Domain name for API request: waf.intl.tencentcloudapi.com.
Add SaaS WAF protection domain
A maximum of 20 requests can be initiated per second for this API.
The following request parameter list only provides API request parameters and some common parameters. For the complete common parameter list, see Common Request Parameters.
Parameter Name | Required | Type | Description |
---|---|---|---|
Action | Yes | String | Common Params. The value used for this API: AddSpartaProtection. |
Version | Yes | String | Common Params. The value used for this API: 2018-01-25. |
Region | Yes | String | Common Params. For more information, please see the list of regions supported by the product. This API only supports: ap-guangzhou, ap-seoul. |
Domain | Yes | String | Domain requiring protection |
CertType | Yes | Integer | Certificate type 0: no certificate, with only the HTTP listening port configured 1: self-owned certificate 2: managed certificate |
IsCdn | Yes | Integer | Whether a layer-7 proxy service is deployed before WAF 0: No proxy service deployed 1: Proxy service deployed, and WAF will use XFF to obtain the client IP address 2: Proxy service deployed and WAF will use remote_addr to obtain the client IP address 3: Proxy service deployed, and WAF will use a custom header in ip_headers to obtain the client IP address |
UpstreamType | Yes | Integer | Upstream type 0: proxy to upstream by IP address 1: proxy to upstream by domain name |
IsWebsocket | Yes | Integer | Whether to enable websocket 0: disable 1: enable |
LoadBalance | Yes | String | Load balancing policy for upstream 0: round-robin 1: IP hash 2: weighted round-robin |
Ports.N | Yes | Array of PortItem | Service port list configuration NginxServerId: fill in '0' in this function Port: listening port number Protocol: port protocol UpstreamPort: same as Port UpstreamProtocol: same as Protocol |
IsKeepAlive | Yes | String | (Required) Whether to enable persistent connection 0: non-persistent connection 1: persistent connection |
InstanceID | Yes | String | (Required) Instance ID of the domain name |
Cert | No | String | When CertType is 1, this parameter is required, indicating the self-owned certificate chain |
PrivateKey | No | String | When CertType=1, this parameter is required, indicating the private key of the self-owned certificate. |
SSLId | No | String | When CertType is 2, this parameter must be filled, indicating the certificate ID hosted on Tencent Cloud's SSL platform |
ResourceId | No | String | To be deprecated, not required. WAF resource ID. |
IpHeaders.N | No | Array of String | When IsCdn is 3, this parameter is required, indicating a custom header. |
UpstreamScheme | No | String | Upstream protocol for HTTPS when the service is configured with an HTTPS port http: Use the HTTP protocol for upstream. It is used together with HttpsUpstreamPort. https: Use the HTTPS protocol for upstream. |
HttpsUpstreamPort | No | String | HTTPS upstream port, required only when UpstreamScheme is http |
IsGray | No | Integer | To be deprecated, can be left blank. Whether to enable grayscale: 0 indicates not to enable grayscale. |
GrayAreas.N | No | Array of String | To be deprecated, can be left blank. Grayscale area. |
HttpsRewrite | No | Integer | (Required) Whether to enable forced redirection from HTTP to HTTPS 0: do not force redirect 1: enable forced redirect |
UpstreamDomain | No | String | Upstream domain when proxy to upstream by domain. When UpstreamType=1, this field needs to be filled |
SrcList.N | No | Array of String | Upstream IP list when IP is back to source. When UpstreamType=0, this field is required |
IsHttp2 | No | Integer | (Required) Whether to enable HTTP2. You should enable HTTPS as well. 0: disable 1: enable |
Edition | No | String | WAF instance type. This parameter will be deprecated in later versions and is not required in the current version. sparta-waf: SaaS WAF clb-waf: CLB WAF cdn-waf: web protection capability on CDN |
Anycast | No | Integer | To be deprecated, currently just fill in 0. Anycast IP type switch: 0 Ordinary IP, 1 Anycast IP |
Weights.N | No | Array of Integer | Weight of each IP in the back-to-source IP List, corresponding to SrcList. Required only when UpstreamType is 0, and SrcList contains multiple IPs, and LoadBalance is 2; otherwise, fill in [ ]. |
ActiveCheck | No | Integer | (Required) Whether to enable active health check 0: disable 1: enable |
TLSVersion | No | Integer | TLS version information |
CipherTemplate | No | Integer | (Required) Cipher suite template 0: default template 1: general template 2: security template 3: custom template |
Ciphers.N | No | Array of Integer | Custom encryption suite list. When CipherTemplate is 3, this field is required, indicating the custom encryption suite, value obtained through DescribeCiphersDetail API. |
ProxyReadTimeout | No | Integer | Read timeout between WAF and upstream server, 300s by default. |
ProxySendTimeout | No | Integer | WAF and upstream server write timeout, 300s by default. |
