Alibaba Cloud v3.78.0, May 16 25

Alibaba Cloud v3.78.0 published on Friday, May 16, 2025 by Pulumi

alicloud.wafv3.Domain

Explore with Pulumi AI

Alibaba Cloud v3.78.0 published on Friday, May 16, 2025 by Pulumi

Create Domain Resource

Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

Constructor syntax

new Domain(name: string, args: DomainArgs, opts?: CustomResourceOptions);

@overload
def Domain(resource_name: str,
           args: DomainArgs,
           opts: Optional[ResourceOptions] = None)

@overload
def Domain(resource_name: str,
           opts: Optional[ResourceOptions] = None,
           domain: Optional[str] = None,
           instance_id: Optional[str] = None,
           listen: Optional[DomainListenArgs] = None,
           redirect: Optional[DomainRedirectArgs] = None,
           access_type: Optional[str] = None)

func NewDomain(ctx *Context, name string, args DomainArgs, opts ...ResourceOption) (*Domain, error)

public Domain(string name, DomainArgs args, CustomResourceOptions? opts = null)

public Domain(String name, DomainArgs args)
public Domain(String name, DomainArgs args, CustomResourceOptions options)

type: alicloud:wafv3:Domain
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.

Parameters

name string: The unique name of the resource.
args DomainArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

resource_name str: The unique name of the resource.
args DomainArgs: The arguments to resource properties.
opts ResourceOptions: Bag of options to control resource's behavior.

ctx Context: Context object for the current deployment.
name string: The unique name of the resource.
args DomainArgs: The arguments to resource properties.
opts ResourceOption: Bag of options to control resource's behavior.

name string: The unique name of the resource.
args DomainArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

name String: The unique name of the resource.
args DomainArgs: The arguments to resource properties.
options CustomResourceOptions: Bag of options to control resource's behavior.

Constructor example

The following reference example uses placeholder values for all input properties.

var exampledomainResourceResourceFromWafv3domain = new AliCloud.Wafv3.Domain("exampledomainResourceResourceFromWafv3domain", new()
{
    DomainName = "string",
    InstanceId = "string",
    Listen = new AliCloud.Wafv3.Inputs.DomainListenArgs
    {
        CertId = "string",
        CipherSuite = 0,
        CustomCiphers = new[]
        {
            "string",
        },
        EnableTlsv3 = false,
        ExclusiveIp = false,
        FocusHttps = false,
        Http2Enabled = false,
        HttpPorts = new[]
        {
            0,
        },
        HttpsPorts = new[]
        {
            0,
        },
        Ipv6Enabled = false,
        ProtectionResource = "string",
        TlsVersion = "string",
        XffHeaderMode = 0,
        XffHeaders = new[]
        {
            "string",
        },
    },
    Redirect = new AliCloud.Wafv3.Inputs.DomainRedirectArgs
    {
        Loadbalance = "string",
        Keepalive = false,
        FocusHttpBackend = false,
        Backends = new[]
        {
            "string",
        },
        KeepaliveRequests = 0,
        KeepaliveTimeout = 0,
        ConnectTimeout = 0,
        ReadTimeout = 0,
        RequestHeaders = new[]
        {
            new AliCloud.Wafv3.Inputs.DomainRedirectRequestHeaderArgs
            {
                Key = "string",
                Value = "string",
            },
        },
        Retry = false,
        SniEnabled = false,
        SniHost = "string",
        WriteTimeout = 0,
    },
    AccessType = "string",
});

example, err := wafv3.NewDomain(ctx, "exampledomainResourceResourceFromWafv3domain", &wafv3.DomainArgs{
	Domain:     pulumi.String("string"),
	InstanceId: pulumi.String("string"),
	Listen: &wafv3.DomainListenArgs{
		CertId:      pulumi.String("string"),
		CipherSuite: pulumi.Int(0),
		CustomCiphers: pulumi.StringArray{
			pulumi.String("string"),
		},
		EnableTlsv3:  pulumi.Bool(false),
		ExclusiveIp:  pulumi.Bool(false),
		FocusHttps:   pulumi.Bool(false),
		Http2Enabled: pulumi.Bool(false),
		HttpPorts: pulumi.IntArray{
			pulumi.Int(0),
		},
		HttpsPorts: pulumi.IntArray{
			pulumi.Int(0),
		},
		Ipv6Enabled:        pulumi.Bool(false),
		ProtectionResource: pulumi.String("string"),
		TlsVersion:         pulumi.String("string"),
		XffHeaderMode:      pulumi.Int(0),
		XffHeaders: pulumi.StringArray{
			pulumi.String("string"),
		},
	},
	Redirect: &wafv3.DomainRedirectArgs{
		Loadbalance:      pulumi.String("string"),
		Keepalive:        pulumi.Bool(false),
		FocusHttpBackend: pulumi.Bool(false),
		Backends: pulumi.StringArray{
			pulumi.String("string"),
		},
		KeepaliveRequests: pulumi.Int(0),
		KeepaliveTimeout:  pulumi.Int(0),
		ConnectTimeout:    pulumi.Int(0),
		ReadTimeout:       pulumi.Int(0),
		RequestHeaders: wafv3.DomainRedirectRequestHeaderArray{
			&wafv3.DomainRedirectRequestHeaderArgs{
				Key:   pulumi.String("string"),
				Value: pulumi.String("string"),
			},
		},
		Retry:        pulumi.Bool(false),
		SniEnabled:   pulumi.Bool(false),
		SniHost:      pulumi.String("string"),
		WriteTimeout: pulumi.Int(0),
	},
	AccessType: pulumi.String("string"),
})

