not support.', 'http_code' => 400, 'description' => 'WAF users are not allowed to access related resources during migration.'],
+ ['code' => 'WxbbOrWxbbJsUsed', 'message' => 'The feature of app protection is being used.', 'http_code' => 400, 'description' => 'The app protection feature is in use.'],
+ ['code' => 'Defense.Control.InvalidDefenseRuleConfig', 'message' => 'Invalid protection rule configuration. %s.', 'http_code' => 400, 'description' => 'Invalid protection rule configuration.'],
+ ],
+ 'changeSet' => [
+ [
+ 'apis' => [
+ ['description' => 'Request parameters changed, Error codes changed', 'api' => 'ModifyProtectionRuleCacheStatus'],
+ ['description' => 'Request parameters changed, Error codes changed', 'api' => 'ModifyProtectionRuleStatus'],
+ ],
+ 'createdAt' => '2024-06-25T11:40:34.000Z',
+ 'description' => '',
+ ],
[
- 'regionId' => 'cn-hangzhou',
- 'endpoint' => 'wafopenapi.cn-hangzhou.aliyuncs.com',
+ 'apis' => [
+ ['description' => 'Request parameters changed, Error codes changed', 'api' => 'DescribeRules'],
+ ],
+ 'createdAt' => '2024-05-27T11:00:11.000Z',
+ 'description' => '',
+ ],
+ [
+ 'apis' => [
+ ['description' => 'Request parameters changed', 'api' => 'CreateDomain'],
+ ['description' => 'Request parameters changed', 'api' => 'ModifyDomain'],
+ ],
+ 'createdAt' => '2023-08-28T12:42:52.000Z',
+ 'description' => '',
+ ],
+ [
+ 'apis' => [
+ ['description' => 'Response parameters changed', 'api' => 'DescribeDomain'],
+ ],
+ 'createdAt' => '2023-08-22T06:08:44.000Z',
+ 'description' => '',
+ ],
+ [
+ 'apis' => [
+ ['description' => 'Request parameters changed', 'api' => 'CreateDomain'],
+ ['description' => 'Response parameters changed, Error codes changed', 'api' => 'DescribeDomain'],
+ ['description' => 'Request parameters changed', 'api' => 'ModifyDomain'],
+ ],
+ 'createdAt' => '2023-05-23T05:46:17.000Z',
+ 'description' => '',
+ ],
+ [
+ 'apis' => [
+ ['description' => 'Response parameters changed, Error codes changed', 'api' => 'DescribeCertificates'],
+ ],
+ 'createdAt' => '2023-04-18T02:30:52.000Z',
+ 'description' => '',
],
[
- 'regionId' => 'ap-southeast-1',
- 'endpoint' => 'wafopenapi.ap-southeast-1.aliyuncs.com',
+ 'apis' => [
+ ['description' => 'Error codes changed', 'api' => 'DescribeWafSourceIpSegment'],
+ ],
+ 'createdAt' => '2022-09-08T14:06:27.000Z',
+ 'description' => '接口迁移',
+ ],
+ [
+ 'apis' => [
+ ['description' => 'Request parameters changed, Error codes changed', 'api' => 'DescribeLogServiceStatus'],
+ ],
+ 'createdAt' => '2022-08-23T11:43:54.000Z',
+ 'description' => '修改接口参数的默认值',
+ ],
+ [
+ 'apis' => [
+ ['description' => 'Request parameters changed, Error codes changed', 'api' => 'CreateDomain'],
+ ['description' => 'Request parameters changed, Error codes changed', 'api' => 'ModifyDomain'],
+ ],
+ 'createdAt' => '2022-08-22T10:01:24.000Z',
+ 'description' => 'WAF2.0,开放超时时间的参数。',
+ ],
+ [
+ 'apis' => [
+ ['description' => 'Response parameters changed, Error codes changed', 'api' => 'DescribeDomainRuleGroup'],
