tencent cloud

文档反馈

AddSpartaProtection

最后更新时间:2024-09-25 10:14:09

1. API Description

Domain name for API request: waf.tencentcloudapi.com.

Add SaaS WAF protection domain

A maximum of 20 requests can be initiated per second for this API.

We recommend you to use API Explorer
Try it
API Explorer provides a range of capabilities, including online call, signature authentication, SDK code generation, and API quick search. It enables you to view the request, response, and auto-generated examples.

2. Input Parameters

The following request parameter list only provides API request parameters and some common parameters. For the complete common parameter list, see Common Request Parameters.

Parameter Name Required Type Description
Action Yes String Common Params. The value used for this API: AddSpartaProtection.
Version Yes String Common Params. The value used for this API: 2018-01-25.
Region Yes String Common Params. For more information, please see the list of regions supported by the product. This API only supports: ap-guangzhou, ap-seoul.
Domain Yes String Domain requiring protection
CertType Yes Integer Certificate type
0: no certificate, with only the HTTP listening port configured
1: self-owned certificate
2: managed certificate
IsCdn Yes Integer Whether a layer-7 proxy service is deployed before WAF
0: No proxy service deployed
1: Proxy service deployed, and WAF will use XFF to obtain the client IP address
2: Proxy service deployed and WAF will use remote_addr to obtain the client IP address
3: Proxy service deployed, and WAF will use a custom header in ip_headers to obtain the client IP address
UpstreamType Yes Integer Upstream type
0: proxy to upstream by IP address
1: proxy to upstream by domain name
IsWebsocket Yes Integer Whether to enable websocket
0: disable
1: enable
LoadBalance Yes String Load balancing policy for upstream
0: round-robin
1: IP hash
2: weighted round-robin
Ports.N Yes Array of PortItem Service port list configuration
NginxServerId: fill in '0' in this function
Port: listening port number
Protocol: port protocol
UpstreamPort: same as Port
UpstreamProtocol: same as Protocol
IsKeepAlive Yes String (Required) Whether to enable persistent connection
0: non-persistent connection
1: persistent connection
InstanceID Yes String (Required) Instance ID of the domain name
Cert No String When CertType is 1, this parameter is required, indicating the self-owned certificate chain
PrivateKey No String When CertType=1, this parameter is required, indicating the private key of the self-owned certificate.
SSLId No String When CertType is 2, this parameter must be filled, indicating the certificate ID hosted on Tencent Cloud's SSL platform
ResourceId No String To be deprecated, not required. WAF resource ID.
IpHeaders.N No Array of String When IsCdn is 3, this parameter is required, indicating a custom header.
UpstreamScheme No String Upstream protocol for HTTPS when the service is configured with an HTTPS port
http: Use the HTTP protocol for upstream. It is used together with HttpsUpstreamPort.
https: Use the HTTPS protocol for upstream.
HttpsUpstreamPort No String HTTPS upstream port, required only when UpstreamScheme is http
IsGray No Integer To be deprecated, can be left blank. Whether to enable grayscale: 0 indicates not to enable grayscale.
GrayAreas.N No Array of String To be deprecated, can be left blank. Grayscale area.
HttpsRewrite No Integer (Required) Whether to enable forced redirection from HTTP to HTTPS
0: do not force redirect
1: enable forced redirect
UpstreamDomain No String Upstream domain when proxy to upstream by domain. When UpstreamType=1, this field needs to be filled
SrcList.N No Array of String Upstream IP list when IP is back to source. When UpstreamType=0, this field is required
IsHttp2 No Integer (Required) Whether to enable HTTP2. You should enable HTTPS as well.
0: disable
1: enable
Edition No String WAF instance type. This parameter will be deprecated in later versions and is not required in the current version.
sparta-waf: SaaS WAF
clb-waf: CLB WAF
cdn-waf: web protection capability on CDN
Anycast No Integer To be deprecated, currently just fill in 0. Anycast IP type switch: 0 Ordinary IP, 1 Anycast IP
Weights.N No Array of Integer Weight of each IP in the back-to-source IP List, corresponding to SrcList. Required only when UpstreamType is 0, and SrcList contains multiple IPs, and LoadBalance is 2; otherwise, fill in [ ].
ActiveCheck No Integer (Required) Whether to enable active health check
0: disable
1: enable
TLSVersion No Integer TLS version information
CipherTemplate No Integer (Required) Cipher suite template
0: default template
1: general template
2: security template
3: custom template
Ciphers.N No Array of Integer Custom encryption suite list. When CipherTemplate is 3, this field is required, indicating the custom encryption suite, value obtained through DescribeCiphersDetail API.
ProxyReadTimeout No Integer Read timeout between WAF and upstream server, 300s by default.
ProxySendTimeout No Integer WAF and upstream server write timeout, 300s by default.
SniType No Integer SNI type during WAF sending request to upstream
0: Disable SNI and do not configure server_name in client_hello.
1: Enable SNI. server_name in client_hello is a protected domain name.
2: Enable SNI. SNI is the origin server domain name during the domain name origin-pull.
3: Enable SNI. SNI is a custom domain name.
SniHost No String When SniType=3, this parameter is required, indicating a custom SNI;
XFFReset No Integer Whether to enable XFF reset
0: disable
1: enable
Note No String Domain name remarks
UpstreamHost No String Custom upstream host. The default value is an empty string, indicating that protected domain is used as the upstream host.
ProxyBuffer No Integer Whether to enable caching. 0: disable; 1: enable.
ProbeStatus No Integer 0: disable probe test; 1: enable probe test. The test is enabled by default.