var exampledomainResourceResourceFromWafv3domain = new com.pulumi.alicloud.wafv3.Domain("exampledomainResourceResourceFromWafv3domain", com.pulumi.alicloud.wafv3.DomainArgs.builder()
    .domain("string")
    .instanceId("string")
    .listen(DomainListenArgs.builder()
        .certId("string")
        .cipherSuite(0)
        .customCiphers("string")
        .enableTlsv3(false)
        .exclusiveIp(false)
        .focusHttps(false)
        .http2Enabled(false)
        .httpPorts(0)
        .httpsPorts(0)
        .ipv6Enabled(false)
        .protectionResource("string")
        .tlsVersion("string")
        .xffHeaderMode(0)
        .xffHeaders("string")
        .build())
    .redirect(DomainRedirectArgs.builder()
        .loadbalance("string")
        .keepalive(false)
        .focusHttpBackend(false)
        .backends("string")
        .keepaliveRequests(0)
        .keepaliveTimeout(0)
        .connectTimeout(0)
        .readTimeout(0)
        .requestHeaders(DomainRedirectRequestHeaderArgs.builder()
            .key("string")
            .value("string")
            .build())
        .retry(false)
        .sniEnabled(false)
        .sniHost("string")
        .writeTimeout(0)
        .build())
    .accessType("string")
    .build());

exampledomain_resource_resource_from_wafv3domain = alicloud.wafv3.Domain("exampledomainResourceResourceFromWafv3domain",
    domain="string",
    instance_id="string",
    listen={
        "cert_id": "string",
        "cipher_suite": 0,
        "custom_ciphers": ["string"],
        "enable_tlsv3": False,
        "exclusive_ip": False,
        "focus_https": False,
        "http2_enabled": False,
        "http_ports": [0],
        "https_ports": [0],
        "ipv6_enabled": False,
        "protection_resource": "string",
        "tls_version": "string",
        "xff_header_mode": 0,
        "xff_headers": ["string"],
    },
    redirect={
        "loadbalance": "string",
        "keepalive": False,
        "focus_http_backend": False,
        "backends": ["string"],
        "keepalive_requests": 0,
        "keepalive_timeout": 0,
        "connect_timeout": 0,
        "read_timeout": 0,
        "request_headers": [{
            "key": "string",
            "value": "string",
        }],
        "retry": False,
        "sni_enabled": False,
        "sni_host": "string",
        "write_timeout": 0,
    },
    access_type="string")

const exampledomainResourceResourceFromWafv3domain = new alicloud.wafv3.Domain("exampledomainResourceResourceFromWafv3domain", {
    domain: "string",
    instanceId: "string",
    listen: {
        certId: "string",
        cipherSuite: 0,
        customCiphers: ["string"],
        enableTlsv3: false,
        exclusiveIp: false,
        focusHttps: false,
        http2Enabled: false,
        httpPorts: [0],
        httpsPorts: [0],
        ipv6Enabled: false,
        protectionResource: "string",
        tlsVersion: "string",
        xffHeaderMode: 0,
        xffHeaders: ["string"],
    },
    redirect: {
        loadbalance: "string",
        keepalive: false,
        focusHttpBackend: false,
        backends: ["string"],
        keepaliveRequests: 0,
        keepaliveTimeout: 0,
        connectTimeout: 0,
        readTimeout: 0,
        requestHeaders: [{
            key: "string",
            value: "string",
        }],
        retry: false,
        sniEnabled: false,
        sniHost: "string",
        writeTimeout: 0,
    },
    accessType: "string",
});

type: alicloud:wafv3:Domain
properties:
    accessType: string
    domain: string
    instanceId: string
    listen:
        certId: string
        cipherSuite: 0
        customCiphers:
            - string
        enableTlsv3: false
        exclusiveIp: false
        focusHttps: false
        http2Enabled: false
        httpPorts:
            - 0
        httpsPorts:
            - 0
        ipv6Enabled: false
        protectionResource: string
        tlsVersion: string
        xffHeaderMode: 0
        xffHeaders:
            - string
    redirect:
        backends:
            - string
        connectTimeout: 0
        focusHttpBackend: false
        keepalive: false
        keepaliveRequests: 0
        keepaliveTimeout: 0
        loadbalance: string
        readTimeout: 0
        requestHeaders:
            - key: string
              value: string
        retry: false
        sniEnabled: false
        sniHost: string
        writeTimeout: 0

Domain Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

Inputs

In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.

The Domain resource accepts the following input properties:

DomainName string: The name of the domain name to query.
InstanceId string: WAF instance ID
Listen Pulumi.AliCloud.Wafv3.Inputs.DomainListen: Configure listening information. See listen below.
Redirect Pulumi.AliCloud.Wafv3.Inputs.DomainRedirect: Configure forwarding information. See redirect below.
AccessType string: The access type of the WAF instance. Value: share (default): CNAME access.

Domain string: The name of the domain name to query.
InstanceId string: WAF instance ID
Listen DomainListenArgs: Configure listening information. See listen below.
Redirect DomainRedirectArgs: Configure forwarding information. See redirect below.
AccessType string: The access type of the WAF instance. Value: share (default): CNAME access.

domain String: The name of the domain name to query.
instanceId String: WAF instance ID
listen DomainListen: Configure listening information. See listen below.
redirect DomainRedirect: Configure forwarding information. See redirect below.
accessType String: The access type of the WAF instance. Value: share (default): CNAME access.

domain string: The name of the domain name to query.
instanceId string: WAF instance ID
listen DomainListen: Configure listening information. See listen below.
redirect DomainRedirect: Configure forwarding information. See redirect below.
accessType string: The access type of the WAF instance. Value: share (default): CNAME access.

domain str: The name of the domain name to query.
instance_id str: WAF instance ID
listen DomainListenArgs: Configure listening information. See listen below.
redirect DomainRedirectArgs: Configure forwarding information. See redirect below.
access_type str: The access type of the WAF instance. Value: share (default): CNAME access.

domain String: The name of the domain name to query.
instanceId String: WAF instance ID
listen Property Map: Configure listening information. See listen below.
redirect Property Map: Configure forwarding information. See redirect below.
accessType String: The access type of the WAF instance. Value: share (default): CNAME access.

Outputs

All input properties are implicitly available as output properties. Additionally, the Domain resource produces the following output properties:

Id string: The provider-assigned unique ID for this managed resource.
ResourceManagerResourceGroupId string: The ID of the resource group.
Status string: The status of the resource.

