ALIYUN::WAF3::TGW类型用于创建透明资产。
语法
{
"Type": "ALIYUN::WAF3::TGW",
"Properties": {
"InstanceId": String,
"Listen": Map,
"ResourceGroupId": String,
"Redirect": Map,
"WAFInstanceRegion": String
}
}属性
属性名称 | 类型 | 必须 | 允许更新 | 描述 | 约束 |
InstanceId | String | 是 | 否 | WAF 实例的 ID。 | 无 |
Listen | Map | 是 | 是 | 配置监听信息。 | 更多信息,请参见Listen属性。 |
ResourceGroupId | String | 否 | 是 | 资源组 ID。 | 无 |
Redirect | Map | 否 | 是 | 配置转发信息。 | 无 |
WAFInstanceRegion | String | 否 | 否 | Web应用防火墙3.0支持的地区。 | 取值:
|
Listen语法
"Listen": {
"CustomCiphers": List,
"TLSVersion": String,
"Http2Enabled": Boolean,
"CipherSuite": Integer,
"EnableTLSv3": Boolean,
"Port": Integer,
"ResourceProduct": String,
"Certificates": List,
"Protocol": String,
"ResourceInstanceId": String
}Listen属性
属性名称 | 类型 | 必须 | 允许更新 | 描述 | 约束 |
Port | Integer | 是 | 否 | 监听端口。 | 无 |
Protocol | String | 是 | 否 | 协议类型。 | 无 |
ResourceProduct | String | 是 | 否 | 访问WAF的云产品。 | 无 |
ResourceInstanceId | String | 是 | 否 | 连接到WAF的云产品实例ID。 | 无 |
CustomCiphers | List | 否 | 是 | 自定义加密套件列表。 | 此参数仅在CipherSuite设置为99时使用。最多支持配置5个自定义加密套件。 |
CipherSuite | Integer | 否 | 是 | 加密套件类型。 | 取值:
|
Certificates | List | 否 | 是 | 绑定到证书的域名。 | 最多支持绑定10个证书。 |
EnableTLSv3 | Boolean | 否 | 是 | 是否支持 TLS1.3 版本。 | 取值:
|
Http2Enabled | Boolean | 否 | 是 | 是否开启 HTTP2。 | 取值:
|
TLSVersion | String | 否 | 是 | TLS 的版本。 | 取值:
|
Certificates语法
"Certificates": [
{
"AppliedType": String,
"CertificateId": String
}
]Certificates属性
属性名称 | 类型 | 必须 | 允许更新 | 描述 | 约束 |
AppliedType | String | 否 | 是 | HTTPS协议的证书类型。 | 有效值:
|
CertificateId | String | 否 | 是 | 已添加证书的ID。 | 无 |
Redirect语法
"Redirect": {
"XffHeaders": List,
"WriteTimeout": Integer,
"XffHeaderMode": Integer,
"Keepalive": Boolean,
"RequestHeaders": List,
"KeepaliveRequests": Integer,
"KeepaliveTimeout": Integer,
"ReadTimeout": Integer,
"XffProto": Boolean
}Redirect属性
属性名称 | 类型 | 必须 | 允许更新 | 描述 | 约束 |
Keepalive | Boolean | 否 | 是 | 是否保持长连接。 | 取值:
|
KeepaliveRequests | Integer | 否 | 是 | 多路复用长连接的请求次数。 | 取值范围:60~1000,单位:次。 |
KeepaliveTimeout | Integer | 否 | 是 | 空闲长连接超时时间。 | 取值范围:1~60,默认值为15,单位:秒。 |
RequestHeaders | List | 否 | 是 | 域名的流量标签字段和值。 | 用于标记由WAF处理的流量。 |
ReadTimeout | Integer | 否 | 是 | 读取超时时长。 | 单位:秒。取值范围:1~3600。 |
WriteTimeout | Integer | 否 | 是 | 写入超时时长。 | 单位:秒。取值范围:1~3600。 |
XffHeaders | List | 否 | 是 | 设置用于获取客户端IP的自定义字段列表。 | 格式表达为["header1", "header2", ...]。最多支持配置20个自定义字段。 |
XffHeaderMode | Integer | 否 | 是 | WAF 获取客户端真实 IP 的方式。 | 取值:
|
XffProto | Boolean | 否 | 是 | X-Forward-For-Proto 传递 WAF 的协议。 | 取值:
|
RequestHeaders语法
"RequestHeaders": [
{
"Value": String,
"Key": String
}
]RequestHeaders属性
属性名称 | 类型 | 必须 | 允许更新 | 描述 | 约束 |
Key | String | 否 | 是 | 指定的自定义请求头部字段。 | 无 |
Value | String | 否 | 是 | 指定的自定义请求头部字段设定的值。 | 无 |
返回值
Fn::GetAtt
InstanceId:WAF 实例的 ID。
Port:访问WAF的云产品端口。
ResourceProduct:访问WAF的云产品。
TgwId:透明访问资源的保护对象ID。
示例
ROSTemplateFormatVersion: '2015-09-01'
Parameters:
InstanceId:
Type: String
Description:
en: The ID of the WAF instance.
