Adding a Domain Name to the Cloud WAF
Function
This API is used to add a domain name to the cloud WAF.
Calling Method
For details, see Calling APIs.
URI
POST /v1/{project_id}/waf/instance
Parameter |
Mandatory |
Type |
Description |
---|---|---|---|
project_id |
Yes |
String |
Definition Project ID. To obtain it, log in to the Huawei Cloud console, click the username, choose My Credentials, and find the project ID in the Projects list. Constraints N/A Range Enter 32 characters. Only letters and digits are allowed. Default Value N/A |
Parameter |
Mandatory |
Type |
Description |
---|---|---|---|
enterprise_project_id |
No |
String |
Definition Obtain the enterprise project ID by calling the ListEnterpriseProject API of Enterprise Project Management Service (EPS). To obtain the resource details in all enterprise projects of a user, set this parameter to all_granted_eps. Constraints N/A Range
Default Value 0 |
Request Parameters
Parameter |
Mandatory |
Type |
Description |
---|---|---|---|
X-Auth-Token |
Yes |
String |
Definition User token. It can be obtained by calling the IAM API (value of X-Subject-Token in the response header). Constraints N/A Range N/A Default Value N/A |
Content-Type |
Yes |
String |
Definition Content type. Constraints N/A Range N/A Default Value application/json;charset=utf8 |
Parameter |
Mandatory |
Type |
Description |
---|---|---|---|
hostname |
Yes |
String |
Definition Domain name. Constraints N/A Range Enter a maximum of 64 characters. Only letters, digits, hyphens (-), underscores (_), and periods (.) are allowed, for example, www.domain.com. Default Value N/A |
policyid |
No |
String |
Definition ID of the policy initially used to the domain name. You can the ListPolicy API to obtain it. Constraints N/A Range N/A Default Value N/A |
server |
Yes |
Array of CloudWafServer objects |
Origin server configuration of the protected domain name |
certificateid |
No |
String |
Definition HTTPS certificate ID. You can all the ListCertificates API to obtain it.
Constraints N/A Range N/A Default Value N/A |
certificatename |
No |
String |
Definition Certificate name.
Constraints N/A Range N/A Default Value N/A |
web_tag |
No |
String |
Definition Website name, which is the website name displayed on the domain name details page on the WAF console. Constraints N/A Range Enter 0 to 128 characters. Default Value N/A |
exclusive_ip |
No |
Boolean |
Definition Whether to use the dedicated public IP address. This parameter is reserved for future function expansion and can be ignored. Constraints N/A Range
Default Value N/A |
paid_type |
No |
String |
Definition Package payment mode. The default value is prePaid. Constraints N/A Range
Default Value N/A |
proxy |
Yes |
Boolean |
Definition Whether the protected domain name uses a proxy. Constraints N/A Range
Default Value N/A |
lb_algorithm |
No |
String |
Definition Load balancing (available only for professional and enterprise editions).
Constraints N/A Range Default Value N/A |
description |
No |
String |
Definition Domain name description. Constraints N/A Range Length: 0 to 256 characters. Default Value N/A |
forward_header_map |
No |
Map<String,String> |
Definition Field forwarding configuration. WAF inserts the added fields into the header and forwards the header to the origin server. The key cannot be the same as the native Nginx field. The options of Value are as follows:
-$origin_uri Constraints N/A Range N/A Default Value N/A |
Parameter |
Mandatory |
Type |
Description |
---|---|---|---|
front_protocol |
Yes |
String |
Definition Protocol used by the client to access the origin server of the protected domain name. Constraints N/A Range
Default Value N/A |
back_protocol |
Yes |
String |
Definition Protocol used by WAF to forward client requests to the origin server of the protected domain name. Constraints N/A Range
Default Value N/A |
weight |
No |
Integer |
Definition Weight: Requests are distributed across backend origin servers based on the load balancing algorithm you select and the weight you assign to each server. Constraints N/A Range The default value is 1, which is a redundant field in cloud mode. Default Value N/A |
address |
Yes |
String |
Definition IP address of origin server accessed by the client. Constraints N/A Range N/A Default Value N/A |
port |
Yes |
Integer |
Definition Port used by WAF to forward client requests to the origin server. Constraints N/A Range N/A Default Value N/A |
type |
Yes |
String |
Definition Type of the origin server address: IPv4 or IPv6 Constraints N/A Range
Default Value N/A |
Response Parameters
Status code: 200
Parameter |
Type |
Description |
---|---|---|
id |
String |
Definition Domain name ID. Range N/A |
hostname |
String |
Definition Domain name added to cloud WAF. Range N/A |
policyid |
String |
Definition Protection policy ID. Range N/A |
access_code |
String |
Definition CNAME prefix. The CNAME suffix is .vip1.huaweicloudwaf.com. Range N/A |
protect_status |
Integer |
Definition Domain protection status. Range
|
access_status |
Integer |
Definition Domain name access status. Range
|
lb_algorithm |
String |
Definition Load balancing (available only for professional and enterprise editions).