Id string: The provider-assigned unique ID for this managed resource.
ResourceManagerResourceGroupId string: The ID of the resource group.
Status string: The status of the resource.

id String: The provider-assigned unique ID for this managed resource.
resourceManagerResourceGroupId String: The ID of the resource group.
status String: The status of the resource.

id string: The provider-assigned unique ID for this managed resource.
resourceManagerResourceGroupId string: The ID of the resource group.
status string: The status of the resource.

id str: The provider-assigned unique ID for this managed resource.
resource_manager_resource_group_id str: The ID of the resource group.
status str: The status of the resource.

id String: The provider-assigned unique ID for this managed resource.
resourceManagerResourceGroupId String: The ID of the resource group.
status String: The status of the resource.

Look up Existing Domain Resource

Get an existing Domain resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

public static get(name: string, id: Input<ID>, state?: DomainState, opts?: CustomResourceOptions): Domain

@staticmethod
def get(resource_name: str,
        id: str,
        opts: Optional[ResourceOptions] = None,
        access_type: Optional[str] = None,
        domain: Optional[str] = None,
        instance_id: Optional[str] = None,
        listen: Optional[DomainListenArgs] = None,
        redirect: Optional[DomainRedirectArgs] = None,
        resource_manager_resource_group_id: Optional[str] = None,
        status: Optional[str] = None) -> Domain

func GetDomain(ctx *Context, name string, id IDInput, state *DomainState, opts ...ResourceOption) (*Domain, error)

public static Domain Get(string name, Input<string> id, DomainState? state, CustomResourceOptions? opts = null)

public static Domain get(String name, Output<String> id, DomainState state, CustomResourceOptions options)

resources:  _:    type: alicloud:wafv3:Domain    get:      id: ${id}

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

resource_name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

The following state arguments are supported:

AccessType string: The access type of the WAF instance. Value: share (default): CNAME access.
DomainName string: The name of the domain name to query.
InstanceId string: WAF instance ID
Listen Pulumi.AliCloud.Wafv3.Inputs.DomainListen: Configure listening information. See listen below.
Redirect Pulumi.AliCloud.Wafv3.Inputs.DomainRedirect: Configure forwarding information. See redirect below.
ResourceManagerResourceGroupId string: The ID of the resource group.
Status string: The status of the resource.

AccessType string: The access type of the WAF instance. Value: share (default): CNAME access.
Domain string: The name of the domain name to query.
InstanceId string: WAF instance ID
Listen DomainListenArgs: Configure listening information. See listen below.
Redirect DomainRedirectArgs: Configure forwarding information. See redirect below.
ResourceManagerResourceGroupId string: The ID of the resource group.
Status string: The status of the resource.

accessType String: The access type of the WAF instance. Value: share (default): CNAME access.
domain String: The name of the domain name to query.
instanceId String: WAF instance ID
listen DomainListen: Configure listening information. See listen below.
redirect DomainRedirect: Configure forwarding information. See redirect below.
resourceManagerResourceGroupId String: The ID of the resource group.
status String: The status of the resource.

accessType string: The access type of the WAF instance. Value: share (default): CNAME access.
domain string: The name of the domain name to query.
instanceId string: WAF instance ID
listen DomainListen: Configure listening information. See listen below.
redirect DomainRedirect: Configure forwarding information. See redirect below.
resourceManagerResourceGroupId string: The ID of the resource group.
status string: The status of the resource.

access_type str: The access type of the WAF instance. Value: share (default): CNAME access.
domain str: The name of the domain name to query.
instance_id str: WAF instance ID
listen DomainListenArgs: Configure listening information. See listen below.
redirect DomainRedirectArgs: Configure forwarding information. See redirect below.
resource_manager_resource_group_id str: The ID of the resource group.
status str: The status of the resource.

accessType String: The access type of the WAF instance. Value: share (default): CNAME access.
domain String: The name of the domain name to query.
instanceId String: WAF instance ID
listen Property Map: Configure listening information. See listen below.
redirect Property Map: Configure forwarding information. See redirect below.
resourceManagerResourceGroupId String: The ID of the resource group.
status String: The status of the resource.

Supporting Types

DomainListen, DomainListenArgs

CertId string

The ID of the certificate to be added. This parameter is used only if the value of https_ports is not empty (indicating that the domain name uses the HTTPS protocol).

CipherSuite int

The type of encryption suite to add. This parameter is used only if the value of https_ports is not empty (indicating that the domain name uses the HTTPS protocol). Value:

1: indicates that all encryption suites are added.
2: indicates that a strong encryption package is added. You can select this value only if the value of tls_version is tlsv1.2.
99: indicates that a custom encryption suite is added.

CustomCiphers List<string>

The specific custom encryption suite to add.

EnableTlsv3 bool

Whether TSL1.3 version is supported. This parameter is used only if the value of https_ports is not empty (indicating that the domain name uses the HTTPS protocol). Value:

true: indicates that TSL1.3 is supported.
false: indicates that TSL1.3 is not supported.

ExclusiveIp bool

Whether to enable exclusive IP address. This parameter is used only when the value of ipv6_enabled is false (indicating that IPv6 is not enabled) and the value of protection_resource is share (indicating that a shared cluster is used). Value:

true: indicates that the exclusive IP address is enabled.
false (default): indicates that exclusive IP address is not enabled.

FocusHttps bool

Whether to enable the forced jump of HTTPS. This parameter is used only when the value of https_ports is not empty (indicating that the domain name uses HTTPS protocol) and the value of httports is empty (indicating that the domain name does not use HTTP protocol). Value:

true: indicates that HTTPS forced redirection is enabled.
false: indicates that HTTPS forced redirection is not enabled.

Http2Enabled bool

Whether to turn on http2. This parameter is used only if the value of https_ports is not empty (indicating that the domain name uses the HTTPS protocol). Value:

true: indicates that HTTP2 is enabled.
false (default): indicates that HTTP2 is not enabled.

HttpPorts List<int>

The listening port of the HTTP protocol.

HttpsPorts List<int>

The listening port of the HTTPS protocol.

Ipv6Enabled bool

Whether IPv6 is turned on. Value:

true: indicates that IPv6 is enabled.
false (default): indicates that IPv6 is not enabled.