Required: true
Listen:
AssociationPropertyMetadata:
Parameters:
CustomCiphers:
Type: Json
Description:
en: Customize the encryption suite list. This parameter is used only when CipherSuite is set to 99.
Required: false
MinLength: 0
MaxLength: 5
TLSVersion:
Type: String
Description:
en: |-
The TLS version to be added. This parameter is used only when the value of HttpsPorts is not empty (indicating that the domain name uses the HTTPS protocol). Values:
tlsv1
tlsv1.1
tlsv1.2
AllowedValues:
- tlsv1
- tlsv1.1
- tlsv1.2
Required: false
Http2Enabled:
Type: Boolean
Description:
en: |-
Whether to enable HTTP2. This parameter is used only when the value of HttpsPorts is not empty (indicating that the domain name uses the HTTPS protocol). Values:
true: Enable HTTP2.
false (default): Disable HTTP2.
Required: false
CipherSuite:
Type: Number
Description:
en: |-
The type of encryption suite to be added. This parameter is used only when the value of HttpsPorts is not empty (indicating that the domain name uses the HTTPS protocol). Values:
1: Indicates adding all encryption suites.
2: Indicates adding a strong encryption suite. This value can be selected only when the value of TLSVersion is tlsv1.2.
99: Indicates adding a custom encryption suite.
Required: false
EnableTLSv3:
Type: Boolean
Description:
en: |-
Whether to support TSL1.3 version. This parameter is used only when the value of HttpsPorts is not empty (indicating that the domain name uses the HTTPS protocol). Value:
true: indicates that TSL1.3 version is supported.
false: indicates that TSL1.3 version is not supported.
Required: false
Port:
Type: Number
Description:
en: Access the cloud product port of WAF.
Required: true
ResourceProduct:
Type: String
Description:
en: Access to WAF cloud products.
Required: true
Certificates:
AssociationPropertyMetadata:
Parameters:
AppliedType:
Type: String
Description:
en: |-
The certificate type for the HTTPS protocol. Valid values:
default: Indicates the default certificate.
extension: Indicates an extended certificate.
AllowedValues:
- default
- extension
Required: false
CertificateId:
Type: String
Description:
en: The ID of the certificate that was added.
Required: false
AssociationProperty: List[Parameters]
Type: Json
Description:
en: The domain name bound to the certificate.
Required: false
MinLength: 0
MaxLength: 10
Protocol:
Type: String
Description:
en: Protocol type
Required: true
ResourceInstanceId:
Type: String
Description:
en: The instance ID of the cloud product connected to WAF.
Required: true
Type: Json
Description:
en: Listening information.
Required: true
Resources:
ExtensionResource:
Type: ALIYUN::WAF3::TGW
Properties:
InstanceId:
Ref: InstanceId
Listen:
Ref: Listen
Outputs:
InstanceId:
Description: The ID of the WAF instance.
Value:
Fn::GetAtt:
- ExtensionResource
- InstanceId
Port:
Description: Access the cloud product port of WAF.
Value:
Fn::GetAtt:
- ExtensionResource
- Port
ResourceProduct:
Description: Access to WAF cloud products.
Value:
Fn::GetAtt:
- ExtensionResource
- ResourceProduct
TgwId:
Description: The protection object ID of the transparent access resource.
Value:
Fn::GetAtt:
- ExtensionResource
- TgwId
{
"ROSTemplateFormatVersion": "2015-09-01",
"Parameters": {
"InstanceId": {
"Type": "String",
"Description": {
"en": "The ID of the WAF instance."
