Alibaba Cloud v3.85.0, Sep 9 25

Alibaba Cloud v3.85.0 published on Tuesday, Sep 9, 2025 by Pulumi

alicloud.wafv3.Domain

Explore with Pulumi AI

Alibaba Cloud v3.85.0 published on Tuesday, Sep 9, 2025 by Pulumi

Create Domain Resource

Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

Constructor syntax

new Domain(name: string, args: DomainArgs, opts?: CustomResourceOptions);

@overload
def Domain(resource_name: str,
           args: DomainArgs,
           opts: Optional[ResourceOptions] = None)

@overload
def Domain(resource_name: str,
           opts: Optional[ResourceOptions] = None,
           domain: Optional[str] = None,
           instance_id: Optional[str] = None,
           listen: Optional[DomainListenArgs] = None,
           redirect: Optional[DomainRedirectArgs] = None,
           access_type: Optional[str] = None,
           resource_manager_resource_group_id: Optional[str] = None,
           tags: Optional[Mapping[str, str]] = None)

func NewDomain(ctx *Context, name string, args DomainArgs, opts ...ResourceOption) (*Domain, error)

public Domain(string name, DomainArgs args, CustomResourceOptions? opts = null)

public Domain(String name, DomainArgs args)
public Domain(String name, DomainArgs args, CustomResourceOptions options)

type: alicloud:wafv3:Domain
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.

Parameters

name string: The unique name of the resource.
args DomainArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

resource_name str: The unique name of the resource.
args DomainArgs: The arguments to resource properties.
opts ResourceOptions: Bag of options to control resource's behavior.

ctx Context: Context object for the current deployment.
name string: The unique name of the resource.
args DomainArgs: The arguments to resource properties.
opts ResourceOption: Bag of options to control resource's behavior.

name string: The unique name of the resource.
args DomainArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

name String: The unique name of the resource.
args DomainArgs: The arguments to resource properties.
options CustomResourceOptions: Bag of options to control resource's behavior.

Constructor example

The following reference example uses placeholder values for all input properties.

var exampledomainResourceResourceFromWafv3domain = new AliCloud.Wafv3.Domain("exampledomainResourceResourceFromWafv3domain", new()
{
    DomainName = "string",
    InstanceId = "string",
    Listen = new AliCloud.Wafv3.Inputs.DomainListenArgs
    {
        CertId = "string",
        CipherSuite = 0,
        CustomCiphers = new[]
        {
            "string",
        },
        EnableTlsv3 = false,
        ExclusiveIp = false,
        FocusHttps = false,
        Http2Enabled = false,
        HttpPorts = new[]
        {
            0,
        },
        HttpsPorts = new[]
        {
            0,
        },
        Ipv6Enabled = false,
        ProtectionResource = "string",
        Sm2AccessOnly = false,
        Sm2CertId = "string",
        Sm2Enabled = false,
        TlsVersion = "string",
        XffHeaderMode = 0,
        XffHeaders = new[]
        {
            "string",
        },
    },
    Redirect = new AliCloud.Wafv3.Inputs.DomainRedirectArgs
    {
        Loadbalance = "string",
        KeepaliveTimeout = 0,
        ReadTimeout = 0,
        FocusHttpBackend = false,
        Keepalive = false,
        KeepaliveRequests = 0,
        Backends = new[]
        {
            "string",
        },
        BackupBackends = new[]
        {
            "string",
        },
        ConnectTimeout = 0,
        RequestHeaders = new[]
        {
            new AliCloud.Wafv3.Inputs.DomainRedirectRequestHeaderArgs
            {
                Key = "string",
                Value = "string",
            },
        },
        Retry = false,
        SniEnabled = false,
        SniHost = "string",
        WriteTimeout = 0,
        XffProto = false,
    },
    AccessType = "string",
    ResourceManagerResourceGroupId = "string",
    Tags = 
    {
        { "string", "string" },
    },
});

example, err := wafv3.NewDomain(ctx, "exampledomainResourceResourceFromWafv3domain", &wafv3.DomainArgs{
	Domain:     pulumi.String("string"),
	InstanceId: pulumi.String("string"),
	Listen: &wafv3.DomainListenArgs{
		CertId:      pulumi.String("string"),
		CipherSuite: pulumi.Int(0),
		CustomCiphers: pulumi.StringArray{
			pulumi.String("string"),
		},
		EnableTlsv3:  pulumi.Bool(false),
		ExclusiveIp:  pulumi.Bool(false),
		FocusHttps:   pulumi.Bool(false),
		Http2Enabled: pulumi.Bool(false),
		HttpPorts: pulumi.IntArray{
			pulumi.Int(0),
		},
		HttpsPorts: pulumi.IntArray{
			pulumi.Int(0),
		},
		Ipv6Enabled:        pulumi.Bool(false),
		ProtectionResource: pulumi.String("string"),
		Sm2AccessOnly:      pulumi.Bool(false),
		Sm2CertId:          pulumi.String("string"),
		Sm2Enabled:         pulumi.Bool(false),
		TlsVersion:         pulumi.String("string"),
		XffHeaderMode:      pulumi.Int(0),
		XffHeaders: pulumi.StringArray{
			pulumi.String("string"),
		},
	},
	Redirect: &wafv3.DomainRedirectArgs{
		Loadbalance:       pulumi.String("string"),
		KeepaliveTimeout:  pulumi.Int(0),
		ReadTimeout:       pulumi.Int(0),
		FocusHttpBackend:  pulumi.Bool(false),
		Keepalive:         pulumi.Bool(false),
		KeepaliveRequests: pulumi.Int(0),
		Backends: pulumi.StringArray{
			pulumi.String("string"),
		},
		BackupBackends: pulumi.StringArray{
			pulumi.String("string"),
		},
		ConnectTimeout: pulumi.Int(0),
		RequestHeaders: wafv3.DomainRedirectRequestHeaderArray{
			&wafv3.DomainRedirectRequestHeaderArgs{
				Key:   pulumi.String("string"),
				Value: pulumi.String("string"),
			},
		},
		Retry:        pulumi.Bool(false),
		SniEnabled:   pulumi.Bool(false),
		SniHost:      pulumi.String("string"),
		WriteTimeout: pulumi.Int(0),
		XffProto:     pulumi.Bool(false),
	},
	AccessType:                     pulumi.String("string"),
	ResourceManagerResourceGroupId: pulumi.String("string"),
	Tags: pulumi.StringMap{
		"string": pulumi.String("string"),
	},
})