ProtectionResource string

The type of protection resource to use. Value:

share (default): indicates that a shared cluster is used.
gslb: indicates that the shared cluster intelligent load balancing is used.

TlsVersion string

The version of TLS to add. This parameter is used only if the value of https_ports is not empty (indicating that the domain name uses the HTTPS protocol). Value: tlsv1, tlsv1.1, tlsv1.2.

XffHeaderMode int

WAF obtains the real IP address of the client. Value:

0 (default): indicates that the client has not forwarded the traffic to WAF through other layer -7 agents.
1: indicates that the first value of the X-Forwarded-For(XFF) field in the WAF read request header is used as the client IP address.
2: indicates that the custom field value set by you in the WAF read request header is used as the client IP address.

XffHeaders List<string>

Set the list of custom fields used to obtain the client IP address.

CertId string

The ID of the certificate to be added. This parameter is used only if the value of https_ports is not empty (indicating that the domain name uses the HTTPS protocol).

CipherSuite int

The type of encryption suite to add. This parameter is used only if the value of https_ports is not empty (indicating that the domain name uses the HTTPS protocol). Value:

1: indicates that all encryption suites are added.
2: indicates that a strong encryption package is added. You can select this value only if the value of tls_version is tlsv1.2.
99: indicates that a custom encryption suite is added.

CustomCiphers []string

The specific custom encryption suite to add.

EnableTlsv3 bool

Whether TSL1.3 version is supported. This parameter is used only if the value of https_ports is not empty (indicating that the domain name uses the HTTPS protocol). Value:

true: indicates that TSL1.3 is supported.
false: indicates that TSL1.3 is not supported.

ExclusiveIp bool

true: indicates that the exclusive IP address is enabled.
false (default): indicates that exclusive IP address is not enabled.

FocusHttps bool

true: indicates that HTTPS forced redirection is enabled.
false: indicates that HTTPS forced redirection is not enabled.

Http2Enabled bool

Whether to turn on http2. This parameter is used only if the value of https_ports is not empty (indicating that the domain name uses the HTTPS protocol). Value:

true: indicates that HTTP2 is enabled.
false (default): indicates that HTTP2 is not enabled.

HttpPorts []int

The listening port of the HTTP protocol.

HttpsPorts []int

The listening port of the HTTPS protocol.

Ipv6Enabled bool

Whether IPv6 is turned on. Value:

true: indicates that IPv6 is enabled.
false (default): indicates that IPv6 is not enabled.

ProtectionResource string

The type of protection resource to use. Value:

share (default): indicates that a shared cluster is used.
gslb: indicates that the shared cluster intelligent load balancing is used.

TlsVersion string

XffHeaderMode int

WAF obtains the real IP address of the client. Value:

0 (default): indicates that the client has not forwarded the traffic to WAF through other layer -7 agents.
1: indicates that the first value of the X-Forwarded-For(XFF) field in the WAF read request header is used as the client IP address.
2: indicates that the custom field value set by you in the WAF read request header is used as the client IP address.

XffHeaders []string

Set the list of custom fields used to obtain the client IP address.

certId String

The ID of the certificate to be added. This parameter is used only if the value of https_ports is not empty (indicating that the domain name uses the HTTPS protocol).

cipherSuite Integer

The type of encryption suite to add. This parameter is used only if the value of https_ports is not empty (indicating that the domain name uses the HTTPS protocol). Value:

1: indicates that all encryption suites are added.
2: indicates that a strong encryption package is added. You can select this value only if the value of tls_version is tlsv1.2.
99: indicates that a custom encryption suite is added.

customCiphers List<String>

The specific custom encryption suite to add.

enableTlsv3 Boolean

Whether TSL1.3 version is supported. This parameter is used only if the value of https_ports is not empty (indicating that the domain name uses the HTTPS protocol). Value:

true: indicates that TSL1.3 is supported.
false: indicates that TSL1.3 is not supported.

exclusiveIp Boolean

true: indicates that the exclusive IP address is enabled.
false (default): indicates that exclusive IP address is not enabled.

focusHttps Boolean

true: indicates that HTTPS forced redirection is enabled.
false: indicates that HTTPS forced redirection is not enabled.

http2Enabled Boolean

Whether to turn on http2. This parameter is used only if the value of https_ports is not empty (indicating that the domain name uses the HTTPS protocol). Value:

true: indicates that HTTP2 is enabled.
false (default): indicates that HTTP2 is not enabled.

httpPorts List<Integer>

The listening port of the HTTP protocol.

httpsPorts List<Integer>

The listening port of the HTTPS protocol.

ipv6Enabled Boolean

Whether IPv6 is turned on. Value:

true: indicates that IPv6 is enabled.
false (default): indicates that IPv6 is not enabled.

protectionResource String

The type of protection resource to use. Value:

share (default): indicates that a shared cluster is used.
gslb: indicates that the shared cluster intelligent load balancing is used.

tlsVersion String

xffHeaderMode Integer

WAF obtains the real IP address of the client. Value:

0 (default): indicates that the client has not forwarded the traffic to WAF through other layer -7 agents.
1: indicates that the first value of the X-Forwarded-For(XFF) field in the WAF read request header is used as the client IP address.
2: indicates that the custom field value set by you in the WAF read request header is used as the client IP address.

xffHeaders List<String>

Set the list of custom fields used to obtain the client IP address.

certId string

The ID of the certificate to be added. This parameter is used only if the value of https_ports is not empty (indicating that the domain name uses the HTTPS protocol).

cipherSuite number

The type of encryption suite to add. This parameter is used only if the value of https_ports is not empty (indicating that the domain name uses the HTTPS protocol). Value:

1: indicates that all encryption suites are added.
2: indicates that a strong encryption package is added. You can select this value only if the value of tls_version is tlsv1.2.
99: indicates that a custom encryption suite is added.

customCiphers string[]

The specific custom encryption suite to add.

enableTlsv3 boolean

Whether TSL1.3 version is supported. This parameter is used only if the value of https_ports is not empty (indicating that the domain name uses the HTTPS protocol). Value:

true: indicates that TSL1.3 is supported.
false: indicates that TSL1.3 is not supported.