+ ['description' => 'Request parameters changed, Error codes changed', 'api' => 'SetDomainRuleGroup'],
+ ],
+ 'createdAt' => '2022-01-18T09:08:42.000Z',
+ 'description' => '支持智能规则加白',
+ ],
+ [
+ 'apis' => [
+ ['description' => 'Request parameters changed, Error codes changed', 'api' => 'DescribeProtectionModuleCodeConfig'],
+ ],
+ 'createdAt' => '2021-12-07T15:36:25.000Z',
+ 'description' => '优化参数说明',
+ ],
+ [
+ 'apis' => [
+ ['description' => 'Response parameters changed, Error codes changed', 'api' => 'DescribeDomainAdvanceConfigs'],
+ ],
+ 'createdAt' => '2021-10-20T13:22:26.000Z',
+ 'description' => '修改返回值类型',
+ ],
+ ],
+ 'flowControl' => [
+ 'flowControlList' => [
+ ['threshold' => '10', 'countWindow' => 1, 'regionId' => '*', 'api' => 'ModifyDomainIpv6Status'],
+ ['threshold' => '10', 'countWindow' => 1, 'regionId' => '*', 'api' => 'DescribeDomainList'],
+ ['threshold' => '10', 'countWindow' => 1, 'regionId' => '*', 'api' => 'ModifyProtectionModuleMode'],
+ ['threshold' => '10', 'countWindow' => 1, 'regionId' => '*', 'api' => 'ModifyDomain'],
+ ['threshold' => '20', 'countWindow' => 1, 'regionId' => '*', 'api' => 'ModifyLogRetrievalStatus'],
+ ['threshold' => '20', 'countWindow' => 1, 'regionId' => '*', 'api' => 'ModifyProtectionModuleStatus'],
+ ['threshold' => '-1', 'countWindow' => 1, 'regionId' => '*'],
+ ['threshold' => '10', 'countWindow' => 1, 'regionId' => '*', 'api' => 'ModifyProtectionRuleStatus'],
+ ['threshold' => '10', 'countWindow' => 1, 'regionId' => '*', 'api' => 'DescribeCertificates'],
+ ['threshold' => '10', 'countWindow' => 1, 'regionId' => '*', 'api' => 'DescribeLogServiceStatus'],
+ ['threshold' => '10', 'countWindow' => 1, 'regionId' => '*', 'api' => 'DescribeWafSourceIpSegment'],
+ ['threshold' => '10', 'countWindow' => 1, 'regionId' => '*', 'api' => 'MoveResourceGroup'],
+ ['threshold' => '50', 'countWindow' => 1, 'regionId' => '*', 'api' => 'DescribeProtectionModuleStatus'],
+ ['threshold' => '10', 'countWindow' => 1, 'regionId' => '*', 'api' => 'DescribeDomainRuleGroup'],
+ ['threshold' => '10', 'countWindow' => 1, 'regionId' => '*', 'api' => 'DescribeDomain'],
+ ['threshold' => '10', 'countWindow' => 1, 'regionId' => '*', 'api' => 'DescribeCertMatchStatus'],
+ ['threshold' => '10', 'countWindow' => 1, 'regionId' => '*', 'api' => 'ModifyProtectionRuleCacheStatus'],
+ ['threshold' => '10', 'countWindow' => 1, 'regionId' => '*', 'api' => 'CreateCertificateByCertificateId'],
+ ['threshold' => '10', 'countWindow' => 1, 'regionId' => '*', 'api' => 'CreateCertificate'],
+ ['threshold' => '50', 'countWindow' => 1, 'regionId' => '*', 'api' => 'DescribeDomainAdvanceConfigs'],
+ ['threshold' => '10', 'countWindow' => 1, 'regionId' => '*', 'api' => 'DescribeProtectionModuleMode'],
+ ['threshold' => '10', 'countWindow' => 1, 'regionId' => '*', 'api' => 'DescribeRuleGroups'],
+ ['threshold' => '10', 'countWindow' => 1, 'regionId' => '*', 'api' => 'ModifyProtectionModuleRule'],