Range
|
protocol |
String |
Definition Returned client protocol type. Range N/A |
certificateid |
String |
Definition Returned certificate ID. Range N/A |
certificatename |
String |
Definition Certificate name. Range Enter a maximum of 256 characters. Only letters, digits, hyphens (-), underscores (_), and periods (.) are allowed. |
server |
Array of CloudWafServer objects |
Origin server configuration of the protected domain name |
proxy |
Boolean |
Definition Whether the protected domain name uses a proxy. Range
|
timestamp |
Long |
Definition Timestamp when the protected domain name was created (Unit: ms) Range N/A |
exclusive_ip |
Boolean |
Definition Whether to use the dedicated public IP address. This parameter is reserved for future function expansion and can be ignored. Range
|
web_tag |
String |
Definition Website name, which is the website name displayed on the domain name details page on the WAF console. Range N/A |
http2_enable |
Boolean |
Definition Whether HTTP/2 is supported. Range
|
block_page |
BlockPage object |
Alarm page configuration |
flag |
Flag object |
Special identifier, which is used on the console. |
extend |
Map<String,String> |
Definition Extended field, which is used to store the switch configuration of basic web protection. Range N/A |
forward_header_map |
Map<String,String> |
Definition Field forwarding configuration. WAF inserts the added fields into the header and forwards the header to the origin server. The key cannot be the same as the native Nginx field. The options of Value are as follows:
Range N/A |
Parameter |
Type |
Description |
---|---|---|
front_protocol |
String |
Definition Protocol used by the client to access the origin server of the protected domain name. Constraints N/A Range
Default Value N/A |
back_protocol |
String |
Definition Protocol used by WAF to forward client requests to the origin server of the protected domain name. Constraints N/A Range
Default Value N/A |
weight |
Integer |
Definition Weight: Requests are distributed across backend origin servers based on the load balancing algorithm you select and the weight you assign to each server. Constraints N/A Range The default value is 1, which is a redundant field in cloud mode. Default Value N/A |
address |
String |
Definition IP address of origin server accessed by the client. Constraints N/A Range N/A Default Value N/A |
port |
Integer |
Definition Port used by WAF to forward client requests to the origin server. Constraints N/A Range N/A Default Value N/A |
type |
String |
Definition Type of the origin server address: IPv4 or IPv6 Constraints N/A Range
Default Value N/A |
Parameter |
Type |
Description |
---|---|---|
template |
String |
Definition Template name. Enter default for the default page, custom for the customized alarm page, and redirect for redirection. Constraints N/A Range N/A Default Value N/A |
custom_page |
CustomPage object |
Custom alarm page. |
redirect_url |
String |
Definition URL of the redirection page. Constraints N/A Range N/A Default Value N/A |
Parameter |
Type |
Description |
---|---|---|
status_code |
String |
Definition Return Code Constraints N/A Range N/A Default Value N/A |
content_type |
String |
Definition Content type of the custom alarm page. The options are text/html, text/xml, and application/json. Constraints N/A Range N/A Default Value N/A |
content |
String |
Definition Configure the page content based on the selected page type. For details, see the Web Application Firewall User Manual. Constraints N/A Range N/A Default Value N/A |
Parameter |
Type |
Description |
---|---|---|
pci_3ds |
String |
Definition Whether to enable PCI 3DS compliance authentication. Constraints N/A Range
Default Value N/A |
pci_dss |
String |
Definition Whether to enable PCI_DSS compliance authentication. Constraints N/A Range
Default Value N/A |
cname |
String |
Definition old: The old CNAME record is used. new: new CNAME record is used. Constraints N/A Range
Default Value N/A |
is_dual_az |
String |
Definition Whether the dual-AZ mode is supported Constraints N/A Range
Default Value N/A |
ipv6 |
String |