exclusiveIp boolean

true: indicates that the exclusive IP address is enabled.
false (default): indicates that exclusive IP address is not enabled.

focusHttps boolean

true: indicates that HTTPS forced redirection is enabled.
false: indicates that HTTPS forced redirection is not enabled.

http2Enabled boolean

Whether to turn on http2. This parameter is used only if the value of https_ports is not empty (indicating that the domain name uses the HTTPS protocol). Value:

true: indicates that HTTP2 is enabled.
false (default): indicates that HTTP2 is not enabled.

httpPorts number[]

The listening port of the HTTP protocol.

httpsPorts number[]

The listening port of the HTTPS protocol.

ipv6Enabled boolean

Whether IPv6 is turned on. Value:

true: indicates that IPv6 is enabled.
false (default): indicates that IPv6 is not enabled.

protectionResource string

The type of protection resource to use. Value:

share (default): indicates that a shared cluster is used.
gslb: indicates that the shared cluster intelligent load balancing is used.

tlsVersion string

xffHeaderMode number

WAF obtains the real IP address of the client. Value:

0 (default): indicates that the client has not forwarded the traffic to WAF through other layer -7 agents.
1: indicates that the first value of the X-Forwarded-For(XFF) field in the WAF read request header is used as the client IP address.
2: indicates that the custom field value set by you in the WAF read request header is used as the client IP address.

xffHeaders string[]

Set the list of custom fields used to obtain the client IP address.

cert_id str

The ID of the certificate to be added. This parameter is used only if the value of https_ports is not empty (indicating that the domain name uses the HTTPS protocol).

cipher_suite int

The type of encryption suite to add. This parameter is used only if the value of https_ports is not empty (indicating that the domain name uses the HTTPS protocol). Value:

1: indicates that all encryption suites are added.
2: indicates that a strong encryption package is added. You can select this value only if the value of tls_version is tlsv1.2.
99: indicates that a custom encryption suite is added.

custom_ciphers Sequence[str]

The specific custom encryption suite to add.

enable_tlsv3 bool

Whether TSL1.3 version is supported. This parameter is used only if the value of https_ports is not empty (indicating that the domain name uses the HTTPS protocol). Value:

true: indicates that TSL1.3 is supported.
false: indicates that TSL1.3 is not supported.

exclusive_ip bool

true: indicates that the exclusive IP address is enabled.
false (default): indicates that exclusive IP address is not enabled.

focus_https bool

true: indicates that HTTPS forced redirection is enabled.
false: indicates that HTTPS forced redirection is not enabled.

http2_enabled bool

Whether to turn on http2. This parameter is used only if the value of https_ports is not empty (indicating that the domain name uses the HTTPS protocol). Value:

true: indicates that HTTP2 is enabled.
false (default): indicates that HTTP2 is not enabled.

http_ports Sequence[int]

The listening port of the HTTP protocol.

https_ports Sequence[int]

The listening port of the HTTPS protocol.

ipv6_enabled bool

Whether IPv6 is turned on. Value:

true: indicates that IPv6 is enabled.
false (default): indicates that IPv6 is not enabled.

protection_resource str

The type of protection resource to use. Value:

share (default): indicates that a shared cluster is used.
gslb: indicates that the shared cluster intelligent load balancing is used.

tls_version str

xff_header_mode int

WAF obtains the real IP address of the client. Value:

0 (default): indicates that the client has not forwarded the traffic to WAF through other layer -7 agents.
1: indicates that the first value of the X-Forwarded-For(XFF) field in the WAF read request header is used as the client IP address.
2: indicates that the custom field value set by you in the WAF read request header is used as the client IP address.

xff_headers Sequence[str]

Set the list of custom fields used to obtain the client IP address.

certId String

The ID of the certificate to be added. This parameter is used only if the value of https_ports is not empty (indicating that the domain name uses the HTTPS protocol).

cipherSuite Number

The type of encryption suite to add. This parameter is used only if the value of https_ports is not empty (indicating that the domain name uses the HTTPS protocol). Value:

1: indicates that all encryption suites are added.
2: indicates that a strong encryption package is added. You can select this value only if the value of tls_version is tlsv1.2.
99: indicates that a custom encryption suite is added.

customCiphers List<String>

The specific custom encryption suite to add.

enableTlsv3 Boolean

Whether TSL1.3 version is supported. This parameter is used only if the value of https_ports is not empty (indicating that the domain name uses the HTTPS protocol). Value:

true: indicates that TSL1.3 is supported.
false: indicates that TSL1.3 is not supported.

exclusiveIp Boolean

true: indicates that the exclusive IP address is enabled.
false (default): indicates that exclusive IP address is not enabled.

focusHttps Boolean

true: indicates that HTTPS forced redirection is enabled.
false: indicates that HTTPS forced redirection is not enabled.

http2Enabled Boolean

Whether to turn on http2. This parameter is used only if the value of https_ports is not empty (indicating that the domain name uses the HTTPS protocol). Value:

true: indicates that HTTP2 is enabled.
false (default): indicates that HTTP2 is not enabled.

httpPorts List<Number>

The listening port of the HTTP protocol.

httpsPorts List<Number>

The listening port of the HTTPS protocol.

ipv6Enabled Boolean

Whether IPv6 is turned on. Value:

true: indicates that IPv6 is enabled.
false (default): indicates that IPv6 is not enabled.

protectionResource String

The type of protection resource to use. Value:

share (default): indicates that a shared cluster is used.
gslb: indicates that the shared cluster intelligent load balancing is used.

tlsVersion String

xffHeaderMode Number

WAF obtains the real IP address of the client. Value:

0 (default): indicates that the client has not forwarded the traffic to WAF through other layer -7 agents.
1: indicates that the first value of the X-Forwarded-For(XFF) field in the WAF read request header is used as the client IP address.
2: indicates that the custom field value set by you in the WAF read request header is used as the client IP address.

xffHeaders List<String>

Set the list of custom fields used to obtain the client IP address.

