Querying Domain Name Settings in Dedicated Mode¶

Function¶

This API is used to query domain name settings in dedicated mode.

URI¶

GET /v1/{project_id}/premium-waf/host/{host_id}

**Table 1** Path Parameters¶
Parameter	Mandatory	Type	Description
project_id	Yes	String	Project ID
host_id	Yes	String	ID of the domain name protected by the dedicated WAF engine

Request Parameters¶

**Table 2** Request header parameters¶
Parameter	Mandatory	Type	Description
Content-Type	No	String	Content type. Default value: application/json;charset=utf8 Default: application/json;charset=utf8
X-Auth-Token	Yes	String	User token. It can be obtained by calling the IAM API (value of X-Subject-Token in the response header).

Response Parameters¶

Status code: 200

**Table 3** Response body parameters¶
Parameter	Type	Description
id	String	Domain name ID
policyid	String	ID of the policy initially used to the domain name. It can be obtained by calling the API described in 2.1.1 Querying Protection Policies.
hostname	String	Domain name added to cloud WAF.
domainid	String	User domain ID
project_id	String	Project ID
protocol	String	Client protocol, which is the protocol used by a client (for example, a browser) to access your website. Enumeration values: HTTPS HTTP
tls	String	Minimum TLS version supported. TLS v1.0 is used by default. The value can be:TLS v1.0TLS v1.1TLS v1.2TLS v1.3
cipher	String	Cipher suite. The value can be: cipher_1: ECDHE-ECDSA-AES256-GCM-SHA384:HIGH:!MEDIUM:!LOW:!aNULL:!eNULL:!DES:!MD5:!PSK:!RC4:!kRSA:!SRP:!3DES:!DSS:!EXP:!CAMELLIA:@STRENGTH cipher_2: EECDH+AESGCM:EDH+AESGCM cipher_3: ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:RC4:HIGH:!MD5:!aNULL:!eNULL:!NULL:!DH:!EDH cipher_4. ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:AES256-SHA256:RC4:HIGH:!MD5:!aNULL:!eNULL:!NULL:!EDH cipher_default: ECDHE-RSA-AES256-SHA384:AES256-SHA256:RC4:HIGH:!MD5:!aNULL:!eNULL:!NULL:!DH:!EDH:!AESGCM
server	Array of PremiumWafServer objects	Origin server details
certificateid	String	HTTPS certificate ID. It can be obtained by calling the ListCertificates API. This parameter is not required when the client protocol is HTTP. This parameter is mandatory when the client protocol is HTTPS.
certificatename	String	Certificate name. This parameter is not required when the client protocol is HTTP. This parameter is mandatory when the client protocol is HTTPS.
proxy	Boolean	Whether the proxy is enabled
locked	Integer	Lock status. This parameter is redundant and can be ignored. Default value: - 0: Default: 0
protect_status	Integer	WAF status of the protected domain name. The value can be: -1: Bypassed. Requests are directly sent to the backend servers without passing through WAF. 0: Suspended. WAF only forwards requests for the domain name but does not detect attacks. 1: Enabled. WAF detects attacks based on the configured policy.
access_status	Integer	Whether a domain name is connected to WAF. 0: The domain name is not connected to the engine instance. 1: The domain name is connected to the engine instance.
access_progress	Array of Access_progress objects	Access progress, which is used only for the new console (frontend).
flag	Flag object	Feature switch for configuring compliance certification checks for domain names protected with the dedicated WAF instance.
block_page	BlockPage object	Alarm configuration page
extend	Extend object	This parameter includes some extended information about the protected domain name.
traffic_mark	TrafficMark object	Traffic identifier
circuit_breaker	CircuitBreaker object	Circuit breaker configuration
timeout_config	TimeoutConfig object	Timeout settings
web_tag	String	website name
description	String	website remarks
timestamp	Long	Creation time.

**Table 4** PremiumWafServer¶
Parameter	Type	Description
front_protocol	String	Client protocol Enumeration values: HTTP HTTPS
back_protocol	String	Server protocol Enumeration values: HTTP HTTPS
address	String	IP address or domain name of the origin server that the client accesses.
port	Integer	Server port
type	String	The origin server address is an IPv4 or IPv6 address. Default value: ipv4 Enumeration values: ipv4 ipv6
vpc_id	String	VPC ID. Perform the following steps to obtain the VPC ID: 1.Find the name of the VPC where the dedicated engine is located. The VPC name is in the VPC\Subnet column. Log in to the WAF console and choose Instance Management > Dedicated Engine > VPC\Subnet. Log in to the VPC console and click the VPC name. On the page displayed, copy the VPC ID in the VPC Information area.
weight	Integer	This parameter is reserved and can be ignored currently.

**Table 5** Access_progress¶
Parameter	Type	Description
step	Integer	Step 1: whitelisting WAF IP addresses. 2: testing WAF. 3:modifying DNS record.
status	Integer	Status. The value can be 0 or 1. 0: The step has not been finished. 1: The step has finished.