+ ['threshold' => '50', 'countWindow' => 1, 'regionId' => '*', 'api' => 'DescribeDomainBasicConfigs'],
+ ['threshold' => '10', 'countWindow' => 1, 'regionId' => '*', 'api' => 'DescribeRules'],
+ ['threshold' => '10', 'countWindow' => 1, 'regionId' => '*', 'api' => 'SetDomainRuleGroup'],
+ ['threshold' => '50', 'countWindow' => 1, 'regionId' => '*', 'api' => 'DescribeDomainNames'],
+ ['threshold' => '50', 'countWindow' => 1, 'regionId' => '*', 'api' => 'DescribeInstanceInfo'],
+ ['threshold' => '10', 'countWindow' => 1, 'regionId' => '*', 'api' => 'DeleteProtectionModuleRule'],
+ ['threshold' => '10', 'countWindow' => 1, 'regionId' => '*', 'api' => 'ModifyLogServiceStatus'],
+ ['threshold' => '50', 'countWindow' => 1, 'regionId' => '*', 'api' => 'DescribeProtectionModuleRules'],
+ ['threshold' => '50', 'countWindow' => 1, 'regionId' => '*', 'api' => 'DeleteDomain'],
+ ['threshold' => '10', 'countWindow' => 1, 'regionId' => '*', 'api' => 'CreateDomain'],
+ ['threshold' => '10', 'countWindow' => 1, 'regionId' => '*', 'api' => 'CreateProtectionModuleRule'],
+ ['threshold' => '100', 'countWindow' => 1, 'regionId' => '*', 'api' => 'DescribeProtectionModuleCodeConfig'],
+ ['threshold' => '20', 'countWindow' => 1, 'regionId' => '*', 'api' => 'DeleteInstance'],
+ ],
+ ],
+ 'ram' => [
+ 'productCode' => 'WAF',
+ 'productName' => 'Web Application Firewall',
+ 'ramCodes' => ['yundun-waf'],
+ 'ramLevel' => 'OPERATION',
+ 'ramConditions' => [],
+ 'ramActions' => [
+ [
+ 'apiName' => 'ModifyDomain',
+ 'description' => '',
+ 'operationType' => '',
+ 'ramAction' => [
+ 'action' => 'yundun-waf:ModifyDomain',
+ 'authLevel' => 'operate',
+ 'actionConditions' => [],
+ 'resources' => [
+ ['validationType' => 'always', 'product' => 'WAF', 'resourceType' => 'All Resource', 'arn' => '*'],
+ ],
+ ],
+ ],
+ [
+ 'apiName' => 'DescribeProtectionModuleRules',
+ 'description' => '',
+ 'operationType' => 'get',
+ 'ramAction' => [
+ 'action' => 'yundun-waf:DescribeProtectionModuleRules',
+ 'authLevel' => 'operate',
+ 'actionConditions' => [],
+ 'resources' => [
+ ['validationType' => 'always', 'product' => 'WAF', 'resourceType' => 'All Resource', 'arn' => '*'],
+ ],
+ ],
+ ],
+ [
+ 'apiName' => 'DescribeDomainAdvanceConfigs',
+ 'description' => '',
+ 'operationType' => 'get',
+ 'ramAction' => [
+ 'action' => 'yundun-waf:DescribeDomainAdvanceConfigs',
+ 'authLevel' => 'operate',
+ 'actionConditions' => [],
+ 'resources' => [
+ ['validationType' => 'always', 'product' => 'WAF', 'resourceType' => 'All Resource', 'arn' => '*'],
+ ],
+ ],
+ ],
+ [
+ 'apiName' => 'DescribeInstanceInfo',
+ 'description' => '',
+ 'operationType' => 'get',
+ 'ramAction' => [
+ 'action' => 'yundun-waf:DescribeInstanceInfo',
+ 'authLevel' => 'operate',
+ 'actionConditions' => [],
+ 'resources' => [
+ ['validationType' => 'always', 'product' => 'WAF', 'resourceType' => 'All Resource', 'arn' => '*'],
+ ],
+ ],
+ ],
+ [
+ 'apiName' => 'DescribeDomainNames',
+ 'description' => '',