var exampledomainResourceResourceFromWafv3domain = new com.pulumi.alicloud.wafv3.Domain("exampledomainResourceResourceFromWafv3domain", com.pulumi.alicloud.wafv3.DomainArgs.builder()
    .domain("string")
    .instanceId("string")
    .listen(DomainListenArgs.builder()
        .certId("string")
        .cipherSuite(0)
        .customCiphers("string")
        .enableTlsv3(false)
        .exclusiveIp(false)
        .focusHttps(false)
        .http2Enabled(false)
        .httpPorts(0)
        .httpsPorts(0)
        .ipv6Enabled(false)
        .protectionResource("string")
        .sm2AccessOnly(false)
        .sm2CertId("string")
        .sm2Enabled(false)
        .tlsVersion("string")
        .xffHeaderMode(0)
        .xffHeaders("string")
        .build())
    .redirect(DomainRedirectArgs.builder()
        .loadbalance("string")
        .keepaliveTimeout(0)
        .readTimeout(0)
        .focusHttpBackend(false)
        .keepalive(false)
        .keepaliveRequests(0)
        .backends("string")
        .backupBackends("string")
        .connectTimeout(0)
        .requestHeaders(DomainRedirectRequestHeaderArgs.builder()
            .key("string")
            .value("string")
            .build())
        .retry(false)
        .sniEnabled(false)
        .sniHost("string")
        .writeTimeout(0)
        .xffProto(false)
        .build())
    .accessType("string")
    .resourceManagerResourceGroupId("string")
    .tags(Map.of("string", "string"))
    .build());

exampledomain_resource_resource_from_wafv3domain = alicloud.wafv3.Domain("exampledomainResourceResourceFromWafv3domain",
    domain="string",
    instance_id="string",
    listen={
        "cert_id": "string",
        "cipher_suite": 0,
        "custom_ciphers": ["string"],
        "enable_tlsv3": False,
        "exclusive_ip": False,
        "focus_https": False,
        "http2_enabled": False,
        "http_ports": [0],
        "https_ports": [0],
        "ipv6_enabled": False,
        "protection_resource": "string",
        "sm2_access_only": False,
        "sm2_cert_id": "string",
        "sm2_enabled": False,
        "tls_version": "string",
        "xff_header_mode": 0,
        "xff_headers": ["string"],
    },
    redirect={
        "loadbalance": "string",
        "keepalive_timeout": 0,
        "read_timeout": 0,
        "focus_http_backend": False,
        "keepalive": False,
        "keepalive_requests": 0,
        "backends": ["string"],
        "backup_backends": ["string"],
        "connect_timeout": 0,
        "request_headers": [{
            "key": "string",
            "value": "string",
        }],
        "retry": False,
        "sni_enabled": False,
        "sni_host": "string",
        "write_timeout": 0,
        "xff_proto": False,
    },
    access_type="string",
    resource_manager_resource_group_id="string",
    tags={
        "string": "string",
    })

const exampledomainResourceResourceFromWafv3domain = new alicloud.wafv3.Domain("exampledomainResourceResourceFromWafv3domain", {
    domain: "string",
    instanceId: "string",
    listen: {
        certId: "string",
        cipherSuite: 0,
        customCiphers: ["string"],
        enableTlsv3: false,
        exclusiveIp: false,
        focusHttps: false,
        http2Enabled: false,
        httpPorts: [0],
        httpsPorts: [0],
        ipv6Enabled: false,
        protectionResource: "string",
        sm2AccessOnly: false,
        sm2CertId: "string",
        sm2Enabled: false,
        tlsVersion: "string",
        xffHeaderMode: 0,
        xffHeaders: ["string"],
    },
    redirect: {
        loadbalance: "string",
        keepaliveTimeout: 0,
        readTimeout: 0,
        focusHttpBackend: false,
        keepalive: false,
        keepaliveRequests: 0,
        backends: ["string"],
        backupBackends: ["string"],
        connectTimeout: 0,
        requestHeaders: [{
            key: "string",
            value: "string",
        }],
        retry: false,
        sniEnabled: false,
        sniHost: "string",
        writeTimeout: 0,
        xffProto: false,
    },
    accessType: "string",
    resourceManagerResourceGroupId: "string",
    tags: {
        string: "string",
    },
});

type: alicloud:wafv3:Domain
properties:
    accessType: string
    domain: string
    instanceId: string
    listen:
        certId: string
        cipherSuite: 0
        customCiphers:
            - string
        enableTlsv3: false
        exclusiveIp: false
        focusHttps: false
        http2Enabled: false
        httpPorts:
            - 0
        httpsPorts:
            - 0
        ipv6Enabled: false
        protectionResource: string
        sm2AccessOnly: false
        sm2CertId: string
        sm2Enabled: false
        tlsVersion: string
        xffHeaderMode: 0
        xffHeaders:
            - string
    redirect:
        backends:
            - string
        backupBackends:
            - string
        connectTimeout: 0
        focusHttpBackend: false
        keepalive: false
        keepaliveRequests: 0
        keepaliveTimeout: 0
        loadbalance: string
        readTimeout: 0
        requestHeaders:
            - key: string
              value: string
        retry: false
        sniEnabled: false
        sniHost: string
        writeTimeout: 0
        xffProto: false
    resourceManagerResourceGroupId: string
    tags:
        string: string

Domain Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

Inputs

In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.