DomainRedirect, DomainRedirectArgs

Loadbalance string

The load balancing algorithm used when returning to the source. Value:

iphash: indicates the IPHash algorithm.
roundRobin: indicates the polling algorithm.
leastTime: indicates the Least Time algorithm.
This value can be selected only if the value of protection_resource is gslb (indicating that the protected resource type uses shared cluster intelligent load balancing).

Backends List<string>

The IP address of the origin server corresponding to the domain name or the back-to-origin domain name of the server.

ConnectTimeout int

Connection timeout. Unit: seconds, value range: 5~120.

FocusHttpBackend bool

Whether to enable forced HTTP back-to-origin. This parameter is used only if the value of https_ports is not empty (indicating that the domain name uses the HTTPS protocol). Value:

true: indicates that forced HTTP back-to-origin is enabled.
false: indicates that forced HTTP back-to-origin is not enabled.

Keepalive bool

Open long connection, default true.

KeepaliveRequests int

Number of long connections, default: 60. range :60-1000.

KeepaliveTimeout int

Long connection over time, default: 15. Range: 1-60.

ReadTimeout int

Read timeout duration. Unit: seconds, Value range: 5~1800.

RequestHeaders List<Pulumi.AliCloud.Wafv3.Inputs.DomainRedirectRequestHeader>

The traffic tag field and value of the domain name which used to mark the traffic processed by WAF. It formats as [{" k ":"_key_"," v ":"_value_"}]. Where the k represents the specified custom request header field, and the v represents the value set for this field. By specifying the custom request header field and the corresponding value, when the access traffic of the domain name passes through WAF, WAF automatically adds the specified custom field value to the request header as the traffic mark, which is convenient for backend service statistics.Explain that if the custom header field already exists in the request, the system will overwrite the value of the custom field in the request with the set traffic tag value. See request_headers below.

Retry bool

Back to Source Retry. default: true, retry 3 times by default.

SniEnabled bool

Whether to enable back-to-source SNI. This parameter is used only if the value of https_ports is not empty (indicating that the domain name uses the HTTPS protocol). Value:

true: indicates that the back-to-source SNI is enabled.
false (default) indicates that the back-to-source SNI is not enabled.

SniHost string

Sets the value of the custom SNI extension field. If this parameter is not set, the value of the Host field in the request header is used as the value of the SNI extension field by default.In general, you do not need to customize SNI unless your business has special configuration requirements. You want WAF to use SNI that is inconsistent with the actual request Host in the back-to-origin request (that is, the custom SNI set here).> This parameter is required only when sni_enalbed is set to true (indicating that back-to-source SNI is enabled).

WriteTimeout int

Write timeout duration> Unit: seconds, Value range: 5~1800.

Loadbalance string

The load balancing algorithm used when returning to the source. Value:

iphash: indicates the IPHash algorithm.
roundRobin: indicates the polling algorithm.
leastTime: indicates the Least Time algorithm.
This value can be selected only if the value of protection_resource is gslb (indicating that the protected resource type uses shared cluster intelligent load balancing).

Backends []string

The IP address of the origin server corresponding to the domain name or the back-to-origin domain name of the server.

ConnectTimeout int

Connection timeout. Unit: seconds, value range: 5~120.

FocusHttpBackend bool

Whether to enable forced HTTP back-to-origin. This parameter is used only if the value of https_ports is not empty (indicating that the domain name uses the HTTPS protocol). Value:

true: indicates that forced HTTP back-to-origin is enabled.
false: indicates that forced HTTP back-to-origin is not enabled.

Keepalive bool

Open long connection, default true.

KeepaliveRequests int

Number of long connections, default: 60. range :60-1000.

KeepaliveTimeout int

Long connection over time, default: 15. Range: 1-60.

ReadTimeout int

Read timeout duration. Unit: seconds, Value range: 5~1800.

RequestHeaders []DomainRedirectRequestHeader

Retry bool

Back to Source Retry. default: true, retry 3 times by default.

SniEnabled bool

Whether to enable back-to-source SNI. This parameter is used only if the value of https_ports is not empty (indicating that the domain name uses the HTTPS protocol). Value:

true: indicates that the back-to-source SNI is enabled.
false (default) indicates that the back-to-source SNI is not enabled.

SniHost string

WriteTimeout int

Write timeout duration> Unit: seconds, Value range: 5~1800.

loadbalance String

The load balancing algorithm used when returning to the source. Value:

iphash: indicates the IPHash algorithm.
roundRobin: indicates the polling algorithm.
leastTime: indicates the Least Time algorithm.
This value can be selected only if the value of protection_resource is gslb (indicating that the protected resource type uses shared cluster intelligent load balancing).

backends List<String>

The IP address of the origin server corresponding to the domain name or the back-to-origin domain name of the server.

connectTimeout Integer

Connection timeout. Unit: seconds, value range: 5~120.

focusHttpBackend Boolean

Whether to enable forced HTTP back-to-origin. This parameter is used only if the value of https_ports is not empty (indicating that the domain name uses the HTTPS protocol). Value:

true: indicates that forced HTTP back-to-origin is enabled.
false: indicates that forced HTTP back-to-origin is not enabled.

keepalive Boolean

Open long connection, default true.

keepaliveRequests Integer

Number of long connections, default: 60. range :60-1000.

keepaliveTimeout Integer

Long connection over time, default: 15. Range: 1-60.

readTimeout Integer

Read timeout duration. Unit: seconds, Value range: 5~1800.

requestHeaders List<DomainRedirectRequestHeader>

retry Boolean

Back to Source Retry. default: true, retry 3 times by default.

sniEnabled Boolean

Whether to enable back-to-source SNI. This parameter is used only if the value of https_ports is not empty (indicating that the domain name uses the HTTPS protocol). Value:

true: indicates that the back-to-source SNI is enabled.
false (default) indicates that the back-to-source SNI is not enabled.

sniHost String

writeTimeout Integer

Write timeout duration> Unit: seconds, Value range: 5~1800.