+ 'operationType' => 'list',
+ 'ramAction' => [
+ 'action' => 'yundun-waf:DescribeDomainNames',
+ 'authLevel' => 'operate',
+ 'actionConditions' => [],
+ 'resources' => [
+ ['validationType' => 'always', 'product' => 'WAF', 'resourceType' => 'All Resource', 'arn' => '*'],
+ ],
+ ],
+ ],
+ [
+ 'apiName' => 'ModifyProtectionRuleCacheStatus',
+ 'description' => '',
+ 'operationType' => 'get',
+ 'ramAction' => [
+ 'action' => 'yundun-waf:ModifyProtectionRuleCacheStatus',
+ 'authLevel' => 'operate',
+ 'actionConditions' => [],
+ 'resources' => [
+ ['validationType' => 'always', 'product' => 'WAF', 'resourceType' => 'All Resource', 'arn' => '*'],
+ ],
+ ],
+ ],
+ [
+ 'apiName' => 'DescribeProtectionModuleStatus',
+ 'description' => '',
+ 'operationType' => 'get',
+ 'ramAction' => [
+ 'action' => 'yundun-waf:DescribeProtectionModuleStatus',
+ 'authLevel' => 'operate',
+ 'actionConditions' => [],
+ 'resources' => [
+ ['validationType' => 'always', 'product' => 'WAF', 'resourceType' => 'All Resource', 'arn' => '*'],
+ ],
+ ],
+ ],
+ [
+ 'apiName' => 'DescribeRuleGroups',
+ 'description' => '',
+ 'operationType' => 'get',
+ 'ramAction' => [
+ 'action' => 'yundun-waf:DescribeRuleGroups',
+ 'authLevel' => 'operate',
+ 'actionConditions' => [],
+ 'resources' => [
+ ['validationType' => 'always', 'product' => 'WAF', 'resourceType' => 'All Resource', 'arn' => '*'],
+ ],
+ ],
+ ],
+ [
+ 'apiName' => 'DescribeInstanceSpecInfo',
+ 'description' => '',
+ 'operationType' => 'get',
+ 'ramAction' => [
+ 'action' => 'yundun-waf:DescribeInstanceSpecInfo',
+ 'authLevel' => 'operate',
+ 'actionConditions' => [],
+ 'resources' => [
+ ['validationType' => 'always', 'product' => 'WAF', 'resourceType' => 'All Resource', 'arn' => '*'],
+ ],
+ ],
+ ],
+ [
+ 'apiName' => 'ModifyProtectionModuleMode',
+ 'description' => '',
+ 'operationType' => '',
+ 'ramAction' => [
+ 'action' => 'yundun-waf:ModifyProtectionModuleMode',
+ 'authLevel' => 'operate',
+ 'actionConditions' => [],
+ 'resources' => [
+ ['validationType' => 'always', 'product' => 'WAF', 'resourceType' => 'All Resource', 'arn' => '*'],
+ ],
+ ],
+ ],
+ [
+ 'apiName' => 'DeleteDomain',
+ 'description' => '',
+ 'operationType' => '',
+ 'ramAction' => [
+ 'action' => 'yundun-waf:DeleteDomain',
+ 'authLevel' => 'operate',
+ 'actionConditions' => [],
+ 'resources' => [
+ ['validationType' => 'always', 'product' => 'WAF', 'resourceType' => 'All Resource', 'arn' => '*'],
+ ],
+ ],
+ ],
+ [
+ 'apiName' => 'DescribeDomain',
+ 'description' => '',
+ 'operationType' => 'get',
+ 'ramAction' => [
+ 'action' => 'yundun-waf:DescribeDomain',
+ 'authLevel' => 'operate',
+ 'actionConditions' => [],
+ 'resources' => [
+ ['validationType' => 'always', 'product' => 'WAF', 'resourceType' => 'All Resource', 'arn' => '*'],
+ ],
+ ],
+ ],
+ [
+ 'apiName' => 'DescribeRules',
+ 'description' => '',
+ 'operationType' => 'get',
+ 'ramAction' => [
+ 'action' => 'yundun-waf:DescribeRules',
+ 'authLevel' => 'operate',
+ 'actionConditions' => [],