The Domain resource accepts the following input properties:

DomainName string: The name of the domain name to query.
InstanceId string: The ID of the Web Application Firewall (WAF) instance.
Listen Pulumi.AliCloud.Wafv3.Inputs.DomainListen: Configure listening information. See listen below.
Redirect Pulumi.AliCloud.Wafv3.Inputs.DomainRedirect: Configure forwarding information. See redirect below.
AccessType string: The mode in which the domain name is added to WAF. Valid values: share: CNAME record mode. This is the default value.
ResourceManagerResourceGroupId string: The ID of the Alibaba Cloud resource group.
Tags Dictionary<string, string>: The tags. You can specify up to 20 tags.

Domain string: The name of the domain name to query.
InstanceId string: The ID of the Web Application Firewall (WAF) instance.
Listen DomainListenArgs: Configure listening information. See listen below.
Redirect DomainRedirectArgs: Configure forwarding information. See redirect below.
AccessType string: The mode in which the domain name is added to WAF. Valid values: share: CNAME record mode. This is the default value.
ResourceManagerResourceGroupId string: The ID of the Alibaba Cloud resource group.
Tags map[string]string: The tags. You can specify up to 20 tags.

domain String: The name of the domain name to query.
instanceId String: The ID of the Web Application Firewall (WAF) instance.
listen DomainListen: Configure listening information. See listen below.
redirect DomainRedirect: Configure forwarding information. See redirect below.
accessType String: The mode in which the domain name is added to WAF. Valid values: share: CNAME record mode. This is the default value.
resourceManagerResourceGroupId String: The ID of the Alibaba Cloud resource group.
tags Map<String,String>: The tags. You can specify up to 20 tags.

domain string: The name of the domain name to query.
instanceId string: The ID of the Web Application Firewall (WAF) instance.
listen DomainListen: Configure listening information. See listen below.
redirect DomainRedirect: Configure forwarding information. See redirect below.
accessType string: The mode in which the domain name is added to WAF. Valid values: share: CNAME record mode. This is the default value.
resourceManagerResourceGroupId string: The ID of the Alibaba Cloud resource group.
tags {[key: string]: string}: The tags. You can specify up to 20 tags.

domain str: The name of the domain name to query.
instance_id str: The ID of the Web Application Firewall (WAF) instance.
listen DomainListenArgs: Configure listening information. See listen below.
redirect DomainRedirectArgs: Configure forwarding information. See redirect below.
access_type str: The mode in which the domain name is added to WAF. Valid values: share: CNAME record mode. This is the default value.
resource_manager_resource_group_id str: The ID of the Alibaba Cloud resource group.
tags Mapping[str, str]: The tags. You can specify up to 20 tags.

domain String: The name of the domain name to query.
instanceId String: The ID of the Web Application Firewall (WAF) instance.
listen Property Map: Configure listening information. See listen below.
redirect Property Map: Configure forwarding information. See redirect below.
accessType String: The mode in which the domain name is added to WAF. Valid values: share: CNAME record mode. This is the default value.
resourceManagerResourceGroupId String: The ID of the Alibaba Cloud resource group.
tags Map<String>: The tags. You can specify up to 20 tags.

Outputs

All input properties are implicitly available as output properties. Additionally, the Domain resource produces the following output properties:

DomainId string: The domain ID.
Id string: The provider-assigned unique ID for this managed resource.
Status int: The status of the domain name.

DomainId string: The domain ID.
Id string: The provider-assigned unique ID for this managed resource.
Status int: The status of the domain name.

domainId String: The domain ID.
id String: The provider-assigned unique ID for this managed resource.
status Integer: The status of the domain name.

domainId string: The domain ID.
id string: The provider-assigned unique ID for this managed resource.
status number: The status of the domain name.

domain_id str: The domain ID.
id str: The provider-assigned unique ID for this managed resource.
status int: The status of the domain name.

domainId String: The domain ID.
id String: The provider-assigned unique ID for this managed resource.
status Number: The status of the domain name.

Look up Existing Domain Resource

Get an existing Domain resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

public static get(name: string, id: Input<ID>, state?: DomainState, opts?: CustomResourceOptions): Domain

@staticmethod
def get(resource_name: str,
        id: str,
        opts: Optional[ResourceOptions] = None,
        access_type: Optional[str] = None,
        domain: Optional[str] = None,
        domain_id: Optional[str] = None,
        instance_id: Optional[str] = None,
        listen: Optional[DomainListenArgs] = None,
        redirect: Optional[DomainRedirectArgs] = None,
        resource_manager_resource_group_id: Optional[str] = None,
        status: Optional[int] = None,
        tags: Optional[Mapping[str, str]] = None) -> Domain

func GetDomain(ctx *Context, name string, id IDInput, state *DomainState, opts ...ResourceOption) (*Domain, error)

public static Domain Get(string name, Input<string> id, DomainState? state, CustomResourceOptions? opts = null)

public static Domain get(String name, Output<String> id, DomainState state, CustomResourceOptions options)

resources:  _:    type: alicloud:wafv3:Domain    get:      id: ${id}

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

resource_name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

The following state arguments are supported:

AccessType string: The mode in which the domain name is added to WAF. Valid values: share: CNAME record mode. This is the default value.
DomainId string: The domain ID.
DomainName string: The name of the domain name to query.
InstanceId string: The ID of the Web Application Firewall (WAF) instance.
Listen Pulumi.AliCloud.Wafv3.Inputs.DomainListen: Configure listening information. See listen below.
Redirect Pulumi.AliCloud.Wafv3.Inputs.DomainRedirect: Configure forwarding information. See redirect below.
ResourceManagerResourceGroupId string: The ID of the Alibaba Cloud resource group.
Status int: The status of the domain name.
Tags Dictionary<string, string>: The tags. You can specify up to 20 tags.