loadbalance string

The load balancing algorithm used when returning to the source. Value:

iphash: indicates the IPHash algorithm.
roundRobin: indicates the polling algorithm.
leastTime: indicates the Least Time algorithm.
This value can be selected only if the value of protection_resource is gslb (indicating that the protected resource type uses shared cluster intelligent load balancing).

backends string[]

The IP address of the origin server corresponding to the domain name or the back-to-origin domain name of the server.

connectTimeout number

Connection timeout. Unit: seconds, value range: 5~120.

focusHttpBackend boolean

Whether to enable forced HTTP back-to-origin. This parameter is used only if the value of https_ports is not empty (indicating that the domain name uses the HTTPS protocol). Value:

true: indicates that forced HTTP back-to-origin is enabled.
false: indicates that forced HTTP back-to-origin is not enabled.

keepalive boolean

Open long connection, default true.

keepaliveRequests number

Number of long connections, default: 60. range :60-1000.

keepaliveTimeout number

Long connection over time, default: 15. Range: 1-60.

readTimeout number

Read timeout duration. Unit: seconds, Value range: 5~1800.

requestHeaders DomainRedirectRequestHeader[]

retry boolean

Back to Source Retry. default: true, retry 3 times by default.

sniEnabled boolean

Whether to enable back-to-source SNI. This parameter is used only if the value of https_ports is not empty (indicating that the domain name uses the HTTPS protocol). Value:

true: indicates that the back-to-source SNI is enabled.
false (default) indicates that the back-to-source SNI is not enabled.

sniHost string

writeTimeout number

Write timeout duration> Unit: seconds, Value range: 5~1800.

loadbalance str

The load balancing algorithm used when returning to the source. Value:

iphash: indicates the IPHash algorithm.
roundRobin: indicates the polling algorithm.
leastTime: indicates the Least Time algorithm.
This value can be selected only if the value of protection_resource is gslb (indicating that the protected resource type uses shared cluster intelligent load balancing).

backends Sequence[str]

The IP address of the origin server corresponding to the domain name or the back-to-origin domain name of the server.

connect_timeout int

Connection timeout. Unit: seconds, value range: 5~120.

focus_http_backend bool

Whether to enable forced HTTP back-to-origin. This parameter is used only if the value of https_ports is not empty (indicating that the domain name uses the HTTPS protocol). Value:

true: indicates that forced HTTP back-to-origin is enabled.
false: indicates that forced HTTP back-to-origin is not enabled.

keepalive bool

Open long connection, default true.

keepalive_requests int

Number of long connections, default: 60. range :60-1000.

keepalive_timeout int

Long connection over time, default: 15. Range: 1-60.

read_timeout int

Read timeout duration. Unit: seconds, Value range: 5~1800.

request_headers Sequence[DomainRedirectRequestHeader]

retry bool

Back to Source Retry. default: true, retry 3 times by default.

sni_enabled bool

Whether to enable back-to-source SNI. This parameter is used only if the value of https_ports is not empty (indicating that the domain name uses the HTTPS protocol). Value:

true: indicates that the back-to-source SNI is enabled.
false (default) indicates that the back-to-source SNI is not enabled.

sni_host str

write_timeout int

Write timeout duration> Unit: seconds, Value range: 5~1800.

loadbalance String

The load balancing algorithm used when returning to the source. Value:

iphash: indicates the IPHash algorithm.
roundRobin: indicates the polling algorithm.
leastTime: indicates the Least Time algorithm.
This value can be selected only if the value of protection_resource is gslb (indicating that the protected resource type uses shared cluster intelligent load balancing).

backends List<String>

The IP address of the origin server corresponding to the domain name or the back-to-origin domain name of the server.

connectTimeout Number

Connection timeout. Unit: seconds, value range: 5~120.

focusHttpBackend Boolean

Whether to enable forced HTTP back-to-origin. This parameter is used only if the value of https_ports is not empty (indicating that the domain name uses the HTTPS protocol). Value:

true: indicates that forced HTTP back-to-origin is enabled.
false: indicates that forced HTTP back-to-origin is not enabled.

keepalive Boolean

Open long connection, default true.

keepaliveRequests Number

Number of long connections, default: 60. range :60-1000.

keepaliveTimeout Number

Long connection over time, default: 15. Range: 1-60.

readTimeout Number

Read timeout duration. Unit: seconds, Value range: 5~1800.

requestHeaders List<Property Map>

retry Boolean

Back to Source Retry. default: true, retry 3 times by default.

sniEnabled Boolean

Whether to enable back-to-source SNI. This parameter is used only if the value of https_ports is not empty (indicating that the domain name uses the HTTPS protocol). Value:

true: indicates that the back-to-source SNI is enabled.
false (default) indicates that the back-to-source SNI is not enabled.

sniHost String

writeTimeout Number

Write timeout duration> Unit: seconds, Value range: 5~1800.

DomainRedirectRequestHeader, DomainRedirectRequestHeaderArgs

Key string: The traffic tag field and value of the domain name, which is used to mark the traffic processed by WAF. the format of this parameter value is [{" k ":"key"," v ":"value"}]. where_key_represents the specified custom request header field, and_value_represents the value set for this field.By specifying the custom request header field and the corresponding value, when the access traffic of the domain name passes through WAF, WAF automatically adds the specified custom field value to the request header as the traffic mark, which is convenient for backend service statistics.Explain that if the custom header field already exists in the request, the system will overwrite the value of the custom field in the request with the set traffic tag value.
Value string: The traffic tag field and value of the domain name, which is used to mark the traffic processed by WAF. the format of this parameter value is [{" k ":"key"," v ":"value"}]. where_key_represents the specified custom request header field, and_value_represents the value set for this field.By specifying the custom request header field and the corresponding value, when the access traffic of the domain name passes through WAF, WAF automatically adds the specified custom field value to the request header as the traffic mark, which is convenient for backend service statistics.Explain that if the custom header field already exists in the request, the system will overwrite the value of the custom field in the request with the set traffic tag value.