+ 'resources' => [
+ ['validationType' => 'always', 'product' => 'WAF', 'resourceType' => 'All Resource', 'arn' => '*'],
+ ],
+ ],
+ ],
+ [
+ 'apiName' => 'DescribeCertMatchStatus',
+ 'description' => '',
+ 'operationType' => 'get',
+ 'ramAction' => [
+ 'action' => 'yundun-waf:DescribeCertMatchStatus',
+ 'authLevel' => 'operate',
+ 'actionConditions' => [],
+ 'resources' => [
+ ['validationType' => 'always', 'product' => 'WAF', 'resourceType' => 'All Resource', 'arn' => '*'],
+ ],
+ ],
+ ],
+ [
+ 'apiName' => 'CreateCertificate',
+ 'description' => '',
+ 'operationType' => '',
+ 'ramAction' => [
+ 'action' => 'yundun-waf:CreateCertificate',
+ 'authLevel' => 'operate',
+ 'actionConditions' => [],
+ 'resources' => [
+ ['validationType' => 'always', 'product' => 'WAF', 'resourceType' => 'All Resource', 'arn' => '*'],
+ ],
+ ],
+ ],
+ [
+ 'apiName' => 'ModifyProtectionRuleStatus',
+ 'description' => '',
+ 'operationType' => 'update',
+ 'ramAction' => [
+ 'action' => 'yundun-waf:ModifyProtectionRuleStatus',
+ 'authLevel' => 'operate',
+ 'actionConditions' => [],
+ 'resources' => [
+ ['validationType' => 'always', 'product' => 'WAF', 'resourceType' => 'All Resource', 'arn' => '*'],
+ ],
+ ],
+ ],
+ [
+ 'apiName' => 'DeleteInstance',
+ 'description' => '',
+ 'operationType' => '',
+ 'ramAction' => [
+ 'action' => 'yundun-waf:DeleteInstance',
+ 'authLevel' => 'operate',
+ 'actionConditions' => [],
+ 'resources' => [
+ ['validationType' => 'always', 'product' => 'WAF', 'resourceType' => 'All Resource', 'arn' => '*'],
+ ],
+ ],
+ ],
+ [
+ 'apiName' => 'CreateDomain',
+ 'description' => '',
+ 'operationType' => '',
+ 'ramAction' => [
+ 'action' => 'yundun-waf:CreateDomain',
+ 'authLevel' => 'operate',
+ 'actionConditions' => [],
+ 'resources' => [
+ ['validationType' => 'always', 'product' => 'WAF', 'resourceType' => 'All Resource', 'arn' => '*'],
+ ],
+ ],
+ ],
+ [
+ 'apiName' => 'MoveResourceGroup',
+ 'description' => '',
+ 'operationType' => '',
+ 'ramAction' => [
+ 'action' => 'yundun-waf:MoveResourceGroup',
+ 'authLevel' => 'operate',
+ 'actionConditions' => [],
+ 'resources' => [
+ ['validationType' => 'always', 'product' => 'WAF', 'resourceType' => 'All Resource', 'arn' => '*'],
+ ],
+ ],
+ ],
+ [
+ 'apiName' => 'DescribeLogServiceStatus',
+ 'description' => '',
+ 'operationType' => 'get',
+ 'ramAction' => [
+ 'action' => 'yundun-waf:DescribeLogServiceStatus',
+ 'authLevel' => 'operate',
+ 'actionConditions' => [],
+ 'resources' => [
+ ['validationType' => 'always', 'product' => 'WAF', 'resourceType' => 'All Resource', 'arn' => '*'],
+ ],
+ ],
+ ],
+ [
+ 'apiName' => 'DescribeDomainBasicConfigs',
+ 'description' => '',
+ 'operationType' => 'get',
+ 'ramAction' => [
+ 'action' => 'yundun-waf:DescribeDomainBasicConfigs',
+ 'authLevel' => 'operate',
+ 'actionConditions' => [],
+ 'resources' => [
+ ['validationType' => 'always', 'product' => 'WAF', 'resourceType' => 'All Resource', 'arn' => '*'],
+ ],
+ ],
+ ],
+ [