AccessType string: The mode in which the domain name is added to WAF. Valid values: share: CNAME record mode. This is the default value.
Domain string: The name of the domain name to query.
DomainId string: The domain ID.
InstanceId string: The ID of the Web Application Firewall (WAF) instance.
Listen DomainListenArgs: Configure listening information. See listen below.
Redirect DomainRedirectArgs: Configure forwarding information. See redirect below.
ResourceManagerResourceGroupId string: The ID of the Alibaba Cloud resource group.
Status int: The status of the domain name.
Tags map[string]string: The tags. You can specify up to 20 tags.

accessType String: The mode in which the domain name is added to WAF. Valid values: share: CNAME record mode. This is the default value.
domain String: The name of the domain name to query.
domainId String: The domain ID.
instanceId String: The ID of the Web Application Firewall (WAF) instance.
listen DomainListen: Configure listening information. See listen below.
redirect DomainRedirect: Configure forwarding information. See redirect below.
resourceManagerResourceGroupId String: The ID of the Alibaba Cloud resource group.
status Integer: The status of the domain name.
tags Map<String,String>: The tags. You can specify up to 20 tags.

accessType string: The mode in which the domain name is added to WAF. Valid values: share: CNAME record mode. This is the default value.
domain string: The name of the domain name to query.
domainId string: The domain ID.
instanceId string: The ID of the Web Application Firewall (WAF) instance.
listen DomainListen: Configure listening information. See listen below.
redirect DomainRedirect: Configure forwarding information. See redirect below.
resourceManagerResourceGroupId string: The ID of the Alibaba Cloud resource group.
status number: The status of the domain name.
tags {[key: string]: string}: The tags. You can specify up to 20 tags.

access_type str: The mode in which the domain name is added to WAF. Valid values: share: CNAME record mode. This is the default value.
domain str: The name of the domain name to query.
domain_id str: The domain ID.
instance_id str: The ID of the Web Application Firewall (WAF) instance.
listen DomainListenArgs: Configure listening information. See listen below.
redirect DomainRedirectArgs: Configure forwarding information. See redirect below.
resource_manager_resource_group_id str: The ID of the Alibaba Cloud resource group.
status int: The status of the domain name.
tags Mapping[str, str]: The tags. You can specify up to 20 tags.

accessType String: The mode in which the domain name is added to WAF. Valid values: share: CNAME record mode. This is the default value.
domain String: The name of the domain name to query.
domainId String: The domain ID.
instanceId String: The ID of the Web Application Firewall (WAF) instance.
listen Property Map: Configure listening information. See listen below.
redirect Property Map: Configure forwarding information. See redirect below.
resourceManagerResourceGroupId String: The ID of the Alibaba Cloud resource group.
status Number: The status of the domain name.
tags Map<String>: The tags. You can specify up to 20 tags.

Supporting Types

DomainListen, DomainListenArgs

CertId string

The ID of the certificate to be added. This parameter is used only if the value of HttpsPorts is not empty (indicating that the domain name uses the HTTPS protocol).

CipherSuite int

The type of the cipher suites that you want to add. This parameter is available only if you specify HttpsPorts. Valid values:

CustomCiphers List<string>

The specific custom encryption suite to add.

EnableTlsv3 bool

Whether TSL1.3 version is supported. This parameter is used only if the value of HttpsPorts is not empty (indicating that the domain name uses the HTTPS protocol). Value:

ExclusiveIp bool

Specifies whether to enable the exclusive IP address feature. This parameter is available only if you set IPv6Enabled to false and ProtectionResource to share. Valid values:

FocusHttps bool

Specifies whether to enable force redirect from HTTP to HTTPS for received requests. This parameter is available only if you specify HttpsPorts and leave HttpPorts empty. Valid values:

Http2Enabled bool

Specifies whether to enable HTTP/2. This parameter is available only if you specify HttpsPorts. Valid values:

HttpPorts List<int>

The HTTP listener ports. Specify the value in the [port1,port2,...] format.

HttpsPorts List<int>

The HTTPS listener ports. Specify the value in the [port1,port2,...] format.

Ipv6Enabled bool

Specifies whether to enable IPv6 protection. Valid values:

ProtectionResource string

The type of the protection resource. Valid values:

Sm2AccessOnly bool

Specifies whether to allow access only from SM certificate-based clients. This parameter is available only if you set SM2Enabled to true.

true
false

Sm2CertId string

The ID of the SM certificate that you want to add. This parameter is available only if you set SM2Enabled to true.

Sm2Enabled bool

Specifies whether to add an SM certificate.

TlsVersion string

The version of TLS to add. This parameter is used only if the value of HttpsPorts is not empty (indicating that the domain name uses the HTTPS protocol). Value:

XffHeaderMode int

The method that is used to obtain the originating IP address of a client. Valid values:

XffHeaders List<string>

The custom header fields that are used to obtain the originating IP address of a client. Specify the value in the ["header1","header2",...] format.

NOTE: This parameter is required only if you set XffHeaderMode to 2.

CertId string

The ID of the certificate to be added. This parameter is used only if the value of HttpsPorts is not empty (indicating that the domain name uses the HTTPS protocol).

CipherSuite int

The type of the cipher suites that you want to add. This parameter is available only if you specify HttpsPorts. Valid values:

CustomCiphers []string

The specific custom encryption suite to add.

EnableTlsv3 bool

Whether TSL1.3 version is supported. This parameter is used only if the value of HttpsPorts is not empty (indicating that the domain name uses the HTTPS protocol). Value:

ExclusiveIp bool

Specifies whether to enable the exclusive IP address feature. This parameter is available only if you set IPv6Enabled to false and ProtectionResource to share. Valid values:

FocusHttps bool

Specifies whether to enable force redirect from HTTP to HTTPS for received requests. This parameter is available only if you specify HttpsPorts and leave HttpPorts empty. Valid values:

Http2Enabled bool

Specifies whether to enable HTTP/2. This parameter is available only if you specify HttpsPorts. Valid values:

HttpPorts []int

The HTTP listener ports. Specify the value in the [port1,port2,...] format.

HttpsPorts []int

The HTTPS listener ports. Specify the value in the [port1,port2,...] format.