3. Output Parameters

Parameter Name Type Description
RequestId String The unique request ID, generated by the server, will be returned for every request (if the request fails to reach the server for other reasons, the request will not obtain a RequestId). RequestId is required for locating a problem.

4. Example

Example1 Adding a Domain Name

This example shows you how to add a domain name.

Input Example

POST / HTTP/1.1
Host: waf.tencentcloudapi.com
Content-Type: application/json
X-TC-Action: AddSpartaProtection
<Common request parameters>



{
    "UpstreamScheme": "http",
    "IsGray": "1",
    "Domain": "lucas0621.qcloudwaf.com",
    "LoadBalance": "1",
    "HttpsUpstreamPort": "80",
    "InstanceID": "lucas",
    "UpstreamType": "1",
    "UpstreamDomain": "lucas0622.qcloudwaf.com",
    "IsWebsocket": "1",
    "IsHttp2": "1",
    "Edition": "sass",
    "CertType": "0",
    "Weights": [
        "1"
    ],
    "IsKeepAlive": "1",
    "ActiveCheck": "1",
    "IsCdn": "1",
    "TLSVersion": "1",
    "Anycast": "1",
    "Ports": [
        {
            "NginxServerId": "0",
            "Protocol": "http",
            "Port": "80",
            "UpstreamPort": "80",
            "UpstreamProtocol": "http"
        }
    ],
    "HttpsRewrite": "1"
}

Output Example

{
    "Response": {
        "RequestId": "87c8499e-3748-4bb0-9740-b2683a003975"
    }
}

Example2 Adding a Domain Name - 1

This example shows you how to add a domain name - 1.

Input Example

POST / HTTP/1.1
Host: waf.tencentcloudapi.com
Content-Type: application/json
X-TC-Action: AddSpartaProtection
<Common request parameters>



{
    "UpstreamScheme": "http",
    "IsGray": "1",
    "Domain": "lucas0919.qcloudwaf.com",
    "LoadBalance": "1",
    "HttpsUpstreamPort": "80",
    "InstanceID": "lucas",
    "UpstreamType": "1",
    "UpstreamDomain": "lucas0622.qcloudwaf.com",
    "IsWebsocket": "1",
    "IsHttp2": "1",
    "Edition": "saas",
    "CertType": "0",
    "Weights": [
        "1"
    ],
    "IsKeepAlive": "1",
    "ActiveCheck": "1",
    "IsCdn": "1",
    "TLSVersion": "3",
    "Ports": [
        {
            "NginxServerId": "0",
            "Protocol": "http",
            "Port": "80",
            "UpstreamPort": "80",
            "UpstreamProtocol": "http"
        }
    ],
    "HttpsRewrite": "1"
}

Output Example

{
    "Response": {
        "RequestId": "a5e5757a-2b04-4d56-a049-54eb8f053e75"
    }
}

Example3 Scene of Adding a Domain Name Repeatedly

This example shows you the scene where a domain name is added repeatedly.

