ALIYUN::WAF3::TGW

ALIYUN::WAF3::TGW类型用于创建透明资产。

语法

{
  "Type": "ALIYUN::WAF3::TGW",
  "Properties": {
    "InstanceId": String,
    "Listen": Map,
    "ResourceGroupId": String,
    "Redirect": Map
  }
}

属性

属性名称

类型

必须

允许更新

描述

约束

InstanceId

String

WAF 实例的 ID。

Listen

Map

配置监听信息。

更多信息,请参见Listen属性。

ResourceGroupId

String

资源组 ID。

Redirect

Map

配置转发信息。

Listen语法

"Listen": {
  "CustomCiphers": List,
  "TLSVersion": String,
  "Http2Enabled": Boolean,
  "CipherSuite": Integer,
  "EnableTLSv3": Boolean,
  "Port": Integer,
  "ResourceProduct": String,
  "Certificates": List,
  "Protocol": String,
  "ResourceInstanceId": String
}

Listen属性

属性名称

类型

必须

允许更新

描述

约束

Port

Integer

监听端口。

Protocol

String

协议类型。

ResourceProduct

String

访问WAF的云产品。

ResourceInstanceId

String

连接到WAF的云产品实例ID。

CustomCiphers

List

自定义加密套件列表。

此参数仅在CipherSuite设置为99时使用。最多支持配置5个自定义加密套件。

CipherSuite

Integer

加密套件类型。

取值:

  • 1:表示添加全部加密套件。

  • 2:表示添加强加密套件。

  • 99:表示添加自定义加密套件。

Certificates

List

绑定到证书的域名。

最多支持绑定10个证书。

EnableTLSv3

Boolean

是否支持 TLS1.3 版本。

取值:

  • true:表示支持 TLS1.3 版本。

  • false:表示不支持 TLS1.3 版本。

Http2Enabled

Boolean

是否开启 HTTP2。

取值:

  • true:表示开启 HTTP2。

  • false:表示不开启 HTTP2。

TLSVersion

String

TLS 的版本。

取值:

  • tlsv1

  • tlsv1.1

  • tlsv1.2

Certificates语法

"Certificates": [
  {
    "AppliedType": String,
    "CertificateId": String
  }
]

Certificates属性

属性名称

类型

必须

允许更新

描述

约束

AppliedType

String

HTTPS协议的证书类型。

有效值:

  • default: 表示默认证书。

  • extension: 表示扩展证书。

CertificateId

String

已添加证书的ID。

Redirect语法

"Redirect": {
  "XffHeaders": List,
  "WriteTimeout": Integer,
  "XffHeaderMode": Integer,
  "Keepalive": Boolean,
  "RequestHeaders": List,
  "KeepaliveRequests": Integer,
  "KeepaliveTimeout": Integer,
  "ReadTimeout": Integer,
  "XffProto": Boolean
}

Redirect属性

属性名称

类型

必须

允许更新

描述

约束

Keepalive

Boolean

是否保持长连接。

取值:

  • true(默认):表示保持长连接。

  • false:表示不保持长连接。

KeepaliveRequests

Integer

多路复用长连接的请求次数。

取值范围:60~1000,单位:次。

KeepaliveTimeout

Integer

空闲长连接超时时间。

取值范围:1~60,默认值为15,单位:秒。

RequestHeaders

List

域名的流量标签字段和值。

用于标记由WAF处理的流量。

ReadTimeout

Integer

读取超时时长。

单位:秒。取值范围:1~3600。

WriteTimeout

Integer

写入超时时长。

单位:秒。取值范围:1~3600。

XffHeaders

List

设置用于获取客户端IP的自定义字段列表。

格式表达为["header1", "header2", ...]。最多支持配置20个自定义字段。

XffHeaderMode

Integer

WAF 获取客户端真实 IP 的方式。

取值:

  • 0:表示客户端访问流量到 WAF 前没有经过其他七层代理转发。

  • 1:表示 WAF 读取请求头中 X-Forwarded-For(XFF)字段的第一个值作为客户端 IP。

  • 2:表示 WAF 读取请求头中由您设置的自定义字段值作为客户端 IP。

XffProto

Boolean

X-Forward-For-Proto 传递 WAF 的协议。

取值:

  • true(默认):表示传递 WAF 的协议。

  • false:表示不传递 WAF 的协议。

RequestHeaders语法

"RequestHeaders": [
  {
    "Value": String,
    "Key": String
  }
]

