- Release Notes and Announcements
- Release Notes
- Product Announcement
- Security Advisory
- Notice for Apache Log4j 2 RCE Vulnerability (CVE-2021-44832)
- Notice for Apache Log4j 2 RCE Vulnerability (CVE-2021-45046)
- Notice for Apache Log4j 2 RCE Vulnerability (CVE-2021-44228)
- Notice for WebLogic Console HTTP RCE Vulnerability
- Notice for Exchange Server Command Execution Vulnerability
- Notice for Yonyou GRP-U8 SQL Injection Vulnerability
- Notice for Apache Cocoon XXE Vulnerability (CVE-2020-11991)
- Notice for WordPress File Manager Arbitrary Code Execution Vulnerability
- Jenkins Security Advisory for September
- Notice for Apache Struts 2 RCE Vulnerabilities (CVE-2019-0230 and CVE-2019-0233)
- Notice for Apache SkyWalking SQL Injection Vulnerability (CVE-2020-13921)
- User Guide
- Product Introduction
- Purchase Guide
- Getting Started
- Operation Guide
- Practical Tutorial
- API Documentation
- History
- Introduction
- API Category
- Making API Requests
- Asset Management APIs
- Billing APIs
- Protection Settings APIs
- AddAntiFakeUrl
- AddAntiInfoLeakRules
- DeleteAntiFakeUrl
- DeleteSession
- DescribeAntiFakeRules
- DescribeAntiInfoLeakageRules
- DescribeCCRule
- DescribeCCRuleList
- DescribeCustomRuleList
- DescribeCustomWhiteRule
- DescribeDomainVerifyResult
- DescribeModuleStatus
- DescribeObjects
- DescribeRuleLimit
- DescribeSession
- DescribeSpartaProtectionInfo
- DescribeUserLevel
- ModifyAntiFakeUrl
- ModifyAntiInfoLeakRuleStatus
- ModifyAntiInfoLeakRules
- ModifyCustomRule
- ModifyCustomRuleStatus
- ModifyCustomWhiteRule
- ModifyCustomWhiteRuleStatus
- ModifyModuleStatus
- ModifyObject
- ModifyProtectionStatus
- ModifySpartaProtectionMode
- ModifyUserLevel
- ModifyUserSignatureRule
- SwitchElasticMode
- Other APIs
- AddCustomWhiteRule
- DeleteAntiInfoLeakRule
- DeleteCCRule
- DeleteCustomRule
- DeleteCustomWhiteRule
- DescribeDomainCountInfo
- DescribeFindDomainList
- DescribeHost
- DescribeHostLimit
- DescribeHosts
- DescribeInstances
- DescribeUserDomainInfo
- DescribeWebshellStatus
- FreshAntiFakeUrl
- ModifyAntiFakeUrlStatus
- ModifyBotStatus
- ModifyDomainsCLSStatus
- ModifyHostMode
- ModifyHostStatus
- ModifyInstanceElasticMode
- ModifyInstanceName
- ModifyInstanceQpsLimit
- ModifyInstanceRenewFlag
- ModifyWebshellStatus
- UpsertCCRule
- UpsertSession
- GetInstanceQpsLimit
- AddCustomRule
- IP Management APIs
- Integration APIs
- DescribeCertificateVerifyResult
- DeleteHost
- DescribeTlsVersion
- ModifyHost
- ModifyHostFlowMode
- ModifySpartaProtection
- AddSpartaProtection
- DescribePorts
- DescribeUserClbWafRegions
- RefreshAccessCheckResult
- DeleteSpartaProtection
- DescribeCiphersDetail
- DescribeDomainDetailsClb
- DescribeDomainDetailsSaas
- ModifyDomainIpv6Status
- CreateHost
- DescribeVipInfo
- Log Service APIs
- Bot Behavior Management APIs
- Security Overview APIs
- Data Types
- Error Codes
- FAQS
- Service Level Agreement
- WAF Policy
- Contact Us
- Glossary
- Release Notes and Announcements
- Release Notes
- Product Announcement
- Security Advisory
- Notice for Apache Log4j 2 RCE Vulnerability (CVE-2021-44832)
- Notice for Apache Log4j 2 RCE Vulnerability (CVE-2021-45046)
