How to use an OpenAPI example-Web Application Firewall(WAF)-阿里云帮助中心

This topic shows you how to use Web Application Firewall (WAF) with OpenAPI.

View the OpenAPI documentation

As described in the API Overview, the DescribeDomainDetail OpenAPI queries the details of a domain added to WAF in CNAME record mode. Before you proceed, review the documentation to understand the required data and permissions.

Create a RAM user and grant permissions

Identity

You can call this API by using your Alibaba Cloud account (primary account), a RAM user, or a RAM role. For more information about the differences between these identities, see Identity, credentials, and permission. This example uses a RAM user to call the API.

Log on to the Resource Access Management console, create a RAM user with API-only access, and save its AccessKey. For detailed instructions, see Create a RAM user.

Permission

On the Users page, find the target RAM user and click Grant Permission in the Actions column.
In the Policies section, search for WAF and select the AliyunYundunWAFv3FullAccess policy.
Note
WAF provides the following system policies:
- AliyunYundunWAFv3FullAccess: Permission to manage WAF 3.0.
- AliyunYundunWAFv3ReadOnlyAccess: Read-only permission for WAF 3.0.

Credentials

An AccessKey is generated by default when you create a RAM user. You can use this AccessKey directly. Alternatively, on the RAM user's details page, navigate to the AccessKey tab and click Create AccessKey to create one. For more information, see Create an AccessKey.

Call the OpenAPI

This section uses Python to demonstrate how to call the OpenAPI.

Prepare the Python environment

Download and install Python.
For the download link, see Python 3.
Check your Python version.
- Linux and macOS
  Open a terminal and run the python --version command.
- Windows
  - In the Python installation directory, double-click python.exe.
  - Open the Command Prompt page.
    Press Win+R to open the Run dialog box, enter python, and then click OK.

Configure environment variables

For instructions on configuring environment variables, see Configure environment variables on Linux, macOS, and Windows.

Install dependencies

pip install alibabacloud_waf_openapi20211001==2.0.2

Download the sample code

In the OpenAPI Portal, visit the DescribeDomainDetail API in API Explorer.
Set the InstanceId parameter to waf_v3prepaid_public_cn-uqm3bmw**** and the Domain parameter to srtest.****.top, and then click Initiate Call.
Click the SDK Sample tab, and then click the Python tab.
Click Download Project to download the sample code package.
On your local machine, extract the package and navigate to the alibabacloud_sample directory.

Run the code

Run the following command:

python sample.py

You should see output similar to the following:

{
  "Status": 1,
  "ResourceManagerResourceGroupId": "rg-acfmyqfktarf2ha",
  "RequestId": "7072AAC6-C786-5861-88A6-C18626244BD1",
  "CertDetail": {
    "EndTime": 1971038823000,
    "Sans": [
      "*.wafqax.top"
    ],
    "StartTime": 1655678823000,
    "Id": "9853636-cn-hangzhou",
    "Name": "auto_****_all",
    "CommonName": "srtest.****.top"
  },
  "Listen": {
    "ProtectionResource": "share",
    "HttpsPorts": [
      443
    ],
    "TLSVersion": "tlsv1",
    "Http2Enabled": false,
    "CertId": "*cn-hangzhou",
    "CipherSuite": 1,
    "EnableTLSv3": false,
    "IPv6Enabled": false,
    "XffHeaderMode": 1,
    "HttpPorts": [
      80
    ]
  },
  "Redirect": {
    "ConnectTimeout": 5,
    "Keepalive": true,
    "SniEnabled": false,
    "ReadTimeout": 120,
    "KeepaliveTimeout": 15,
    "Backends": [
      {
        "Backend": "39.98.XX.XX"
      },
      {
        "Backend": "39.98.XX.XX"
      }
    ],
    "FocusHttpBackend": false,
    "WriteTimeout": 120,
    "AllBackends": [
      "39.98.XX.XX"
    ],
    "Retry": true,
    "KeepaliveRequests": 1000,
    "Loadbalance": "iphash"
  },
  "Domain": "srtest.****.top",
  "Cname": "*.yundunwaf3.com"
}