Ipv6Enabled bool

Specifies whether to enable IPv6 protection. Valid values:

ProtectionResource string

The type of the protection resource. Valid values:

Sm2AccessOnly bool

Specifies whether to allow access only from SM certificate-based clients. This parameter is available only if you set SM2Enabled to true.

true
false

Sm2CertId string

The ID of the SM certificate that you want to add. This parameter is available only if you set SM2Enabled to true.

Sm2Enabled bool

Specifies whether to add an SM certificate.

TlsVersion string

The version of TLS to add. This parameter is used only if the value of HttpsPorts is not empty (indicating that the domain name uses the HTTPS protocol). Value:

XffHeaderMode int

The method that is used to obtain the originating IP address of a client. Valid values:

XffHeaders []string

The custom header fields that are used to obtain the originating IP address of a client. Specify the value in the ["header1","header2",...] format.

NOTE: This parameter is required only if you set XffHeaderMode to 2.

certId String

The ID of the certificate to be added. This parameter is used only if the value of HttpsPorts is not empty (indicating that the domain name uses the HTTPS protocol).

cipherSuite Integer

The type of the cipher suites that you want to add. This parameter is available only if you specify HttpsPorts. Valid values:

customCiphers List<String>

The specific custom encryption suite to add.

enableTlsv3 Boolean

Whether TSL1.3 version is supported. This parameter is used only if the value of HttpsPorts is not empty (indicating that the domain name uses the HTTPS protocol). Value:

exclusiveIp Boolean

Specifies whether to enable the exclusive IP address feature. This parameter is available only if you set IPv6Enabled to false and ProtectionResource to share. Valid values:

focusHttps Boolean

Specifies whether to enable force redirect from HTTP to HTTPS for received requests. This parameter is available only if you specify HttpsPorts and leave HttpPorts empty. Valid values:

http2Enabled Boolean

Specifies whether to enable HTTP/2. This parameter is available only if you specify HttpsPorts. Valid values:

httpPorts List<Integer>

The HTTP listener ports. Specify the value in the [port1,port2,...] format.

httpsPorts List<Integer>

The HTTPS listener ports. Specify the value in the [port1,port2,...] format.

ipv6Enabled Boolean

Specifies whether to enable IPv6 protection. Valid values:

protectionResource String

The type of the protection resource. Valid values:

sm2AccessOnly Boolean

Specifies whether to allow access only from SM certificate-based clients. This parameter is available only if you set SM2Enabled to true.

true
false

sm2CertId String

The ID of the SM certificate that you want to add. This parameter is available only if you set SM2Enabled to true.

sm2Enabled Boolean

Specifies whether to add an SM certificate.

tlsVersion String

The version of TLS to add. This parameter is used only if the value of HttpsPorts is not empty (indicating that the domain name uses the HTTPS protocol). Value:

xffHeaderMode Integer

The method that is used to obtain the originating IP address of a client. Valid values:

xffHeaders List<String>

The custom header fields that are used to obtain the originating IP address of a client. Specify the value in the ["header1","header2",...] format.

NOTE: This parameter is required only if you set XffHeaderMode to 2.

certId string

The ID of the certificate to be added. This parameter is used only if the value of HttpsPorts is not empty (indicating that the domain name uses the HTTPS protocol).

cipherSuite number

The type of the cipher suites that you want to add. This parameter is available only if you specify HttpsPorts. Valid values:

customCiphers string[]

The specific custom encryption suite to add.

enableTlsv3 boolean

Whether TSL1.3 version is supported. This parameter is used only if the value of HttpsPorts is not empty (indicating that the domain name uses the HTTPS protocol). Value:

exclusiveIp boolean

Specifies whether to enable the exclusive IP address feature. This parameter is available only if you set IPv6Enabled to false and ProtectionResource to share. Valid values:

focusHttps boolean

Specifies whether to enable force redirect from HTTP to HTTPS for received requests. This parameter is available only if you specify HttpsPorts and leave HttpPorts empty. Valid values:

http2Enabled boolean

Specifies whether to enable HTTP/2. This parameter is available only if you specify HttpsPorts. Valid values:

httpPorts number[]

The HTTP listener ports. Specify the value in the [port1,port2,...] format.

httpsPorts number[]

The HTTPS listener ports. Specify the value in the [port1,port2,...] format.

ipv6Enabled boolean

Specifies whether to enable IPv6 protection. Valid values:

protectionResource string

The type of the protection resource. Valid values:

sm2AccessOnly boolean

Specifies whether to allow access only from SM certificate-based clients. This parameter is available only if you set SM2Enabled to true.

true
false

sm2CertId string

The ID of the SM certificate that you want to add. This parameter is available only if you set SM2Enabled to true.

sm2Enabled boolean

Specifies whether to add an SM certificate.

tlsVersion string

The version of TLS to add. This parameter is used only if the value of HttpsPorts is not empty (indicating that the domain name uses the HTTPS protocol). Value:

xffHeaderMode number

The method that is used to obtain the originating IP address of a client. Valid values:

xffHeaders string[]

The custom header fields that are used to obtain the originating IP address of a client. Specify the value in the ["header1","header2",...] format.

NOTE: This parameter is required only if you set XffHeaderMode to 2.

cert_id str

The ID of the certificate to be added. This parameter is used only if the value of HttpsPorts is not empty (indicating that the domain name uses the HTTPS protocol).

cipher_suite int

The type of the cipher suites that you want to add. This parameter is available only if you specify HttpsPorts. Valid values:

custom_ciphers Sequence[str]

The specific custom encryption suite to add.

enable_tlsv3 bool

Whether TSL1.3 version is supported. This parameter is used only if the value of HttpsPorts is not empty (indicating that the domain name uses the HTTPS protocol). Value:

exclusive_ip bool

Specifies whether to enable the exclusive IP address feature. This parameter is available only if you set IPv6Enabled to false and ProtectionResource to share. Valid values:

focus_https bool

Specifies whether to enable force redirect from HTTP to HTTPS for received requests. This parameter is available only if you specify HttpsPorts and leave HttpPorts empty. Valid values:

http2_enabled bool

Specifies whether to enable HTTP/2. This parameter is available only if you specify HttpsPorts. Valid values:

http_ports Sequence[int]