- Notice for Apache Log4j 2 RCE Vulnerability (CVE-2021-44228)
- Notice for WebLogic Console HTTP RCE Vulnerability
- Notice for Exchange Server Command Execution Vulnerability
- Notice for Yonyou GRP-U8 SQL Injection Vulnerability
- Notice for Apache Cocoon XXE Vulnerability (CVE-2020-11991)
- Notice for WordPress File Manager Arbitrary Code Execution Vulnerability
- Jenkins Security Advisory for September
- Notice for Apache Struts 2 RCE Vulnerabilities (CVE-2019-0230 and CVE-2019-0233)
- Notice for Apache SkyWalking SQL Injection Vulnerability (CVE-2020-13921)
- User Guide
- Product Introduction
- Purchase Guide
- Getting Started
- Operation Guide
- Practical Tutorial
- API Documentation
- History
- Introduction
- API Category
- Making API Requests
- Asset Management APIs
- Billing APIs
- Protection Settings APIs
- AddAntiFakeUrl
- AddAntiInfoLeakRules
- DeleteAntiFakeUrl
- DeleteSession
- DescribeAntiFakeRules
- DescribeAntiInfoLeakageRules
- DescribeCCRule
- DescribeCCRuleList
- DescribeCustomRuleList
- DescribeCustomWhiteRule
- DescribeDomainVerifyResult
- DescribeModuleStatus
- DescribeObjects
- DescribeRuleLimit
- DescribeSession
- DescribeSpartaProtectionInfo
- DescribeUserLevel
- ModifyAntiFakeUrl
- ModifyAntiInfoLeakRuleStatus
- ModifyAntiInfoLeakRules
- ModifyCustomRule
- ModifyCustomRuleStatus
- ModifyCustomWhiteRule
- ModifyCustomWhiteRuleStatus
- ModifyModuleStatus
- ModifyObject
- ModifyProtectionStatus
- ModifySpartaProtectionMode
- ModifyUserLevel
- ModifyUserSignatureRule
- SwitchElasticMode
- Other APIs
- AddCustomWhiteRule
- DeleteAntiInfoLeakRule
- DeleteCCRule
- DeleteCustomRule
- DeleteCustomWhiteRule
- DescribeDomainCountInfo
- DescribeFindDomainList
- DescribeHost
- DescribeHostLimit
- DescribeHosts
- DescribeInstances
- DescribeUserDomainInfo
- DescribeWebshellStatus
- FreshAntiFakeUrl
- ModifyAntiFakeUrlStatus
- ModifyBotStatus
- ModifyDomainsCLSStatus
- ModifyHostMode
- ModifyHostStatus
- ModifyInstanceElasticMode
- ModifyInstanceName
- ModifyInstanceQpsLimit
- ModifyInstanceRenewFlag
- ModifyWebshellStatus
- UpsertCCRule
- UpsertSession
- GetInstanceQpsLimit
- AddCustomRule
- IP Management APIs
- Integration APIs
- DescribeCertificateVerifyResult
- DeleteHost
- DescribeTlsVersion
- ModifyHost
- ModifyHostFlowMode
- ModifySpartaProtection
- AddSpartaProtection
- DescribePorts
- DescribeUserClbWafRegions
- RefreshAccessCheckResult
- DeleteSpartaProtection
- DescribeCiphersDetail
- DescribeDomainDetailsClb
- DescribeDomainDetailsSaas
- ModifyDomainIpv6Status
- CreateHost
- DescribeVipInfo
- Log Service APIs
- Bot Behavior Management APIs
- Security Overview APIs
- Data Types
- Error Codes
- FAQS
- Service Level Agreement
- WAF Policy
- Contact Us
- Glossary
1. API Description
Domain name for API request: waf.tencentcloudapi.com.
Add SaaS WAF protection domain
A maximum of 20 requests can be initiated per second for this API.
We recommend you to use API Explorer
Try it
API Explorer provides a range of capabilities, including online call, signature authentication, SDK code generation, and API quick search. It enables you to view the request, response, and auto-generated examples.