},
"Required": true
},
"Listen": {
"AssociationPropertyMetadata": {
"Parameters": {
"CustomCiphers": {
"Type": "Json",
"Description": {
"en": "Customize the encryption suite list. This parameter is used only when CipherSuite is set to 99."
},
"Required": false,
"MinLength": 0,
"MaxLength": 5
},
"TLSVersion": {
"Type": "String",
"Description": {
"en": "The TLS version to be added. This parameter is used only when the value of HttpsPorts is not empty (indicating that the domain name uses the HTTPS protocol). Values:\ntlsv1\ntlsv1.1\ntlsv1.2"
},
"AllowedValues": [
"tlsv1",
"tlsv1.1",
"tlsv1.2"
],
"Required": false
},
"Http2Enabled": {
"Type": "Boolean",
"Description": {
"en": "Whether to enable HTTP2. This parameter is used only when the value of HttpsPorts is not empty (indicating that the domain name uses the HTTPS protocol). Values:\ntrue: Enable HTTP2.\nfalse (default): Disable HTTP2."
},
"Required": false
},
"CipherSuite": {
"Type": "Number",
"Description": {
"en": "The type of encryption suite to be added. This parameter is used only when the value of HttpsPorts is not empty (indicating that the domain name uses the HTTPS protocol). Values:\n1: Indicates adding all encryption suites.\n2: Indicates adding a strong encryption suite. This value can be selected only when the value of TLSVersion is tlsv1.2.\n99: Indicates adding a custom encryption suite."
},
"Required": false
},
"EnableTLSv3": {
"Type": "Boolean",
"Description": {
"en": "Whether to support TSL1.3 version. This parameter is used only when the value of HttpsPorts is not empty (indicating that the domain name uses the HTTPS protocol). Value:\ntrue: indicates that TSL1.3 version is supported.\nfalse: indicates that TSL1.3 version is not supported."
},
"Required": false
},
"Port": {
"Type": "Number",
"Description": {
"en": "Access the cloud product port of WAF."
},
"Required": true
},
"ResourceProduct": {
"Type": "String",
"Description": {
"en": "Access to WAF cloud products."
},
"Required": true
},
"Certificates": {
"AssociationPropertyMetadata": {
"Parameters": {
"AppliedType": {
"Type": "String",
"Description": {
"en": "The certificate type for the HTTPS protocol. Valid values:\ndefault: Indicates the default certificate.\nextension: Indicates an extended certificate."
},
"AllowedValues": [
"default",
"extension"
],
"Required": false
},
"CertificateId": {
"Type": "String",
"Description": {
"en": "The ID of the certificate that was added."
},
"Required": false
}
}
},
"AssociationProperty": "List[Parameters]",
"Type": "Json",
"Description": {
"en": "The domain name bound to the certificate."
},
"Required": false,
"MinLength": 0,
"MaxLength": 10
},
"Protocol": {
"Type": "String",
"Description": {
"en": "Protocol type"
},
"Required": true
},
"ResourceInstanceId": {
"Type": "String",
"Description": {
"en": "The instance ID of the cloud product connected to WAF."
},
"Required": true
}
}
},
"Type": "Json",
"Description": {
"en": "Listening information."
},
"Required": true
}
},
"Resources": {
"ExtensionResource": {
"Type": "ALIYUN::WAF3::TGW",
"Properties": {
"InstanceId": {
"Ref": "InstanceId"
},
"Listen": {
"Ref": "Listen"
}
}
}
},
"Outputs": {
"InstanceId": {
"Description": "The ID of the WAF instance.",
"Value": {
"Fn::GetAtt": [
"ExtensionResource",
"InstanceId"
]
}
},
"Port": {
"Description": "Access the cloud product port of WAF.",
"Value": {
"Fn::GetAtt": [
"ExtensionResource",
"Port"
]
}
},
"ResourceProduct": {
"Description": "Access to WAF cloud products.",
"Value": {
"Fn::GetAtt": [
"ExtensionResource",
"ResourceProduct"
]
}
},
"TgwId": {
"Description": "The protection object ID of the transparent access resource.",
"Value": {
"Fn::GetAtt": [
"ExtensionResource",
"TgwId"
]
}
}
}
}
该文章对您有帮助吗?