The HTTP listener ports. Specify the value in the [port1,port2,...] format.

https_ports Sequence[int]

The HTTPS listener ports. Specify the value in the [port1,port2,...] format.

ipv6_enabled bool

Specifies whether to enable IPv6 protection. Valid values:

protection_resource str

The type of the protection resource. Valid values:

sm2_access_only bool

Specifies whether to allow access only from SM certificate-based clients. This parameter is available only if you set SM2Enabled to true.

true
false

sm2_cert_id str

The ID of the SM certificate that you want to add. This parameter is available only if you set SM2Enabled to true.

sm2_enabled bool

Specifies whether to add an SM certificate.

tls_version str

The version of TLS to add. This parameter is used only if the value of HttpsPorts is not empty (indicating that the domain name uses the HTTPS protocol). Value:

xff_header_mode int

The method that is used to obtain the originating IP address of a client. Valid values:

xff_headers Sequence[str]

The custom header fields that are used to obtain the originating IP address of a client. Specify the value in the ["header1","header2",...] format.

NOTE: This parameter is required only if you set XffHeaderMode to 2.

certId String

The ID of the certificate to be added. This parameter is used only if the value of HttpsPorts is not empty (indicating that the domain name uses the HTTPS protocol).

cipherSuite Number

The type of the cipher suites that you want to add. This parameter is available only if you specify HttpsPorts. Valid values:

customCiphers List<String>

The specific custom encryption suite to add.

enableTlsv3 Boolean

Whether TSL1.3 version is supported. This parameter is used only if the value of HttpsPorts is not empty (indicating that the domain name uses the HTTPS protocol). Value:

exclusiveIp Boolean

Specifies whether to enable the exclusive IP address feature. This parameter is available only if you set IPv6Enabled to false and ProtectionResource to share. Valid values:

focusHttps Boolean

Specifies whether to enable force redirect from HTTP to HTTPS for received requests. This parameter is available only if you specify HttpsPorts and leave HttpPorts empty. Valid values:

http2Enabled Boolean

Specifies whether to enable HTTP/2. This parameter is available only if you specify HttpsPorts. Valid values:

httpPorts List<Number>

The HTTP listener ports. Specify the value in the [port1,port2,...] format.

httpsPorts List<Number>

The HTTPS listener ports. Specify the value in the [port1,port2,...] format.

ipv6Enabled Boolean

Specifies whether to enable IPv6 protection. Valid values:

protectionResource String

The type of the protection resource. Valid values:

sm2AccessOnly Boolean

Specifies whether to allow access only from SM certificate-based clients. This parameter is available only if you set SM2Enabled to true.

true
false

sm2CertId String

The ID of the SM certificate that you want to add. This parameter is available only if you set SM2Enabled to true.

sm2Enabled Boolean

Specifies whether to add an SM certificate.

tlsVersion String

The version of TLS to add. This parameter is used only if the value of HttpsPorts is not empty (indicating that the domain name uses the HTTPS protocol). Value:

xffHeaderMode Number

The method that is used to obtain the originating IP address of a client. Valid values:

xffHeaders List<String>

The custom header fields that are used to obtain the originating IP address of a client. Specify the value in the ["header1","header2",...] format.

NOTE: This parameter is required only if you set XffHeaderMode to 2.

DomainRedirect, DomainRedirectArgs

Loadbalance string

The load balancing algorithm that you want to use to forward requests to the origin server. Valid values:

Backends List<string>

The IP addresses or domain names of the origin server. You cannot specify both IP addresses and domain names. If you specify domain names, the domain names can be resolved only to IPv4 addresses.

If you specify IP addresses, specify the value in the ["ip1","ip2",...] format. You can enter up to 20 IP addresses.
If you specify domain names, specify the value in the ["domain"] format. You can enter up to 20 domain names.

BackupBackends List<string>

The secondary IP address or domain name of the origin server.

ConnectTimeout int

Connection timeout duration. Unit: seconds. Value range: 1~3600. Default value: 5.

FocusHttpBackend bool

Specifies whether to enable force redirect from HTTPS to HTTP for back-to-origin requests. This parameter is available only if you specify HttpsPorts. Valid values:

Keepalive bool

Specifies whether to enable the persistent connection feature. Valid values:

KeepaliveRequests int

The number of reused persistent connections. Valid values: 60 to 1000. Default value: 1000

NOTE: This parameter specifies the number of persistent connections that can be reused after you enable the persistent connection feature.

KeepaliveTimeout int

Idle long connection timeout, value range: 1~60, default 15, unit: seconds.

NOTE: How long the multiplexed long connection is idle and then released.

ReadTimeout int

The timeout period of write connections. Unit: seconds. Valid values: 1 to 3600. Default value: 120.

RequestHeaders List<Pulumi.AliCloud.Wafv3.Inputs.DomainRedirectRequestHeader>

The traffic marking field and value of the domain name, which is used to mark the traffic processed by WAF. By specifying custom request header fields and corresponding values, when the access traffic of the domain name passes through WAF, WAF automatically adds the set custom field value to the request header as a traffic mark, which facilitates the statistics of back-end services. See request_headers below.

Retry bool

Specifies whether WAF retries if WAF fails to forward requests to the origin server. Valid values:

SniEnabled bool

Specifies whether to enable the Server Name Indication (SNI) feature for back-to-origin requests. This parameter is available only if you specify HttpsPorts. Valid values:

SniHost string

The custom value of the SNI field. If you do not specify this parameter, the value of the Host header field is automatically used. In most cases, you do not need to specify a custom value for the SNI field. However, if you want WAF to use an SNI field whose value is different from the value of the Host header field in back-to-origin requests, you can specify a custom value for the SNI field.

NOTE: This parameter is required only if you set SniEnabled to true.

WriteTimeout int

The timeout period of write connections. Unit: seconds. Valid values: 1 to 3600. Default value: 120.