SniType | No | Integer | SNI type during WAF sending request to upstream 0: Disable SNI and do not configure server_name in client_hello. 1: Enable SNI. server_name in client_hello is a protected domain name. 2: Enable SNI. SNI is the origin server domain name during the domain name origin-pull. 3: Enable SNI. SNI is a custom domain name. |
SniHost | No | String | When SniType=3, this parameter is required, indicating a custom SNI; |
XFFReset | No | Integer | Whether to enable XFF reset. 0: disable; 1: enable. |
Note | No | String | Domain name remarks |
UpstreamHost | No | String | Custom upstream host. The default value is an empty string, indicating that protected domain is used as the upstream host. |
ProxyBuffer | No | Integer | Whether to enable caching. 0: disable; 1: enable. |
ProbeStatus | No | Integer | Whether to enable the test. 0: disable; 1: enable. The test is enabled by default. |
GmType | No | Integer | Whether to enable SM. 0: do not enable SM; 1: add support for SM based on the existing TLS option; 2: enable SM and support only SM client access. |
GmCertType | No | Integer | SM certificate type. 0: no SM certificate is available; 1: the certificate is a self-owned SM certificate; 2: the certificate is a managed SM certificate. |
GmCert | No | String | When GmCertType is 1, this parameter needs to be set, indicating the certificate chain of the self-owned SM certificate. |
GmPrivateKey | No | String | When GmCertType is 1, this parameter needs to be set, indicating the private key of the self-owned SM certificate. |
GmEncCert | No | String | When GmCertType is 1, this parameter needs to be set, indicating the encryption certificate of the self-owned SM certificate. |
GmEncPrivateKey | No | String | When GmCertType is 1, this parameter needs to be set, indicating the private key of the encryption certificate for the self-owned SM certificate. |
GmSSLId | No | String | When GmCertType is 2, this parameter needs to be set, indicating the ID of the certificate managed by the Tencent Cloud SSL platform. |
Parameter Name | Type | Description |
---|---|---|
RequestId | String | The unique request ID, generated by the server, will be returned for every request (if the request fails to reach the server for other reasons, the request will not obtain a RequestId). RequestId is required for locating a problem. |
添加SaaS型WAF防护域名
POST / HTTP/1.1
Host: waf.intl.tencentcloudapi.com
Content-Type: application/json
X-TC-Action: AddSpartaProtection
<common request parameters>
{
"Ports": [
{
"NginxServerId": "0",
"Port": "80",
"Protocol": "http",
"UpstreamPort": "80",
"UpstreamProtocol": "http"
}
],
"Domain": "randy.qcloudwaf.com",
"SrcList": [
"125.36.35.4"
],
"Weights": [],
"UpstreamType": 0,
"HttpsRewrite": 0,
"CertType": 0,
"IsCdn": 3,
"IsGray": 0,
"IsHttp2": 0,
"IsWebsocket": 0,
"ProxyBuffer": 1,
"ActiveCheck": 0,
"CipherTemplate": 1,
"TLSVersion": 3,
"Ciphers": [],
"IsKeepAlive": "1",
"LoadBalance": "0",
"InstanceID": "waf_2kw60zgy0908e8j3",
"Anycast": 0,
"ProxyReadTimeout": 300,
"ProxySendTimeout": 300,
"SniHost": "randy.sni.com",
"SniType": 0,
"IpHeaders": [
"x-real-ip"
],
"XFFReset": 0,
"UpstreamHost": "randy.upstream.com",
"Note": "randy test domain",
"ProbeStatus": 1
}
{
"Response": {
"RequestId": "9ee8be5b-6caa-4c39-ab70-890e0e673515"
}
}
TencentCloud API 3.0 integrates SDKs that support various programming languages to make it easier for you to call APIs.
The following only lists the error codes related to the API business logic. For other error codes, see Common Error Codes.
Error Code | Description |
---|---|
FailedOperation | Operation failed. |
FailedOperation.RedisOperationFailed | Failed to operate the Redis database. |
InternalError | Internal error. |
InternalError.AsynchronousCallFailed | Asynchronous call failed. |
InvalidParameter | Parameter error. |
InvalidParameter.CertificationParameterErr | Certificate information parameter error |
InvalidParameter.DomainExceedsLimitErr | The number of domain names reached the upper limit. |
InvalidParameter.DomainNotRecord | The domain name is not registered. |
InvalidParameter.PortParameterErr | Port information parameter error |
InvalidParameter.ProtectionDomainParameterErr | Protective domain parameter error |
InvalidParameter.TLSParameterErr | TLS or encryption suite parameter error |
InvalidParameter.UnauthorizedOperationParameterErr | Permission overstep parameter error |
InvalidParameter.UpstreamParameterErr | Origin information parameter error |
InvalidParameter.XFFResetParameterErr | XFF reset parameter error |
InvalidParameterValue | Invalid parameter value. |
LimitExceeded | The quota limit is exceeded. |
MissingParameter | Parameters are missing |
ResourceInUse | Resources are occupied. |
ResourceInUse.EmptyErr | EmptyErr |
ResourceInsufficient | Insufficient resources. |
ResourceNotFound | Resources do not exist. |
ResourceUnavailable | Resources are unavailable. |
ResourcesSoldOut | Resources are sold out. |
UnauthorizedOperation | Unauthorized operation. |
UnknownParameter | Unknown parameter. |
本页内容是否解决了您的问题?