2. Input Parameters
The following request parameter list only provides API request parameters and some common parameters. For the complete common parameter list, see Common Request Parameters.
| Parameter Name | Required | Type | Description |
|---|---|---|---|
| Action | Yes | String | Common Params. The value used for this API: AddSpartaProtection. |
| Version | Yes | String | Common Params. The value used for this API: 2018-01-25. |
| Region | Yes | String | Common Params. For more information, please see the list of regions supported by the product. This API only supports: ap-guangzhou, ap-seoul. |
| Domain | Yes | String | Domain requiring protection |
| CertType | Yes | Integer | Certificate type 0: no certificate, with only the HTTP listening port configured 1: self-owned certificate 2: managed certificate |
| IsCdn | Yes | Integer | Whether a layer-7 proxy service is deployed before WAF 0: No proxy service deployed 1: Proxy service deployed, and WAF will use XFF to obtain the client IP address 2: Proxy service deployed and WAF will use remote_addr to obtain the client IP address 3: Proxy service deployed, and WAF will use a custom header in ip_headers to obtain the client IP address |
| UpstreamType | Yes | Integer | Upstream type 0: proxy to upstream by IP address 1: proxy to upstream by domain name |
| IsWebsocket | Yes | Integer | Whether to enable websocket 0: disable 1: enable |
| LoadBalance | Yes | String | Load balancing policy for upstream 0: round-robin 1: IP hash 2: weighted round-robin |
| Ports.N | Yes | Array of PortItem | Service port list configuration NginxServerId: fill in '0' in this function Port: listening port number Protocol: port protocol UpstreamPort: same as Port UpstreamProtocol: same as Protocol |
| IsKeepAlive | Yes | String | (Required) Whether to enable persistent connection 0: non-persistent connection 1: persistent connection |
| InstanceID | Yes | String | (Required) Instance ID of the domain name |
| Cert | No | String | When CertType is 1, this parameter is required, indicating the self-owned certificate chain |
| PrivateKey | No | String | When CertType=1, this parameter is required, indicating the private key of the self-owned certificate. |
| SSLId | No | String | When CertType is 2, this parameter must be filled, indicating the certificate ID hosted on Tencent Cloud's SSL platform |
| ResourceId | No | String | To be deprecated, not required. WAF resource ID. |
| IpHeaders.N | No | Array of String | When IsCdn is 3, this parameter is required, indicating a custom header. |
| UpstreamScheme | No | String | Upstream protocol for HTTPS when the service is configured with an HTTPS port http: Use the HTTP protocol for upstream. It is used together with HttpsUpstreamPort. https: Use the HTTPS protocol for upstream. |
| HttpsUpstreamPort | No | String | HTTPS upstream port, required only when UpstreamScheme is http |
| IsGray | No | Integer | To be deprecated, can be left blank. Whether to enable grayscale: 0 indicates not to enable grayscale. |
| GrayAreas.N | No | Array of String | To be deprecated, can be left blank. Grayscale area. |
| HttpsRewrite | No | Integer | (Required) Whether to enable forced redirection from HTTP to HTTPS 0: do not force redirect 1: enable forced redirect |
| UpstreamDomain | No | String | Upstream domain when proxy to upstream by domain. When UpstreamType=1, this field needs to be filled |
| SrcList.N | No | Array of String | Upstream IP list when IP is back to source. When UpstreamType=0, this field is required |
| IsHttp2 | No | Integer | (Required) Whether to enable HTTP2. You should enable HTTPS as well. 0: disable 1: enable |
| Edition | No | String | WAF instance type. This parameter will be deprecated in later versions and is not required in the current version. sparta-waf: SaaS WAF clb-waf: CLB WAF cdn-waf: web protection capability on CDN |
| Anycast | No | Integer | To be deprecated, currently just fill in 0. Anycast IP type switch: 0 Ordinary IP, 1 Anycast IP |