XffProto bool

Specifies whether to use the X-Forward-For-Proto header field to pass the protocol used by WAF to forward requests to the origin server. Valid values:

Loadbalance string

The load balancing algorithm that you want to use to forward requests to the origin server. Valid values:

Backends []string

The IP addresses or domain names of the origin server. You cannot specify both IP addresses and domain names. If you specify domain names, the domain names can be resolved only to IPv4 addresses.

If you specify IP addresses, specify the value in the ["ip1","ip2",...] format. You can enter up to 20 IP addresses.
If you specify domain names, specify the value in the ["domain"] format. You can enter up to 20 domain names.

BackupBackends []string

The secondary IP address or domain name of the origin server.

ConnectTimeout int

Connection timeout duration. Unit: seconds. Value range: 1~3600. Default value: 5.

FocusHttpBackend bool

Specifies whether to enable force redirect from HTTPS to HTTP for back-to-origin requests. This parameter is available only if you specify HttpsPorts. Valid values:

Keepalive bool

Specifies whether to enable the persistent connection feature. Valid values:

KeepaliveRequests int

The number of reused persistent connections. Valid values: 60 to 1000. Default value: 1000

NOTE: This parameter specifies the number of persistent connections that can be reused after you enable the persistent connection feature.

KeepaliveTimeout int

Idle long connection timeout, value range: 1~60, default 15, unit: seconds.

NOTE: How long the multiplexed long connection is idle and then released.

ReadTimeout int

The timeout period of write connections. Unit: seconds. Valid values: 1 to 3600. Default value: 120.

RequestHeaders []DomainRedirectRequestHeader

Retry bool

Specifies whether WAF retries if WAF fails to forward requests to the origin server. Valid values:

SniEnabled bool

Specifies whether to enable the Server Name Indication (SNI) feature for back-to-origin requests. This parameter is available only if you specify HttpsPorts. Valid values:

SniHost string

NOTE: This parameter is required only if you set SniEnabled to true.

WriteTimeout int

The timeout period of write connections. Unit: seconds. Valid values: 1 to 3600. Default value: 120.

XffProto bool

Specifies whether to use the X-Forward-For-Proto header field to pass the protocol used by WAF to forward requests to the origin server. Valid values:

loadbalance String

The load balancing algorithm that you want to use to forward requests to the origin server. Valid values:

backends List<String>

The IP addresses or domain names of the origin server. You cannot specify both IP addresses and domain names. If you specify domain names, the domain names can be resolved only to IPv4 addresses.

If you specify IP addresses, specify the value in the ["ip1","ip2",...] format. You can enter up to 20 IP addresses.
If you specify domain names, specify the value in the ["domain"] format. You can enter up to 20 domain names.

backupBackends List<String>

The secondary IP address or domain name of the origin server.

connectTimeout Integer

Connection timeout duration. Unit: seconds. Value range: 1~3600. Default value: 5.

focusHttpBackend Boolean

Specifies whether to enable force redirect from HTTPS to HTTP for back-to-origin requests. This parameter is available only if you specify HttpsPorts. Valid values:

keepalive Boolean

Specifies whether to enable the persistent connection feature. Valid values:

keepaliveRequests Integer

The number of reused persistent connections. Valid values: 60 to 1000. Default value: 1000

NOTE: This parameter specifies the number of persistent connections that can be reused after you enable the persistent connection feature.

keepaliveTimeout Integer

Idle long connection timeout, value range: 1~60, default 15, unit: seconds.

NOTE: How long the multiplexed long connection is idle and then released.

readTimeout Integer

The timeout period of write connections. Unit: seconds. Valid values: 1 to 3600. Default value: 120.

requestHeaders List<DomainRedirectRequestHeader>

retry Boolean

Specifies whether WAF retries if WAF fails to forward requests to the origin server. Valid values:

sniEnabled Boolean

Specifies whether to enable the Server Name Indication (SNI) feature for back-to-origin requests. This parameter is available only if you specify HttpsPorts. Valid values:

sniHost String

NOTE: This parameter is required only if you set SniEnabled to true.

writeTimeout Integer

The timeout period of write connections. Unit: seconds. Valid values: 1 to 3600. Default value: 120.

xffProto Boolean

Specifies whether to use the X-Forward-For-Proto header field to pass the protocol used by WAF to forward requests to the origin server. Valid values:

loadbalance string

The load balancing algorithm that you want to use to forward requests to the origin server. Valid values:

backends string[]

The IP addresses or domain names of the origin server. You cannot specify both IP addresses and domain names. If you specify domain names, the domain names can be resolved only to IPv4 addresses.

If you specify IP addresses, specify the value in the ["ip1","ip2",...] format. You can enter up to 20 IP addresses.
If you specify domain names, specify the value in the ["domain"] format. You can enter up to 20 domain names.

backupBackends string[]

The secondary IP address or domain name of the origin server.

connectTimeout number

Connection timeout duration. Unit: seconds. Value range: 1~3600. Default value: 5.

focusHttpBackend boolean

Specifies whether to enable force redirect from HTTPS to HTTP for back-to-origin requests. This parameter is available only if you specify HttpsPorts. Valid values:

keepalive boolean

Specifies whether to enable the persistent connection feature. Valid values:

keepaliveRequests number

The number of reused persistent connections. Valid values: 60 to 1000. Default value: 1000

NOTE: This parameter specifies the number of persistent connections that can be reused after you enable the persistent connection feature.

keepaliveTimeout number

Idle long connection timeout, value range: 1~60, default 15, unit: seconds.