Input Example

POST / HTTP/1.1
Host: waf.tencentcloudapi.com
Content-Type: application/json
X-TC-Action: AddSpartaProtection
<Common request parameters>



{
    "Domain": "test.qcloud.com",
    "LoadBalance": "0",
    "Edition": "clb-waf",
    "UpstreamType": "0",
    "CertType": "0",
    "InstanceID": "waf-9dasfds6gsd",
    "IsKeepAlive": "1",
    "Ports": [
        {
            "NginxServerId": "0",
            "Protocol": "http",
            "Port": "80",
            "UpstreamPort": "80",
            "UpstreamProtocol": "http"
        }
    ],
    "SrcList": [
        "1.1.1.1"
    ],
    "IsCdn": "0",
    "IsWebsocket": "0",
    "IsGray": "0",
    "IsHttp2": "0"
}

Output Example

{
    "Response": {
        "Error": {
            "Code": "InternalError",
            "Message": "The domain name already exists. Do not add it again."
        },
        "RequestId": "4f284280-a493-4932-95f4-3d87e7320b3e"
    }
}

Example4 Adding a Domain Name Protected by SaaS WAF

This example shows you how to add a domain name protected by SAAS-WAF.

Input Example

POST / HTTP/1.1
Host: waf.tencentcloudapi.com
Content-Type: application/json
X-TC-Action: AddSpartaProtection
<Common request parameters>



{
    "Domain": "test1.qcloud.com",
    "LoadBalance": "0",
    "Edition": "clb-waf",
    "UpstreamType": "0",
    "CertType": "0",
    "InstanceID": "waf-7dasgds2nfsafg",
    "IsKeepAlive": "1",
    "Ports": [
        {
            "NginxServerId": "0",
            "Protocol": "http",
            "Port": "80",
            "UpstreamPort": "80",
            "UpstreamProtocol": "http"
        }
    ],
    "SrcList": [
        "1.1.1.1"
    ],
    "IsCdn": "0",
    "IsWebsocket": "0",
    "IsGray": "0",
    "IsHttp2": "0"
}

Output Example

{
    "Response": {
        "RequestId": "9ee8be5b-6caa-4c39-ab70-890e0e673515"
    }
}

5. Developer Resources

SDK

TencentCloud API 3.0 integrates SDKs that support various programming languages to make it easier for you to call APIs.

Command Line Interface

6. Error Code

The following only lists the error codes related to the API business logic. For other error codes, see Common Error Codes.

Error Code Description
FailedOperation Operation failed.
FailedOperation.RedisOperationFailed Failed to operate the Redis database.
InternalError Internal error.
InternalError.AsynchronousCallFailed Asynchronous call failed.
InvalidParameter Parameter error.
InvalidParameter.CertificationParameterErr Certificate information parameter error
InvalidParameter.DomainExceedsLimitErr The number of domain names reached the upper limit.
InvalidParameter.DomainNotRecord The domain name is not registered.
InvalidParameter.PortParameterErr Port information parameter error
InvalidParameter.ProtectionDomainParameterErr Protective domain parameter error
InvalidParameter.TLSParameterErr TLS or encryption suite parameter error
InvalidParameter.UnauthorizedOperationParameterErr Permission overstep parameter error
InvalidParameter.UpstreamParameterErr Origin information parameter error
InvalidParameter.XFFResetParameterErr XFF reset parameter error
InvalidParameterValue Invalid parameter value.
LimitExceeded The quota limit is exceeded.
MissingParameter Parameters are missing
ResourceInUse Resources are occupied.
ResourceInUse.EmptyErr EmptyErr
ResourceInsufficient Insufficient resources.
ResourceNotFound Resources do not exist.
ResourceUnavailable Resources are unavailable.
ResourcesSoldOut Resources are sold out.
UnauthorizedOperation Unauthorized operation.
UnknownParameter Unknown parameter.