| Weights.N | No | Array of Integer | Weight of each IP in the back-to-source IP List, corresponding to SrcList. Required only when UpstreamType is 0, and SrcList contains multiple IPs, and LoadBalance is 2; otherwise, fill in [ ]. |
| ActiveCheck | No | Integer | (Required) Whether to enable active health check 0: disable 1: enable |
| TLSVersion | No | Integer | TLS version information |
| CipherTemplate | No | Integer | (Required) Cipher suite template 0: default template 1: general template 2: security template 3: custom template |
| Ciphers.N | No | Array of Integer | Custom encryption suite list. When CipherTemplate is 3, this field is required, indicating the custom encryption suite, value obtained through DescribeCiphersDetail API. |
| ProxyReadTimeout | No | Integer | Read timeout between WAF and upstream server, 300s by default. |
| ProxySendTimeout | No | Integer | WAF and upstream server write timeout, 300s by default. |
| SniType | No | Integer | SNI type during WAF sending request to upstream 0: Disable SNI and do not configure server_name in client_hello. 1: Enable SNI. server_name in client_hello is a protected domain name. 2: Enable SNI. SNI is the origin server domain name during the domain name origin-pull. 3: Enable SNI. SNI is a custom domain name. |
| SniHost | No | String | When SniType=3, this parameter is required, indicating a custom SNI; |
| XFFReset | No | Integer | Whether to enable XFF reset 0: disable 1: enable |
| Note | No | String | Domain name remarks |
| UpstreamHost | No | String | Custom upstream host. The default value is an empty string, indicating that protected domain is used as the upstream host. |
| ProxyBuffer | No | Integer | Whether to enable caching. 0: disable; 1: enable. |
| ProbeStatus | No | Integer | 0: disable probe test; 1: enable probe test. The test is enabled by default. |
3. Output Parameters
| Parameter Name | Type | Description |
|---|---|---|
| RequestId | String | The unique request ID, generated by the server, will be returned for every request (if the request fails to reach the server for other reasons, the request will not obtain a RequestId). RequestId is required for locating a problem. |
4. Example
Example1 Adding a Domain Name
This example shows you how to add a domain name.
Input Example
POST / HTTP/1.1
Host: waf.tencentcloudapi.com
Content-Type: application/json
X-TC-Action: AddSpartaProtection
<Common request parameters>
{
"UpstreamScheme": "http",
"IsGray": "1",
"Domain": "lucas0621.qcloudwaf.com",
"LoadBalance": "1",
"HttpsUpstreamPort": "80",
"InstanceID": "lucas",
"UpstreamType": "1",
"UpstreamDomain": "lucas0622.qcloudwaf.com",
"IsWebsocket": "1",
"IsHttp2": "1",
"Edition": "sass",
"CertType": "0",
"Weights": [
"1"
],
"IsKeepAlive": "1",
"ActiveCheck": "1",
"IsCdn": "1",
"TLSVersion": "1",
"Anycast": "1",
"Ports": [
{
"NginxServerId": "0",
"Protocol": "http",
"Port": "80",
"UpstreamPort": "80",
"UpstreamProtocol": "http"
}
],
"HttpsRewrite": "1"
}
Output Example
{
"Response": {
"RequestId": "87c8499e-3748-4bb0-9740-b2683a003975"
}
}
Example2 Adding a Domain Name - 1
This example shows you how to add a domain name - 1.
Input Example
POST / HTTP/1.1
Host: waf.tencentcloudapi.com
Content-Type: application/json
X-TC-Action: AddSpartaProtection
<Common request parameters>
{
"UpstreamScheme": "http",
"IsGray": "1",
"Domain": "lucas0919.qcloudwaf.com",
"LoadBalance": "1",
"HttpsUpstreamPort": "80",
"InstanceID": "lucas",
"UpstreamType": "1",
"UpstreamDomain": "lucas0622.qcloudwaf.com",
"IsWebsocket": "1",
"IsHttp2": "1",
"Edition": "saas",
"CertType": "0",
"Weights": [
"1"
],
"IsKeepAlive": "1",
"ActiveCheck": "1",
"IsCdn": "1",
"TLSVersion": "3",
"Ports": [
{
"NginxServerId": "0",
"Protocol": "http",
"Port": "80",
"UpstreamPort": "80",
"UpstreamProtocol": "http"
}
],
"HttpsRewrite": "1"
}
Output Example
{
"Response": {
"RequestId": "a5e5757a-2b04-4d56-a049-54eb8f053e75"
}
}
Example3 Scene of Adding a Domain Name Repeatedly
This example shows you the scene where a domain name is added repeatedly.