RequestHeaders属性

属性名称

类型

必须

允许更新

描述

约束

Key

String

指定的自定义请求头部字段。

Value

String

指定的自定义请求头部字段设定的值。

返回值

Fn::GetAtt

  • InstanceId:WAF 实例的 ID。

  • Port:访问WAF的云产品端口。

  • ResourceProduct:访问WAF的云产品。

  • TgwId:透明访问资源的保护对象ID。

示例

  • YAML格式

    ROSTemplateFormatVersion: '2015-09-01'
    Parameters:
      InstanceId:
        Type: String
        Description:
          en: The ID of the WAF instance.
        Required: true
      Listen:
        AssociationPropertyMetadata:
          Parameters:
            CustomCiphers:
              Type: Json
              Description:
                en: Customize the encryption suite list. This parameter is used only when CipherSuite is set to 99.
              Required: false
              MinLength: 0
              MaxLength: 5
            TLSVersion:
              Type: String
              Description:
                en: |-
                  The TLS version to be added. This parameter is used only when the value of HttpsPorts is not empty (indicating that the domain name uses the HTTPS protocol). Values:
                  tlsv1
                  tlsv1.1
                  tlsv1.2
              AllowedValues:
                - tlsv1
                - tlsv1.1
                - tlsv1.2
              Required: false
            Http2Enabled:
              Type: Boolean
              Description:
                en: |-
                  Whether to enable HTTP2. This parameter is used only when the value of HttpsPorts is not empty (indicating that the domain name uses the HTTPS protocol). Values:
                  true: Enable HTTP2.
                  false (default): Disable HTTP2.
              Required: false
            CipherSuite:
              Type: Number
              Description:
                en: |-
                  The type of encryption suite to be added. This parameter is used only when the value of HttpsPorts is not empty (indicating that the domain name uses the HTTPS protocol). Values:
                  1: Indicates adding all encryption suites.
                  2: Indicates adding a strong encryption suite. This value can be selected only when the value of TLSVersion is tlsv1.2.
                  99: Indicates adding a custom encryption suite.
              Required: false
            EnableTLSv3:
              Type: Boolean
              Description:
                en: |-
                  Whether to support TSL1.3 version. This parameter is used only when the value of HttpsPorts is not empty (indicating that the domain name uses the HTTPS protocol). Value:
                  true: indicates that TSL1.3 version is supported.
                  false: indicates that TSL1.3 version is not supported.
              Required: false
            Port:
              Type: Number
              Description:
                en: Access the cloud product port of WAF.
              Required: true
            ResourceProduct:
              Type: String
              Description:
                en: Access to WAF cloud products.
              Required: true
            Certificates:
              AssociationPropertyMetadata:
                Parameters:
                  AppliedType:
                    Type: String
                    Description:
                      en: |-
                        The certificate type for the HTTPS protocol. Valid values:
                        default: Indicates the default certificate.
                        extension: Indicates an extended certificate.
                    AllowedValues:
                      - default
                      - extension
                    Required: false
                  CertificateId:
                    Type: String
                    Description:
                      en: The ID of the certificate that was added.
                    Required: false
              AssociationProperty: List[Parameters]
              Type: Json
              Description:
                en: The domain name bound to the certificate.
              Required: false
              MinLength: 0
              MaxLength: 10
            Protocol:
              Type: String
              Description:
                en: Protocol type
              Required: true
            ResourceInstanceId:
              Type: String
              Description:
                en: The instance ID of the cloud product connected to WAF.
              Required: true
        Type: Json
        Description:
          en: Listening information.
        Required: true
    Resources:
      ExtensionResource:
        Type: ALIYUN::WAF3::TGW
        Properties:
          InstanceId:
            Ref: InstanceId
          Listen:
            Ref: Listen
    Outputs:
      InstanceId:
        Description: The ID of the WAF instance.
        Value:
          Fn::GetAtt:
            - ExtensionResource
            - InstanceId
      Port:
        Description: Access the cloud product port of WAF.
        Value:
          Fn::GetAtt:
            - ExtensionResource
            - Port
      ResourceProduct:
        Description: Access to WAF cloud products.
        Value:
          Fn::GetAtt:
            - ExtensionResource
            - ResourceProduct
      TgwId:
        Description: The protection object ID of the transparent access resource.
        Value:
          Fn::GetAtt:
            - ExtensionResource
            - TgwId
    