+ 'apiName' => 'DescribeProtectionModuleMode',
+ 'description' => '',
+ 'operationType' => 'get',
+ 'ramAction' => [
+ 'action' => 'yundun-waf:DescribeProtectionModuleMode',
+ 'authLevel' => 'operate',
+ 'actionConditions' => [],
+ 'resources' => [
+ ['validationType' => 'always', 'product' => 'WAF', 'resourceType' => 'All Resource', 'arn' => '*'],
+ ],
+ ],
+ ],
+ [
+ 'apiName' => 'DescribeDomainRuleGroup',
+ 'description' => '',
+ 'operationType' => 'get',
+ 'ramAction' => [
+ 'action' => 'yundun-waf:DescribeDomainRuleGroup',
+ 'authLevel' => 'operate',
+ 'actionConditions' => [],
+ 'resources' => [
+ ['validationType' => 'always', 'product' => 'WAF', 'resourceType' => 'All Resource', 'arn' => '*'],
+ ],
+ ],
+ ],
+ [
+ 'apiName' => 'ModifyProtectionModuleStatus',
+ 'description' => '',
+ 'operationType' => '',
+ 'ramAction' => [
+ 'action' => 'yundun-waf:ModifyProtectionModuleStatus',
+ 'authLevel' => 'operate',
+ 'actionConditions' => [],
+ 'resources' => [
+ ['validationType' => 'always', 'product' => 'WAF', 'resourceType' => 'All Resource', 'arn' => '*'],
+ ],
+ ],
+ ],
+ [
+ 'apiName' => 'DescribeWafSourceIpSegment',
+ 'description' => '',
+ 'operationType' => 'get',
+ 'ramAction' => [
+ 'action' => 'yundun-waf:DescribeWafSourceIpSegment',
+ 'authLevel' => 'operate',
+ 'actionConditions' => [],
+ 'resources' => [
+ ['validationType' => 'always', 'product' => 'WAF', 'resourceType' => 'All Resource', 'arn' => '*'],
+ ],
+ ],
+ ],
+ [
+ 'apiName' => 'SetDomainRuleGroup',
+ 'description' => '',
+ 'operationType' => '',
+ 'ramAction' => [
+ 'action' => 'yundun-waf:SetDomainRuleGroup',
+ 'authLevel' => 'operate',
+ 'actionConditions' => [],
+ 'resources' => [
+ ['validationType' => 'always', 'product' => 'WAF', 'resourceType' => 'All Resource', 'arn' => '*'],
+ ],
+ ],
+ ],
+ [
+ 'apiName' => 'CreateProtectionModuleRule',
+ 'description' => '',
+ 'operationType' => '',
+ 'ramAction' => [
+ 'action' => 'yundun-waf:CreateProtectionModuleRule',
+ 'authLevel' => 'operate',
+ 'actionConditions' => [],
+ 'resources' => [
+ ['validationType' => 'always', 'product' => 'WAF', 'resourceType' => 'All Resource', 'arn' => '*'],
+ ],
+ ],
+ ],
+ [
+ 'apiName' => 'ModifyLogServiceStatus',
+ 'description' => '',
+ 'operationType' => '',
+ 'ramAction' => [
+ 'action' => 'yundun-waf:ModifyLogServiceStatus',
+ 'authLevel' => 'operate',
+ 'actionConditions' => [],
+ 'resources' => [
+ ['validationType' => 'always', 'product' => 'WAF', 'resourceType' => 'All Resource', 'arn' => '*'],
+ ],
+ ],
+ ],
+ [
+ 'apiName' => 'CreateCertificateByCertificateId',
+ 'description' => '',
+ 'operationType' => '',
+ 'ramAction' => [
+ 'action' => 'yundun-waf:CreateCertificateByCertificateId',
+ 'authLevel' => 'operate',
+ 'actionConditions' => [],
+ 'resources' => [
+ ['validationType' => 'always', 'product' => 'WAF', 'resourceType' => 'All Resource', 'arn' => '*'],
+ ],
+ ],
+ ],
+ [
+ 'apiName' => 'ModifyLogRetrievalStatus',
+ 'description' => '',
+ 'operationType' => '',