Definition Whether IPv6 is enabled for the domain name. Constraints N/A Range
Default Value N/A |
Status code: 400
Parameter |
Type |
Description |
---|---|---|
error_code |
String |
Error code. |
error_msg |
String |
Error message. |
encoded_authorization_message |
String |
You can call the decode-authorization-message interface of the STS service to decode the rejection reason. For details, see the STS5 joint commissioning and self-verification. This parameter is returned only when an IAM 5 authentication error occurs. |
details |
Array of IAM5ErrorDetails objects |
The set of error messages reported when a downstream service is invoked. This parameter is returned only when an IAM 5 authentication error occurs. |
Parameter |
Type |
Description |
---|---|---|
error_code |
String |
Error codes of the downstream service. |
error_msg |
String |
Error messages of the downstream service. |
Status code: 401
Parameter |
Type |
Description |
---|---|---|
error_code |
String |
Error code. |
error_msg |
String |
Error message. |
encoded_authorization_message |
String |
You can call the decode-authorization-message interface of the STS service to decode the rejection reason. For details, see the STS5 joint commissioning and self-verification. This parameter is returned only when an IAM 5 authentication error occurs. |
details |
Array of IAM5ErrorDetails objects |
The set of error messages reported when a downstream service is invoked. This parameter is returned only when an IAM 5 authentication error occurs. |
Parameter |
Type |
Description |
---|---|---|
error_code |
String |
Error codes of the downstream service. |
error_msg |
String |
Error messages of the downstream service. |
Status code: 500
Parameter |
Type |
Description |
---|---|---|
error_code |
String |
Error code. |
error_msg |
String |
Error message. |
encoded_authorization_message |
String |
You can call the decode-authorization-message interface of the STS service to decode the rejection reason. For details, see the STS5 joint commissioning and self-verification. This parameter is returned only when an IAM 5 authentication error occurs. |
details |
Array of IAM5ErrorDetails objects |
The set of error messages reported when a downstream service is invoked. This parameter is returned only when an IAM 5 authentication error occurs. |
Example Requests
The following example shows how to add a website domain name to cloud WAF in a specific project. The project ID is specified by project_id, and the domain name is www.demo.com. The client protocol is HTTPS, and server protocol is HTTP. The origin server address is ipv4 x.x.x.x. The service port used by WAF to forward client requests to the origin server is 7443. The domain name does not use a proxy or dedicated IP address. The WAF is billed yearly/monthly. The domain name description is dome. The website name is dome. The certificate name is test6, and the certificate ID is 3ac1402300374a63a05be68c641e92c8.
POST https://{Endpoint}/v1/{project_id}/waf/instance?enterprise_project_id=0 { "hostname" : "www.demo.com", "server" : [ { "front_protocol" : "HTTPS", "back_protocol" : "HTTP", "type" : "ipv4", "address" : "x.x.x.x", "port" : "7443" } ], "proxy" : false, "paid_type" : "prePaid", "description" : "demo", "web_tag" : "demo", "certificateid" : "3ac1402300374a63a05be68c641e92c8", "certificatename" : "test6", "exclusive_ip" : false }
Example Responses
Status code: 200
OK
{ "id" : "31af669f567246c289771694f2112289", "hostname" : "www.demo.com", "protocol" : "HTTP", "server" : [ { "address" : "x.x.x.x", "port" : 80, "type" : "ipv4", "weight" : 1, "front_protocol" : "HTTP", "back_protocol" : "HTTP" } ], "proxy" : false, "timestamp" : 1650527546420, "flag" : { "pci_3ds" : "false", "pci_dss" : "false", "ipv6" : "false", "cname" : "new", "is_dual_az" : "true" }, "policyid" : "41cba8aee2e94bcdbf57460874205494", "protect_status" : 1, "access_status" : 0, "access_code" : "1b18879b9d064f8bbcbf8abce7294cac", "block_page" : { "template" : "default" }, "web_tag" : "", "exclusive_ip" : false, "http2_enable" : false }
SDK Sample Code
The SDK sample code is as follows.