  • JSON格式

    {
      "ROSTemplateFormatVersion": "2015-09-01",
      "Parameters": {
        "InstanceId": {
          "Type": "String",
          "Description": {
            "en": "The ID of the WAF instance."
          },
          "Required": true
        },
        "Listen": {
          "AssociationPropertyMetadata": {
            "Parameters": {
              "CustomCiphers": {
                "Type": "Json",
                "Description": {
                  "en": "Customize the encryption suite list. This parameter is used only when CipherSuite is set to 99."
                },
                "Required": false,
                "MinLength": 0,
                "MaxLength": 5
              },
              "TLSVersion": {
                "Type": "String",
                "Description": {
                  "en": "The TLS version to be added. This parameter is used only when the value of HttpsPorts is not empty (indicating that the domain name uses the HTTPS protocol). Values:\ntlsv1\ntlsv1.1\ntlsv1.2"
                },
                "AllowedValues": [
                  "tlsv1",
                  "tlsv1.1",
                  "tlsv1.2"
                ],
                "Required": false
              },
              "Http2Enabled": {
                "Type": "Boolean",
                "Description": {
                  "en": "Whether to enable HTTP2. This parameter is used only when the value of HttpsPorts is not empty (indicating that the domain name uses the HTTPS protocol). Values:\ntrue: Enable HTTP2.\nfalse (default): Disable HTTP2."
                },
                "Required": false
              },
              "CipherSuite": {
                "Type": "Number",
                "Description": {
                  "en": "The type of encryption suite to be added. This parameter is used only when the value of HttpsPorts is not empty (indicating that the domain name uses the HTTPS protocol). Values:\n1: Indicates adding all encryption suites.\n2: Indicates adding a strong encryption suite. This value can be selected only when the value of TLSVersion is tlsv1.2.\n99: Indicates adding a custom encryption suite."
                },
                "Required": false
              },
              "EnableTLSv3": {
                "Type": "Boolean",
                "Description": {
                  "en": "Whether to support TSL1.3 version. This parameter is used only when the value of HttpsPorts is not empty (indicating that the domain name uses the HTTPS protocol). Value:\ntrue: indicates that TSL1.3 version is supported.\nfalse: indicates that TSL1.3 version is not supported."
                },
                "Required": false
              },
              "Port": {
                "Type": "Number",
                "Description": {
                  "en": "Access the cloud product port of WAF."
                },
                "Required": true
              },
              "ResourceProduct": {
                "Type": "String",
                "Description": {
                  "en": "Access to WAF cloud products."
                },
                "Required": true
              },
              "Certificates": {
                "AssociationPropertyMetadata": {
                  "Parameters": {
                    "AppliedType": {
                      "Type": "String",
                      "Description": {
                        "en": "The certificate type for the HTTPS protocol. Valid values:\ndefault: Indicates the default certificate.\nextension: Indicates an extended certificate."
                      },
                      "AllowedValues": [
                        "default",
                        "extension"
                      ],
                      "Required": false
                    },
                    "CertificateId": {
                      "Type": "String",
                      "Description": {
                        "en": "The ID of the certificate that was added."
                      },
                      "Required": false
                    }
                  }
                },
                "AssociationProperty": "List[Parameters]",
                "Type": "Json",
                "Description": {
                  "en": "The domain name bound to the certificate."
                },
                "Required": false,
                "MinLength": 0,
                "MaxLength": 10
              },
              "Protocol": {
                "Type": "String",
                "Description": {
                  "en": "Protocol type"
                },
                "Required": true
              },
              "ResourceInstanceId": {
                "Type": "String",
                "Description": {
                  "en": "The instance ID of the cloud product connected to WAF."
                },
                "Required": true
              }
            }
          },
          "Type": "Json",
          "Description": {
            "en": "Listening information."
          },
          "Required": true
        }
      },
      "Resources": {
        "ExtensionResource": {
          "Type": "ALIYUN::WAF3::TGW",
          "Properties": {
            "InstanceId": {
              "Ref": "InstanceId"
            },
            "Listen": {
              "Ref": "Listen"
            }
          }
        }
      },
      "Outputs": {
        "InstanceId": {
          "Description": "The ID of the WAF instance.",
          "Value": {
            "Fn::GetAtt": [
              "ExtensionResource",
              "InstanceId"
            ]
          }
        },
        "Port": {
          "Description": "Access the cloud product port of WAF.",
          "Value": {
            "Fn::GetAtt": [
              "ExtensionResource",
              "Port"
            ]
          }
        },
        "ResourceProduct": {
          "Description": "Access to WAF cloud products.",
          "Value": {
            "Fn::GetAtt": [
              "ExtensionResource",
              "ResourceProduct"
            ]
          }
        },
        "TgwId": {
          "Description": "The protection object ID of the transparent access resource.",
          "Value": {
            "Fn::GetAtt": [
              "ExtensionResource",
              "TgwId"
            ]
          }
        }
      }
    }