+ 'ramAction' => [
+ 'action' => 'yundun-waf:ModifyLogRetrievalStatus',
+ 'authLevel' => 'operate',
+ 'actionConditions' => [],
+ 'resources' => [
+ ['validationType' => 'always', 'product' => 'WAF', 'resourceType' => 'All Resource', 'arn' => '*'],
+ ],
+ ],
+ ],
+ [
+ 'apiName' => 'ModifyProtectionModuleRule',
+ 'description' => '',
+ 'operationType' => '',
+ 'ramAction' => [
+ 'action' => 'yundun-waf:ModifyProtectionModuleRule',
+ 'authLevel' => 'operate',
+ 'actionConditions' => [],
+ 'resources' => [
+ ['validationType' => 'always', 'product' => 'WAF', 'resourceType' => 'All Resource', 'arn' => '*'],
+ ],
+ ],
+ ],
+ [
+ 'apiName' => 'ModifyDomainIpv6Status',
+ 'description' => '',
+ 'operationType' => '',
+ 'ramAction' => [
+ 'action' => 'yundun-waf:ModifyDomainIpv6Status',
+ 'authLevel' => 'operate',
+ 'actionConditions' => [],
+ 'resources' => [
+ ['validationType' => 'always', 'product' => 'WAF', 'resourceType' => 'All Resource', 'arn' => '*'],
+ ],
+ ],
+ ],
+ [
+ 'apiName' => 'DescribeDomainList',
+ 'description' => '',
+ 'operationType' => 'get',
+ 'ramAction' => [
+ 'action' => 'yundun-waf:DescribeDomainList',
+ 'authLevel' => 'operate',
+ 'actionConditions' => [],
+ 'resources' => [
+ ['validationType' => 'always', 'product' => 'WAF', 'resourceType' => 'All Resource', 'arn' => '*'],
+ ],
+ ],
+ ],
+ [
+ 'apiName' => 'DescribeCertificates',
+ 'description' => '',
+ 'operationType' => 'list',
+ 'ramAction' => [
+ 'action' => 'yundun-waf:DescribeCertificates',
+ 'authLevel' => 'operate',
+ 'actionConditions' => [],
+ 'resources' => [
+ ['validationType' => 'always', 'product' => 'WAF', 'resourceType' => 'All Resource', 'arn' => '*'],
+ ],
+ ],
+ ],
+ [
+ 'apiName' => 'DeleteProtectionModuleRule',
+ 'description' => '',
+ 'operationType' => '',
+ 'ramAction' => [
+ 'action' => 'yundun-waf:DeleteProtectionModuleRule',
+ 'authLevel' => 'operate',
+ 'actionConditions' => [],
+ 'resources' => [
+ ['validationType' => 'always', 'product' => 'WAF', 'resourceType' => 'All Resource', 'arn' => '*'],
+ ],
+ ],
+ ],
+ [
+ 'apiName' => 'DescribeProtectionModuleCodeConfig',
+ 'description' => '',
+ 'operationType' => 'get',
+ 'ramAction' => [
+ 'action' => 'yundun-waf:DescribeProtectionModuleCodeConfig',
+ 'authLevel' => 'operate',
+ 'actionConditions' => [],
+ 'resources' => [
+ ['validationType' => 'always', 'product' => 'WAF', 'resourceType' => 'All Resource', 'arn' => '*'],
+ ],
+ ],
+ ],
+ ],
+ 'resourceTypes' => [
+ ['validationType' => 'always', 'resourceType' => 'Instance', 'arn' => 'acs:yundun-waf:{#regionId}:{#accountId}:Instance/InstanceId'],
+ ['validationType' => 'always', 'resourceType' => 'Domain', 'arn' => 'acs:yundun-waf:{#regionId}:{#accountId}:Domain/*'],
+ ['validationType' => 'always', 'resourceType' => 'Domain', 'arn' => 'acs:yundun-waf:{#regionId}:{#accountId}:Domain/DomainId'],
+ ['validationType' => 'always', 'resourceType' => 'Certificate', 'arn' => 'acs:yundun-waf:{#regionId}:{#accountId}:Certificate/*'],
],
],
];