The following example shows how to add a website domain name to cloud WAF in a specific project. The project ID is specified by project_id, and the domain name is www.demo.com. The client protocol is HTTPS, and server protocol is HTTP. The origin server address is ipv4 x.x.x.x. The service port used by WAF to forward client requests to the origin server is 7443. The domain name does not use a proxy or dedicated IP address. The WAF is billed yearly/monthly. The domain name description is dome. The website name is dome. The certificate name is test6, and the certificate ID is 3ac1402300374a63a05be68c641e92c8.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 |
package com.huaweicloud.sdk.test; import com.huaweicloud.sdk.core.auth.ICredential; import com.huaweicloud.sdk.core.auth.BasicCredentials; import com.huaweicloud.sdk.core.exception.ConnectionException; import com.huaweicloud.sdk.core.exception.RequestTimeoutException; import com.huaweicloud.sdk.core.exception.ServiceResponseException; import com.huaweicloud.sdk.waf.v1.region.WafRegion; import com.huaweicloud.sdk.waf.v1.*; import com.huaweicloud.sdk.waf.v1.model.*; import java.util.List; import java.util.ArrayList; public class CreateHostSolution { public static void main(String[] args) { // The AK and SK used for authentication are hard-coded or stored in plaintext, which has great security risks. It is recommended that the AK and SK be stored in ciphertext in configuration files or environment variables and decrypted during use to ensure security. // In this example, AK and SK are stored in environment variables for authentication. Before running this example, set environment variables CLOUD_SDK_AK and CLOUD_SDK_SK in the local environment String ak = System.getenv("CLOUD_SDK_AK"); String sk = System.getenv("CLOUD_SDK_SK"); String projectId = "{project_id}"; ICredential auth = new BasicCredentials() .withProjectId(projectId) .withAk(ak) .withSk(sk); WafClient client = WafClient.newBuilder() .withCredential(auth) .withRegion(WafRegion.valueOf("<YOUR REGION>")) .build(); CreateHostRequest request = new CreateHostRequest(); CreateHostRequestBody body = new CreateHostRequestBody(); List<CloudWafServer> listbodyServer = new ArrayList<>(); listbodyServer.add( new CloudWafServer() .withFrontProtocol(CloudWafServer.FrontProtocolEnum.fromValue("HTTPS")) .withBackProtocol(CloudWafServer.BackProtocolEnum.fromValue("HTTP")) .withAddress("x.x.x.x") .withPort(7443) .withType(CloudWafServer.TypeEnum.fromValue("ipv4")) ); body.withDescription("demo"); body.withProxy(false); body.withPaidType("prePaid"); body.withExclusiveIp(false); body.withWebTag("demo"); body.withCertificatename("test6"); body.withCertificateid("3ac1402300374a63a05be68c641e92c8"); body.withServer(listbodyServer); body.withHostname("www.demo.com"); request.withBody(body); try { CreateHostResponse response = client.createHost(request); System.out.println(response.toString()); } catch (ConnectionException e) { e.printStackTrace(); } catch (RequestTimeoutException e) { e.printStackTrace(); } catch (ServiceResponseException e) { e.printStackTrace(); System.out.println(e.getHttpStatusCode()); System.out.println(e.getRequestId()); System.out.println(e.getErrorCode()); System.out.println(e.getErrorMsg()); } } } |
The following example shows how to add a website domain name to cloud WAF in a specific project. The project ID is specified by project_id, and the domain name is www.demo.com. The client protocol is HTTPS, and server protocol is HTTP. The origin server address is ipv4 x.x.x.x. The service port used by WAF to forward client requests to the origin server is 7443. The domain name does not use a proxy or dedicated IP address. The WAF is billed yearly/monthly. The domain name description is dome. The website name is dome. The certificate name is test6, and the certificate ID is 3ac1402300374a63a05be68c641e92c8.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 |