**Table 6** Flag¶
Parameter	Type	Description
pci_3ds	String	Whether to enable PCI 3DS compliance check. This parameter must be used together with tls and cipher. tls must be set to TLS v1.2, and cipher must be set to cipher_2. Note: If PCI 3DS compliance check is enabled and the minimum TLS is set to TLS v1.2, the website can be accessed using TLS v1.2, but cannot be accessed using TLS v1.1 or earlier. Once PCI 3DS is enabled, it cannot be disabled. Before you enable it, ensure that your website services will not be affected. You can ignore it. true: Enable this check. false: Disable this check. Enumeration values: true false
pci_dss	String	Whether to enable PCI DSS compliance check. This parameter must be used together with tls and cipher. tls must be set to TLS v1.2, and cipher must be set to cipher_2. Note: If PCI DSS compliance check is enabled and the minimum TLS is set to TLS v1.2, the website can be accessed using TLS v1.2, but cannot be accessed using TLS v1.1 or earlier. Before you enable it, ensure that your website services will not be affected. You can ignore it. true: Enable this check. false: Disable this check. Enumeration values: true false

**Table 7** BlockPage¶
Parameter	Type	Description
template	String	Template type, the value can be: default: The default block page. custom: Your custom block page is returned when a request is blocked. The request is redirected to the URL you specify.
custom_page	CustomPage object	Custom alarm page.
redirect_url	String	Redirect URL. The root domain name of the redirection address must be the name of the currently protected domain (including a wildcard domain name).${http_host} can be used to indicate the currently protected domain name and port, for example, ${http_host}/error.html.

**Table 8** CustomPage¶
Parameter	Type	Description
status_code	String	Status Codes
content_type	String	Content type of alarm page.
content	String	Page content.

**Table 9** Extend¶
Parameter	Type	Description
ltsInfo	String	Details about LTS configuration
extend	String	Timeout configuration details.

**Table 10** TrafficMark¶
Parameter	Type	Description
sip	Array of strings	IP tag. HTTP request header field of the original client IP address.
cookie	String	Session tag. This tag is used by known attack source rules to block malicious attacks based on cookie attributes. This parameter must be configured in known attack source rules to block requests based on cookie attributes.
params	String	User tag. This tag is used by known attack source rules to block malicious attacks based on params attributes. This parameter must be configured to block requests based on the params attributes.

**Table 11** CircuitBreaker¶
Parameter	Type	Description
switch	Boolean	Whether to enable connection protection. true: Enable connection protection. false: Disable the connection protection.
dead_num	Integer	502/504 error threshold. 502/504 errors allowed for every 30 seconds.
dead_ratio	Number	A breakdown protection is triggered when the 502/504 error threshold and percentage threshold have been reached.
block_time	Integer	Protection period upon the first breakdown. During this period, WAF stops forwarding client requests.
superposition_num	Integer	The maximum multiplier you can use for consecutive breakdowns. The number of breakdowns are counted from 0 every time the accumulated breakdown protection duration reaches 3,600s. For example, assume that Initial Downtime (s) is set to 180s and Multiplier for Consecutive Breakdowns is set to 3. If the breakdown is triggered for the second time, that is, less than 3, the protection duration is 360s (180s X 2). If the breakdown is triggered for the third or fourth time, that is, equal to or greater than 3, the protection duration is 540s (180s X 3). When the accumulated downtime duration exceeds 1 hour (3,600s), the number of breakdowns are counted from 0.
suspend_num	Integer	Threshold of the number of pending URL requests. Connection protection is triggered when the threshold has been reached.
sus_block_time	Integer	Downtime duration after the connection protection is triggered. During this period, WAF stops forwarding website requests.

**Table 12** TimeoutConfig¶
Parameter	Type	Description
connect_timeout	Integer	Timeout for WAF to connect to the origin server.
send_timeout	Integer	Timeout for WAF to send requests to the origin server.
read_timeout	Integer	Timeout for WAF to receive responses from the origin server.

Status code: 400

**Table 13** Response body parameters¶
Parameter	Type	Description
error_code	String	Error code
error_msg	String	Error message

Status code: 401

**Table 14** Response body parameters¶
Parameter	Type	Description
error_code	String	Error code
error_msg	String	Error message

Status code: 500

**Table 15** Response body parameters¶
Parameter	Type	Description
error_code	String	Error code
error_msg	String	Error message

Example Requests¶

GET https://{Endpoint}/v1/{project_id}/premium-waf/host/{host_id}?

Example Responses¶

Status code: 200

Request succeeded.

{
  "id" : "ee896796e1a84f3f85865ae0853d8974",
  "hostname" : "www.demo.com",
  "protocol" : "HTTPS",
  "server" : [ {
    "address" : "1.2.3.4",
    "port" : 443,
    "type" : "ipv4",
    "weight" : 1,
    "front_protocol" : "HTTPS",
    "back_protocol" : "HTTPS",
    "vpc_id" : "ebfc553a-386d-4746-b0c2-18ff3f0e903d"
  } ],
  "proxy" : false,
  "locked" : 0,
  "timestamp" : 1650593801380,
  "flag" : {
    "pci_3ds" : "false",
    "pci_dss" : "false"
  },
  "extend" : { },
  "block_page" : {
    "template" : "default"
  },
  "description" : "",
  "policyid" : "df15d0eb84194950a8fdc615b6c012dc",
  "domainid" : "0ee78615ca08419f81f539d97c9ee353",
  "projectid" : "550500b49078408682d0d4f7d923f3e1",
  "protect_status" : 1,
  "access_status" : 0,
  "certificateid" : "360f992501a64de0a65c50a64d1ca7b3",
  "certificatename" : "certificatename75315",
  "web_tag" : ""
}

Status Codes¶

Status Code	Description
200	Request succeeded.
400	Invalid request
401	The token does not have the required permission.
500	Internal server error.

Error Codes¶

See Error Codes.

last updated: 2024-09-09 09:53 UTC - commit: 0dd8692423ca7a0fd922b672f45ba4c8930aad67