Input Example
POST / HTTP/1.1
Host: waf.tencentcloudapi.com
Content-Type: application/json
X-TC-Action: AddSpartaProtection
<Common request parameters>
{
"Domain": "test.qcloud.com",
"LoadBalance": "0",
"Edition": "clb-waf",
"UpstreamType": "0",
"CertType": "0",
"InstanceID": "waf-9dasfds6gsd",
"IsKeepAlive": "1",
"Ports": [
{
"NginxServerId": "0",
"Protocol": "http",
"Port": "80",
"UpstreamPort": "80",
"UpstreamProtocol": "http"
}
],
"SrcList": [
"1.1.1.1"
],
"IsCdn": "0",
"IsWebsocket": "0",
"IsGray": "0",
"IsHttp2": "0"
}
Output Example
{
"Response": {
"Error": {
"Code": "InternalError",
"Message": "The domain name already exists. Do not add it again."
},
"RequestId": "4f284280-a493-4932-95f4-3d87e7320b3e"
}
}
Example4 Adding a Domain Name Protected by SaaS WAF
This example shows you how to add a domain name protected by SAAS-WAF.
Input Example
POST / HTTP/1.1
Host: waf.tencentcloudapi.com
Content-Type: application/json
X-TC-Action: AddSpartaProtection
<Common request parameters>
{
"Domain": "test1.qcloud.com",
"LoadBalance": "0",
"Edition": "clb-waf",
"UpstreamType": "0",
"CertType": "0",
"InstanceID": "waf-7dasgds2nfsafg",
"IsKeepAlive": "1",
"Ports": [
{
"NginxServerId": "0",
"Protocol": "http",
"Port": "80",
"UpstreamPort": "80",
"UpstreamProtocol": "http"
}
],
"SrcList": [
"1.1.1.1"
],
"IsCdn": "0",
"IsWebsocket": "0",
"IsGray": "0",
"IsHttp2": "0"
}
Output Example
{
"Response": {
"RequestId": "9ee8be5b-6caa-4c39-ab70-890e0e673515"
}
}
5. Developer Resources
SDK
TencentCloud API 3.0 integrates SDKs that support various programming languages to make it easier for you to call APIs.
- Tencent Cloud SDK 3.0 for Python
- Tencent Cloud SDK 3.0 for Java
- Tencent Cloud SDK 3.0 for PHP
- Tencent Cloud SDK 3.0 for Go
- Tencent Cloud SDK 3.0 for Node.js
- Tencent Cloud SDK 3.0 for .NET
- Tencent Cloud SDK 3.0 for C++
Command Line Interface
6. Error Code
The following only lists the error codes related to the API business logic. For other error codes, see Common Error Codes.
| Error Code | Description |
|---|---|
| FailedOperation | Operation failed. |
| FailedOperation.RedisOperationFailed | Failed to operate the Redis database. |
| InternalError | Internal error. |
| InternalError.AsynchronousCallFailed | Asynchronous call failed. |
| InvalidParameter | Parameter error. |
| InvalidParameter.CertificationParameterErr | Certificate information parameter error |
| InvalidParameter.DomainExceedsLimitErr | The number of domain names reached the upper limit. |
| InvalidParameter.DomainNotRecord | The domain name is not registered. |
| InvalidParameter.PortParameterErr | Port information parameter error |
| InvalidParameter.ProtectionDomainParameterErr | Protective domain parameter error |
| InvalidParameter.TLSParameterErr | TLS or encryption suite parameter error |
| InvalidParameter.UnauthorizedOperationParameterErr | Permission overstep parameter error |
| InvalidParameter.UpstreamParameterErr | Origin information parameter error |
| InvalidParameter.XFFResetParameterErr | XFF reset parameter error |
| InvalidParameterValue | Invalid parameter value. |
| LimitExceeded | The quota limit is exceeded. |
| MissingParameter | Parameters are missing |
| ResourceInUse | Resources are occupied. |
| ResourceInUse.EmptyErr | EmptyErr |
| ResourceInsufficient | Insufficient resources. |
| ResourceNotFound | Resources do not exist. |
| ResourceUnavailable | Resources are unavailable. |
| ResourcesSoldOut | Resources are sold out. |
| UnauthorizedOperation | Unauthorized operation. |
| UnknownParameter | Unknown parameter. |
Yes
No
Was this page helpful?