NOTE: How long the multiplexed long connection is idle and then released.

readTimeout number

The timeout period of write connections. Unit: seconds. Valid values: 1 to 3600. Default value: 120.

requestHeaders DomainRedirectRequestHeader[]

retry boolean

Specifies whether WAF retries if WAF fails to forward requests to the origin server. Valid values:

sniEnabled boolean

Specifies whether to enable the Server Name Indication (SNI) feature for back-to-origin requests. This parameter is available only if you specify HttpsPorts. Valid values:

sniHost string

NOTE: This parameter is required only if you set SniEnabled to true.

writeTimeout number

The timeout period of write connections. Unit: seconds. Valid values: 1 to 3600. Default value: 120.

xffProto boolean

Specifies whether to use the X-Forward-For-Proto header field to pass the protocol used by WAF to forward requests to the origin server. Valid values:

loadbalance str

The load balancing algorithm that you want to use to forward requests to the origin server. Valid values:

backends Sequence[str]

The IP addresses or domain names of the origin server. You cannot specify both IP addresses and domain names. If you specify domain names, the domain names can be resolved only to IPv4 addresses.

If you specify IP addresses, specify the value in the ["ip1","ip2",...] format. You can enter up to 20 IP addresses.
If you specify domain names, specify the value in the ["domain"] format. You can enter up to 20 domain names.

backup_backends Sequence[str]

The secondary IP address or domain name of the origin server.

connect_timeout int

Connection timeout duration. Unit: seconds. Value range: 1~3600. Default value: 5.

focus_http_backend bool

Specifies whether to enable force redirect from HTTPS to HTTP for back-to-origin requests. This parameter is available only if you specify HttpsPorts. Valid values:

keepalive bool

Specifies whether to enable the persistent connection feature. Valid values:

keepalive_requests int

The number of reused persistent connections. Valid values: 60 to 1000. Default value: 1000

NOTE: This parameter specifies the number of persistent connections that can be reused after you enable the persistent connection feature.

keepalive_timeout int

Idle long connection timeout, value range: 1~60, default 15, unit: seconds.

NOTE: How long the multiplexed long connection is idle and then released.

read_timeout int

The timeout period of write connections. Unit: seconds. Valid values: 1 to 3600. Default value: 120.

request_headers Sequence[DomainRedirectRequestHeader]

retry bool

Specifies whether WAF retries if WAF fails to forward requests to the origin server. Valid values:

sni_enabled bool

Specifies whether to enable the Server Name Indication (SNI) feature for back-to-origin requests. This parameter is available only if you specify HttpsPorts. Valid values:

sni_host str

NOTE: This parameter is required only if you set SniEnabled to true.

write_timeout int

The timeout period of write connections. Unit: seconds. Valid values: 1 to 3600. Default value: 120.

xff_proto bool

Specifies whether to use the X-Forward-For-Proto header field to pass the protocol used by WAF to forward requests to the origin server. Valid values:

loadbalance String

The load balancing algorithm that you want to use to forward requests to the origin server. Valid values:

backends List<String>

The IP addresses or domain names of the origin server. You cannot specify both IP addresses and domain names. If you specify domain names, the domain names can be resolved only to IPv4 addresses.

If you specify IP addresses, specify the value in the ["ip1","ip2",...] format. You can enter up to 20 IP addresses.
If you specify domain names, specify the value in the ["domain"] format. You can enter up to 20 domain names.

backupBackends List<String>

The secondary IP address or domain name of the origin server.

connectTimeout Number

Connection timeout duration. Unit: seconds. Value range: 1~3600. Default value: 5.

focusHttpBackend Boolean

Specifies whether to enable force redirect from HTTPS to HTTP for back-to-origin requests. This parameter is available only if you specify HttpsPorts. Valid values:

keepalive Boolean

Specifies whether to enable the persistent connection feature. Valid values:

keepaliveRequests Number

The number of reused persistent connections. Valid values: 60 to 1000. Default value: 1000

NOTE: This parameter specifies the number of persistent connections that can be reused after you enable the persistent connection feature.

keepaliveTimeout Number

Idle long connection timeout, value range: 1~60, default 15, unit: seconds.

NOTE: How long the multiplexed long connection is idle and then released.

readTimeout Number

The timeout period of write connections. Unit: seconds. Valid values: 1 to 3600. Default value: 120.

requestHeaders List<Property Map>

retry Boolean

Specifies whether WAF retries if WAF fails to forward requests to the origin server. Valid values:

sniEnabled Boolean

Specifies whether to enable the Server Name Indication (SNI) feature for back-to-origin requests. This parameter is available only if you specify HttpsPorts. Valid values:

sniHost String

NOTE: This parameter is required only if you set SniEnabled to true.

writeTimeout Number

The timeout period of write connections. Unit: seconds. Valid values: 1 to 3600. Default value: 120.

xffProto Boolean

Specifies whether to use the X-Forward-For-Proto header field to pass the protocol used by WAF to forward requests to the origin server. Valid values:

DomainRedirectRequestHeader, DomainRedirectRequestHeaderArgs

Key string: Specified custom request header fields
Value string: Customize the value of the request header field.

Key string: Specified custom request header fields
Value string: Customize the value of the request header field.

key String: Specified custom request header fields
value String: Customize the value of the request header field.

key string: Specified custom request header fields
value string: Customize the value of the request header field.

key str: Specified custom request header fields
value str: Customize the value of the request header field.

key String: Specified custom request header fields
value String: Customize the value of the request header field.

Import

WAFV3 Domain can be imported using the id, e.g.

$ pulumi import alicloud:wafv3/domain:Domain example <instance_id>:<domain>

To learn more about importing existing cloud resources, see Importing resources.

Package Details

Repository: Alibaba Cloud pulumi/pulumi-alicloud
License: Apache-2.0
Notes: This Pulumi package is based on the alicloud Terraform Provider.

Alibaba Cloud v3.85.0 published on Tuesday, Sep 9, 2025 by Pulumi

pulumi/pulumi-alicloud

alicloud.wafv3.Domain

On this page

On this page

Create Domain Resource

Constructor syntax

Parameters

Constructor example

Domain Resource Properties

Inputs

Outputs

Look up Existing Domain Resource

Supporting Types

DomainListen, DomainListenArgs

DomainRedirect, DomainRedirectArgs

DomainRedirectRequestHeader, DomainRedirectRequestHeaderArgs

Import

Package Details

On this page

On this page