Key string: The traffic tag field and value of the domain name, which is used to mark the traffic processed by WAF. the format of this parameter value is [{" k ":"key"," v ":"value"}]. where_key_represents the specified custom request header field, and_value_represents the value set for this field.By specifying the custom request header field and the corresponding value, when the access traffic of the domain name passes through WAF, WAF automatically adds the specified custom field value to the request header as the traffic mark, which is convenient for backend service statistics.Explain that if the custom header field already exists in the request, the system will overwrite the value of the custom field in the request with the set traffic tag value.
Value string: The traffic tag field and value of the domain name, which is used to mark the traffic processed by WAF. the format of this parameter value is [{" k ":"key"," v ":"value"}]. where_key_represents the specified custom request header field, and_value_represents the value set for this field.By specifying the custom request header field and the corresponding value, when the access traffic of the domain name passes through WAF, WAF automatically adds the specified custom field value to the request header as the traffic mark, which is convenient for backend service statistics.Explain that if the custom header field already exists in the request, the system will overwrite the value of the custom field in the request with the set traffic tag value.

key String: The traffic tag field and value of the domain name, which is used to mark the traffic processed by WAF. the format of this parameter value is [{" k ":"key"," v ":"value"}]. where_key_represents the specified custom request header field, and_value_represents the value set for this field.By specifying the custom request header field and the corresponding value, when the access traffic of the domain name passes through WAF, WAF automatically adds the specified custom field value to the request header as the traffic mark, which is convenient for backend service statistics.Explain that if the custom header field already exists in the request, the system will overwrite the value of the custom field in the request with the set traffic tag value.
value String: The traffic tag field and value of the domain name, which is used to mark the traffic processed by WAF. the format of this parameter value is [{" k ":"key"," v ":"value"}]. where_key_represents the specified custom request header field, and_value_represents the value set for this field.By specifying the custom request header field and the corresponding value, when the access traffic of the domain name passes through WAF, WAF automatically adds the specified custom field value to the request header as the traffic mark, which is convenient for backend service statistics.Explain that if the custom header field already exists in the request, the system will overwrite the value of the custom field in the request with the set traffic tag value.

key string: The traffic tag field and value of the domain name, which is used to mark the traffic processed by WAF. the format of this parameter value is [{" k ":"key"," v ":"value"}]. where_key_represents the specified custom request header field, and_value_represents the value set for this field.By specifying the custom request header field and the corresponding value, when the access traffic of the domain name passes through WAF, WAF automatically adds the specified custom field value to the request header as the traffic mark, which is convenient for backend service statistics.Explain that if the custom header field already exists in the request, the system will overwrite the value of the custom field in the request with the set traffic tag value.
value string: The traffic tag field and value of the domain name, which is used to mark the traffic processed by WAF. the format of this parameter value is [{" k ":"key"," v ":"value"}]. where_key_represents the specified custom request header field, and_value_represents the value set for this field.By specifying the custom request header field and the corresponding value, when the access traffic of the domain name passes through WAF, WAF automatically adds the specified custom field value to the request header as the traffic mark, which is convenient for backend service statistics.Explain that if the custom header field already exists in the request, the system will overwrite the value of the custom field in the request with the set traffic tag value.

key str: The traffic tag field and value of the domain name, which is used to mark the traffic processed by WAF. the format of this parameter value is [{" k ":"key"," v ":"value"}]. where_key_represents the specified custom request header field, and_value_represents the value set for this field.By specifying the custom request header field and the corresponding value, when the access traffic of the domain name passes through WAF, WAF automatically adds the specified custom field value to the request header as the traffic mark, which is convenient for backend service statistics.Explain that if the custom header field already exists in the request, the system will overwrite the value of the custom field in the request with the set traffic tag value.
value str: The traffic tag field and value of the domain name, which is used to mark the traffic processed by WAF. the format of this parameter value is [{" k ":"key"," v ":"value"}]. where_key_represents the specified custom request header field, and_value_represents the value set for this field.By specifying the custom request header field and the corresponding value, when the access traffic of the domain name passes through WAF, WAF automatically adds the specified custom field value to the request header as the traffic mark, which is convenient for backend service statistics.Explain that if the custom header field already exists in the request, the system will overwrite the value of the custom field in the request with the set traffic tag value.

key String: The traffic tag field and value of the domain name, which is used to mark the traffic processed by WAF. the format of this parameter value is [{" k ":"key"," v ":"value"}]. where_key_represents the specified custom request header field, and_value_represents the value set for this field.By specifying the custom request header field and the corresponding value, when the access traffic of the domain name passes through WAF, WAF automatically adds the specified custom field value to the request header as the traffic mark, which is convenient for backend service statistics.Explain that if the custom header field already exists in the request, the system will overwrite the value of the custom field in the request with the set traffic tag value.
value String: The traffic tag field and value of the domain name, which is used to mark the traffic processed by WAF. the format of this parameter value is [{" k ":"key"," v ":"value"}]. where_key_represents the specified custom request header field, and_value_represents the value set for this field.By specifying the custom request header field and the corresponding value, when the access traffic of the domain name passes through WAF, WAF automatically adds the specified custom field value to the request header as the traffic mark, which is convenient for backend service statistics.Explain that if the custom header field already exists in the request, the system will overwrite the value of the custom field in the request with the set traffic tag value.

Import

Wafv3 Domain can be imported using the id, e.g.

$ pulumi import alicloud:wafv3/domain:Domain example <instance_id>:<domain>

To learn more about importing existing cloud resources, see Importing resources.

Package Details

Repository: Alibaba Cloud pulumi/pulumi-alicloud
License: Apache-2.0
Notes: This Pulumi package is based on the alicloud Terraform Provider.

Alibaba Cloud v3.78.0 published on Friday, May 16, 2025 by Pulumi

pulumi/pulumi-alicloud

alicloud.wafv3.Domain

On this page

On this page

Create Domain Resource

Constructor syntax

Parameters

Constructor example

Domain Resource Properties

Inputs

Outputs

Look up Existing Domain Resource

Supporting Types

DomainListen, DomainListenArgs

DomainRedirect, DomainRedirectArgs

DomainRedirectRequestHeader, DomainRedirectRequestHeaderArgs

Import

Package Details

On this page

On this page