# coding: utf-8 import os from huaweicloudsdkcore.auth.credentials import BasicCredentials from huaweicloudsdkwaf.v1.region.waf_region import WafRegion from huaweicloudsdkcore.exceptions import exceptions from huaweicloudsdkwaf.v1 import * if __name__ == "__main__": # The AK and SK used for authentication are hard-coded or stored in plaintext, which has great security risks. It is recommended that the AK and SK be stored in ciphertext in configuration files or environment variables and decrypted during use to ensure security. # In this example, AK and SK are stored in environment variables for authentication. Before running this example, set environment variables CLOUD_SDK_AK and CLOUD_SDK_SK in the local environment ak = os.environ["CLOUD_SDK_AK"] sk = os.environ["CLOUD_SDK_SK"] projectId = "{project_id}" credentials = BasicCredentials(ak, sk, projectId) client = WafClient.new_builder() \ .with_credentials(credentials) \ .with_region(WafRegion.value_of("<YOUR REGION>")) \ .build() try: request = CreateHostRequest() listServerbody = [ CloudWafServer( front_protocol="HTTPS", back_protocol="HTTP", address="x.x.x.x", port=7443, type="ipv4" ) ] request.body = CreateHostRequestBody( description="demo", proxy=False, paid_type="prePaid", exclusive_ip=False, web_tag="demo", certificatename="test6", certificateid="3ac1402300374a63a05be68c641e92c8", server=listServerbody, hostname="www.demo.com" ) response = client.create_host(request) print(response) except exceptions.ClientRequestException as e: print(e.status_code) print(e.request_id) print(e.error_code) print(e.error_msg) |
The following example shows how to add a website domain name to cloud WAF in a specific project. The project ID is specified by project_id, and the domain name is www.demo.com. The client protocol is HTTPS, and server protocol is HTTP. The origin server address is ipv4 x.x.x.x. The service port used by WAF to forward client requests to the origin server is 7443. The domain name does not use a proxy or dedicated IP address. The WAF is billed yearly/monthly. The domain name description is dome. The website name is dome. The certificate name is test6, and the certificate ID is 3ac1402300374a63a05be68c641e92c8.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 |
package main import ( "fmt" "github.com/huaweicloud/huaweicloud-sdk-go-v3/core/auth/basic" waf "github.com/huaweicloud/huaweicloud-sdk-go-v3/services/waf/v1" "github.com/huaweicloud/huaweicloud-sdk-go-v3/services/waf/v1/model" region "github.com/huaweicloud/huaweicloud-sdk-go-v3/services/waf/v1/region" ) func main() { // The AK and SK used for authentication are hard-coded or stored in plaintext, which has great security risks. It is recommended that the AK and SK be stored in ciphertext in configuration files or environment variables and decrypted during use to ensure security. // In this example, AK and SK are stored in environment variables for authentication. Before running this example, set environment variables CLOUD_SDK_AK and CLOUD_SDK_SK in the local environment ak := os.Getenv("CLOUD_SDK_AK") sk := os.Getenv("CLOUD_SDK_SK") projectId := "{project_id}" auth := basic.NewCredentialsBuilder(). WithAk(ak). WithSk(sk). WithProjectId(projectId). Build() client := waf.NewWafClient( waf.WafClientBuilder(). WithRegion(region.ValueOf("<YOUR REGION>")). WithCredential(auth). Build()) request := &model.CreateHostRequest{} var listServerbody = []model.CloudWafServer{ { FrontProtocol: model.GetCloudWafServerFrontProtocolEnum().HTTPS, BackProtocol: model.GetCloudWafServerBackProtocolEnum().HTTP, Address: "x.x.x.x", Port: int32(7443), Type: model.GetCloudWafServerTypeEnum().IPV4, }, } descriptionCreateHostRequestBody:= "demo" paidTypeCreateHostRequestBody:= "prePaid" exclusiveIpCreateHostRequestBody:= false webTagCreateHostRequestBody:= "demo" certificatenameCreateHostRequestBody:= "test6" certificateidCreateHostRequestBody:= "3ac1402300374a63a05be68c641e92c8" request.Body = &model.CreateHostRequestBody{ Description: &descriptionCreateHostRequestBody, Proxy: false, PaidType: &paidTypeCreateHostRequestBody, ExclusiveIp: &exclusiveIpCreateHostRequestBody, WebTag: &webTagCreateHostRequestBody, Certificatename: &certificatenameCreateHostRequestBody, Certificateid: &certificateidCreateHostRequestBody, Server: listServerbody, Hostname: "www.demo.com", } response, err := client.CreateHost(request) if err == nil { fmt.Printf("%+v\n", response) } else { fmt.Println(err) } } |
For SDK sample code of more programming languages, see the Sample Code tab in API Explorer. SDK sample code can be automatically generated.
Status Codes
Status Code |
Description |
---|---|
200 |
OK |
400 |
Request failed. |
401 |
The token does not have required permissions. |
500 |
Internal server error. |
Error Codes
See Error Codes.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot