API
  • History
  • Introduction
  • API Category
  • Making API Requests
    • Request Structure
    • Common Params
    • Signature v3
    • Signature
    • Responses
  • Site APIs
    • CreateZone
    • DescribeIdentifications
    • ModifyZone
    • DeleteZone
    • ModifyZoneStatus
    • CheckCnameStatus
    • IdentifyZone
    • DescribeZones
    • VerifyOwnership
    • ExportZoneConfig
    • ImportZoneConfig
    • DescribeZoneConfigImportResult
  • Acceleration Domain Management APIs
    • CreateAccelerationDomain
    • DescribeAccelerationDomains
    • ModifyAccelerationDomain
    • ModifyAccelerationDomainStatuses
    • DeleteAccelerationDomains
    • CreateSharedCNAME
    • BindSharedCNAME
    • DeleteSharedCNAME
  • Site Acceleration Configuration APIs
    • CreateRule
    • DeleteRules
    • DescribeHostsSetting
    • DescribeRules
    • DescribeRulesSetting
    • DescribeZoneSetting
    • ModifyRule
    • ModifyZoneSetting
  • Edge Function APIs
    • CreateFunction
    • DescribeFunctions
    • ModifyFunction
    • CreateFunctionRule
    • DeleteFunction
    • DescribeFunctionRules
    • ModifyFunctionRule
    • ModifyFunctionRulePriority
    • DeleteFunctionRules
    • DescribeFunctionRuntimeEnvironment
    • HandleFunctionRuntimeEnvironment
  • Alias Domain APIs
    • CreateAliasDomain
    • DescribeAliasDomains
    • ModifyAliasDomain
    • ModifyAliasDomainStatus
    • DeleteAliasDomain
  • Security Configuration APIs
    • CreateSecurityIPGroup
    • DescribeSecurityIPGroup
    • ModifySecurityIPGroup
    • DeleteSecurityIPGroup
    • DescribeOriginProtection
    • DescribeSecurityTemplateBindings
    • ModifySecurityPolicy
    • BindSecurityTemplateToEntity
    • DescribeSecurityIPGroupInfo
  • Layer 4 Application Proxy APIs
    • CreateL4Proxy
    • ModifyL4Proxy
    • ModifyL4ProxyStatus
    • DescribeL4Proxy
    • DeleteL4Proxy
    • CreateL4ProxyRules
    • ModifyL4ProxyRules
    • ModifyL4ProxyRulesStatus
    • DescribeL4ProxyRules
    • DeleteL4ProxyRules
    • CreateApplicationProxy
    • ModifyApplicationProxy
    • ModifyApplicationProxyStatus
    • DescribeApplicationProxies
    • DeleteApplicationProxy
    • CreateApplicationProxyRule
    • ModifyApplicationProxyRule
    • ModifyApplicationProxyRuleStatus
    • DeleteApplicationProxyRule
  • Content Management APIs
    • CreatePurgeTask
    • DescribePurgeTasks
    • CreatePrefetchTask
    • DescribePrefetchTasks
    • DescribeContentQuota
  • Data Analysis APIs
    • DescribeDDoSAttackData
    • DescribeDDoSAttackEvent
    • DescribeDDoSAttackTopData
    • DescribeOverviewL7Data
    • DescribeTimingL4Data
    • DescribeTimingL7AnalysisData
    • DescribeTopL7AnalysisData
    • DescribeTimingL7CacheData
    • DescribeTopL7CacheData
  • Log Service APIs
    • DownloadL7Logs
    • DownloadL4Logs
    • CreateCLSIndex
    • CreateRealtimeLogDeliveryTask
    • ModifyRealtimeLogDeliveryTask
    • DeleteRealtimeLogDeliveryTask
    • DescribeRealtimeLogDeliveryTasks
  • Billing APIs
    • CreatePlan
    • UpgradePlan
    • RenewPlan
    • ModifyPlan
    • IncreasePlanQuota
    • DestroyPlan
    • CreatePlanForZone
    • BindZoneToPlan
    • DescribeBillingData
    • DescribeAvailablePlans
  • Certificate APIs
    • DescribeDefaultCertificates
    • ModifyHostsCertificate
  • Load Balancing APIs
    • CreateOriginGroup
    • ModifyOriginGroup
    • DeleteOriginGroup
    • DescribeOriginGroup
    • CreateLoadBalancer
    • ModifyLoadBalancer
    • DeleteLoadBalancer
    • DescribeLoadBalancerList
    • DescribeOriginGroupHealthStatus
  • Custom Response Page APIs
    • CreateCustomizeErrorPage
    • DescribeCustomErrorPages
    • ModifyCustomErrorPage
    • DeleteCustomErrorPage
  • DNS Record APIs
    • CreateDnsRecord
    • DeleteDnsRecords
    • DescribeDnsRecords
    • ModifyDnsRecordsStatus
    • ModifyDnsRecords
  • Diagnostic Tool APIs
    • DescribeIPRegion
  • Version Management APIs
    • CreateConfigGroupVersion
    • DeployConfigGroupVersion
    • DescribeConfigGroupVersionDetail
    • DescribeConfigGroupVersions
    • DescribeDeployHistory
    • DescribeEnvironments
  • Data Types
  • Error Codes

Data Types

APIResource

API resource.

Used by actions: CreateSecurityAPIResource, DescribeSecurityAPIResource, ModifySecurityAPIResource.

NameTypeRequiredDescription
IdStringNoSpecifies the resource ID.
NameStringNoSpecifies the resource name.
APIServiceIdsArray of StringNoSpecifies the API service ID list associated with the API resource.
PathStringNoSpecifies the resource path.
MethodsArray of StringNoRequest method list. valid values: GET, POST, PUT, HEAD, PATCH, OPTIONS, DELETE.
RequestConstraintStringNoSpecifies the specific content of the request content match rule, which must comply with the expression grammar. please refer to the product document for detailed requirements.

APIService

API service configuration.

Used by actions: CreateSecurityAPIService, DescribeSecurityAPIService, ModifySecurityAPIService.

NameTypeRequiredDescription
IdStringNoAPI service ID.
NameStringNoSpecifies the API service name.
BasePathStringNoSpecifies the base path.

AccelerateMainland

Cross-MLC-border acceleration.

Used by actions: CreateApplicationProxy, DescribeApplicationProxies, DescribeZoneSetting, ModifyApplicationProxy.

NameTypeRequiredDescription
SwitchStringYesWhether to enable Cross-MLC-border acceleration. Valid values:
  • on: Enable;
  • off: Disable.
  • AccelerateMainlandParameters

    Accelerate optimization and configuration in mainland China.

    Used by actions: DescribeL7AccSetting, ModifyL7AccSetting.

    NameTypeRequiredDescription
    SwitchStringNoMainland china acceleration optimization switch. valid values:.
  • On: enable;

  • .
  • Off: disable.
  • .

    AccelerateType

    Acceleration type

    Used by actions: DescribeHostsSetting.

    NameTypeRequiredDescription
    SwitchStringYesAcceleration switch. Values:
  • on: Enable
  • off: Disable
  • AccelerationDomain

    Accelerated domain name

    Used by actions: DescribeAccelerationDomains.

    NameTypeDescription
    ZoneIdStringID of the site.
    DomainNameStringAccelerated domain name
    DomainStatusStringStatus of the accelerated domain name. Values:
  • online: Activated
  • process: Being deployed
  • offline: Disabled
  • forbidden: Blocked
  • init: Pending activation
  • OriginDetailOriginDetailDetails of the origin.
    Note: This field may return null, indicating that no valid values can be obtained.
    OriginProtocolStringOrigin-pull protocol configuration. Values:
  • FOLLOW: Follow the protocol of origin
  • HTTP: Send requests to the origin over HTTP
  • HTTPS: Send requests to the origin over HTTPS

  • Note: This field may return·null, indicating that no valid values can be obtained.
    HttpOriginPortIntegerThe port used for HTTP origin-pull requests
    Note: This field may return·null, indicating that no valid values can be obtained.
    HttpsOriginPortIntegerThe port used for HTTPS origin-pull requests
    Note: This field may return·null, indicating that no valid values can be obtained.
    IPv6StatusStringIPv6 status. Values:
  • follow: Follow the IPv6 configuration of the site
  • on: Enable
  • off: Disable

  • Note: This field may return·null, indicating that no valid values can be obtained.
    CnameStringThe CNAME address.
    IdentificationStatusStringOwnership verification status. Values:
  • pending: Pending verification
  • finished: Verified

  • Note: This field may return null, indicating that no valid values can be obtained.
    CreatedOnTimestamp ISO8601Creation time of the accelerated domain name.
    ModifiedOnTimestamp ISO8601Modification time of the accelerated domain name.
    OwnershipVerificationOwnershipVerificationInformation required to verify the ownership of a domain name.
    Note: This field may return·null, indicating that no valid values can be obtained.
    CertificateAccelerationDomainCertificateDomain name certificate information
    Note: This field may return·null, indicating that no valid values can be obtained.

    AccelerationDomainCertificate

    Information of the acceleration domain name certificate.

    Used by actions: DescribeAccelerationDomains.

    NameTypeRequiredDescription
    ModeStringNoCertificate configuration mode. Values:
  • disable: Do not configure the certificate;
  • eofreecert: Use a free certificate provided by EdgeOne;
  • sslcert: Configure an SSL certificate.
  • ListArray of CertificateInfoNoList of server certificates. The relevant certificates are deployed on the entrance side of the EO.
    Note: This field may return null, which indicates a failure to obtain a valid value.
    ClientCertInfoMutualTLSNoIn the edge mutual authentication scenario, this field represents the client's CA certificate, which is deployed inside the EO node and used for EO node authentication of the client certificate.
    UpstreamCertInfoUpstreamCertInfoNoThe certificate carried during EO node origin-pull is used when the origin server enables the mutual authentication handshake to validate the client certificate, ensuring that the request originates from a trusted EO node.

    AccessURLRedirectParameters

    Access URL redirect configuration parameters.

    Used by actions: CreateL7AccRules, DescribeL7AccRules, ModifyL7AccRule.

    NameTypeRequiredDescription
    StatusCodeIntegerNoStatus code. valid values: 301, 302, 303, 307, 308.
    ProtocolStringNoTarget request protocol. valid values:.
  • Http: target request protocol http;
  • .
  • Https: target request protocol https;
  • .
  • Follow: follow the request.
  • .
    HostNameHostNameNoTarget hostname.
    Note: this field may return null, which indicates a failure to obtain a valid value.
    URLPathURLPathNoTarget path.
    Note: this field may return null, which indicates a failure to obtain a valid value.
    QueryStringAccessURLRedirectQueryStringNoCarry query parameters.
    Note: this field may return null, which indicates a failure to obtain a valid value.

    AccessURLRedirectQueryString

    Access URL redirect configuration parameters.

    Used by actions: CreateL7AccRules, DescribeL7AccRules, ModifyL7AccRule.

    NameTypeRequiredDescription
    ActionStringNoAction to be executed. values:.
  • Full: retain all
  • .
  • Ignore: ignore all
  • .

    AclCondition

    The condition that makes up an access control rule

    Used by actions: ModifySecurityPolicy.

    NameTypeRequiredDescription
    MatchFromStringYesFilters:
  • host: Request domain name;
  • sip: Client IP;
  • ua: User-Agent;
  • cookie: Cookie;
  • cgi: CGI script;
  • xff: XFF header;
  • url: Request URL;
  • accept: Request content type;
  • method: Request method<;/li>
  • header: Request header;
  • app_proto: Application layer protocol;
  • sip_proto: Network layer protocol;
  • uabot: UA rules (only available in custom bot rules);
  • idcid: IDC rules (only available in custom bot rules);
  • sipbot: Search engine rules (only available in custom bot rules);
  • portrait: Client reputation (only available in custom bot rules);
  • header_seq: Header sequence (only available in custom bot rules);
  • hdr: Request body (only available in custom Web protection rules).
  • MatchParamStringYesThe parameter of the field. When MatchFrom = header, the key contained in the header can be passed.
    OperatorStringYesThe logical operator. Values:
  • equal: Value equals
  • not_equal: Value not equals
  • include: String contains
  • not_include: String not contains
  • match: IP matches
  • not_match: IP not matches
  • include_area: Regions contain
  • is_empty: Value left empty
  • not_exists: Key fields not exist
  • regexp: Regex matches
  • len_gt: Value greater than
  • len_lt: Value smaller than
  • len_eq: Value equals
  • match_prefix: Prefix matches
  • match_suffix: Suffix matches
  • wildcard: Wildcard
  • MatchContentStringYesThe content to match.

    AclConfig

    ACL configuration

    Used by actions: ModifySecurityPolicy.

    NameTypeRequiredDescription
    SwitchStringYesSwitch. Values:
  • on: Enable
  • off: Disable
  • AclUserRulesArray of AclUserRuleYesThe custom rule.
    CustomizesArray of AclUserRuleNoManaged custom rules.

    AclUserRule

    The custom rule

    Used by actions: ModifySecurityPolicy.

    NameTypeRequiredDescription
    RuleNameStringYesThe rule name.
    ActionStringYesThe action. Values:
  • trans: Allow
  • drop: Block the request
  • monitor: Observe
  • ban: Block the IP
  • redirect: Redirect the request
  • page: Return the specified page
  • alg: JavaScript challenge
  • RuleStatusStringYesThe rule status. Values:
  • on: Enabled
  • off: Disabled
  • AclConditionsArray of AclConditionYesThe custom rule.
    RulePriorityIntegerYesThe rule priority. Value range: 0-100.
    RuleIDIntegerNoRule ID, which is only used as an output parameter.
    UpdateTimeStringNoThe update time, which is only used as an output parameter.
    PunishTimeIntegerNoIP ban duration. Range: 0-2 days. It's required when Action=ban.
    PunishTimeUnitStringNoThe unit of the IP ban duration. Values:
  • second: Second
  • minutes: Minute
  • hour: Hour
  • Default value: second.
    NameStringNoName of the custom return page. It's required when Action=page.
    PageIdIntegerNo(Disused) ID of the custom return page. The default value is 0, which means that the system default blocking page is used.
    CustomResponseIdStringNoID of custom response. The ID can be obtained via the DescribeCustomErrorPages API. It's required when Action=page.
    ResponseCodeIntegerNoThe response code to trigger the return page. It's required when Action=page. Value: 100-600. 3xx response codes are not supported. Default value: 567.
    RedirectUrlStringNoThe redirection URL. It's required when Action=redirect.

    Action

    Rule engine action. Each feature supports only one of the following three action types. The RuleAction array can be of only one of the following types. For all details, see DescribeRulesSetting.

    Used by actions: CreateRule, DescribeRules, ModifyRule.

    NameTypeRequiredDescription
    NormalActionNormalActionNoCommon feature operations. the options for this category include:.
  • Access url rewrite (accessurlredirect).
  • .
  • origin url overriding (upstreamurlredirect);
  • .
  • quic;
  • .
  • websocket;
  • .
  • video dragging (videoseek);
  • .
  • token authentication (authentication);
  • .
  • custom cachekey (cachekey);
  • .
  • node caching ttl (cache);
  • .
  • browser cache ttl (maxage);
  • .
  • offline caching (offlinecache);
  • .
  • smart acceleration (smartrouting);
  • .
  • range-based origin pull (rangeoriginpull);
  • .
  • http/2 origin pull (upstreamhttp2);
  • .
  • host header overriding (hostheader);
  • .
  • force https (forceredirect);
  • .
  • https origin pull (originpullprotocol);
  • .
  • ResponseSpeedLimit: single connection download speed limit.
  • .
  • CachePrefresh: cache prefresh.
  • .
  • Compression: smart compression.
  • .
  • Hsts;
  • .
  • ClientIpHeader;
  • .
  • ssltlssecureconf;
  • .
  • ocspstapling;
  • .
  • http/2 access (http2);
  • .
  • redirection during origin pull (upstreamfollowredirect);
  • .
  • modifying origin server (origin);
  • .
  • layer 7 origin pull timeout (httpupstreamtimeout).
  • .
  • http response (httpresponse).
  • .
    Note: this field may return null, which indicates a failure to obtain a valid value.
    RewriteActionRewriteActionNoFeature operation with a request/response header. Features of this type include:
  • RequestHeader: HTTP request header modification.
  • ResponseHeader: HTTP response header modification.

  • Note: This field may return null, indicating that no valid values can be obtained.
    CodeActionCodeActionNoFeature operation with a status code. Features of this type include:
  • ErrorPage: Custom error page.
  • StatusCodeCache: Status code cache TTL.

  • Note: This field may return null, indicating that no valid values can be obtained.

    AdaptiveFrequencyControl

    Adaptive frequency control.

    Used by actions: CreateWebSecurityTemplate, DescribeSecurityPolicy, DescribeWebSecurityTemplate, ModifySecurityPolicy, ModifyWebSecurityTemplate.

    NameTypeRequiredDescription
    EnabledStringYesWhether adaptive frequency control is enabled. valid values:
  • on: enable;
  • off: disable.
  • .
    SensitivityStringNoThe restriction level of adaptive frequency control. required when Enabled is on. valid values:
  • Loose: Loose
  • Moderate: Moderate
  • Strict: Strict
  • .
    ActionSecurityActionNoThe handling method of adaptive frequency control. this field is required when Enabled is on. valid values for SecurityAction Name:
  • Monitor: observation;
  • Deny: block;
  • Challenge: Challenge, where ChallengeActionParameters.Name only supports JSChallenge.
  • .

    Addresses

    IP range details.

    Used by actions: DescribeOriginACL.

    NameTypeRequiredDescription
    IPv4Array of StringNoIPv4 subnet.
    IPv6Array of StringNoIPv6 subnet.

    AdvancedFilter

    Key-value pair filters for conditional filtering queries and fuzzy queries, such as filtering ID, name, and status.
    If more than one filter exists, the logical relationship between these filters is AND.
    If one filter has multiple values, the logical relationship between these values is OR.

    Used by actions: DescribeAccelerationDomains, DescribeAliasDomains, DescribeConfigGroupVersions, DescribeContentIdentifiers, DescribeCustomErrorPages, DescribeDeployHistory, DescribeDnsRecords, DescribeOriginGroup, DescribePrefetchTasks, DescribePurgeTasks, DescribeRealtimeLogDeliveryTasks, DescribeZones.

    NameTypeRequiredDescription
    NameStringYesField to be filtered.
    ValuesArray of StringYesValue of the filtered field.
    FuzzyBooleanNoWhether to enable fuzzy query.

    AiRule

    AI rule engine

    Used by actions: ModifySecurityPolicy.

    NameTypeRequiredDescription
    ModeStringYesThe status of the AI rule engine. Values:
  • smart_status_close: Disabled
  • smart_status_open: Block
  • smart_status_observe: Observe
  • AlgDetectJS

    Validate client behavior.

    Used by actions: ModifySecurityPolicy.

    NameTypeRequiredDescription
    NameStringNoMethod to validate client behavior.
    WorkLevelStringNoProof-of-work strength. Values:
  • low (default): Low
  • middle: Medium
  • high: High
  • ExecuteModeIntegerNoImplement a delay before executing JS in milliseconds. Value range: 0-1000. Default value: 500.
    InvalidStatTimeIntegerNoThe period threshold for validating the result "Client JS disabled" in seconds. Value range: 5-3600. Default value: 10.
    InvalidThresholdIntegerNoThe number of times for the result "Client JS disabled" occurred in the specified period. Value range: 1-100000000. Default value: 30.
    AlgDetectResultsArray of AlgDetectResultNoClient behavior validation results.

    AlgDetectResult

    Active bot detection results.

    Used by actions: ModifySecurityPolicy.

    NameTypeRequiredDescription
    ResultStringNoThe validation result. Values:
  • invalid: Invalid Cookie
  • cookie_empty: No Cookie/Cookie expired
  • js_empty: Client JS disabled
  • low: Low-risk session
  • middle: Medium-risk session
  • high: High-risk session
  • timeout: JS validation timed out
  • not_browser: Invalid browser
  • is_bot: Bot client
  • ActionStringNoThe action. Values:
  • drop: Block
  • monitor: Observe
  • silence: Drop w/o response
  • shortdelay: Add short latency
  • longdelay: Add long latency
  • AlgDetectRule

    Active bot detection rule.

    Used by actions: ModifySecurityPolicy.

    NameTypeRequiredDescription
    RuleIDIntegerNoID of the rule.
    RuleNameStringNoName of the rule.
    SwitchStringNoWhether to enable the rule.
    AlgConditionsArray of AclConditionNoCondition specified for the rule.
    AlgDetectSessionAlgDetectSessionNoChecksum of the Cookie and behavior analysis of the session.
    AlgDetectJSArray of AlgDetectJSNoValidate client behavior when the condition is satisfied.
    UpdateTimeStringNoThe update time, which is only used as an output parameter.

    AlgDetectSession

    Validate Cookie.

    Used by actions: ModifySecurityPolicy.

    NameTypeRequiredDescription
    NameStringNoMethod to validate Cookie.
    DetectModeStringNoThe validation mode. Values:
  • detect: Validate only
  • update_detect (default): Update Cookie and validate
  • SessionAnalyzeSwitchStringNoWhether to enable Cookie-based session check. The default value is off. Values:
  • off: Disable
  • on: Enable
  • InvalidStatTimeIntegerNoThe period threshold for validating the result "No Cookie/Cookie expired" in seconds. Value range: 5-3600. Default value: 10.
    InvalidThresholdIntegerNoThe number of times for the result "No Cookie/Cookie expired" occurred in the specified period. Value range: 1-100000000. Default value: 300.
    AlgDetectResultsArray of AlgDetectResultNoCookie validation results.
    SessionBehaviorsArray of AlgDetectResultNoCookie-based session check results.

    AliasDomain

    Information of the alias domain name

    Used by actions: DescribeAliasDomains.

    NameTypeDescription
    AliasNameStringThe alias domain name.
    ZoneIdStringThe site ID.
    TargetNameStringThe target domain name.
    StatusStringStatus of the alias domain name. Values:
  • active: Activated
  • pending: Deploying
  • conflict: Reclaimed
  • stop: Stopped
  • ForbidModeIntegerThe blocking mode. Values:
  • 0: Not blocked
  • 11: Blocked due to regulatory compliance
  • 14: Blocked due to ICP filing not obtained
  • CreatedOnTimestamp ISO8601Creation time of the alias domain name.
    ModifiedOnTimestamp ISO8601Modification time of the alias domain name.

    AllowActionParameters

    Additional parameter for Web security Allow.

    Used by actions: CreateWebSecurityTemplate, DescribeSecurityPolicy, DescribeWebSecurityTemplate, ModifySecurityPolicy, ModifyWebSecurityTemplate.

    NameTypeRequiredDescription
    MinDelayTimeStringNoMinimum latency response time. when configured as 0s, it means no delay for direct response. supported units:
  • s: seconds, value ranges from 0 to 5.
  • .
    MaxDelayTimeStringNoMaximum delayed response time. supported units:
  • s: seconds, value ranges from 5 to 10.
  • .

    ApplicationProxy

    Application proxy instance

    Used by actions: DescribeApplicationProxies.

    NameTypeDescription
    ZoneIdStringThe site ID.
    ZoneNameStringThe site name.
    ProxyIdStringThe proxy ID.
    ProxyNameStringThe domain name or subdomain name when ProxyType=hostname.
    The instance name when ProxyType=instance.
    ProxyTypeStringThe proxy type. Values:
  • hostname: The proxy is created by subdomain name.
  • instance: The proxy is created by instance.
  • PlatTypeStringThe scheduling mode. Values:
  • ip: Schedule via Anycast IP.
  • domain: Schedule via CNAME.
  • AreaStringAcceleration region. Values:
  • mainland: Chinese mainland.
  • overseas: Global (outside the Chinese mainland);

  • Default value: overseas.
    SecurityTypeIntegerWhether to enable security protection. Values:
  • 0: Disable security protection.
  • 1: Enable security protection.
  • AccelerateTypeIntegerWhether to enable acceleration. Values:
  • 0: Disable acceleration.
  • 1: Enable acceleration.
  • SessionPersistTimeIntegerThe session persistence duration.
    StatusStringThe rule status. Values:
  • online: Enabled
  • offline: Disabled
  • progress: Deploying
  • stopping: Disabling
  • fail: Failed to deploy or disable
  • BanStatusStringThe blocking status of the proxy. Values:
  • banned: Blocked
  • banning: Blocking
  • recover: Unblocked
  • recovering: Unblocking
  • ScheduleValueArray of StringScheduling information.
    HostIdStringWhen ProxyType=hostname:
    This field indicates the unique ID of the subdomain name.
    Ipv6Ipv6The IPv6 access configuration.
    UpdateTimeTimestamp ISO8601The update time.
    ApplicationProxyRulesArray of ApplicationProxyRuleList of rules.
    AccelerateMainlandAccelerateMainlandCross-MLC-border acceleration.

    ApplicationProxyRule

    Application proxy rule

    Used by actions: CreateApplicationProxy, DescribeApplicationProxies.

    NameTypeRequiredDescription
    ProtoStringYesProtocol. Valid values:
  • TCP: TCP protocol;
  • UDP: UDP protocol.
  • PortArray of StringYesPort. Supported formats:
  • A single port, such as 80.
  • A port range, such as 81-82, indicating two ports 81 and 82.

  • Note: Up to 20 ports can be input for each rule.
    OriginTypeStringYesOrigin server type. Valid values:
  • custom: manually added;
  • loadbalancer: cloud load balancer;
  • origins: origin server group.
  • OriginValueArray of StringYesOrigin server information.
  • When OriginType is custom, it indicates one or more origin servers, such as ["8.8.8.8","9.9.9.9"] or OriginValue=["test.com"];
  • When OriginType is loadbalancer, it indicates a cloud load balancer, such as ["lb-xdffsfasdfs"];
  • When OriginType is origins, it requires one and only one element, indicating the origin server group ID, such as ["origin-537f5b41-162a-11ed-abaa-525400c5da15"].
  • RuleIdStringNoRule ID.
    StatusStringNoStatus. Valid values:
  • online: enabled;
  • offline: disabled;
  • progress: deploying;
  • stopping: disabling;
  • fail: deployment or disabling failed.
  • ForwardClientIpStringNoPassing the client IP address. Valid values:
  • TOA: passing via TOA, available only when Proto = TCP;
  • PPV1: passing via Proxy Protocol V1, available only when Proto = TCP;
  • PPV2: passing via Proxy Protocol V2;
  • OFF: no passing.
  • Default value: OFF.
    SessionPersistBooleanNoWhether to enable session persistence. Valid values:
  • true: Enable;
  • false: Disable.
  • Default value: false.
    SessionPersistTimeIntegerNoDuration for session persistence. the value takes effect only when SessionPersist is true.
    OriginPortStringNoOrigin server port. Supported formats:
  • A single port, such as 80.
  • A port range, such as 81-82, indicating two ports 81 and 82.
  • RuleTagStringNoTag of the rule.

    AscriptionInfo

    The site ownership information

    Used by actions: DescribeIdentifications, IdentifyZone.

    NameTypeDescription
    SubdomainString
    RecordTypeStringThe record type.
    RecordValueStringThe record value.

    AudioTemplateInfo

    Audio stream configuration parameters.

    Used by actions: CreateJustInTimeTranscodeTemplate, DescribeJustInTimeTranscodeTemplates.

    NameTypeRequiredDescription
    CodecStringYesEncoding format for audio streams. optional values:.
  • libfdk_aac.
  • AudioChannelIntegerNoAudio channel quantity. valid values:
  • 2: dual-channel.
  • default value: 2.

    AuthenticationParameters

    Token authentication configuration parameters

    Used by actions: CreateL7AccRules, DescribeL7AccRules, ModifyL7AccRule.

    NameTypeRequiredDescription
    AuthTypeStringNoAuthentication type. valid values:.

  • TypeA: authentication method a type, for specific meaning please refer to authentication method a;
  • .
  • TypeB: authentication method b type, for specific meaning please refer to authentication method b;
  • .
  • TypeC: authentication method c type, for specific meaning please refer to authentication method c;
  • .
  • TypeD: authentication method d type, for specific meaning please refer to authentication method d;
  • .
  • TypeVOD: authentication method v type, for specific meaning please refer to authentication method v.
  • .
    SecretKeyStringNoThe primary authentication key consists of 6–40 uppercase and lowercase english letters or digits, and cannot contain " and $.
    TimeoutIntegerNoValidity period of the authentication url, in seconds, value range: 1–630720000. used to determine if the client access request has expired:.
  • If the current time exceeds "timestamp + validity period", it is an expired request, and a 403 is returned directly.
  • .
  • If the current time does not exceed "timestamp + validity period", the request is not expired, and the md5 string is further validated.
  • note: when authtype is one of typea, typeb, typec, or typed, this field is required.
    BackupSecretKeyStringNoThe backup authentication key consists of 6–40 uppercase and lowercase english letters or digits, and cannot contain " and $.
    AuthParamStringNoAuthentication parameters name. the node will validate the value corresponding to this parameter name. consists of 1-100 uppercase and lowercase letters, numbers, or underscores.
    note: this field is required when authtype is either typea or typed.
    TimeParamStringNoAuthentication timestamp. it cannot be the same as the value of the authparam field.
    note: this field is required when authtype is typed.
    TimeFormatStringNoAuthentication time format. values:.
  • Dec: decimal;
  • .
  • Hex: hexadecimal.
  • note: this field is required when authtype is typed. the default is hex.

    BandwidthAbuseDefense

    Bandwidth abuse protection configuration (chinese mainland only).

    Used by actions: CreateWebSecurityTemplate, DescribeSecurityPolicy, DescribeWebSecurityTemplate, ModifySecurityPolicy, ModifyWebSecurityTemplate.

    NameTypeRequiredDescription
    EnabledStringYesWhether bandwidth abuse protection (applicable to chinese mainland only) is enabled. valid values:
  • on: enabled;
  • off: disabled.
  • .
    ActionSecurityActionNoBandwidth abuse protection (applicable to chinese mainland) handling method. required when Enabled is on. valid values for SecurityAction Name:
  • Monitor: observe;
  • Deny: block;
  • Challenge: Challenge, where ChallengeActionParameters.Name only supports JSChallenge.
  • .

    BillingData

    Billing data item.

    Used by actions: DescribeBillingData.

    NameTypeDescription
    TimeTimestamp ISO8601Specifies the data timestamp.
    ValueIntegerValue.
    ZoneIdStringSite ID of the associated data point. if the content identifier feature is enabled, this item is the content identifier.
    HostStringSpecifies the domain name of the data point.
    ProxyIdStringSpecifies the layer-4 proxy instance ID the data point belongs to.
    RegionIdStringSpecifies the billing region ID the data point belongs to. the billing region is determined by the EdgeOne node region where the actual service user client is located. valid values:
  • CH: chinese mainland
  • AF: africa
  • AS1: asia pacific zone 1
  • AS2: asia pacific zone 2
  • AS3: asia pacific zone 3
  • EU: europe
  • MidEast: middle east
  • NA: north america
  • SA: south america
  • .

    BillingDataFilter

    Billing data filter criteria.

    Used by actions: DescribeBillingData.

    NameTypeRequiredDescription
    TypeStringYesParameter name.
    ValueStringYesParameter value.

    BindDomainInfo

    Describes the domain names bound to the policy template.

    Used by actions: DescribeWebSecurityTemplates.

    NameTypeDescription
    DomainStringDomain name.
    ZoneIdStringZone ID to which the domain belongs.
    StatusStringBinding status. valid values:.
  • process: binding in progress
  • online: binding succeeded.

  • fail: binding failed.
  • BindSharedCNAMEMap

    Bindings between a shared CNAME and connected domain names

    Used by actions: BindSharedCNAME.

    NameTypeRequiredDescription
    SharedCNAMEStringYesThe shared CNAME to be bound with or unbound from.
    DomainNamesArray of StringYesAcceleration domains (up to 20).

    BlockIPActionParameters

    Additional parameter for SecurityAction BlockIP.

    Used by actions: CreateWebSecurityTemplate, DescribeSecurityPolicy, DescribeWebSecurityTemplate, ModifySecurityPolicy, ModifyWebSecurityTemplate.

    NameTypeRequiredDescription
    DurationStringYesPenalty duration for BlockIP. Units:
  • s: second, value range 1-120;
  • m: minute, value range 1-120;
  • h: hour, value range 1-48.
  • .

    BotConfig

    Bot security configuration

    Used by actions: ModifySecurityPolicy.

    NameTypeRequiredDescription
    SwitchStringYesWhether to enable bot security. Values:
  • on: Enable
  • off: Disable
  • BotManagedRuleBotManagedRuleNoThe settings of the bot managed rule. If it is null, the settings that were last configured will be used.
    BotPortraitRuleBotPortraitRuleNoThe settings of the client reputation rule. If it is null, the settings that were last configured will be used.
    IntelligenceRuleIntelligenceRuleNoBot intelligent analysis. if null, use the last set configuration by default.
    BotUserRulesArray of BotUserRuleNoSettings of the custom bot rule. If it is null, the settings that were last configured will be used.
    AlgDetectRuleArray of AlgDetectRuleNoActive bot detection rule.
    CustomizesArray of BotUserRuleNoBot managed custom policy. optional input. output usage only.

    BotExtendAction

    Bot extended actions

    Used by actions: ModifySecurityPolicy.

    NameTypeRequiredDescription
    ActionStringYesAction. Valid values:
  • monitor: Observe;
  • alg: JavaScript challenge;
  • captcha: Managed challenge;
  • random: Actions are executed based on the percentage specified in ExtendActions;
  • silence: Silence;
  • shortdelay: Add short latency;
  • longdelay: Add long latency.
  • PercentIntegerNoThe probability for triggering the action. value range: 0-100.

    BotManagedRule

    Bot managed rules. The rule IDs can be obtained from the output of DescribeBotManagedRules.

    Used by actions: ModifySecurityPolicy.

    NameTypeRequiredDescription
    ActionStringYesThe rule action. Values:
  • drop: Block
  • trans: Allow
  • alg: JavaScript challenge
  • monitor: Observe
  • RuleIDIntegerNoThe rule ID, which is only used as an output parameter.
    TransManagedIdsArray of IntegerNoRule ID to allow. defaults to no rules configured for allowance.
    AlgManagedIdsArray of IntegerNoRule ID of the JS challenge. default is all rules without configuring the JS challenge.
    CapManagedIdsArray of IntegerNoThe rule ID for digit verification code. by default, all rules do not configure digit verification code.
    MonManagedIdsArray of IntegerNoRule ID for observation. by default, observation is not configured for all rules.
    DropManagedIdsArray of IntegerNoRule ID for interception. by default, all rules have no configuration interception.

    BotManagement

    Web security BOT managed rules architecture.

    Used by actions: CreateWebSecurityTemplate, DescribeSecurityPolicy, DescribeWebSecurityTemplate, ModifySecurityPolicy, ModifyWebSecurityTemplate.

    NameTypeRequiredDescription
    ClientAttestationRulesClientAttestationRulesNoDefinition list of client authentication rules. feature in beta test. submit a ticket or contact smart customer service if needed.

    BotPortraitRule

    Bot user portrait rules

    Used by actions: ModifySecurityPolicy.

    NameTypeRequiredDescription
    SwitchStringYesSwitch. Values:
  • on: Enable
  • off: Disable
  • RuleIDIntegerNoThe rule ID, which is only used as an output parameter.
    AlgManagedIdsArray of IntegerNoThe rule ID of JS challenge. default all rules without configuring JS challenge.
    CapManagedIdsArray of IntegerNoRule ID for digit captcha-intl. default is all rules without configuring digit captcha-intl.
    MonManagedIdsArray of IntegerNoRule ID for observation. by default, observation is not configured for all rules.
    DropManagedIdsArray of IntegerNoRule ID for interception. default to all rules with no configuration interception.

    BotUserRule

    Custom bot rules

    Used by actions: ModifySecurityPolicy.

    NameTypeRequiredDescription
    RuleNameStringYes
    ActionStringYesThe action. Values:
  • drop: Block the request
  • monitor: Observe
  • trans: Allow
  • redirect: Redirect the request
  • page: Return the specified page
  • alg: JavaScript challenge
  • captcha: Managed challenge
  • random: Handle the request randomly by the weight
  • silence: Keep the connection but do not response to the client
  • shortdelay: Add a short latency period
  • longdelay: Add a long latency period
  • RuleStatusStringYesThe rule status. Values:
  • on: Enabled
  • off: Disabled
  • Default value: on
    AclConditionsArray of AclConditionYesDetails of the rule.
    RulePriorityIntegerYesThe rule weight. Value range: 0-100.
    RuleIDIntegerNoRule ID, which is only used as an output parameter.
    ExtendActionsArray of BotExtendActionNo[Currently unavailable] Specify the random action and percentage.
    FreqFieldsArray of StringNoThe filter. Values:
  • sip: Client IP

  • This parameter is left empty by default.
    UpdateTimeStringNoThe update time, which is only used as an output parameter.
    FreqScopeArray of StringNoQuery scope. Values:
  • source_to_eo: (Response) Traffic going from the origin to EdgeOne.
  • client_to_eo: (Request) Traffic going from the client to EdgeOne.

  • Default: source_to_eo.
    NameStringNoName of the custom return page. It's required when Action=page.
    CustomResponseIdStringNoID of custom response. The ID can be obtained via the DescribeCustomErrorPages API. It's required when Action=page.
    ResponseCodeIntegerNoThe response code to trigger the return page. It's required when Action=page. Value: 100-600. 3xx response codes are not supported. Default value: 567.
    RedirectUrlStringNoThe redirection URL. It's required when Action=redirect.

    CC

    CC configuration item.

    Used by actions: DescribeHostsSetting.

    NameTypeRequiredDescription
    SwitchStringYesWAF switch. Values:
  • on: Enable
  • off: Disable
  • PolicyIdIntegerNoID of the policy

    CLSTopic

    The configuration information of real-time log delivery to Tencent Cloud CLS

    Used by actions: CreateRealtimeLogDeliveryTask, DescribeRealtimeLogDeliveryTasks.

    NameTypeRequiredDescription
    LogSetIdStringYesThe ID of the Tencent Cloud CLS log set.
    TopicIdStringYesThe ID of the Tencent Cloud CLS log topic.
    LogSetRegionStringYesThe region of the Tencent Cloud CLS log set.

    Cache

    Cache time settings

    Used by actions: DescribeHostsSetting, ModifyZoneSetting.

    NameTypeRequiredDescription
    SwitchStringYesWhether to enable cache configuration. Values:
  • on: Enable
  • off: Disable
  • CacheTimeIntegerNoSpecifies the cache expiration time settings.
    Unit: seconds. the maximum settable value is 365 days.

    CacheConfig

    Cache rule configuration.

    Used by actions: DescribeHostsSetting, DescribeZoneSetting, ModifyZoneSetting.

    NameTypeRequiredDescription
    CacheCacheNoCache configuration
    Note: This field may return null, indicating that no valid values can be obtained.
    NoCacheNoCacheNoNo-cache configuration
    Note: This field may return null, indicating that no valid values can be obtained.
    FollowOriginFollowOriginNoFollows the origin server configuration
    Note: This field may return null, indicating that no valid values can be obtained.

    CacheConfigCustomTime

    Node cache TTL custom cache time configuration parameters

    Used by actions: DescribeL7AccSetting, ModifyL7AccSetting.

    NameTypeRequiredDescription
    SwitchStringNoCustom cache time switch. values:.
  • On: enable;

  • .
  • Off: disable.
  • .
    CacheTimeIntegerNoCustom cache time value, unit: seconds. value range: 0-315360000.
    note: this field is required when switch is on; when switch is off, this field is not required and will not take effect if filled.

    CacheConfigParameters

    Node Cache TTL configuration parameters

    Used by actions: DescribeL7AccSetting, ModifyL7AccSetting.

    NameTypeRequiredDescription
    FollowOriginFollowOriginNoFollow origin server cache configuration. only one of followorigin, nocache, customtime can have switch set to on.
    Note: this field may return null, which indicates a failure to obtain a valid value.
    NoCacheNoCacheNoNo cache configuration. only one of followorigin, nocache, customtime can have switch set to on.
    Note: this field may return null, which indicates a failure to obtain a valid value.
    CustomTimeCacheConfigCustomTimeNoCustom cache time configuration. only one of followorigin, nocache, customtime can have switch set to on.
    Note: this field may return null, which indicates a failure to obtain a valid value.

    CacheKey

    The cache key configuration.

    Used by actions: DescribeHostsSetting, DescribeZoneSetting, ModifyZoneSetting.

    NameTypeRequiredDescription
    FullUrlCacheStringNoWhether to enable full path cache. valid values:.
  • on: enable full-path cache (i.e., disable ignore query string).
  • .
  • off: disable full-path cache (i.e., enable parameter ignore).
  • .
    IgnoreCaseStringNoSpecifies whether to use case-insensitive cache. valid values:.
  • on: ignore
  • .
  • off: not ignore
  • .
    QueryStringQueryStringNoRequest parameter contained in CacheKey.
    Note: This field may return null, indicating that no valid values can be obtained.

    CacheKeyConfigParameters

    The cache key configuration.

    Used by actions: DescribeL7AccSetting, ModifyL7AccSetting.

    NameTypeRequiredDescription
    FullURLCacheStringNoWhether to enable full-path cache. values:.
  • On: enable full-path cache (i.e., disable ignore query string).
  • .
  • Off: disable full-path cache (i.e., enable ignore query string).
  • .
    IgnoreCaseStringNoWhether to ignore case in the cache key. values:.
  • On: ignore;
  • .
  • Off: not ignore.
  • .
    QueryStringCacheKeyQueryStringNoQuery string retention configuration parameter. this field and fullurlcache must be set simultaneously, but cannot both be on.

    CacheKeyCookie

    Custom Cache Key Cookie configuration parameters

    Used by actions: CreateL7AccRules, DescribeL7AccRules, ModifyL7AccRule.

    NameTypeRequiredDescription
    SwitchStringNoWhether to enable feature. values:.
  • On: enable;

  • .
  • Off: disable.
  • .
    ActionStringNoCache action. values:.
  • Full: retain all
  • .
  • ignore: ignore all;
  • .
  • includecustom: retain specified parameters;
  • .
  • excludecustom: ignore specified parameters.
  • note: when switch is on, this field is required. when switch is off, this field is not required and will not take effect if filled.
    ValuesArray of StringNoCustom cache key cookie name list.
    note: this field is required when action is includecustom or excludecustom; when action is full or ignore, this field is not required and will not take effect if filled.

    CacheKeyHeader

    Custom Cache Key HTTP request header configuration parameters.

    Used by actions: CreateL7AccRules, DescribeL7AccRules, ModifyL7AccRule.

    NameTypeRequiredDescription
    SwitchStringNoWhether to enable feature. values:.
  • On: enable;

  • .
  • Off: disable.
  • .
    ValuesArray of StringNoCustom cache key http request header list.
    note: this field is required when switch is on; when switch is off, this field is not required and will not take effect if filled.

    CacheKeyParameters

    Custom Cache Key configuration parameters. The FullURLCache and QueryString parameters are combined. For specific examples, refer to:

    • Retain all query strings. Enable ignore case.
    {
      "CacheKey": {
        "FullURLCache": "on",
        "QueryString": {
          "Switch": "off"
        },
        "IgnoreCase": "on"
      }
    }
    
    • Ignore all query strings. Enable ignore case.
    {
      "CacheKey": {
        "FullURLCache": "off",
        "QueryString": {
          "Switch": "off"
        },
        "IgnoreCase": "on"
      }
    }
    
    • Retain specified query string parameters. Disable ignore case.
    {
      "CacheKey": {
        "FullURLCache": "off",
        "QueryString": {
            "Switch": "on",
            "Action": "includeCustom",
            "Values": ["name1","name2","name3"]
        },
        "IgnoreCase": "off"
      }
    }
    

    -Query string ignore specified parameters. Disable ignore case.

    {
      "CacheKey": {
        "FullURLCache": "off",
        "QueryString": {
            "Switch": "on",
            "Action": "excludeCustom",
            "Values": ["name1","name2","name3"]
        },
        "IgnoreCase": "off"
      }
    }
    

    Used by actions: CreateL7AccRules, DescribeL7AccRules, ModifyL7AccRule.

    NameTypeRequiredDescription
    FullURLCacheStringNoSwitch for retaining the complete query string. values:.
  • On: enable;

  • .
  • Off: disable.
  • note: at least one of fullurlcache, ignorecase, header, scheme, or cookie must be configured. this field and querystring.switch must be set simultaneously, but cannot both be on.
    QueryStringCacheKeyQueryStringNoConfiguration parameter for retaining the query string. this field and fullurlcache must be set simultaneously, but cannot both be on.
    Note: this field may return null, which indicates a failure to obtain a valid value.
    IgnoreCaseStringNoSwitch for ignoring case. values:.
  • On: enable;

  • .
  • Off: disable.
  • note: at least one of fullurlcache, ignorecase, header, scheme, or cookie must be configured.
    HeaderCacheKeyHeaderNoHTTP request header configuration parameters. at least one of the following configurations must be set: fullurlcache, ignorecase, header, scheme, cookie.
    Note: this field may return null, which indicates a failure to obtain a valid value.
    SchemeStringNoRequest protocol switch. valid values:.
  • On: enable;

  • .
  • Off: disable.
  • note: at least one of fullurlcache, ignorecase, header, scheme, or cookie must be configured.
    CookieCacheKeyCookieNoCookie configuration parameters. at least one of the following configurations must be set: fullurlcache, ignorecase, header, scheme, cookie.
    Note: this field may return null, which indicates a failure to obtain a valid value.

    CacheKeyQueryString

    Custom Cache Key query string configuration parameters

    Used by actions: CreateL7AccRules, DescribeL7AccRules, DescribeL7AccSetting, ModifyL7AccRule, ModifyL7AccSetting.

    NameTypeRequiredDescription
    SwitchStringNoQuery string retain/ignore specified parameter switch. valid values are:.
  • On: enable;

  • .
  • Off: disable.
  • .
    ActionStringNoActions to retain/ignore specified parameters in the query string. values:.
  • IncludeCustom: retain partial parameters.
  • .
  • ExcludeCustom: ignore partial parameters.
  • note: this field is required when switch is on. when switch is off, this field is not required and will not take effect if filled.
    ValuesArray of StringNoList of parameter names to be retained/ignored in the query string.
    note: this field is required when switch is on. when switch is off, this field is not required and will not take effect if filled.

    CacheParameters

    Node Cache TTL configuration parameters

    Used by actions: CreateL7AccRules, DescribeL7AccRules, ModifyL7AccRule.

    NameTypeRequiredDescription
    FollowOriginFollowOriginNoCache follows origin server. if not specified, this configuration is not set. only one of followorigin, nocache, or customtime can have switch set to on.
    Note: this field may return null, which indicates a failure to obtain a valid value.
    NoCacheNoCacheNoNo cache. if not specified, this configuration is not set. only one of followorigin, nocache, or customtime can have switch set to on.
    Note: this field may return null, which indicates a failure to obtain a valid value.
    CustomTimeCustomTimeNoCustom cache time. if not specified, this configuration is not set. only one of followorigin, nocache, or customtime can have switch set to on.
    Note: this field may return null, which indicates a failure to obtain a valid value.

    CachePrefresh

    Cache prefresh

    Used by actions: DescribeZoneSetting, ModifyZoneSetting.

    NameTypeRequiredDescription
    SwitchStringYesWhether to enable cache prefresh. Values:
  • on: Enable
  • off: Disable
  • PercentIntegerNoCache pre-refresh percentage. value range: 1-99.

    CachePrefreshParameters

    Cache prefresh configuration parameters

    Used by actions: CreateL7AccRules, DescribeL7AccRules, DescribeL7AccSetting, ModifyL7AccRule, ModifyL7AccSetting.

    NameTypeRequiredDescription
    SwitchStringNoWhether to enable cache prefresh. values:.
  • On: enable;

  • .
  • Off: disable.
  • .
    CacheTimePercentIntegerNoPrefresh interval set as a percentage of the node cache time. value range: 1-99.
    note: this field is required when switch is on; when switch is off, this field is not required and will not take effect if filled.

    CacheTag

    The information attached when the node cache purge type is set to purge_cache_tag.

    Used by actions: CreatePurgeTask.

    NameTypeRequiredDescription
    DomainsArray of StringYesList of domain names to purge cache for.

    CertificateInfo

    HTTPS server certificate configuration

    Used by actions: DescribeAccelerationDomains, ModifyHostsCertificate.

    NameTypeRequiredDescription
    CertIdStringYesCertificate ID, which originates from the SSL side. You can check the CertId from the SSL Certificate List.
    AliasStringNoAlias of the certificate.
    TypeStringNoType of the certificate. Values:
  • default: Default certificate
  • upload: Specified certificate
  • managed: Tencent Cloud-managed certificate
  • ExpireTimeTimestamp ISO8601NoThe certificate expiration time.
    DeployTimeTimestamp ISO8601NoTime when the certificate is deployed.
    SignAlgoStringNoSignature algorithm.
    StatusStringNoStatus of the certificate. Values:
    u200c
  • deployed: The deployment has completed

  • u200c
  • processing: Deployment in progress

  • u200c
  • applying: Application in progress

  • u200c
  • failed: Application rejected
  • issued: Binding failed.
  • ChallengeActionParameters

    Web security Challenge additional parameter.

    Used by actions: CreateWebSecurityTemplate, DescribeSecurityPolicy, DescribeWebSecurityTemplate, ModifySecurityPolicy, ModifyWebSecurityTemplate.

    NameTypeRequiredDescription
    ChallengeOptionStringYesSafe execution challenge actions. valid values:
  • InterstitialChallenge: interstitial challenge;
  • InlineChallenge: embedded challenge;
  • JSChallenge: JavaScript challenge;
  • ManagedChallenge: managed challenge.
  • .
    IntervalStringNoSpecifies the time interval for challenge repetition. this field is required when Name is InterstitialChallenge/InlineChallenge. default value is 300s. supported units:
  • s: second, value ranges from 1 to 60;
  • m: minute, value ranges from 1 to 60;
  • h: hour, value ranges from 1 to 24.
  • .
    AttesterIdStringNoClient authentication method ID. this field is required when Name is InterstitialChallenge/InlineChallenge.

    CheckRegionHealthStatus

    Health status of origin servers in each health check region.

    Used by actions: DescribeOriginGroupHealthStatus.

    NameTypeDescription
    RegionStringHealth check region, which is a two-letter code according to ISO-3166-1.
    HealthyStringHealth status of origin servers in a single health check region. Valid values:
  • Healthy: healthy.
  • Unhealthy: unhealthy.
  • Undetected: no data detected.
  • Note: If all origin servers in a single health check region are healthy, the status is healthy; otherwise, it is unhealthy.
    OriginHealthStatusArray of OriginHealthStatusOrigin server health status.

    ClientAttestationRule

    Client authentication rule.

    Used by actions: CreateWebSecurityTemplate, DescribeSecurityPolicy, DescribeWebSecurityTemplate, ModifySecurityPolicy, ModifyWebSecurityTemplate.

    NameTypeRequiredDescription
    IdStringNoClient authentication rule ID. supported rule configuration operations by rule ID:
  • add a new rule: leave the ID empty or do not specify the ID parameter.
  • modify an existing rule: specify the rule ID that needs to be updated/modified.
  • delete an existing rule: existing rules not included in the ClientAttestationRule list under BotManagement parameters will be deleted.
  • .
    NameStringNoSpecifies the name of the client authentication rule.
    EnabledStringNoWhether the rule is enabled. valid values:
  • on: enable
  • off: disable
  • .
    PriorityIntegerNoPriority of rules. a smaller value indicates higher priority execution. value range: 0-100. default value: 0.
    ConditionStringNoThe rule content must comply with expression grammar. for details, see the product document.
    AttesterIdStringNoSpecifies the client authentication option ID.
    DeviceProfilesArray of DeviceProfileNoClient device configuration. if the DeviceProfiles parameter value is not specified in the ClientAttestationRules parameter, keep the existing client device configuration and do not modify it.
    InvalidAttestationActionSecurityActionNoHandling method for failed client authentication. valid values for SecurityAction Name:
  • Deny: block;
  • Monitor: observation;
  • Redirect: redirection;
  • Challenge: Challenge.
  • default value: Monitor.

    ClientAttestationRules

    Describes the client authentication configuration.

    Used by actions: CreateWebSecurityTemplate, DescribeSecurityPolicy, DescribeWebSecurityTemplate, ModifySecurityPolicy, ModifyWebSecurityTemplate.

    NameTypeRequiredDescription
    RulesArray of ClientAttestationRuleNoList of client authentication. when using ModifySecurityPolicy to modify Web protection configuration:
  • if Rules in SecurityPolicy.BotManagement.ClientAttestationRules is not specified or the parameter length of Rules is zero: clear all client authentication rule configuration.
  • if ClientAttestationRules in SecurityPolicy.BotManagement parameters is unspecified: keep existing client authentication rule configuration and do not modify.
  • .

    ClientAttester

    Specifies the authentication option configuration.

    Used by actions: CreateSecurityClientAttester, DescribeSecurityClientAttester, ModifySecurityClientAttester.

    NameTypeRequiredDescription
    IdStringNoAuthentication option ID.
    NameStringNoSpecifies the authentication option name.
    TypeStringNoAuthentication rule type. only returned in the response. valid values:.
  • PRESET: system PRESET rule. only AttesterDuration can be modified.
  • .
  • CUSTOM: user-defined rules.
  • .
    AttesterSourceStringNoAuthentication method. valid values:.
  • TC-RCE: uses the full-stack risk control engine for authentication.
  • .
  • TC-CAPTCHA-Intl: specifies authentication using captcha-intl.
  • .
    AttesterDurationStringNoValidity time of the authentication. defaults to 60s. supported measurement units:.
  • S: specifies seconds. value range: 60–43200.
  • .
  • M: specifies minutes. value range: 1–720.
  • .
  • H. specifies the hour. value range: 1–12.
  • .
    TCRCEOptionTCRCEOptionNoTC-RCE authentication configuration message.
  • Specifies the required field when the AttesterSource parameter value is TC-RCE.
  • .
    TCCaptchaOptionTCCaptchaOptionNoSpecifies the configuration message for TC-CAPTCHA certification.
  • Specifies the required field when the AttesterSource parameter value is TC-CAPTCHA.
  • .

    ClientFiltering

    Intelligent client filtering.

    Used by actions: CreateWebSecurityTemplate, DescribeSecurityPolicy, DescribeWebSecurityTemplate, ModifySecurityPolicy, ModifyWebSecurityTemplate.

    NameTypeRequiredDescription
    EnabledStringYesWhether intelligent client filtering is enabled. valid values:
  • on: enable;
  • off: disable.
  • .
    ActionSecurityActionNoThe handling method of intelligent client filtering. when Enabled is on, this field is required. the Name parameter of SecurityAction supports:
  • Monitor: observation;
  • Deny: block;
  • Challenge: Challenge, where ChallengeActionParameters.Name only supports JSChallenge.
  • .

    ClientIPCountryParameters

    Location information of the Client IP carried in origin-pull. It is formatted as a two-letter ISO-3166-1 country/region code.

    Used by actions: CreateL7AccRules, DescribeL7AccRules, DescribeL7AccSetting, ModifyL7AccRule, ModifyL7AccSetting.

    NameTypeRequiredDescription
    SwitchStringNoWhether to enable configuration. values:.
  • On: enable;

  • .
  • Off: disable.
  • .
    HeaderNameStringNoName of the request header that contains the client ip region. it is valid when switch=on. the default value eo-client-ipcountry is used when it is not specified.

    ClientIPHeaderParameters

    The header configuration for storing client request IP.

    Used by actions: CreateL7AccRules, DescribeL7AccRules, DescribeL7AccSetting, ModifyL7AccRule, ModifyL7AccSetting.

    NameTypeRequiredDescription
    SwitchStringNoWhether to enable configuration. values:.
  • On: enable;

  • .
  • Off: disable.
  • .
    HeaderNameStringNoName of the request header containing the client ip address for origin-pull. when switch is on, this parameter is required. x-forwarded-for is not allowed for this parameter.

    ClientIpCountry

    Location information of the client IP carried in origin-pull. It is formatted as a two-letter ISO-3166-1 country/region code.

    Used by actions: DescribeHostsSetting, DescribeZoneSetting, ModifyZoneSetting.

    NameTypeRequiredDescription
    SwitchStringYesWhether to enable configuration. Values:
  • on: Enable
  • off: Disable
  • HeaderNameStringNoName of the request header that contains the client IP region. It is valid when Switch=on.
    The default value EO-Client-IPCountry is used when it is not specified.

    ClientIpHeader

    The client IP header configuration

    Used by actions: DescribeZoneSetting, ModifyZoneSetting.

    NameTypeRequiredDescription
    SwitchStringYesWhether to enable the configuration. Values:
  • on: Enable
  • off: Disable
  • HeaderNameStringNoSpecifies the request header name containing the client IP For origin-pull. this parameter is required when Switch is on. X-Forwarded-For is not allowed For this parameter.

    CnameStatus

    CNAME status

    Used by actions: CheckCnameStatus.

    NameTypeDescription
    RecordNameStringThe domain name.
    CnameStringThe CNAME address.
    Note: This field may return null, indicating that no valid values can be obtained.
    StatusStringCNAME status. valid values:.
  • active: activated
  • .
  • moved: not effective;
  • .

    CodeAction

    Rule engine action with a status code

    Used by actions: CreateRule, DescribeRules, ModifyRule.

    NameTypeRequiredDescription
    ActionStringYesFeature name. For details, see DescribeRulesSetting API
    ParametersArray of RuleCodeActionParamsYesOperation parameter.

    Compression

    Smart compression configuration.

    Used by actions: DescribeHostsSetting, DescribeZoneSetting, ModifyZoneSetting.

    NameTypeRequiredDescription
    SwitchStringYesWhether to enable smart compression. Values:
  • on: Enable
  • off: Disable
  • AlgorithmsArray of StringNoSupported compression algorithm list. valid values:.
  • Brotli: specifies the brotli algorithm.
  • .
  • Gzip: specifies the gzip algorithm.
  • .

    CompressionParameters

    Smart compression configuration.

    Used by actions: CreateL7AccRules, DescribeL7AccRules, DescribeL7AccSetting, ModifyL7AccRule, ModifyL7AccSetting.

    NameTypeRequiredDescription
    SwitchStringNoWhether to enable smart compression. values:.
  • On: enable;

  • .
  • Off: disable.
  • .
    AlgorithmsArray of StringNoSupported compression algorithm list. this field is required when switch is on; otherwise, it is not effective. valid values:.
  • Brotli: brotli algorithm;
  • .
  • Gzip: gzip algorithm.
  • .

    ConfigGroupVersionInfo

    Version information about the configuration group.

    Used by actions: DeployConfigGroupVersion, DescribeConfigGroupVersionDetail, DescribeConfigGroupVersions, DescribeDeployHistory, DescribeEnvironments.

    NameTypeRequiredDescription
    VersionIdStringYesVersion ID.
    VersionNumberStringNoVersion No.
    GroupIdStringNoConfiguraration group ID.
    GroupTypeStringNoConfiguration group type. Valid values:
  • l7_acceleration: L7 acceleration configuration group.
  • edge_functions: Edge function configuration group.
  • DescriptionStringNoVersion description.
    StatusStringNoVersion status. Valid values:
  • creating: Being created.
  • inactive: Not effective.
  • active: Effective.
  • CreateTimeTimestamp ISO8601NoVersion creation time. The time format follows the ISO 8601 standard and is represented in Coordinated Universal Time (UTC).

    ContentIdentifier

    Content identifier. This feature is only available to the allowlist.

    Used by actions: DescribeContentIdentifiers.

    NameTypeDescription
    ContentIdStringContent identifier id.
    DescriptionStringContent identifier description.
    ReferenceCountIntegerCount of citations by the rule engine.
    PlanIdStringBound package id.
    TagsArray of TagBound tags.
    StatusStringContent identifier status. valid values:.
  • Active: activated
  • .
  • Deleted: deleted
  • .
    CreatedOnTimestamp ISO8601Creation time, which adopts coordinated universal time (utc) and follows the date and time format of the iso 8601 standard.
    ModifiedOnTimestamp ISO8601Latest update time, which adopts coordinated universal time (utc) and follows the date and time format of the iso 8601 standard.
    DeletedOnTimestamp ISO8601Deletion time, which is empty when the status is not deleted. the time format follows the iso 8601 standard and is represented in coordinated universal time (utc).
    Note: this field may return null, which indicates a failure to obtain a valid value.

    CurrentOriginACL

    Currently effective origin ACLs.

    Used by actions: DescribeOriginACL.

    NameTypeRequiredDescription
    EntireAddressesAddressesNoIP range details.
    Note: This field may return null, which indicates a failure to obtain a valid value.
    VersionStringNoVersion number.
    Note: This field may return null, which indicates a failure to obtain a valid value.
    ActiveTimeStringNoVersion effective time in UTC+8, following the date and time format of the ISO 8601 standard.
    Note: This field may return null, which indicates a failure to obtain a valid value.
    IsPlanedStringNoThis parameter is used to record whether "I've upgraded to the lastest verison" is completed before the origin ACLs version is effective. valid values:.
    - true: specifies that the version is effective and the update to the latest version is confirmed.
    - false: when the version takes effect, the confirmation of updating to the latest origin ACLs are not completed. The IP range is forcibly updated to the latest version in the backend. When this parameter returns false, please confirm in time whether your origin server firewall configuration has been updated to the latest version to avoid origin-pull failure.
    Note: This field may return null, which indicates a failure to obtain a valid value.

    CustomEndpoint

    The configuration information of real-time log delivery to a custom HTTP(S) interface

    Used by actions: CreateRealtimeLogDeliveryTask, DescribeRealtimeLogDeliveryTasks, ModifyRealtimeLogDeliveryTask.

    NameTypeRequiredDescription
    UrlStringYesAddress of the custom HTTP API for real-time log shipping. Currently, only HTTP and HTTPS protocols are supported.
    AccessIdStringNoCustom SecretId used for generating an encrypted signature. This parameter is required if the origin server needs authentication.
    AccessKeyStringNoCustom SecretKey used for generating an encrypted signature. This parameter is required if the origin server needs authentication.
    CompressTypeStringNoType of data compression. Valid values:
  • gzip: gzip compression.
  • If this parameter is not input, compression is disabled.
    ProtocolStringNoType of the application layer protocol used in POST requests for log shipping. Valid values:
  • http: HTTP protocol;
  • https: HTTPS protocol.
  • If this parameter is not input, the protocol type is parsed from the URL field.
    HeadersArray of HeaderNoCustom request header carried in log shipping. For a header carried by default in EdgeOne log pushing, such as Content-Type, the header value you input will overwrite the default value. The header value references a single variable ${batchSize} to obtain the number of log entries included in each POST request.

    CustomErrorPage

    Custom error code page structure.

    Used by actions: DescribeCustomErrorPages.

    NameTypeDescription
    PageIdStringCustom error page ID.
    ZoneIdStringZone ID.
    NameStringCustom error page name.
    ContentTypeStringCustom error page type.
    DescriptionStringCustom error page description.
    ContentStringCustom error page content.
    ReferencesArray of ErrorPageReferenceCustom error page reference.

    CustomField

    The custom log field in a real-time log delivery task.

    Used by actions: CreateRealtimeLogDeliveryTask, DescribeRealtimeLogDeliveryTasks, ModifyRealtimeLogDeliveryTask.

    NameTypeRequiredDescription
    NameStringYesType of the custom log field, which indicates extracting data from specified positions in HTTP requests and responses. valid values:.
  • ReqHeader: extract the value of a specified field from an HTTP request header;
  • .
  • RspHeader: extracts the value of a specified field from an HTTP response header.
  • .
  • Cookie: extract the specified field value from a cookie;
  • .
  • ReqBody: extract specified content from an HTTP request body using a Google RE2 regular expression.
  • .
    ValueStringYesEnter the field value definition based on the field type (Name). this parameter is case-sensitive.
  • When the field type is ReqHeader, RspHeader, or Cookie, enter the parameter name for value extraction, such as Accept-Language. you can enter 1-100 characters. the name must start with a letter, contain letters, digits, or hyphens (-) in the middle, and end with a letter or digit.
  • .
  • When the field type is ReqBody, enter the Google RE2 regular expression. the maximum length of the regular expression is 4 KB.
  • .
    EnabledBooleanNoWhether to deliver this field. leave blank to skip delivery.

    CustomRule

    Custom rule configuration.

    Used by actions: CreateWebSecurityTemplate, DescribeSecurityPolicy, DescribeWebSecurityTemplate, ModifySecurityPolicy, ModifyWebSecurityTemplate.

    NameTypeRequiredDescription
    NameStringYesThe custom rule name.
    ConditionStringYesThe specifics of the custom rule, must comply with the expression grammar, please refer to product documentation for details.
    ActionSecurityActionYesAction for custom rules. The Name parameter of SecurityAction supports:
  • Deny: block;
  • Monitor: observe;
  • ReturnCustomPage: block with customized page;
  • Redirect: Redirect to URL;
  • BlockIP: IP blocking;
  • JSChallenge: JavaScript challenge;
  • ManagedChallenge: managed challenge;
  • Allow: Allow.
  • .
    EnabledStringYesThe custom rule status. Values:
  • on: enabled
  • off: disabled
  • .
    IdStringNoCustom rule ID.
    Different rule configuration operations are supported by rule ID :
    - Add a new rule: ID is empty or the ID parameter is not specified;
    - Modify an existing rule: specify the rule ID that needs to be updated/modified;
    - Delete an existing rule: existing rules not included in the Rules parameter will be deleted.
    RuleTypeStringNoType of custom rule. Values:
  • BasicAccessRule: basic access control;
  • PreciseMatchRule: exact custom rule, default;
  • ManagedAccessRule: expert customized rule, output parameter only.
  • The default value is PreciseMatchRule.
    PriorityIntegerNoCustomize the priority of custom rule. Range: 0-100, the default value is 0, this parameter only supports PreciseMatchRule.

    CustomRules

    Custom rules configuration.

    Used by actions: CreateWebSecurityTemplate, DescribeSecurityPolicy, DescribeWebSecurityTemplate, ModifySecurityPolicy, ModifyWebSecurityTemplate.

    NameTypeRequiredDescription
    RulesArray of CustomRuleNoThe custom rule.
    when modifying the Web protection configuration using ModifySecurityPolicy:
    - if the Rules parameter is not specified or the parameter length of Rules is zero: clear all custom rule configurations.
    - if the Rules parameter is not specified: keep the existing custom rule configuration without modification.

    CustomTime

    Node cache TTL custom cache time parameter configuration.

    Used by actions: CreateL7AccRules, DescribeL7AccRules, ModifyL7AccRule.

    NameTypeRequiredDescription
    SwitchStringNoCustom cache time switch. values:.
  • On: enable;

  • .
  • Off: disable.
  • .
    IgnoreCacheControlStringNoIgnore origin server cachecontrol switch. values:.
  • On: enable;

  • .
  • Off: disable.
  • note: this field is required when switch is on. when switch is off, this field is not required and will not take effect if filled.
    CacheTimeIntegerNoCustom cache time value, unit: seconds. value range: 0-315360000.
    note: this field is required when switch is on; when switch is off, this field is not required and will not take effect if filled.

    CustomizedHeader

    Custom header that can be configured for HTTP/HTTPS health check policies under a LoadBalancer.

    Used by actions: CreateLoadBalancer, ModifyLoadBalancer.

    NameTypeRequiredDescription
    KeyStringYesSpecifies the custom header Key.
    ValueStringYesSet custom headers Value.

    DDoS

    DDoS mitigation configuration

    Used by actions: DescribeHostsSetting.

    NameTypeRequiredDescription
    SwitchStringYesSwitch. Values:
  • on: Enable
  • off: Disable
  • DDoSAttackEvent

    Information of the DDoS attacker

    Used by actions: DescribeDDoSAttackEvent.

    NameTypeDescription
    EventIdStringThe event ID.
    AttackTypeStringThe attack type.
    AttackStatusIntegerThe attack status.
    AttackMaxBandWidthIntegerThe maximum attack bandwidth.
    AttackPacketMaxRateIntegerThe peak attack packet rate.
    AttackStartTimeIntegerThe attack start time recorded in seconds.
    AttackEndTimeIntegerThe attack end time recorded in seconds.
    PolicyIdIntegerThe DDoS policy ID.
    Note: This field may return null, indicating that no valid value was found.
    ZoneIdStringThe site ID.
    Note: This field may return null, indicating that no valid value was found.
    AreaStringGeolocation scope. Values:
  • overseas: Regions outside the Chinese mainland
  • mainland: Chinese mainland

  • Note: This field may return null, indicating that no valid value was found.
    DDoSBlockDataArray of DDoSBlockDataThe blocking time of a DDoS attack.
    Note: This field may return null, indicating that no valid value was found.

    DDoSBlockData

    DDoS blocking details

    Used by actions: DescribeDDoSAttackEvent.

    NameTypeDescription
    StartTimeIntegerThe start time recorded in UNIX timestamp.
    EndTimeIntegerThe end time recorded in UNIX timestamp. 0 indicates the blocking is ongoing.
    BlockAreaStringThe regions blocked.

    DDoSProtection

    Exclusive Anti-DDoS protection configuration.

    Used by actions: DescribeDDoSProtection, ModifyDDoSProtection.

    NameTypeRequiredDescription
    ProtectionOptionStringYesSpecifies the protection scope of standalone DDoS. valid values:.
  • protect_all_domains: specifies exclusive Anti-DDoS protection for all domain names in the site. newly added domain names automatically enable exclusive Anti-DDoS protection. when this parameter is specified, DomainDDoSProtections will not be processed.
  • .
  • protect_specified_domains: only applicable to specified domains. specific scope can be set via DomainDDoSProtection parameter.
  • .
    DomainDDoSProtectionsArray of DomainDDoSProtectionNoAnti-DDoS configuration of the domain. specifies the exclusive ddos protection settings for the domain in request parameters.
  • When ProtectionOption remains protect_specified_domains, the domain names not filled in keep their exclusive Anti-DDoS protection configuration unchanged, while explicitly specified domain names are updated according to the input parameters.
  • .
  • When ProtectionOption switches from protect_all_domains to protect_specified_domains: if DomainDDoSProtections is empty, disable exclusive DDoS protection for all domains under the site; if DomainDDoSProtections is not empty, disable or maintain exclusive DDoS protection for the domain names specified in the parameter, and disable exclusive DDoS protection for other unlisted domain names.
  • .
    SharedCNAMEDDoSProtectionsArray of DomainDDoSProtectionNoSpecifies the exclusive DDoS protection configuration of a shared CNAME. used as an output parameter.

    DDosProtectionConfig

    Exclusive DDoS protection specifications configuration applicable to Layer 4 proxy or web site service.

    Used by actions: CreateL4Proxy, DescribeL4Proxy.

    NameTypeRequiredDescription
    LevelMainlandStringNoDedicated anti-DDoS specifications in the Chinese mainland. For details, refer to Dedicated Anti-DDoS Related Fees.
  • PLATFORM: uses the default protection. Dedicated anti-DDoS is not enabled;
  • BASE30_MAX300: uses dedicated anti-DDoS, which provides 30 Gbps guaranteed protection bandwidth and up to 300 Gbps elastic protection bandwidth;
  • BASE60_MAX600: uses dedicated anti-DDoS, which provides 60 Gbps guaranteed protection bandwidth and up to 600 Gbps elastic protection bandwidth.
  • If this field is not specified, the default value 'PLATFORM' will be used.
    MaxBandwidthMainlandIntegerNoConfiguration of elastic protection bandwidth for exclusive DDoS protection in the Chinese mainland.Valid only when exclusive DDoS protection in the Chinese mainland is enabled (refer to the LevelMainland parameter configuration), and the value has the following limitations:
  • When exclusive DDoS protection is enabled in the Chinese mainland and the 30 Gbps baseline protection bandwidth is used (the LevelMainland parameter value is BASE30_MAX300): the value range is 30 to 300 in Gbps;
  • When exclusive DDoS protection is enabled in the Chinese mainland and the 60 Gbps baseline protection bandwidth is used (the LevelMainland parameter value is BASE60_MAX600): the value range is 60 to 600 in Gbps;
  • When the default protection of the platform is used (the LevelMainland parameter value is PLATFORM): configuration is not supported, and the value of this parameter is invalid.
  • LevelOverseasStringNoDedicated anti-DDoS specifications in global regions (excluding the Chinese mainland).
  • PLATFORM: uses the default protection. Dedicated anti-DDoS is not enabled;
  • ANYCAST300: uses dedicated anti-DDoS, which provides 300 Gbps protection bandwidth;
  • ANYCAST_ALLIN: uses dedicated anti-DDoS, which provides all available protection resources.
  • If this field is not specified, the default value 'PLATFORM' will be used.

    DefaultServerCertInfo

    HTTPS server certificate configuration

    Used by actions: DescribeDefaultCertificates.

    NameTypeRequiredDescription
    CertIdStringYesSpecifies the server certificate ID.
    AliasStringNoCertificate remark name.
    TypeStringNoCertificate type. valid values:.
  • default: Default certificate;


  • upload: External certificate;


  • managed: Tencent Cloud managed certificate.
  • ExpireTimeTimestamp ISO8601NoCertificate expiration time.
    EffectiveTimeTimestamp ISO8601NoCertificate Validation Time.
    CommonNameStringNoCommon name of the cert.
    SubjectAltNameArray of StringNoSpecifies the SAN domain of the certificate.
    StatusStringNoDeployment state. valid values:.
  • processing: deployment in progress;
  • .
  • Deployed: deployed
  • .
  • Failed: deployment failed
  • .
    MessageStringNoIndicates the failure reason when the Status is failed.
    SignAlgoStringNoCertificate algorithm.

    DeliveryCondition

    Real-time log delivery conditions used to define the scope of log delivery. The relationship between items in a DeliveryCondition array is "or", whereas the relationship between items in an inner Conditions array is "and".

    Used by actions: CreateRealtimeLogDeliveryTask, DescribeRealtimeLogDeliveryTasks, ModifyRealtimeLogDeliveryTask.

    NameTypeRequiredDescription
    ConditionsArray of QueryConditionNoLog filter criteria. The detailed filter criteria are as follows:
  • EdgeResponseStatusCode: Filter by response status code returned from the EdgeOne node to the client.
    ?? Supported operators: equal, great, less, great_equal, less_equal
    ?? Valid values: any integer greater than or equal to 0
  • OriginResponseStatusCode: Filter by response status code of the origin server.
    ?? Supported operators: equal, great, less, great_equal, less_equal.
    ?? Valid values: any integer greater than or equal to -1
  • SecurityAction: Filter by final action after the request matches a security rule.
    ?? Supported operator: equal
    ?? Options:
    ?? -: unknown/not matched
    ?? Monitor: observation
    ?? JSChallenge: JavaScript challenge
    ?? Deny: blocking
    ?? Allow: allowing
    ?? BlockIP: IP blocking
    ?? Redirect: redirection
    ?? ReturnCustomPage: returning to a custom page
    ?? ManagedChallenge: managed challenge
    ?? Silence: silence
    ?? LongDelay: response after a long delay
    ?? ShortDelay: response after a short delay
  • SecurityModule: Filter by name of the security module finally handling the request.
    ??Supported operator: equal
    ??Options:
    ?? -: unknown/not matched
    ?? CustomRule: Custom Rules in Web Protection
    ?? RateLimitingCustomRule: Rate Limiting Rules in Web Protection
    ?? ManagedRule: Managed Rules in Web Protection
    ?? L7DDoS: CC Attack Defense in Web Protection
    ?? BotManagement: Bot Basic Management in Bot Management
    ?? BotClientReputation: Client Reputation Analysis in Bot Management
    ?? BotBehaviorAnalysis: Bot Intelligent Analysis in Bot Management
    ?? BotCustomRule: Custom Bot Rules in Bot Management
    ?? BotActiveDetection: Active Detection in Bot Management
  • DenyActionParameters

    Safe execution action specifies additional parameters for the ban.

    Used by actions: CreateWebSecurityTemplate, DescribeSecurityPolicy, DescribeWebSecurityTemplate, ModifySecurityPolicy, ModifyWebSecurityTemplate.

    NameTypeRequiredDescription
    BlockIpStringNoSpecifies whether to extend the ban on the source IP. valid values.
  • on: Enable;


  • off: Disable.


  • After enabled, continuously blocks client ips that trigger the rule. when this option is enabled, the BlockIpDuration parameter must be simultaneously designated.
    Note: this option cannot intersect with ReturnCustomPage or Stall.
    BlockIpDurationStringNoThe ban duration when BlockIP is on.
    ReturnCustomPageStringNoSpecifies whether to use a custom page. valid values:.
  • on: Enable;


  • off: Disable.


  • Enabled, use custom page content to intercept requests. when this option is enabled, ResponseCode and ErrorPageId parameters must be specified simultaneously.
    Note: this option cannot intersect with the BlockIp or Stall option.
    ResponseCodeStringNoStatus code of the custom page.
    ErrorPageIdStringNoSpecifies the page id of the custom page.
    StallStringNoSpecifies whether to suspend the request source without processing. valid values:.
  • on: Enable;


  • off: Disable.


  • Enabled, no longer responds to requests in the current connection session and does not actively disconnect. used for crawler combat to consume client connection resources.
    Note: this option cannot intersect with BlockIp or ReturnCustomPage options.

    DeployRecord

    Version release record details for the configuration group.

    Used by actions: DescribeDeployHistory.

    NameTypeDescription
    ConfigGroupVersionInfosArray of ConfigGroupVersionInfoDetails about the released version.
    DeployTimeTimestamp ISO8601Release time. The time format follows the ISO 8601 standard and is represented in Coordinated Universal Time (UTC).
    StatusStringRelease status. Valid values:
  • deploying: Being released.
  • failure: Release failed.
  • success: Released successfully.
  • MessageStringRelease result information.
    RecordIdStringRelease record ID.
    DescriptionStringChange description.

    DetailHost

    Domain name configuration information

    Used by actions: DescribeHostsSetting.

    NameTypeDescription
    ZoneIdStringThe site ID.
    StatusStringThe acceleration status. Values:
  • process: In progress
  • online: Enabled
  • offline: Disabled
  • HostStringThe domain name.
    ZoneNameStringName of the site
    CnameStringThe assigned CNAME
    IdStringThe resource ID.
    InstanceIdStringThe instance ID.
    LockIntegerThe lock status.
    ModeIntegerThe domain name status.
    AreaStringThe acceleration area of the domain name. Values:
  • global: Global.
  • mainland: Chinese mainland.
  • overseas: Outside the Chinese mainland.
  • AccelerateTypeAccelerateTypeThe acceleration type configuration item.
    Note: This field may return null, indicating that no valid values can be obtained.
    HttpsHttpsThe HTTPS configuration item.
    Note: This field may return null, indicating that no valid values can be obtained.
    CacheConfigCacheConfigThe cache configuration item.
    Note: This field may return null, indicating that no valid values can be obtained.
    OriginOriginThe origin configuration item.
    Note: This field may return null, indicating that no valid values can be obtained.
    SecurityTypeSecurityTypeThe security type.
    Note: This field may return null, indicating that no valid values can be obtained.
    CacheKeyCacheKeyThe cache key configuration item.
    Note: This field may return null, indicating that no valid values can be obtained.
    CompressionCompressionThe smart compression configuration item.
    Note: This field may return null, indicating that no valid values can be obtained.
    WafWafThe WAF protection configuration item.
    Note: This field may return null, indicating that no valid values can be obtained.
    CCCCThe CC protection configuration item.
    Note: This field may return null, indicating that no valid values can be obtained.
    DDoSDDoSDDoS mitigation configuration
    Note: This field may return null, indicating that no valid values can be obtained.
    SmartRoutingSmartRoutingThe smart routing configuration item.
    Note: This field may return null, indicating that no valid values can be obtained.
    Ipv6Ipv6The IPv6 access configuration item.
    Note: This field may return null, indicating that no valid values can be obtained.
    ClientIpCountryClientIpCountryWhether to carry the location information of the client IP during origin-pull.
    Note: This field may return null, indicating that no valid value can be obtained.

    DetectLengthLimitCondition

    Length limit detection condition configuration.

    Used by actions: ModifySecurityPolicy.

    NameTypeRequiredDescription
    NameStringYesParameter name of the matched condition. Values:.
  • body_depth: detection depth of the request body packet part.
  • ValuesArray of StringYesThe parameter value of the match condition. the value is used in pairs with Name.
    When the Name value is body_depth, Values only support passing in a single value. valid Values:.
  • 10KB;
  • 64KB;
  • 128KB.
  • DetectLengthLimitConfig

    Length limit detection configuration.

    Used by actions: ModifySecurityPolicy.

    NameTypeRequiredDescription
    DetectLengthLimitRulesArray of DetectLengthLimitRuleYesList of rules that detect length limits.

    DetectLengthLimitRule

    Length limit detection rule details configuration.

    Used by actions: ModifySecurityPolicy.

    NameTypeRequiredDescription
    RuleIdIntegerYesRule Id, output parameter only.
    RuleNameStringYesRule name, output parameter only.
    DescriptionStringYesRule description, output parameter only.
    ConditionsArray of DetectLengthLimitConditionYesRule configuration conditions, output parameter only.
    ActionStringYesHandling method. Values:.
  • skip: when request body data exceeds the detection depth set by body_depth in Conditions output parameters, skip all request body content detection.
  • .
  • scan: detect at the detection depth set by body_depth in the Conditions output parameters only. Truncate the excess part of the request body content directly, the excess part of the request body will not go through security detection.
  • Output paramter only.

    DeviceProfile

    Describes the client device configuration.

    Used by actions: CreateWebSecurityTemplate, DescribeSecurityPolicy, DescribeWebSecurityTemplate, ModifySecurityPolicy, ModifyWebSecurityTemplate.

    NameTypeRequiredDescription
    ClientTypeStringYesClient device type. valid values:
  • iOS;
  • Android;
  • WebView.
  • .
    HighRiskMinScoreIntegerNoThe minimum value to determine a request as high-risk ranges from 1–99. the larger the value, the higher the request risk, and the closer it resembles a request initiated by a Bot client. the default value is 50, corresponding to high-risk for values 51–100.
    HighRiskRequestActionSecurityActionNoHandling method for high-risk requests. valid values for SecurityAction Name:
  • Deny: block;
  • Monitor: observation;
  • Redirect: redirection;
  • Challenge: Challenge.
  • default value: Monitor.
    MediumRiskMinScoreIntegerNoSpecifies the minimum value to determine a request as medium-risk. value range: 1–99. the larger the value, the higher the request risk, resembling requests initiated by a Bot client. default value: 15, corresponding to medium-risk for values 16–50.
    MediumRiskRequestActionSecurityActionNoHandling method for medium-risk requests. SecurityAction Name parameter supports:
  • Deny: block;
  • Monitor: observe;
  • Redirect: Redirect;
  • Challenge: Challenge.
  • default value is Monitor.

    DiffIPWhitelist

    Differences between the newest and existing intermediate IPs

    Used by actions: DescribeOriginProtection.

    NameTypeDescription
    LatestIPWhitelistIPWhitelistThe latest intermediate IPs.
    AddedIPWhitelistIPWhitelistThe intermediate IPs added to the existing list.
    RemovedIPWhitelistIPWhitelistThe intermediate IPs removed from the existing list.
    NoChangeIPWhitelistIPWhitelistThe intermediate IPs that remain unchanged.

    DnsRecord

    DNS record

    Used by actions: DescribeDnsRecords, ModifyDnsRecords.

    NameTypeRequiredDescription
    ZoneIdStringNoZone id.
    note: zoneid is for output parameter use only and cannot be used as an input parameter in modifydnsrecords. if this parameter is passed, it will be ignored.
    RecordIdStringNoDNS record id.
    NameStringNoDNS record name.
    TypeStringNoDNS record type. valid values are:.
  • A: point the domain to a public network ipv4 address, such as 8.8.8.8;
  • .
  • AAAA: point the domain to a public network ipv6 address;
  • .
  • MX: used for email servers. when there are multiple mx records, the lower the priority, the higher the precedence;
  • .
  • CNAME: point the domain to another domain name, which will resolve to the final ip address;
  • .
  • TXT: identify and describe the domain, commonly used for domain verification and spf records (anti-spam);
  • .
  • NS: if you need to delegate the resolution of a subdomain to another dns service provider, you need to add an ns record. ns records cannot be added to the root domain name;
  • .
  • CAA: specifies the ca that can issue certificates for this site;
  • .
  • SRV: indicates that a server is using a service, commonly seen in microsoft system directory management.
  • .
    LocationStringNoDNS record resolution route, if not specified, defaults to default, indicating the default resolution route, effective in all regions.
    resolution route configuration only applies when type (dns record type) is a, aaaa, or cname.
    for valid values, refer to: resolution routes and corresponding code enumeration.
    ContentStringNoDNS record content. fill in the corresponding content based on the type value.
    TTLIntegerNoCache time. value range: 60–86400. the smaller the value, the faster the record modification will take effect globally. unit: seconds.
    WeightIntegerNoDNS record weight. value range: -1–100. a value of -1 means no weight is assigned, and 0 means no parsing. weight configuration is only applicable when type (dns record type) is a, aaaa, or cname.
    PriorityIntegerNoMX record priority. value range: 0–50. the smaller the value, the higher the priority.
    StatusStringNoDNS record parsing status. valid values are:
  • enable: takes effect;
  • disable: disabled.
  • note: status is only used as an output parameter and cannot be used as an input parameter in modifydnsrecords. if this parameter is passed, it will be ignored.
    CreatedOnTimestamp ISO8601NoCreation time.
    note: createdon is only used as an output parameter and cannot be used as an input parameter in modifydnsrecords. if this parameter is passed, it will be ignored.
    ModifiedOnTimestamp ISO8601NoModification time.
    note: modifiedon is for output parameter only and cannot be used as an input parameter in modifydnsrecords. if this parameter is passed, it will be ignored.

    DnsVerification

    Used by actions: CreateAccelerationDomain, CreateZone, DescribeAccelerationDomains, DescribeZones.

    NameTypeDescription
    SubdomainStringThe host record.
    RecordTypeStringThe record type.
    RecordValueStringThe record value.

    DomainDDoSProtection

    Exclusive Anti-DDoS protection of the domain.

    Used by actions: DescribeDDoSProtection, ModifyDDoSProtection.

    NameTypeRequiredDescription
    DomainStringYesDomain name.
    SwitchStringYesStandalone DDoS switch of the domain. valid values:.
  • on: enabled;
  • .
  • off: closed.
  • .

    DropPageConfig

    Block page configuration

    Used by actions: ModifySecurityPolicy.

    NameTypeRequiredDescription
    SwitchStringYesWhether to enable configuration. Values:
  • on: Enable
  • off: Disable
  • WafDropPageDetailDropPageDetailNoIntercept page configuration for Waf(managed rules) module. if null, historical configuration is used by default.
    AclDropPageDetailDropPageDetailNoInterception page configuration for custom pages. if null, use the last set configuration by default.

    DropPageDetail

    The configuration details of the block page

    Used by actions: ModifySecurityPolicy.

    NameTypeRequiredDescription
    PageIdIntegerYesThe ID of the block page. Specify 0 to use the default block page.
    (Disused) If 0 is passed, the default block page will be used.
    StatusCodeIntegerYesThe HTTP status code to trigger the block page. Range: 100-600, excluding 3xx codes. Code 566: Requests blocked by managed rules. Code 567: Requests blocked by web security rules (except managed rules).
    NameStringYesThe block page file or URL.
    TypeStringYesType of the block page. Values:
  • page: Return the specified page.

  • CustomResponseIdStringNoID of custom response. The ID can be obtained via the DescribeCustomErrorPages API. It's required when Type=page.

    EntityStatus

    Status of domain names bound with this template.

    Used by actions: DescribeSecurityTemplateBindings.

    NameTypeDescription
    EntityStringInstance name. Only subdomain names are supported.
    StatusStringInstance configuration status. Values:
  • online: Configuration has taken effect;
  • fail: Configuration failed;
  • process: Configuration is being delivered.
  • MessageStringMessage returned after the operation completed.

    EnvInfo

    Environment information.

    Used by actions: DescribeEnvironments.

    NameTypeDescription
    EnvIdStringEnvironment ID.
    EnvTypeStringEnvironment type. Valid values:
  • production: Production environment.
  • staging: Test environment.
  • StatusStringEnvironment status. Valid values:
  • creating: Being created.
  • running: The environment is stable, with version changes allowed.
  • version_deploying: The version is currently being deployed, with no more changes allowed.
  • ScopeArray of StringEffective scope of the configuration in the current environment. Valid values:
  • ALL: It takes effect on the entire network when EnvType is set to production.
  • It returns the IP address of the test node for host binding during testing when EnvType is set to staging.
  • CurrentConfigGroupVersionInfosArray of ConfigGroupVersionInfoFor the effective versions of each configuration group in the current environment, there are two possible scenarios based on the value of Status:
  • When Status is set to version_deploying, the returned value of this field represents the previously effective version. In other words, during the deployment of the new version, the effective version is the one that was in effect before any changes were made.
  • When Status is set to running, the value returned by this field is the currently effective version.
  • CreateTimeTimestamp ISO8601Creation time. The time format follows the ISO 8601 standard and is represented in Coordinated Universal Time (UTC).
    UpdateTimeTimestamp ISO8601Update time. The time format follows the ISO 8601 standard and is represented in Coordinated Universal Time (UTC).

    ErrorPage

    Custom error page.

    Used by actions: CreateL7AccRules, DescribeL7AccRules, ModifyL7AccRule.

    NameTypeRequiredDescription
    StatusCodeIntegerYesStatus code. supported values are 400, 403, 404, 405, 414, 416, 451, 500, 501, 502, 503, 504.
    RedirectURLStringYesRedirect url. requires a full redirect path, such as https://www.test.com/error.html.

    ErrorPageParameters

    Custom error page configuration parameters.

    Used by actions: CreateL7AccRules, DescribeL7AccRules, ModifyL7AccRule.

    NameTypeRequiredDescription
    ErrorPageParamsArray of ErrorPageNoCustom error page configuration list.
    Note: this field may return null, which indicates a failure to obtain a valid value.

    ErrorPageReference

    Custom error page's referenced source

    Used by actions: DescribeCustomErrorPages.

    NameTypeDescription
    BusinessIdStringReferenced business ID, such as the custom block rule ID.

    ExceptConfig

    Exception rules, which are used to bypass specific rules

    Used by actions: ModifySecurityPolicy.

    NameTypeRequiredDescription
    SwitchStringYesWhether to enable configuration. Values:
  • on: Enable
  • off: Disable
  • ExceptUserRulesArray of ExceptUserRuleNoThe settings of the exception rule. if it is null, the settings that were last configured will be used.

    ExceptUserRule

    The settings of the exception rule

    Used by actions: ModifySecurityPolicy.

    NameTypeRequiredDescription
    RuleNameStringYesThe rule name.
    ActionStringYesThe rule action. It only supports the value skip, which indicates skipping all managed rules.
    RuleStatusStringYesThe rule status. Values:
  • on: Enabled
  • off: Disabled
  • RuleIDIntegerNoThe rule ID, which is automatically created and only used as an output parameter.
    UpdateTimeTimestamp ISO8601NoLast update time. if null, the underlying layer generates it using the current system time by default.
    ExceptUserRuleConditionsArray of ExceptUserRuleConditionNoThe matching condition.
    ExceptUserRuleScopeExceptUserRuleScopeNoScope where the rule takes effect.
    RulePriorityIntegerNoThe rule priority. Value range: 0-100. If it is null, it defaults to 0.

    ExceptUserRuleCondition

    The condition of the exception rule

    Used by actions: ModifySecurityPolicy.

    NameTypeRequiredDescription
    MatchFromStringNoThe field to match. Values:
  • host: Request domain name
  • sip: Client IP
  • ua: User-Agent
  • cookie: Cookie
  • cgi: CGI script
  • xff: XFF header
  • url: Request URL
  • accept: Request content type
  • method: Request method
  • header: Request header
  • sip_proto: Network layer protocol
  • MatchParamStringNoThe parameter of the field. Only when MatchFrom = header, the key contained in the header can be passed.
    OperatorStringNoThe logical operator. Values:
  • equal: String equals
  • not_equal: Value not equals
  • include: String contains
  • not_include: String not contains
  • match: IP matches
  • not_match: IP not matches
  • include_area: Regions contain
  • is_empty: Value left empty
  • not_exists: Key fields not exist
  • regexp: Regex matches
  • len_gt: Value greater than
  • len_lt: Value smaller than
  • len_eq: Value equals
  • match_prefix: Prefix matches
  • match_suffix: Suffix matches
  • wildcard: Wildcard
  • MatchContentStringNoThe value of the parameter.

    ExceptUserRuleScope

    The scope to which the exception rule applies

    Used by actions: ModifySecurityPolicy.

    NameTypeRequiredDescription
    TypeStringNoException mode. Values:
  • complete: Skip the exception rule for full requests.
  • partial: Skip the exception rule for partial requests.
  • ModulesArray of StringNoEffective module. the field value can be:.
  • waf: tencent cloud-managed rules
  • .
  • Rate: rate limit
  • .
  • acl: custom rule
  • .
  • Cc: cc attack defense
  • .
  • Bot: bot protection
  • .
    PartialModulesArray of PartialModuleNoSkip exception rule details for some rule ids. if null, use the last set configuration by default.
    SkipConditionsArray of SkipConditionNoDetails of the exception rule for skipping specific fields. if null, use the last set configuration by default.

    ExceptionRule

    Web security exception rule.

    Used by actions: CreateWebSecurityTemplate, DescribeSecurityPolicy, DescribeWebSecurityTemplate, ModifySecurityPolicy, ModifyWebSecurityTemplate.

    NameTypeRequiredDescription
    IdStringNoThe ID of the exception rule. different rule configuration operations are supported by rule ID:
  • add a new rule: leave the ID empty or do not specify the ID parameter.
  • modify an existing rule: specify the rule ID that needs to be updated/modified.
  • delete an existing rule: existing Rules not included in the Rules list under the ExceptionRules parameter will be deleted.
  • .
    NameStringNoThe name of the exception rule.
    ConditionStringNoDescribes the specific content of the exception rule, which must comply with the expression grammar. for details, please refer to the product document.
    SkipScopeStringNoException rule execution options, valid values:
  • WebSecurityModules: designate the security protection module for the exception rule.
  • ManagedRules: designate the managed rule.
  • .
    SkipOptionStringNoSkip the specific type of request. valid values:
  • SkipOnAllRequestFields: skip all requests;
  • SkipOnSpecifiedRequestFields: skip specified request fields.
  • valid only when SkipScope is ManagedRules.
    WebSecurityModulesForExceptionArray of StringNoSpecifies the security protection module for exception rules. valid only when SkipScope is WebSecurityModules. valid values:
  • websec-mod-managed-rules: managed rule.
  • websec-mod-rate-limiting: rate limit.
  • websec-mod-custom-rules: custom rule.
  • websec-mod-adaptive-control: adaptive frequency control, intelligent client filtering, slow attack protection, traffic theft protection.
  • websec-mod-bot: bot management.
  • .
    ManagedRulesForExceptionArray of StringNoSpecifies the managed rule for the exception rule. valid only when SkipScope is ManagedRules. cannot specify ManagedRuleGroupsForException at this time.
    ManagedRuleGroupsForExceptionArray of StringNoA managed rule group with designated exception rules is valid only when SkipScope is ManagedRules, and at this point you cannot specify ManagedRulesForException.
    RequestFieldsForExceptionArray of RequestFieldsForExceptionNoSpecify exception rules to skip request fields. valid only when SkipScope is ManagedRules and SkipOption is SkipOnSpecifiedRequestFields.
    EnabledStringNoWhether the exception rule is enabled. valid values:
  • on: enable
  • off: disable
  • .

    ExceptionRules

    Web security exception rules.

    Used by actions: CreateWebSecurityTemplate, DescribeSecurityPolicy, DescribeWebSecurityTemplate, ModifySecurityPolicy, ModifyWebSecurityTemplate.

    NameTypeRequiredDescription
    RulesArray of ExceptionRuleNoDefinition list of exception Rules. when using ModifySecurityPolicy to modify Web protection configuration:
  • if the Rules parameter is not specified or the parameter length is zero: clear all exception rule configurations.
  • if the ExceptionRules parameter value is not specified in SecurityPolicy: keep existing exception rule configurations without modification.
  • .

    FailReason

    Failure reason

    Used by actions: CreatePrefetchTask, CreatePurgeTask.

    NameTypeDescription
    ReasonStringFailure reason.
    TargetsArray of StringList of resources failed to be processed.

    FileAscriptionInfo

    Verification file, used to verify site ownership

    Used by actions: DescribeIdentifications, IdentifyZone.

    NameTypeDescription
    IdentifyPathStringDirectory of the verification file.
    IdentifyContentStringContent of the verification file.

    FileVerification

    Information required for verifying via a file. It's applicable to sites connected via CNAMEs.

    Used by actions: CreateAccelerationDomain, CreateZone, DescribeAccelerationDomains, DescribeZones.

    NameTypeDescription
    PathStringEdgeOne obtains the file verification information in the format of "Scheme + Host + URL Path", (e.g. https://www.example.com/.well-known/teo-verification/z12h416twn.txt). This field is the URL path section of the URL you need to create.
    ContentStringContent of the verification file. The contents of this field need to be filled into the text file returned by Path.

    Filter

    Key-value pair filters for conditional filtering queries, such as filtering ID, name, and status.
    If more than one filter exists, the logical relationship between these filters is AND.
    If multiple values exist in one filter, the logical relationship between these values under the same filter is OR.

    Used by actions: DescribeApplicationProxies, DescribeDefaultCertificates, DescribeFunctionRules, DescribeFunctions, DescribeHostsSetting, DescribeIdentifications, DescribeJustInTimeTranscodeTemplates, DescribeL4Proxy, DescribeL4ProxyRules, DescribeL7AccRules, DescribeLoadBalancerList, DescribeMultiPathGateways, DescribeOriginProtection, DescribePlans, DescribeRules.

    NameTypeRequiredDescription
    NameStringYesFields to be filtered.
    ValuesArray of StringYesValue of the filtered field.

    FirstPartConfig

    The configuration to detect slow attacks based on the transfer period the first 8 KB of requests

    Used by actions: ModifySecurityPolicy.

    NameTypeRequiredDescription
    SwitchStringYesSwitch. valid values:.
  • on: Enable;


  • off: Disable.
  • StatTimeIntegerNoThe statistical period of the first segment packet is in seconds. expect the duration to be 5 seconds by default.

    FollowOrigin

    Following origin server configuration for caching.

    Used by actions: CreateL7AccRules, DescribeHostsSetting, DescribeL7AccRules, DescribeL7AccSetting, ModifyL7AccRule, ModifyL7AccSetting, ModifyZoneSetting.

    NameTypeRequiredDescription
    SwitchStringYesWhether to enable the configuration of following the origin server. Valid values:
  • on: Enable
  • off: Disable
  • DefaultCacheStringNoWhether to cache when an origin server does not return the cache-control header. this field is required when switch is on; when switch is off, this field is not required and will be ineffective if filled. valid values:.
  • On: cache;
  • .
  • Off: do not cache.
  • .
    DefaultCacheStrategyStringNoWhether to use the default caching policy when an origin server does not return the cache-control header. this field is required when defaultcache is set to on; otherwise, it is ineffective. when defaultcachetime is not 0, this field should be off. valid values:.
  • On: use the default caching policy.
  • .
  • Off: do not use the default caching policy.
  • .
    DefaultCacheTimeIntegerNoThe default cache time in seconds when an origin server does not return the cache-control header. the value ranges from 0 to 315360000. this field is required when defaultcache is set to on; otherwise, it is ineffective. when defaultcachestrategy is on, this field should be 0.

    ForceRedirect

    Forced HTTPS redirect configuration for access protocols.

    Used by actions: DescribeZoneSetting, ModifyZoneSetting.

    NameTypeRequiredDescription
    SwitchStringYesWhether to enable force HTTPS redirect. Values:
  • on: Enable
  • off: Disable
  • RedirectStatusCodeIntegerNoRedirection status code. valid values:.
  • 301: 301 redirect
  • .
  • 302: 302 redirect
  • .

    ForceRedirectHTTPSParameters

    Forced HTTPS redirect configuration for access protocols.

    Used by actions: CreateL7AccRules, DescribeL7AccRules, DescribeL7AccSetting, ModifyL7AccRule, ModifyL7AccSetting.

    NameTypeRequiredDescription
    SwitchStringNoWhether to enable forced redirect configuration switch. values:.
  • On: enable;

  • .
  • Off: disable.
  • .
    RedirectStatusCodeIntegerNoRedirection status code. this field is required when switch is on; otherwise, it is not effective. valid values are:.
  • 301: 301 redirect;
  • .
  • 302: 302 redirect.
  • .

    Function

    Details of an edge function.

    Used by actions: DescribeFunctions.

    NameTypeDescription
    FunctionIdStringFunction ID.
    ZoneIdStringZone ID.
    NameStringFunction name.
    RemarkStringFunction description.
    ContentStringFunction content.
    DomainStringDefault domain name of a function.
    CreateTimeStringCreation time, which adopts Coordinated Universal Time (UTC) and follows the date and time format of the ISO 8601 standard.
    UpdateTimeStringModification time, which adopts Coordinated Universal Time (UTC) and follows the date and time format of the ISO 8601 standard.

    FunctionEnvironmentVariable

    Environment variables of an edge function

    Used by actions: DescribeFunctionRuntimeEnvironment, HandleFunctionRuntimeEnvironment.

    NameTypeRequiredDescription
    KeyStringYesVariable name, which should be unique and can only contain uppercase and lowercase letters, digits, and special characters including at signs (@), periods (.), hyphens (-), and underscores (_). Its maximum size is 64 bytes.
    ValueStringNoVariable value. Its maximum size is 5000 bytes. The default value is empty.
    TypeStringNoVariable type. Valid values:
  • string: string type;
  • json: JSON object type.
  • Default value: string.

    FunctionRule

    Trigger rules for an edge function

    Used by actions: DescribeFunctionRules.

    NameTypeDescription
    RuleIdStringRule ID.
    FunctionRuleConditionsArray of FunctionRuleConditionRule condition list. There is an OR relationship between items in the list.
    FunctionIdStringFunction ID, specifying a function executed when a trigger rule condition is met.
    RemarkStringRule description.
    FunctionNameStringFunction name.
    PriorityIntegerPriority of a trigger rule for a function. The larger the value, the higher the priority.
    CreateTimeTimestamp ISO8601Creation time, which adopts Coordinated Universal Time (UTC) and follows the date and time format of the ISO 8601 standard.
    UpdateTimeTimestamp ISO8601Update time, which adopts Coordinated Universal Time (UTC) and follows the date and time format of the ISO 8601 standard.

    FunctionRuleCondition

    Condition of a trigger rule for an edge function.

    Used by actions: CreateFunctionRule, DescribeFunctionRules, ModifyFunctionRule.

    NameTypeRequiredDescription
    RuleConditionsArray of RuleConditionYesCondition of a trigger rule for an edge function. This condition is considered met if all items in the list are met.

    GatewayRegion

    Multi-Channel security gateway available region.

    Used by actions: DescribeMultiPathGatewayRegions.

    NameTypeDescription
    RegionIdStringRegion ID.
    CNNameStringChinese region name.
    ENNameStringEnglish name of the region.

    Grpc

    Configuration of gRPC support

    Used by actions: DescribeZoneSetting, ModifyZoneSetting.

    NameTypeRequiredDescription
    SwitchStringYesWhether to enable gRPC support. Valid values:
  • on: Enable;
  • off: Disable.
  • GrpcParameters

    gRPC configuration item.

    Used by actions: DescribeL7AccSetting, ModifyL7AccSetting.

    NameTypeRequiredDescription
    SwitchStringNoWhether to enable grpc. values:.
  • On: enable;

  • .
  • Off: disable.
  • .

    HSTSParameters

    HSTS configuration parameters.

    Used by actions: CreateL7AccRules, DescribeL7AccRules, DescribeL7AccSetting, ModifyL7AccRule, ModifyL7AccSetting.

    NameTypeRequiredDescription
    SwitchStringNoWhether to enable hsts. values:.
  • On: enable;

  • .
  • Off: disable.
  • .
    TimeoutIntegerNoCache hsts header time, unit: seconds. value range: 1-31536000.
    note: this field is required when switch is on; when switch is off, this field is not required and will not take effect if filled.
    IncludeSubDomainsStringNoWhether to allow other subdomains to inherit the same hsts header. values:.
  • On: allows other subdomains to inherit the same hsts header.
  • .
  • Off: does not allow other subdomains to inherit the same hsts header.
  • note: when switch is on, this field is required; when switch is off, this field is not required and will not take effect if filled.
    PreloadStringNoWhether to allow the browser to preload the hsts header. valid values:.
  • On: allows the browser to preload the hsts header.
  • .
  • Off: does not allow the browser to preload the hsts header.
  • note: when switch is on, this field is required; when switch is off, this field is not required and will not take effect if filled.

    HTTP2Parameters

    HTTP2 integration configuration parameters.

    Used by actions: CreateL7AccRules, DescribeL7AccRules, DescribeL7AccSetting, ModifyL7AccRule, ModifyL7AccSetting.

    NameTypeRequiredDescription
    SwitchStringNoWhether to enable http2 access. values:.
  • On: enable;

  • .
  • Off: disable.
  • .

    HTTPResponseParameters

    HTTP response configuration parameters.

    Used by actions: CreateL7AccRules, DescribeL7AccRules, ModifyL7AccRule.

    NameTypeRequiredDescription
    StatusCodeIntegerNoResponse status code. supports 2xx, 4xx, 5xx, excluding 499, 514, 101, 301, 302, 303, 509, 520-599.
    ResponsePageStringNoResponse page id.

    HTTPUpstreamTimeoutParameters

    Layer-7 origin-pull timeout configuration.

    Used by actions: CreateL7AccRules, DescribeL7AccRules, ModifyL7AccRule.

    NameTypeRequiredDescription
    ResponseTimeoutIntegerNoHTTP response timeout in seconds. value range: 5–600.

    HTTP header, used as input for the CreatePrefetchTask API

    Used by actions: CreatePrefetchTask, CreateRealtimeLogDeliveryTask, ModifyRealtimeLogDeliveryTask.

    NameTypeRequiredDescription
    NameStringYesHTTP header name.
    ValueStringYesHTTP header value

    HeaderAction

    HTTP header setting rules.

    Used by actions: CreateL7AccRules, DescribeL7AccRules, ModifyL7AccRule.

    NameTypeRequiredDescription
    ActionStringYesHTTP header setting methods. valid values are:.
  • Set: sets a value for an existing header parameter;
  • .
  • Del: deletes a header parameter;
  • .
  • Add: adds a header parameter.
  • .
    NameStringYesHTTP header name.
    ValueStringNoHTTP header value. this parameter is required when the action is set to set or add; it is optional when the action is set to del.

    HealthChecker

    LoadBalancer health check policy.

    Used by actions: CreateLoadBalancer, DescribeLoadBalancerList, ModifyLoadBalancer.

    NameTypeRequiredDescription
    TypeStringYesHealth check policy. Valid values:
  • HTTP.
  • HTTPS.
  • TCP.
  • UDP.
  • ICMP Ping.
  • NoCheck.

  • Note: NoCheck means the health check policy is not enabled.
    PortIntegerNoCheck port, which is required when Type = HTTP, Type = HTTPS, Type = TCP, or Type = UDP.
    IntervalIntegerNoCheck frequency, in seconds. It indicates how often a health check task is initiated. Valid values: 30, 60, 180, 300, 600.
    TimeoutIntegerNoTimeout for each health check, in seconds. If the health check time exceeds this value, the check result is determined as "unhealthy". The default value is 5s, and the value should be less than Interval.
    HealthThresholdIntegerNoHealthy state threshold, in the number of times. It indicates that if the consecutive health check results are "healthy" for a certain number of times, an origin server is considered "healthy". The default value is 3 times, with the minimum value of 1 time.
    CriticalThresholdIntegerNoUnhealthy state threshold, in the number of times. It indicates that if the consecutive health check results are "unhealthy" for a certain number of times, an origin server is considered "unhealthy". The default value is 2 times.
    PathStringNoProbe path. This parameter is valid only when Type = HTTP or Type = HTTPS. It needs to include the complete host/path and should not contain a protocol, for example, www.example.com/test.
    MethodStringNoRequest method. This parameter is valid only when Type = HTTP or Type = HTTPS. Valid values:
  • GET.
  • HEAD.
  • ExpectedCodesArray of StringNoThe status codes used to determine that the probe result is healthy when the probe node initiates a health check to an origin server. This parameter is valid only when Type = HTTP or Type = HTTPS.
    HeadersArray of CustomizedHeaderNoThe custom HTTP request header carried by a probe request, with a maximum value of 10. This parameter is valid only when Type = HTTP or Type = HTTPS.
    FollowRedirectStringNoWhether to follow 301/302 redirect. When enabled, 301/302 is considered a "healthy" status code, redirecting 3 times by default. This parameter is valid only when Type = HTTP or Type = HTTPS.
    SendContextStringNoThe content sent by a health check. Only ASCII visible characters are allowed, with up to 500 characters. This parameter is valid only when Type = UDP.
    RecvContextStringNoThe expected return result from an origin server during health check. Only ASCII visible characters are allowed, with up to 500 characters. This parameter is valid only when Type = UDP.

    HostHeaderParameters

    Host Header Rewrite configuration parameters.

    Used by actions: CreateL7AccRules, DescribeL7AccRules, ModifyL7AccRule.

    NameTypeRequiredDescription
    ActionStringNoAction to be executed. values:.
  • FollowOrigin: follow origin server domain name;
  • .
  • Custom: custom
  • .
    ServerNameStringNoHost header rewrite requires a complete domain name.
    note: this field is required when switch is on; when switch is off, this field is not required and any value will be ignored.

    HostName

    Access URL redirect HostName configuration parameters.

    Used by actions: CreateL7AccRules, DescribeL7AccRules, ModifyL7AccRule.

    NameTypeRequiredDescription
    ActionStringNoTarget hostname configuration, valid values are:.
  • Follow: follow the request;
  • .
  • Custom: custom
  • .
    ValueStringNoCustom value for target hostname, maximum length is 1024.
    note: when action is custom, this field is required; when action is follow, this field is not effective.

    Hsts

    HSTS configuration

    Used by actions: DescribeHostsSetting, ModifyZoneSetting.

    NameTypeRequiredDescription
    SwitchStringYesWhether to enable the configuration. Values:
  • on: Enable
  • off: Disable
  • MaxAgeIntegerNoMaxAge value. expressed in seconds, maximum value is 1 day.
    IncludeSubDomainsStringNoSpecifies whether the subdomain is included. valid values:.
  • on: Enable;


  • off: Disable.
  • PreloadStringNoWhether to enable preloading. valid values:.
  • on: Enable;


  • off: Disable.
  • HttpDDoSProtection

    HTTP DDOS protection configuration.

    Used by actions: CreateWebSecurityTemplate, DescribeSecurityPolicy, DescribeWebSecurityTemplate, ModifySecurityPolicy, ModifyWebSecurityTemplate.

    NameTypeRequiredDescription
    AdaptiveFrequencyControlAdaptiveFrequencyControlNoSpecifies the specific configuration of adaptive frequency control.
    ClientFilteringClientFilteringNoSpecifies the intelligent client filter configuration.
    BandwidthAbuseDefenseBandwidthAbuseDefenseNoSpecifies the specific configuration for bandwidth abuse protection.
    SlowAttackDefenseSlowAttackDefenseNoSpecifies the configuration of slow attack protection.

    Https

    Domain name HTTPS acceleration configuration. This is disabled by default.

    Used by actions: DescribeHostsSetting, DescribeZoneSetting, ModifyZoneSetting.

    NameTypeRequiredDescription
    Http2StringNohttp2 configuration switch. valid values:.
  • on: Enable;


  • off: Disable.
  • OcspStaplingStringNoOCSP configuration switch. valid values:.
  • on: Enable;


  • off: Disable.
  • TlsVersionArray of StringNoTls version settings, valid values:.
  • TLSv1: tlsv1 version;
  • .
  • TLSV1.1: TLSV1.1 version;
  • .
  • TLSV1.2: specifies the TLSV1.2 version.
  • .
  • TLSv1.3: specifies the tlsv1.3 version. consecutive versions must be enabled when modifying.
  • .
    HstsHstsNoHSTS Configuration
    Note: This field may return null, indicating that no valid values can be obtained.
    CertInfoArray of ServerCertInfoNoThe certificate configuration.
    Note: This field may return null, indicating that no valid values can be obtained.
    ApplyTypeStringNoApplication type. valid values:.
  • apply: managed by EdgeOne.
  • .
  • none: not managed by EdgeOne.
  • if it is left empty, the default value none is used.
    CipherSuiteStringNoThe cipher suite, with valid values:.
  • loose-v2023: provides high compatibility with general security, and supports TLS 1.0-1.3 cipher suites;
  • .
  • general-v2023: provides relatively high compatibility with moderate security, and supports TLS 1.2-1.3 cipher suites.
  • .
  • strict-v2023: provides high security, disables all cipher suites with security risks, and supports TLS 1.2-1.3 cipher suites.
  • .

    IPExpireInfo

    Stores the scheduled expiration time and corresponding IP.

    Used by actions: CreateSecurityIPGroup, DescribeSecurityIPGroup, DescribeSecurityIPGroupInfo, ModifySecurityIPGroup.

    NameTypeRequiredDescription
    ExpireTimeTimestamp ISO8601NoScheduled expiration time, following the ISO 8601 standard date and time format, such as "2022-01-01T00:00:00+08:00".
    IPListArray of StringNoIP list. supports ip and ip range.

    IPGroup

    IP range group

    Used by actions: CreateSecurityIPGroup, DescribeSecurityIPGroup, DescribeSecurityIPGroupInfo, ModifySecurityIPGroup.

    NameTypeRequiredDescription
    GroupIdIntegerYesGroup ID. Enter 0.
    NameStringYesGroup name.
    ContentArray of StringYesIP group content, supports ip and ip range.
    IPTotalCountIntegerNoNumber of ips or ranges in effect in the IP group. valid as an output parameter, no need to specify this field as an input parameter.
    IPExpireInfoArray of IPExpireInfoNoSpecifies the scheduled expiration information of the IP.
    Specifies the IP address or IP range configuration with scheduled expiration time as an input parameter.
    As an output parameter, contains the following two categories of information.
  • Currently not expired scheduled expiration information: expiration configuration not triggered.
  • .
  • Scheduled expiration information expired within a week: cache expiration configuration has been triggered.
  • .

    IPRegionInfo

    IP location information query

    Used by actions: DescribeIPRegion.

    NameTypeDescription
    IPStringIP address, IPV4 or IPV6.
    IsEdgeOneIPStringWhether the IP belongs to an EdgeOne node. Valid values:
  • yes: This IP belongs to an EdgeOne node;
  • no: This IP does not belong to an EdgeOne node.
  • IPWhitelist

    Intermediate IPs

    Used by actions: DescribeOriginProtection.

    NameTypeDescription
    IPv4Array of StringList of IPv4 addresses
    IPv6Array of StringList of IPv6 addresses

    IPv6Parameters

    IPv6 access configuration.

    Used by actions: DescribeL7AccSetting, ModifyL7AccSetting.

    NameTypeRequiredDescription
    SwitchStringNoWhether to enable ipv6 access functionality. valid values:.
  • On: enable ipv6 access;
  • .
  • Off: disable ipv6 access feature.
  • .

    Identification

    The site verification information

    Used by actions: DescribeIdentifications.

    NameTypeDescription
    ZoneNameStringThe site name.
    DomainStringThe subdomain name to be verified. to verify the ownership of a site, leave it blank.
    StatusStringThe verification status. Values:
  • pending: The verification is ongoing.
  • finished: The verification completed.
  • AscriptionAscriptionInfoDetails of the DNS record.
    OriginalNameServersArray of StringSpecifies the current NS record of the domain name.
    FileAscriptionFileAscriptionInfoDetails of the verification file.

    ImageOptimize

    Image optimization configuration.

    Used by actions: DescribeZoneSetting, ModifyZoneSetting.

    NameTypeRequiredDescription
    SwitchStringYesWhether to enable configuration. Values:
  • on: Enable
  • off: Disable
  • IntelligenceRule

    Bot intelligence rules

    Used by actions: ModifySecurityPolicy.

    NameTypeRequiredDescription
    SwitchStringNoSwitch. valid values:.
  • on: Enable;


  • off: Disable.
  • IntelligenceRuleItemsArray of IntelligenceRuleItemNoSpecifies the rule detail.

    IntelligenceRuleItem

    Bot intelligence rule items

    Used by actions: ModifySecurityPolicy.

    NameTypeRequiredDescription
    LabelStringYesThe tag to categorize bots. Values:
  • evil_bot: Malicious bot
  • suspect_bot: Suspected bot
  • good_bot: Good bot
  • normal: Normal request
  • ActionStringYesThe action taken on bots. Values
  • drop: Block
  • trans: Allow
  • alg: JavaScript challenge
  • captcha: Managed challenge
  • monitor: Observe
  • IpTableConfig

    IP/Region blocklist/allowlist configuration

    Used by actions: ModifySecurityPolicy.

    NameTypeRequiredDescription
    SwitchStringYesSwitch. valid values:.
  • on: Enable;


  • off: disabled;
  • .
    IpTableRulesArray of IpTableRuleNoBasic control rules. if null, historical configuration is used by default.

    IpTableRule

    IP blocklist/allowlist rule details

    Used by actions: ModifySecurityPolicy.

    NameTypeRequiredDescription
    ActionStringYesThe action. Values:
  • drop: Block
  • trans: Allow
  • monitor: Observe
  • MatchFromStringYesThe matching dimension. Values:
  • ip: Match by IP.
  • area: Match by IP region.
  • OperatorStringNoMatching method. It defaults to equal if it’s left empty.
    Values:
  • is_empty: The field is empty.
  • not_exists: The configuration item does not exist.
  • include: Include
  • not_include: Do not include
  • equal: Equal to
  • not_equal: Not equal to

  • Note: This field may return null, indicating that no valid values can be obtained.
    RuleIDIntegerNoThe rule ID, which is only used as an output parameter.
    UpdateTimeTimestamp ISO8601NoThe update time, which is only used as an output parameter.
    StatusStringNoThe rule status. A null value indicates that the rule is enabled. Values:
  • on: Enabled
  • off: Disabled

  • Note: This field may return null, indicating that no valid values can be obtained.
    RuleNameStringNoSpecifies the rule name.
    MatchContentStringNoMatching content. It’s not required when Operator is is_emty or not_exists.

    Ipv6

    The IPv6 access configuration.

    Used by actions: CreateApplicationProxy, DescribeApplicationProxies, DescribeHostsSetting, DescribeZoneSetting, ModifyApplicationProxy, ModifyZoneSetting.

    NameTypeRequiredDescription
    SwitchStringYesWhether to enable IPv6 access. Valid values:
  • on: Enable;
  • off: Disable.
  • JITVideoProcess

    Just-in-time media processing configuration.

    Used by actions: DescribeZoneSetting, ModifyZoneSetting.

    NameTypeRequiredDescription
    SwitchStringYesJust-in-time media processing configuration switch. Valid values:
  • on: Enable.
  • off: Disable.
  • JSInjectionRule

    JavaScript injection rule.

    Used by actions: CreateSecurityJSInjectionRule, DescribeSecurityJSInjectionRule, ModifySecurityJSInjectionRule.

    NameTypeRequiredDescription
    RuleIdStringNoRule ID.
    NameStringNoRule name
    PriorityIntegerNoRule priority. a smaller value indicates higher priority execution. value range: 0-100. default value is 0.
    ConditionStringNoSpecifies the match condition content, which must comply with the expression grammar. please refer to the product document for detailed requirements.
    InjectJSStringNoJavaScript injection option. default value: run-attestations. valid values:.
  • no-injection: specifies not to inject JavaScript.
  • .
  • inject-sdk-only: injects sdks for all currently supported authentication methods. currently supported: TC-RCE and TC-CAPTCHA. note: to execute authentication detection, configure challenge rules.
  • .

    JustInTimeTranscodeTemplate

    Just-In-Time transcoding template description.

    Used by actions: DescribeJustInTimeTranscodeTemplates.

    NameTypeDescription
    TemplateIdStringUnique identifier of the instant transcoding template.
    TemplateNameStringSpecifies the transcoding template name.
    CommentStringTemplate description information.
    TypeStringTemplate type. valid values:
  • preset: system-preset template;
  • custom: user-defined template.
  • .
    VideoStreamSwitchStringEnable video stream. valid values:
  • on: turn on;
  • off: turn off.
  • .
    AudioStreamSwitchStringEnable audio stream. valid values:
  • on: enable;
  • off: disable.
  • .
    VideoTemplateVideoTemplateInfoVideo stream configuration parameters. this field is valid only when VideoStreamSwitch is on.
    AudioTemplateAudioTemplateInfoAudio stream configuration parameters. specifies this field is valid only when AudioStreamSwitch is on.
    CreateTimeStringTemplate creation time. uses ISO date format.
    UpdateTimeStringTemplate last modified time. uses ISO date format.

    L4OfflineLog

    The L7 log details

    Used by actions: DownloadL4Logs.

    NameTypeDescription
    ProxyIdStringL4 proxy instance ID.
    AreaStringLog query area. Valid values:
  • mainland: Chinese mainland;
  • overseas: Global (outside the Chinese mainland).
  • LogPacketNameStringLog packet name.
    UrlStringLog download address.
    LogTimeInteger(Disused) Log packaging time.
    LogStartTimeTimestamp ISO8601Start time of log packaging.
    LogEndTimeTimestamp ISO8601End time of the log package.
    SizeIntegerLog size (in bytes).

    L4Proxy

    Layer 4 proxy instance.

    Used by actions: DescribeL4Proxy.

    NameTypeRequiredDescription
    ZoneIdStringNoZone ID.
    ProxyIdStringNoLayer 4 proxy instance ID.
    ProxyNameStringNoLayer 4 proxy instance name.
    AreaStringNoAcceleration zone of the Layer 4 proxy instance.
  • mainland: Availability zone in the Chinese mainland;
  • overseas: Global availability zone (excluding the Chinese mainland);
  • global: Global availability zone.
  • CnameStringNoAccess via CNAME.
    IpsArray of StringNoAfter the fixed IP address is enabled, this value will return the corresponding access IP address; if it is not enabled, this value will be empty.
    StatusStringNoStatus of the Layer 4 proxy instance.
  • online: Enabled;
  • offline: Disabled;
  • progress: Deploying;

  • stopping: Disabling;
  • banned: Blocked;
  • fail: Failed to deploy or disable.
  • Ipv6StringNoSpecifies whether to enable IPv6 access.
  • on: Enable;
  • off: Disable.
  • StaticIpStringNoSpecifies whether to enable the fixed IP address.
  • on: Enable;
  • off: Disable.
  • AccelerateMainlandStringNoSpecifies whether to enable network optimization in the Chinese mainland.
  • on: Enable
  • off: Disable
  • DDosProtectionConfigDDosProtectionConfigNoSecurity protection configuration.
    Note: This field may return null, indicating that no valid value can be obtained.
    L4ProxyRuleCountIntegerNoNumber of forwarding rules under the Layer 4 proxy instance.
    UpdateTimeTimestamp ISO8601NoLatest modification time.

    L4ProxyRemoteAuth

    L4 remote authentication information.

    Used by actions: CreateL4ProxyRules, DescribeL4ProxyRules, ModifyL4ProxyRules.

    NameTypeRequiredDescription
    SwitchStringYesWhether to enable L4 remote authentication. Valid values:
  • on: Enable;
  • off: Disable.
  • AddressStringYesRemote authentication service address, in the format of domain/ip:port, such as example.auth.com:8888.
    ServerFaultyBehaviorStringYesDefault origin-pull behavior based on L4 forwarding rules after the remote authentication service is disabled. Valid values:
  • reject: Block and deny access;
  • allow: Allow access.
  • L4ProxyRule

    Details of Layer 4 proxy forwarding rules.

    Used by actions: CreateL4ProxyRules, DescribeL4ProxyRules, ModifyL4ProxyRules.

    NameTypeRequiredDescription
    RuleIdStringNoForwarding rule ID.
    Note: Do not fill in this parameter when L4ProxyRule is used as an input parameter in CreateL4ProxyRules; it must be filled in when L4ProxyRule is used as an input parameter in ModifyL4ProxyRules.
    ProtocolStringNoForwarding protocol. Valid values:
  • TCP: TCP protocol;
  • UDP: UDP protocol.

  • Note: This parameter must be filled in when L4ProxyRule is used as an input parameter in CreateL4ProxyRules; it is optional when L4ProxyRule is used as an input parameter in ModifyL4ProxyRules. If not specified, it will retain its existing value.
    PortRangeArray of StringNoForwarding port, which can be set as follows:
  • A single port, such as 80;
  • A range of ports, such as 81-85, representing ports 81, 82, 83, 84, 85.

  • Note: This parameter must be filled in when L4ProxyRule is used as an input parameter in CreateL4ProxyRules; it is optional when L4ProxyRule is used as an input parameter in ModifyL4ProxyRules. If not specified, it will retain its existing value.
    OriginTypeStringNoOrigin server type. Valid values:
  • IP_DOMAIN: IP/Domain name origin server;
  • ORIGIN_GROUP: Origin server group;
  • LB: Cloud Load Balancer, currently only open to the allowlist.

  • Note: This parameter must be filled in when L4ProxyRule is used as an input parameter in CreateL4ProxyRules; it is optional when L4ProxyRule is used as an input parameter in ModifyL4ProxyRules. If not specified, it will retain its existing value.
    OriginValueArray of StringNoOrigin server address.
  • When OriginType is set to IP_DOMAIN, enter the IP address or domain name, such as 8.8.8.8 or test.com;
  • When OriginType is set to ORIGIN_GROUP, enter the origin server group ID, such as og-537y24vf5b41;
  • When OriginType is set to LB, enter the Cloud Load Balancer instance ID, such as lb-2qwk30xf7s9g.

  • Note: This parameter must be filled in when L4ProxyRule is used as an input parameter in CreateL4ProxyRules; it is optional when L4ProxyRule is used as an input parameter in ModifyL4ProxyRules. If not specified, it will retain its existing value.
    OriginPortRangeStringNoOrigin server port, which can be set as follows:
  • A single port, such as 80;
  • A range of ports, such as 81-85, representing ports 81, 82, 83, 84, 85. When inputting a range of ports, ensure that the length corresponds with that of the forwarding port range. For example, if the forwarding port range is 80-90, this port range should be 90-100.

  • Note: This parameter must be filled in when L4ProxyRule is used as an input parameter in CreateL4ProxyRules; it is optional when L4ProxyRule is used as an input parameter in ModifyL4ProxyRules. If not specified, it will retain its existing value.
    ClientIPPassThroughModeStringNoTransmission of the client IP address. Valid values:
  • TOA: Available only when Protocol=TCP;

  • PPV1: Transmission via Proxy Protocol V1. Available only when Protocol=TCP;
  • PPV2: Transmission via Proxy Protocol V2;

  • SPP: Transmission via Simple Proxy Protocol. Available only when Protocol=UDP;

  • OFF: No transmission.

  • Note: This parameter is optional when L4ProxyRule is used as an input parameter in CreateL4ProxyRules, and if not specified, the default value OFF will be used; it is optional when L4ProxyRule is used as an input parameter in ModifyL4ProxyRules. If not specified, it will retain its existing value.
    SessionPersistStringNoSpecifies whether to enable session persistence. Valid values:
  • on: Enable;
  • off: Disable.

  • Note: This parameter is optional when L4ProxyRule is used as an input parameter in CreateL4ProxyRules, and if not specified, the default value off will be used; it is optional when L4ProxyRule is used as an input parameter in ModifyL4ProxyRules. If not specified, it will retain its existing value.
    SessionPersistTimeIntegerNoSession persistence period, with a range of 30-3600, measured in seconds.
    Note: This parameter is optional when L4ProxyRule is used as an input parameter in CreateL4ProxyRules. It is valid only when SessionPersist is set to on and defaults to 3600 if not specified. It is optional when L4ProxyRule is used as an input parameter in ModifyL4ProxyRules. If not specified, it will retain its existing value.
    RuleTagStringNoRule tag. Accepts 1-50 arbitrary characters.
    Note: This parameter is optional when L4ProxyRule is used as an input parameter in CreateL4ProxyRules; it is optional when L4ProxyRule is used as an input parameter in ModifyL4ProxyRules. If not specified, it will retain its existing value.
    StatusStringNoRule status. Valid values:
  • online: Enabled;
  • offline: Disabled;
  • progress: Deploying;
  • stopping: Disabling;
  • fail: Failed to deploy or disable.

  • Note: Do not set this parameter when L4ProxyRule is used as an input parameter in CreateL4ProxyRules and ModifyL4ProxyRules.
    BuIdStringNoBuID.
    RemoteAuthL4ProxyRemoteAuthNoRemote authentication information.
    Note: RemoteAuth cannot be used as an input parameter in CreateL4ProxyRules or ModifyL4ProxyRules. If this parameter is input, it will be ignored. If the returned data of DescribeL4ProxyRules is empty, it indicates that remote authentication is disabled.
    Note: This field may return null, which indicates a failure to obtain a valid value.

    L7OfflineLog

    Details of L7 logs.

    Used by actions: DownloadL7Logs.

    NameTypeDescription
    DomainStringLog domain name.
    AreaStringLog query area. Valid values:
  • mainland: Chinese mainland;
  • overseas: Global (outside the Chinese mainland).
  • LogPacketNameStringLog packet name.
    UrlStringLog download address.
    LogTimeInteger(Disused) Log packaging time.
    LogStartTimeTimestamp ISO8601Start time of log packaging.
    LogEndTimeTimestamp ISO8601End time of the log package.
    SizeIntegerOriginal log size (in bytes).

    LoadBalancer

    LoadBalancer information.

    Used by actions: DescribeLoadBalancerList.

    NameTypeDescription
    InstanceIdStringLoadBalancer ID.
    NameStringLoadBalancer name, which can contain 1 to 200 characters, including a-z, A-Z, 0-9, underscores (_), and hyphens (-).
    TypeStringLoadBalancer type. Valid values:
  • HTTP: HTTP-specific LoadBalancer. It supports adding HTTP-specific and general origin server groups. It can only be referenced by site acceleration services (such as domain name service and rule engine).
  • GENERAL: general LoadBalancer. It only supports adding general origin server groups. It can be referenced by site acceleration services (such as domain name service and rule engine) and Layer-4 proxy.
  • HealthCheckerHealthCheckerHealth check policy. For details, refer to Health Check Policies.
    SteeringPolicyStringTraffic scheduling policy among origin server groups. Valid values:
  • Priority: Perform failover according to priority.
  • FailoverPolicyStringRequest retry policy when access to an origin server fails. For details, refer to Introduction to Request Retry Strategy. Valid values:
  • OtherOriginGroup: After a single request fails, retry with another origin server within the next lower priority origin server group.
  • OtherRecordInOriginGroup: After a single request fails, retry with another origin server within the same origin server group.
  • OriginGroupHealthStatusArray of OriginGroupHealthStatusOrigin server group health status.
    StatusStringLoadBalancer status. Valid values:
  • Pending: deploying.
  • Deleting: deleting.
  • Running: effective.
  • L4UsedListArray of StringSpecifies the list of l4 proxy instances bound to the load balancing instance.
    L7UsedListArray of StringList of Layer-7 domain names bound to a LoadBalancer.

    LogFormat

    Output format for real-time log delivery. You can directly use the specified predefined log output format (JSON Lines / csv) through the FormatType parameter, or define a variant output format through additional parameters based on the predefined log output format.

    Used by actions: CreateRealtimeLogDeliveryTask, DescribeRealtimeLogDeliveryTasks, ModifyRealtimeLogDeliveryTask.

    NameTypeRequiredDescription
    FormatTypeStringYesPredefined output format for log shipping. Valid values:
  • json: Use JSON Lines as the predefined log output format. In each log entry, fields are displayed as key-value pairs.
  • csv: Use the predefined log output format csv, where each log entry only is presented as field values only, excluding field names.
  • BatchPrefixStringNoA string added before each log delivery batch. Each log delivery batch may contain multiple log records.
    BatchSuffixStringNoA string appended after each log delivery batch.
    RecordPrefixStringNoA string added before each log record.
    RecordSuffixStringNoA string appended after each log record.
    RecordDelimiterStringNoA string inserted between log records as a separator. Valid values:
  • \n: line break;
  • \t: tab character;
  • ,: Half-width comma.
  • FieldDelimiterStringNoA string inserted between fields as a separator within a single log record. Valid values:
  • \t: tab character;
  • ,: half-width comma;
  • ;: Half-width semicolon.
  • ManagedRuleAction

    Action for specific RuleId.

    Used by actions: CreateWebSecurityTemplate, DescribeSecurityPolicy, DescribeWebSecurityTemplate, ModifySecurityPolicy, ModifyWebSecurityTemplate.

    NameTypeRequiredDescription
    RuleIdStringYesSpecific items under ManagedRuleGroup, used to rewrite the configuration of this individual rule item, refer to product documentation for details.
    ActionSecurityActionYesAction for the managed rule item specified by RuleId, the SecurityAction Name parameter supports:
  • Deny: block and respond with an block page;
  • Monitor: observe, do not process the request and record the security event in logs;
  • Disabled: disabled, do not scan the request and skip this rule.
  • .

    ManagedRuleAutoUpdate

    Managed rule automatic update option.

    Used by actions: CreateWebSecurityTemplate, DescribeSecurityPolicy, DescribeWebSecurityTemplate, ModifySecurityPolicy, ModifyWebSecurityTemplate.

    NameTypeRequiredDescription
    AutoUpdateToLatestVersionStringYesEnable automatic update to the latest version or not. Values:
  • on: enabled
  • off: disabled
  • .
    RulesetVersionStringNoCurrent version, compliant with ISO 8601 standard format, such as 2023-12-21T12:00:32Z, empty by default, output parameter only.

    ManagedRuleDetail

    Managed rule detail.

    Used by actions: CreateWebSecurityTemplate, DescribeSecurityPolicy, DescribeWebSecurityTemplate, ModifySecurityPolicy, ModifyWebSecurityTemplate.

    NameTypeRequiredDescription
    RuleIdStringNoManaged rule Id.
    RiskLevelStringNoProtection level of managed rules. Values:
  • low: low risk, this rule has a relatively low risk and is applicable to very strict access scenarios, this level of rule may generate considerable false alarms.
  • medium: medium risk, this means the risk of this rule is normal and is suitable for protection scenarios with stricter requirements.
  • high: high risk, this indicates that the risk of this rule is relatively high and will not generate false alarms in most scenarios.
  • extreme: ultra-high risk. this represents that the risk of this rule is extremely high and will not generate false alarms basically.
  • .
    DescriptionStringNoRule description.
    TagsArray of StringNoRule tag. Some types of rules do not have tags.
    RuleVersionStringNoRule version.

    ManagedRuleGroup

    Managed rule group configuration.

    Used by actions: CreateWebSecurityTemplate, DescribeSecurityPolicy, DescribeWebSecurityTemplate, ModifySecurityPolicy, ModifyWebSecurityTemplate.

    NameTypeRequiredDescription
    GroupIdStringYesName of the managed rule group, if the configuration for the rule group is not specified, it will be processed by default, refer to product documentation for the specific value of GroupId.
    SensitivityLevelStringYesProtection level of the managed rule group. Values:
  • loose: lenient, only contain ultra-high risk rules, at this point, Action parameter needs configured instead of RuleActions parameter;
  • normal: normal, contain ultra-high risk and high-risk rules, at this point,Action parameter needs configured instead of RuleActions parameter;
  • strict: strict, contains ultra-high risk, high-risk and medium-risk rules, at this point, Action parameter needs configured instead of RuleActions parameter;
  • extreme: super strict, contains ultra-high risk, high-risk, medium-risk and low-risk rules, at this point, Action parameter needs configured instead of RuleActions parameter;
  • custom: custom, refined strategy, configure the RuleActions parameter for each individual rule, at this point, the Action field is invalid, use RuleActions to configure the refined strategy for each individual rule.
  • .
    ActionSecurityActionYesAction for ManagedRuleGroup. the Name parameter value of SecurityAction supports:
  • Deny: block and respond with a block page;
  • Monitor: observe, do not process requests and record security events in logs;
  • Disabled: not enabled, do not scan requests and skip this rule.
  • .
    RuleActionsArray of ManagedRuleActionNoSpecific configuration of rule items under the managed rule group, valid only when SensitivityLevel is custom.
    MetaDataManagedRuleGroupMetaNoManagedRuleGroup detailed information, output parameter only.

    ManagedRuleGroupMeta

    Managed rule group meta information.

    Used by actions: CreateWebSecurityTemplate, DescribeSecurityPolicy, DescribeWebSecurityTemplate, ModifySecurityPolicy, ModifyWebSecurityTemplate.

    NameTypeRequiredDescription
    GroupDetailStringNoManagedRuleGroup detailed information, output parameter only.
    GroupNameStringNoManagedRuleGroup name, output parameter only.
    RuleDetailsArray of ManagedRuleDetailNoAll sub-rules information under current ManagedRuleGroup, output parameter only.

    ManagedRules

    Managed rules configuration.

    Used by actions: CreateWebSecurityTemplate, DescribeSecurityPolicy, DescribeWebSecurityTemplate, ModifySecurityPolicy, ModifyWebSecurityTemplate.

    NameTypeRequiredDescription
    EnabledStringYesThe managed rule status. Values:
  • on: enabled, all managed rules take effect as configured;
  • off: disabled, all managed rules do not take effect.
  • .
    DetectionOnlyStringYesEvaluation mode is enabled or not, it is valid only when the Enabled parameter is set to on. Values:
  • on: enabled, all managed rules take effect in observe mode.
  • off: disabled, all managed rules take effect according to the specified configuration.
  • .
    SemanticAnalysisStringNoManaged rule semantic analysis is enabled or not, it is valid only when the Enabled parameter is on. Values:
  • on: enabled, perform semantic analysis before processing requests;
  • off: disabled, process requests directly without semantic analysis.

  • The default value is off.
    AutoUpdateManagedRuleAutoUpdateNoManaged rule automatic update option.
    ManagedRuleGroupsArray of ManagedRuleGroupNoConfiguration of the managed rule group. If this structure is passed as an empty array or the GroupId is not included in the array, it will be processed based by default.

    MaxAge

    Browser cache rule configuration, which is used to set the default value of MaxAge and is disabled by default.

    Used by actions: DescribeZoneSetting, ModifyZoneSetting.

    NameTypeRequiredDescription
    FollowOriginStringNoWhether to follow the origin server. Values:
  • on: Follow the origin server and ignore the field MaxAgeTime;
  • off: Do not follow the origin server and apply the field MaxAgeTime.
  • MaxAgeTimeIntegerNoSpecifies the maximum amount of time (in seconds). The maximum value is 365 days.
    Note: The value 0 means not to cache.

    MaxAgeParameters

    Browser Cache TTL configuration parameters

    Used by actions: CreateL7AccRules, DescribeL7AccRules, DescribeL7AccSetting, ModifyL7AccRule, ModifyL7AccSetting.

    NameTypeRequiredDescription
    FollowOriginStringNoSpecifies whether to follow the origin server cache-control configuration, with the following values:.
  • On: follow the origin server and ignore the field cachetime;
  • .
  • Off: do not follow the origin server and apply the field cachetime.
  • .
    CacheTimeIntegerNoCustom cache time value, unit: seconds. value range: 0-315360000.
    note: when followorigin is off, it means not following the origin server and using cachetime to set the cache time; otherwise, this field will not take effect.

    MinimalRequestBodyTransferRate

    Minimum minimum body transfer rate threshold configuration. ```.

    Used by actions: CreateWebSecurityTemplate, DescribeSecurityPolicy, DescribeWebSecurityTemplate, ModifySecurityPolicy, ModifyWebSecurityTemplate.

    NameTypeRequiredDescription
    MinimalAvgTransferRateThresholdStringYesMinimum body transfer rate threshold, the measurement unit is only supported in bps.
    CountingPeriodStringYesMinimum body transfer rate statistical time range, valid values:
  • 10s: 10 seconds;
  • 30s: 30 seconds;
  • 60s: 60 seconds;
  • 120s: 120 seconds.
  • .
    EnabledStringYesSpecifies whether the minimum body transfer rate threshold is enabled. valid values:
  • on: enable;
  • off: disable.
  • .

    ModifyOriginParameters

    Modifying origin server configuration parameters

    Used by actions: CreateL7AccRules, DescribeL7AccRules, ModifyL7AccRule.

    NameTypeRequiredDescription
    OriginTypeStringNoThe origin type. values:.
  • IPDomain: ipv4, ipv6, or domain name type origin server;
  • .
  • OriginGroup: origin server group type origin server;
  • .
  • LoadBalance: cloud load balancer (clb), this feature is in beta test. to use it, please submit a ticket or contact smart customer service;
  • .
  • COS: tencent cloud COS origin server;
  • .
  • AWSS3: all object storage origin servers that support the aws s3 protocol.
  • .
    OriginStringNoOrigin server address, which varies according to the value of origintype:.
  • When origintype = ipdomain, fill in an ipv4 address, an ipv6 address, or a domain name;
  • .
  • When origintype = cos, please fill in the access domain name of the cos bucket;
  • .
  • When origintype = awss3, fill in the access domain name of the s3 bucket;
  • .
  • When origintype = origingroup, fill in the origin server group id;
  • .
  • When origintype = loadbalance, fill in the cloud load balancer instance id. this feature is currently only available to the allowlist.
  • .
    OriginProtocolStringNoOrigin-Pull protocol configuration. this parameter is required when origintype is ipdomain, origingroup, or loadbalance. valid values are:.
  • Http: use http protocol;
  • .
  • Https: use https protocol;
  • .
  • Follow: follow the protocol.
  • .
    HTTPOriginPortIntegerNoThe HTTP origin port, value ranges from 1 to 65535. this parameter is required when the origin-pull protocol OriginProtocol is HTTP or follow.
    HTTPSOriginPortIntegerNoThe HTTPS origin port, value ranges from 1 to 65535. this parameter is required when the origin-pull protocol OriginProtocol is HTTPS or follow.
    PrivateAccessStringNoSpecifies whether access to the private object storage origin server is allowed. this parameter is required when the origin server type OriginType is COS or AWSS3. valid values:.
  • On: enable private authentication;
  • .
  • off: disable private authentication.
  • .
    PrivateParametersOriginPrivateParametersNoPrivate authentication parameter. this parameter is valid only when origintype = awss3 and privateaccess = on.
    Note: this field may return null, which indicates a failure to obtain a valid value.

    ModifyRequestHeaderParameters

    Modify HTTP request header configuration parameters.

    Used by actions: CreateL7AccRules, DescribeL7AccRules, ModifyL7AccRule.

    NameTypeRequiredDescription
    HeaderActionsArray of HeaderActionNoList of http header setting rules.
    Note: this field may return null, which indicates a failure to obtain a valid value.

    ModifyResponseHeaderParameters

    Modify HTTP node response header configuration parameters.

    Used by actions: CreateL7AccRules, DescribeL7AccRules, ModifyL7AccRule.

    NameTypeRequiredDescription
    HeaderActionsArray of HeaderActionNoHTTP origin-pull header rules list.
    Note: this field may return null, which indicates a failure to obtain a valid value.

    MultiPathGateway

    Multi-Channel security gateway details.

    Used by actions: DescribeMultiPathGateway, DescribeMultiPathGateways.

    NameTypeDescription
    GatewayIdStringSpecifies the gateway ID.
    GatewayNameStringGateway name.
    GatewayTypeStringGateway type. valid values:
  • Cloud: cloud gateway, created and managed by Tencent cloud.

  • Private: private gateway, deployed by cutomer.
  • GatewayPortIntegerGateway port. value range: 1-65535 (excluding 8888).
    StatusStringGateway status. valid values:
  • creating: The gateway is being created.

  • online: The gateway is online and operational.

  • offline: The gateway is offline and unavailable.

  • disabled: The gateway has been disabled.
  • GatewayIPStringGateway IP, in IPv4 format.
    RegionIdStringGateway region Id. which can be obtained from the DescribeMultiPathGatewayRegions API.
    LinesArray of MultiPathGatewayLineLine information. The line information will be returned when querying gateway information with DescribeMultiPathGateway ande not returned when querying the gateway list with DescribeMultiPathGateways.

    MultiPathGatewayLine

    Multi-Channel security gateway line information.

    Used by actions: DescribeMultiPathGateway, DescribeMultiPathGatewayLine, DescribeMultiPathGateways.

    NameTypeDescription
    LineIdStringline ID. where line-0 and line-1 are system-reserved IDs. valid values:
  • line-0: direct connection line. Adding, editing, and deletion are not supported.

  • line-1: EdgeOne layer-4 proxy line. Supports modifying instances and rules, but deletion is not supported.
  • line-2 and above: EdgeOne layer-4 proxy lines or custom lines, supports modifying, deleting instances and rules.
  • LineTypeStringLine type. valid values:
  • direct: Direct connection line. Editing and deletion are not supported. .
  • proxy: EdgeOne layer-4 proxy line, supports editing and modifying instances and rules, but deletion is not supported;

  • custom: Custom line, supports editing and deletion.
  • LineAddressStringLine address in the format host:port.
    ProxyIdStringLayer-4 proxy instance ID,returned only when the LineType value is proxy (EdgeOne layer-4 proxy).
    RuleIdStringForwarding rule ID. returned only when the LineType value is proxy (EdgeOne layer-4 proxy).

    MutualTLS

    Used by actions: DescribeAccelerationDomains, ModifyHostsCertificate.

    NameTypeRequiredDescription
    SwitchStringYes
    CertInfosArray of CertificateInfoNoMutual authentication certificate list.
    Note: When using MutualTLS as an input parameter in ModifyHostsCertificate, you only need to provide the CertId of the corresponding certificate. You can check the CertId from the SSL Certificate List.

    NextOriginACL

    When origin ACLs are updated, this field will be returned with the next version of the IP range to take effect, including a comparison with the currently effective IP range.

    Used by actions: DescribeOriginACL.

    NameTypeRequiredDescription
    VersionStringNoVersion number.
    PlannedActiveTimeStringNoVersion effective time, which adopts UTC+8 and follows the date and time format of the ISO 8601 standard.
    EntireAddressesAddressesNoIP range details.
    AddedAddressesAddressesNoThe latest origin IP range newly-added compared with the origin IP range in CurrentOrginACL.
    RemovedAddressesAddressesNoThe latest origin IP range deleted compared with the origin IP range in CurrentOrginACL.
    NoChangeAddressesAddressesNoThe latest origin IP range is unchanged compared with the origin IP range in CurrentOrginACL.

    NoCache

    No-cache configuration

    Used by actions: CreateL7AccRules, DescribeHostsSetting, DescribeL7AccRules, DescribeL7AccSetting, ModifyL7AccRule, ModifyL7AccSetting, ModifyZoneSetting.

    NameTypeRequiredDescription
    SwitchStringYesWhether to enable no-cache configuration. Valid values:
  • on: Enable
  • off: Disable
  • NormalAction

    Common action of the rule engine

    Used by actions: CreateRule, DescribeRules, ModifyRule.

    NameTypeRequiredDescription
    ActionStringYesFeature name. For details, see DescribeRulesSetting API
    ParametersArray of RuleNormalActionParamsYesParameter

    NsVerification

    Information required for switching DNS servers. It's applicable to sites connected via NSs.

    Used by actions: CreateAccelerationDomain, CreateZone, DescribeAccelerationDomains, DescribeZones.

    NameTypeDescription
    NameServersArray of StringThe DNS server address assigned to the user when connecting a site to EO via NS. You need to switch the NameServer of the domain name to this address.

    OCSPStaplingParameters

    OCSP stapling configuration parameters.

    Used by actions: CreateL7AccRules, DescribeL7AccRules, DescribeL7AccSetting, ModifyL7AccRule, ModifyL7AccSetting.

    NameTypeRequiredDescription
    SwitchStringNoWhether to enable ocsp stapling configuration switch. values:.
  • On: enable;

  • .
  • Off: disable.
  • .

    OfflineCache

    Offline cache feature status switch.

    Used by actions: DescribeZoneSetting, ModifyZoneSetting.

    NameTypeRequiredDescription
    SwitchStringYesWhether offline cache is enabled. Valid values:
  • on: Enable
  • off: Disable
  • OfflineCacheParameters

    Offline cache feature status switch.

    Used by actions: CreateL7AccRules, DescribeL7AccRules, DescribeL7AccSetting, ModifyL7AccRule, ModifyL7AccSetting.

    NameTypeRequiredDescription
    SwitchStringNoWhether to enable offline caching. values:.
  • On: enable;

  • .
  • Off: disable.
  • .

    Origin

    The origin server configuration.

    Used by actions: DescribeHostsSetting, DescribeZoneSetting, ModifyZoneSetting.

    NameTypeRequiredDescription
    OriginsArray of StringNoOrigin server list.
    BackupOriginsArray of StringNoBackup origin list.
    OriginPullProtocolStringNoOrigin server protocol configuration. valid values:.
  • Http: forced http back to source;
  • .
  • Follow: follow protocol.
  • .
  • Https: enforce https origin-pull.
  • .
    CosPrivateAccessStringNoWhen the origin is tencent cloud COS, whether it is a private access bucket. valid values:.
  • on: private network access;
  • .
  • off: public access.
  • .

    OriginACLEntity

    Instances that require configuration origin ACLs.

    Used by actions: ModifyOriginACL.

    NameTypeRequiredDescription
    TypeStringYesInstance type. Valid values:
    -l7: L7 acceleration domain;
    -l4: L4 proxy instance.
    InstancesArray of StringYesInstance detail. Valid values:
    -When Type = l7, please enter the L7 acceleration domain.
    -When Type = l4, please enter the L4 proxy instance ID.
    OperationModeStringYesOperation mode. Valid values:.
    - enable: enabled L7/L4 instances.
    - disable: disable L7/L4 instances.

    OriginACLInfo

    The binding relationship between L7 acceleration domains/L4 proxy instances and origin IP ranges, as well as origin IP range details.

    Used by actions: DescribeOriginACL.

    NameTypeRequiredDescription
    L7HostsArray of StringNoThe list of L7 accelerated domains that enable the origin ACLs. This field is empty when origin protection is not enabled.
    L4ProxyIdsArray of StringNoThe list of L4 proxy instances that enable the origin ACLs. This field is empty when origin protection is not enabled.
    CurrentOriginACLCurrentOriginACLNoCurrently effective origin ACLs. This field is empty when origin protection is not enabled.
    Note: This field may return null, which indicates a failure to obtain a valid value.
    NextOriginACLNextOriginACLNoWhen the origin ACLs are updated, this field will be returned with the next version's origin IP range to take effect, including a comparison with the current origin IP range. This field is empty if not updated or origin protection is not enabled.
    Note: This field may return null, which indicates a failure to obtain a valid value.
    StatusStringNoOrigin protection status. Vaild values:
    - online: in effect;
    - offline: disabled;
    - updating: configuration deployment in progress.

    OriginDetail

    Details of the origin.

    Used by actions: DescribeAccelerationDomains.

    NameTypeDescription
    OriginTypeStringOrigin server type. Valid values:
  • IP_DOMAIN: IPv4, IPv6, or domain name type origin server;
  • COS: Tencent Cloud COS origin server;
  • AWS_S3: AWS S3 COS origin server;
  • ORIGIN_GROUP: origin server group;
  • VOD: Video on Demand;
  • SPACE: origin server uninstallation, currently only available to the allowlist;
  • LB: load balancing. Currently only available to the allowlist.
  • OriginStringOrigin server address, which varies with the value of OriginType:
  • When OriginType = IP_DOMAIN, this parameter is an IPv4 address, an IPv6 address, or a domain name.
  • When OriginType = COS, this parameter is the access domain name of the COS bucket.
  • When OriginType = AWS_S3, this parameter is the access domain name of the S3 bucket.
  • When OriginType = ORIGIN_GROUP, this parameter is the origin server group ID.
  • When OriginType = VOD, this parameter is the VOD application ID.
  • BackupOriginStringSecondary origin group ID. This parameter is valid only when OriginType is ORIGIN_GROUP and a secondary origin group is configured.
    OriginGroupNameStringPrimary origin group name. This parameter returns a value when OriginType is ORIGIN_GROUP.
    BackOriginGroupNameStringSecondary origin group name. This parameter is valid only when OriginType is ORIGIN_GROUP and a secondary origin group is configured.
    PrivateAccessStringWhether access to the private object storage origin server is allowed. This parameter is valid only when the origin server type OriginType is COS or AWS_S3. Valid values:
  • on: Enable private authentication;
  • off: Disable private authentication.

  • If this field is not specified, the default value 'off' will be used.
    PrivateParametersArray of PrivateParameterPrivate authentication parameter. This parameter is valid only when PrivateAccess is on.
    Note: This field may return null, indicating that no valid values can be obtained.
    HostHeaderStringSpecifies the current configuration of the origin-pull HOST header.
    VodOriginScopeStringVOD origin-pull range. this parameter returns a value when OriginType = VOD. valid values:
  • all: all files in the VOD application corresponding to the current origin server. the default value is all;
  • bucket: files in a specified bucket under the VOD application corresponding to the current origin server. specify the bucket by the VodBucketId parameter.
  • .
    VodBucketIdStringVOD bucket ID. this parameter is required when OriginType = VOD and VodOriginScope = bucket. data source: storage ID of the bucket under the VOD professional application.

    OriginGroup

    Origin group information.

    Used by actions: DescribeOriginGroup.

    NameTypeDescription
    GroupIdStringThe ID of the origin group.
    NameStringThe name of the origin group.
    TypeStringThe origin group type. Values:
  • GENERAL: General origin group
  • HTTP: HTTP-specific origin group
  • RecordsArray of OriginRecordDetails of the origin record.
    ReferencesArray of OriginGroupReferenceList of instances referencing this origin group.
    CreateTimeTimestamp ISO8601Creation time of the origin group.
    UpdateTimeTimestamp ISO8601The update time of the origin group.
    HostHeaderStringSpecifies the origin-pull Host Header.

    OriginGroupHealthStatus

    Origin server group health status.

    Used by actions: DescribeLoadBalancerList.

    NameTypeDescription
    OriginGroupIDStringOrigin server group ID.
    OriginGroupNameStringOrigin server group name.
    OriginTypeStringOrigin server group type. Valid values:
  • HTTP: HTTP-specific.
  • GENERAL: general.
  • PriorityStringPriority.
    OriginHealthStatusArray of OriginHealthStatusHealth status of each origin server in an origin server group.

    OriginGroupHealthStatusDetail

    Details of origin server group health status.

    Used by actions: DescribeOriginGroupHealthStatus.

    NameTypeDescription
    OriginGroupIdStringOrigin server group ID.
    OriginHealthStatusArray of OriginHealthStatusThe health status of each origin server in an origin server group, which is comprehensively decided based on the results of all detection regions. If more than half of the regions determine that the origin server is unhealthy, the corresponding status is unhealthy; otherwise, it is healthy.
    CheckRegionHealthStatusArray of CheckRegionHealthStatusHealth status of origin servers in each health check region.

    OriginGroupInLoadBalancer

    The origin server groups that need to be bound in a LoadBalancer and their priorities.

    Used by actions: CreateLoadBalancer, ModifyLoadBalancer.

    NameTypeRequiredDescription
    PriorityStringYesPriority, in the format of "priority_" + "number". The highest priority is "priority_1". Reference values:
  • priority_1: first priority.
  • priority_2: second priority.
  • priority_3: third priority.
  • You can increase numbers for other priorities, up to "priority_10".
    OriginGroupIdStringYesOrigin server group ID.

    OriginGroupReference

    Services referencing this origin group

    Used by actions: DescribeOriginGroup.

    NameTypeDescription
    InstanceTypeStringServices referencing the origin group. Values:
  • AccelerationDomain: Acceleration domain name
  • RuleEngine: Rules engine
  • Loadbalance: Load balancer
  • ApplicationProxy: L4 proxy
  • InstanceIdStringID of the instances referencing the origin group
    InstanceNameStringName of the instance referencing the origin group

    OriginHealthStatus

    Health status of origin servers in an origin server group.

    Used by actions: DescribeLoadBalancerList, DescribeOriginGroupHealthStatus.

    NameTypeDescription
    OriginStringOrigin server.
    HealthyStringOrigin server health status. Valid values:
  • Healthy: healthy.
  • Unhealthy: unhealthy.
  • Undetected: no data detected.

  • OriginInfo

    Details of the origin.

    Used by actions: CreateAccelerationDomain, ModifyAccelerationDomain.

    NameTypeRequiredDescription
    OriginTypeStringYesOrigin server type, with values:
  • IP_DOMAIN: IPv4, IPv6, or domain name type origin server;
  • COS: Tencent Cloud COS origin server;
  • AWS_S3: AWS S3 origin server;
  • ORIGIN_GROUP: origin server group type origin server;

  • VOD: Video on Demand;
  • SPACE: origin server uninstallation. Currently only available to the allowlist;
  • LB: load balancing. Currently only available to the allowlist.
  • OriginStringYesOrigin server address, which varies according to the value of OriginType:
  • When OriginType = IP_DOMAIN, fill in an IPv4 address, an IPv6 address, or a domain name;
  • When OriginType = COS, fill in the access domain name of the COS bucket;
  • When OriginType = AWS_S3, fill in the access domain name of the S3 bucket;
  • When OriginType = ORIGIN_GROUP, fill in the origin server group ID;
  • When OriginType = VOD, fill in the VOD application ID;
  • When OriginType = LB, fill in the Cloud Load Balancer instance ID. This feature is currently only available to the allowlist;
  • When OriginType = SPACE, fill in the origin server uninstallation space ID. This feature is currently only available to the allowlist.
  • BackupOriginStringNoThe ID of the secondary origin group. This parameter is valid only when OriginType is ORIGIN_GROUP. This field indicates the old version capability, which cannot be configured or modified on the control panel after being called. Please submit a ticket if required.
    PrivateAccessStringNoWhether access to the private Cloud Object Storage origin server is allowed. This parameter is valid only when OriginType is COS or AWS_S3. Valid values:
  • on: Enable private authentication;
  • off: Disable private authentication.

  • If it is not specified, the default value is off.
    PrivateParametersArray of PrivateParameterNoPrivate authentication parameter. This parameter is valid only when PrivateAccess is on.
    HostHeaderStringNoCustom origin server HOST header. this parameter is valid only when OriginType=IP_DOMAIN.If the OriginType is another type of origin, this parameter does not need to be passed in, otherwise an error will be reported.
    If OriginType is COS or AWS_S3, the HOST header for origin-pull will remain consistent with the origin server domain name.
    If OriginType is ORIGIN_GROUP, the HOST header follows the ORIGIN site GROUP configuration. if not configured, it defaults to the acceleration domain name.
    If OriginType is VOD or SPACE, no configuration is required for this header, and the domain name takes effect based on the corresponding origin.
    VodOriginScopeStringNoVOD origin-pull scope. this parameter is valid only when OriginType = VOD. valid values:
  • all: all files in the VOD application corresponding to the current origin server. the default value is all;
  • bucket: files in a specified bucket under the VOD application corresponding to the current origin server. specify the bucket by the parameter VodBucketId.
  • .
    VodBucketIdStringNoVOD bucket ID. this parameter is required when OriginType = VOD and VodOriginScope = bucket. data source: storage ID of the bucket under the VOD professional edition application.

    OriginPrivateParameters

    Private authentication parameters for Cloud Object Storage origin server.

    Used by actions: CreateL7AccRules, DescribeL7AccRules, ModifyL7AccRule.

    NameTypeRequiredDescription
    AccessKeyIdStringYesAuthentication parameter access key id.
    SecretAccessKeyStringYesAuthentication parameter secret access key.
    SignatureVersionStringYesAuthentication version. values:.
  • V2: v2 version;
  • .
  • V4: v4 version.
  • .
    RegionStringNoRegion of the bucket.

    OriginProtectionInfo

    Origin protection configuration

    Used by actions: DescribeOriginProtection.

    NameTypeDescription
    ZoneIdStringID of the site.
    HostsArray of StringList of domain names.
    ProxyIdsArray of StringList of proxy IDs.
    CurrentIPWhitelistIPWhitelistThe existing intermediate IPs.
    Note: This field may return null, indicating that no valid values can be obtained.
    NeedUpdateBooleanWhether the intermediate IP update is needed for the site. Values:
  • true: Update needed;
  • false: Update not needed.
  • StatusStringStatus of the origin protection configuration. Values:
  • online: Origin protection is activated;
  • offline: Origin protection is disabled.
  • nonactivate: Origin protection is not activated. This value is returned only when the feature is not activated before it’s used.
  • PlanSupportBooleanWhether origin protection is supported in the plan. Values:
  • true: Origin protection supported;
  • false: Origin protection not supported.
  • DiffIPWhitelistDiffIPWhitelistDifferences between the latest and existing intermediate IPs.
    Note: This field may return null, indicating that no valid values can be obtained.

    OriginRecord

    Origin group record

    Used by actions: CreateOriginGroup, DescribeOriginGroup, ModifyOriginGroup.

    NameTypeRequiredDescription
    RecordStringYesThe origin record value, which can be an IPv4/IPv6 address or a domain name.
    TypeStringNoThe origin type. Values:
  • IP_DOMAIN: IPv4/IPv6 address or domain name
  • COS: COS bucket address
  • AWS_S3: AWS S3 bucket address
  • RecordIdStringNoThe origin record ID.
    WeightIntegerNoWeight of an origin. Range: 0-100. If it is not specified, a random weight is assigned. If 0 is passed in, there is no traffic scheduled to this origin.
    Note: This field may return·null, indicating that no valid values can be obtained.
    PrivateBooleanNoWhether to enable private authentication. It is valid when OriginType=COS/AWS_S3. Values:
  • true: Yes.
  • false: No.
  • Default: false.
    PrivateParametersArray of PrivateParameterNoPrivate authentication parameters. This field is valid when Private=true.

    OwnershipVerification

    Information of domain name ownership verification.

    Used by actions: CreateAccelerationDomain, CreateZone, DescribeAccelerationDomains, DescribeZones.

    NameTypeDescription
    DnsVerificationDnsVerificationCNAME, when there is no domain name access, the information required for DNS resolution verification is used. For details, refer to Site/Domain Ownership Verification
    .
    Note: This field may return null, which indicates a failure to obtain a valid value.
    FileVerificationFileVerificationCNAME, when there is no domain name access, the information required for file verification is used. For details, refer to Site/Domain Ownership Verification
    .
    Note: This field may return null, which indicates a failure to obtain a valid value.
    NsVerificationNsVerificationu200cInformation required for switching DNS servers. It's applicable to sites connected via NSs. For details, see Modifying DNS Server.
    Note: This field may return·null, indicating that no valid values can be obtained.

    PartialModule

    Module settings of the exception rule

    Used by actions: ModifySecurityPolicy.

    NameTypeRequiredDescription
    ModuleStringNoModule name. value is.
  • managed-rule: managed rule Id;
  • .
  • Managed-Group: managed rule group;
  • .
  • waf: to be deprecated, managed rule.
  • .
    IncludeArray of IntegerNoSpecifies the list of rule ids that require exceptions under the module.

    Plan

    Package information.

    Used by actions: DescribePlans.

    NameTypeDescription
    PlanTypeStringPackage type. valid values:.
  • Plan-Trial: trial plan
  • .
  • Plan-Personal: personal plan
  • .
  • Plan-Basic: basic plan
  • .
  • Plan-Standard: standard edition plan
  • .
  • plan-enterprise-v2: enterprise plan;
  • .
  • plan-enterprise-model-a: enterprise edition model a package.
  • .
  • Plan-Enterprise: legacy enterprise plan.
  • .
    PlanIdStringPackage ID. such as edgeone-2y041pblwaxe.
    AreaStringService area. valid values:.
  • Mainland: chinese mainland
  • .
  • overseas: global (chinese mainland not included)
  • .
  • Global: global (chinese mainland included)
  • .
    AutoRenewalBooleanAuto-Renew switch. valid values:.
  • true: automatic renewal is enabled.
  • .
  • false: automatic renewal is not enabled.
  • .
    StatusStringPackage status. valid values:.
  • Normal: indicates the normal status.
  • .
  • expiring-soon: will expire soon;
  • .
  • expired: expiration status;
  • .
  • Isolated: isolated state
  • .
  • overdue-isolated: arrears isolated state.
  • .
    PayModeIntegerPayment type. valid values:.
  • 0: postpaid;
  • .
  • 1: prepaid.
  • .
    ZonesInfoArray of ZoneInfoDescribes the site information bound to the package, including the site id, site name, and site status.
    SmartRequestCapacityIntegerSmart acceleration request quantity in the package, unit: times.
    VAUCapacityIntegerSpecifies the VAU specification in the package. measurement unit: unit.
    AccTrafficCapacityIntegerSpecifies the content acceleration traffic specification in the package, measurement unit: byte.
    SmartTrafficCapacityIntegerSpecifies the smart acceleration traffic specification in the package. measurement unit: byte.
    DDoSTrafficCapacityIntegerSpecifies the DDoS protection traffic specification in the package, measurement unit: byte.
    SecTrafficCapacityIntegerSecurity traffic specification in the package. measurement unit: byte.
    SecRequestCapacityIntegerSecurity requests in the package, unit: times.
    L4TrafficCapacityIntegerSpecifies the layer 4 acceleration traffic specification in the package, measurement unit: byte.
    CrossMLCTrafficCapacityIntegerSpecifies the network optimization traffic specification in the package for the chinese mainland, measurement unit: byte.
    BindableStringSpecifies whether the package allows binding to new sites. valid values:.
  • true: allows binding a new site.
  • .
  • false: cannot bind new sites.
  • .
    EnabledTimeTimestamp ISO8601Package activation time.
    ExpiredTimeTimestamp ISO8601Plan expiration time.
    FeaturesArray of StringSupported features of the package include:
  • ContentAcceleration: content acceleration feature;
  • SmartAcceleration: intelligent acceleration feature;
  • L4: L4 acceleration feature;
  • Waf: advanced Web protection;
  • QUIC: QUIC feature;
  • CrossMLC: network optimization in the chinese mainland;
  • ProcessMedia: media processing feature;
  • L4DDoS: L4 DDoS protection feature;
  • L7DDoS feature will only appear in one of the following specifications:
  • L7DDoS.CM30G; layer-7 DDoS protection feature - 30G guaranteed minimum bandwidth specification in the chinese mainland;
  • L7DDoS.CM60G; layer-7 DDoS protection feature - 60G guaranteed minimum bandwidth specification in the chinese mainland;
  • L7DDoS.CM100G; layer-7 DDoS protection feature - 100G guaranteed minimum bandwidth specification in the chinese mainland;
  • L7DDoS.Anycast300G; layer-7 DDoS protection feature - 300G guaranteed minimum bandwidth specification outside the chinese mainland with Anycast;
  • L7DDoS.AnycastUnlimited; layer-7 DDoS protection feature - unlimited Anycast full protection outside the chinese mainland;
  • L7DDoS.CM30G_Anycast300G; layer-7 DDoS protection feature - 30G guaranteed minimum bandwidth specification in the chinese mainland and 300G guaranteed minimum bandwidth specification outside the chinese mainland with Anycast;
  • L7DDoS.CM60G_Anycast300G; layer-7 DDoS protection feature - 60G guaranteed minimum bandwidth specification in the chinese mainland and 300G guaranteed minimum bandwidth specification outside the chinese mainland with Anycast;
  • L7DDoS.CM100G_Anycast300G; layer-7 DDoS protection feature - 100G guaranteed minimum bandwidth specification in the chinese mainland and 300G guaranteed minimum bandwidth specification outside the chinese mainland with Anycast;
  • L7DDoS.CM30G_AnycastUnlimited; layer-7 DDoS protection feature - 30G guaranteed minimum bandwidth specification in the chinese mainland and unlimited Anycast full protection outside the chinese mainland;
  • L7DDoS.CM60G_AnycastUnlimited; layer-7 DDoS protection feature - 60G guaranteed minimum bandwidth specification in the chinese mainland and unlimited Anycast full protection outside the chinese mainland;
  • L7DDoS.CM100G_AnycastUnlimited; layer-7 DDoS protection feature - 100G guaranteed minimum bandwidth specification in the chinese mainland and unlimited Anycast full protection outside the chinese mainland;
  • .

    PlanInfo

    EdgeOne plan information

    Used by actions: DescribeAvailablePlans.

    NameTypeDescription
    CurrencyStringSettlement currency. Values:
  • CNY: Settled by Chinese RMB;
  • USD: Settled by US dollars.
  • FluxIntegerTraffic quota of the plan. It includes the traffic for security acceleration, content acceleration and smart acceleration. Unit: byte.
    FrequencyStringSettlement cycle. Values:
  • y: Settled by year;
  • m: Settled by month;
  • h: Settled by hour;
  • M: Settled by minute;
  • s: Settled by second.
  • PlanTypeStringThe plan option. Values:
  • sta: Standard plan that supports content delivery network outside the Chinese mainland.
  • sta_with_bot: Standard plan that supports content delivery network outside the Chinese mainland and bot management.
  • sta_cm: Standard plan that supports content delivery network inside the Chinese mainland.
  • sta_cm_with_bot: Standard plan that supports content delivery network inside the Chinese mainland and bot management.
  • sta: Standard plan that supports content delivery network over the globe.
  • sta_global_with_bot: Standard plan that supports content delivery network over the globe and bot management.
  • ent: Enterprise plan that supports content delivery network outside the Chinese mainland.
  • ent_with_bot: Enterprise plan that supports content delivery network outside the Chinese mainland and bot management.
  • ent_cm: Enterprise plan that supports content delivery network inside the Chinese mainland.
  • ent_cm_with_bot: Enterprise plan that supports content delivery network inside the Chinese mainland and bot management.
  • ent_global: Enterprise plan that supports content delivery network over the globe.
  • ent_global_with_bot: Enterprise plan that supports content delivery network over the globe and bot management.
  • PriceFloatPlan price (in CNY fen/US cent). The price unit depends on the settlement currency.
    RequestIntegerQuota on security acceleration requests
    SiteNumberIntegerNumber of sites to be bound to the plan
    AreaStringThe acceleration region. Values:
  • mainland: Chinese mainland
  • overseas: Global (Chinese mainland not included)
  • global: Global (Chinese mainland included)
  • PostMaxSize

    Maximum size of the file uploaded for streaming via a POST request

    Used by actions: DescribeZoneSetting, ModifyZoneSetting.

    NameTypeRequiredDescription
    SwitchStringYesWhether to enable POST upload limit (default limit: 32 MB). Valid values:
  • on: Enable;
  • off: Disable.
  • MaxSizeIntegerNoMaximum limit. value range between 1MB and 500MB. byte.

    PostMaxSizeParameters

    Maximum size of the file uploaded for streaming via a POST request.

    Used by actions: CreateL7AccRules, DescribeL7AccRules, DescribeL7AccSetting, ModifyL7AccRule, ModifyL7AccSetting.

    NameTypeRequiredDescription
    SwitchStringNoWhether to enable post request file upload limit, in bytes (default limit: 32 * 220 bytes). valid values:
  • on: enable limit;
  • off: disable limit.
  • .
    MaxSizeIntegerNoMaximum size of the file uploaded for streaming via a post request, in bytes. value range: 1 * 220 bytes to 500 * 220 bytes.

    PrepaidPlanParam

    Prepaid Plan Billing Parameters

    Used by actions: CreatePlan.

    NameTypeRequiredDescription
    PeriodIntegerNoPrepaid plan duration, unit: month. Valid values: 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 24, 36.

    If this field is not specified, the default value '1' will be used.
    RenewFlagStringNoThe auto-renewal flag for prepaid plan has the following values:
  • on: Enable auto-renewal;
  • off: Disable auto-renewal.

  • If this field is not specified, the default value 'off' will be used. When auto-renewal is enabled, it defaults to renewing for one month.

    PrivateParameter

    Private authentication parameters for Cloud Object Storage origin server

    Used by actions: CreateAccelerationDomain, CreateOriginGroup, DescribeAccelerationDomains, DescribeOriginGroup, ModifyAccelerationDomain, ModifyOriginGroup.

    NameTypeRequiredDescription
    NameStringYesThe name of the private authentication parameter. Valid values:
  • AccessKeyId: Access Key ID for authentication;
  • SecretAccessKey: Secret Access Key for authentication;
  • SignatureVersion: Authentication version, v2 or v4;
  • Region: The region of the storage bucket.
  • ValueStringYesThe parameter value.

    QUICParameters

    QUIC configuration item.

    Used by actions: CreateL7AccRules, DescribeL7AccRules, DescribeL7AccSetting, ModifyL7AccRule, ModifyL7AccSetting.

    NameTypeRequiredDescription
    SwitchStringNoWhether to enable quic. values:.
  • On: enable;

  • .
  • Off: disable.
  • .

    QueryCondition

    The query condition

    Used by actions: CreateRealtimeLogDeliveryTask, DescribeOverviewL7Data, DescribeTimingL4Data, DescribeTimingL7AnalysisData, DescribeTimingL7CacheData, DescribeTopL7AnalysisData, DescribeTopL7CacheData, ModifyRealtimeLogDeliveryTask.

    NameTypeRequiredDescription
    KeyStringYesThe key of QueryCondition.
    OperatorStringYesThe conditional operator. Values:
  • equals: Equals
  • notEquals: Does not equal
  • include: Contains
  • notInclude: Does not contain
  • startWith: Starts with
  • notStartWith: Does not start with
  • endWith: Ends with
  • notEndWith: Does not end with
  • ValueArray of StringYesThe value of QueryCondition.

    QueryString

    Request parameter contained in CacheKey

    Used by actions: DescribeHostsSetting, ModifyZoneSetting.

    NameTypeRequiredDescription
    SwitchStringYesWhether to use QueryString as part of CacheKey. Values:
  • on: Yes
  • off: No
  • ActionStringNoCacheKey usage via QueryString, valid values:.
  • includeCustom: use partial url parameter;
  • .
  • excludeCustom: exclude partial url parameters.
  • .
    ValueArray of StringNoSpecifies the url parameter array for usage/exclusion.

    Quic

    QUIC configuration item

    Used by actions: DescribeZoneSetting, ModifyZoneSetting.

    NameTypeRequiredDescription
    SwitchStringYesWhether to enable QUIC. Valid values:
  • on: Enable;
  • off: Disable.
  • Quota

    Purging/Pre-warming available usage and quota

    Used by actions: DescribeContentQuota.

    NameTypeDescription
    BatchInteger
    DailyIntegerDaily submission quota limit.
    DailyAvailableIntegerRemaining daily submission quota.
    TypeStringType of cache purging/pre-warming. Values:
  • purge_prefix: Purge by prefix
  • purge_url: Purge by URL
  • purge_host: Purge by hostname
  • purge_all: Purge all caches
  • purge_cache_tag: Purge by cache tag
  • prefetch_url: Pre-warm by URL
  • RangeOriginPullParameters

    Configuration parameters for range back-to-source.

    Used by actions: CreateL7AccRules, DescribeL7AccRules, ModifyL7AccRule.

    NameTypeRequiredDescription
    SwitchStringNoWhether to enable range gets. values are:.
  • On: enable;

  • .
  • Off: disable.
  • .

    RateLimitConfig

    Rate limiting rules

    Used by actions: ModifySecurityPolicy.

    NameTypeRequiredDescription
    SwitchStringYesSwitch. Values:
  • on: Enable
  • off: Disable
  • RateLimitUserRulesArray of RateLimitUserRuleNoThe settings of the custom rate limiting rule. If it is null, the settings that were last configured will be used.
    RateLimitTemplateRateLimitTemplateNoThe rate limit template feature. if null, use the last set configuration by default.
    RateLimitIntelligenceRateLimitIntelligenceNoIntelligent client filtering. if null, use the last set configuration by default.
    RateLimitCustomizesArray of RateLimitUserRuleNoThe custom rate limiting rules. if it is null, the previous settings is used.

    RateLimitIntelligence

    Client filtering

    Used by actions: ModifySecurityPolicy.

    NameTypeRequiredDescription
    SwitchStringYesWhether to enable configuration. Values:
  • on: Enable
  • off: Disable
  • ActionStringYesAction to be executed. Values:
  • monitor: Observe
  • alg: Challenge
  • RuleIdIntegerNoThe rule ID, which is only used as a response parameter.

    RateLimitTemplate

    Rate limit template

    Used by actions: ModifySecurityPolicy.

    NameTypeRequiredDescription
    ModeStringYesThe mode. Values:
  • sup_loose: Super loose
  • loose: Loose
  • emergency: Emergency
  • normal: Moderate
  • strict: Strict
  • close: Off
  • ActionStringNoThe action. Values:
  • alg: JavaScript challenge
  • monitor: Observe
  • If it is left empty, the default value alg is used.
    RateLimitTemplateDetailRateLimitTemplateDetailNoThe settings of the rate limiting template. It is only used as an output parameter.

    RateLimitTemplateDetail

    The settings of the rate limiting template

    Used by actions: ModifySecurityPolicy.

    NameTypeRequiredDescription
    ModeStringYesTemplate level name. valid values:.
  • Sup_loose: specifies super loose.
  • .
  • Loose: loose
  • .
  • Emergency: emergency
  • .
  • normal: moderate
  • .
  • strict
  • .
  • close: off, precise rate limiting effective.
  • .
    IDIntegerYesUnique ID.
    ActionStringYesTemplate action. valid values:.
  • alg: JavaScript challenge;
  • .
  • monitor: observe
  • .
    PunishTimeIntegerYesPenalty time, value range 0-2 days, unit second.
    ThresholdIntegerYesStatistical threshold, in times. Value range: 0-4294967294.
    PeriodIntegerYesStatistical cycle. Value range: 0-120 seconds.

    RateLimitUserRule

    Rate limit rule

    Used by actions: ModifySecurityPolicy.

    NameTypeRequiredDescription
    ThresholdIntegerYesThe request threshold. Value range: 0-4294967294.
    PeriodIntegerYesThe statistical period. The value can be 10, 20, 30, 40, 50, or 60 seconds.
    RuleNameStringYesThe rule name, which consists of only letters, digits, and underscores and cannot start with an underscore.
    ActionStringYesAction. Values:
  • monitor: Observe;
  • drop: Block;
  • redirect: Redirect;
  • page: Return a specific page;
  • alg: JavaScript challenge.
  • PunishTimeIntegerYesThe amount of time taken to perform the action. Value range: 0 seconds - 2 days.
    PunishTimeUnitStringYesThe time unit. Values:
  • second: Second
  • minutes: Minute
  • hour: Hour
  • RuleStatusStringYesThe rule status. Values:
  • on: Enabled
  • off: Disabled
  • Default value: on
    AclConditionsArray of AclConditionYesThe rule details.
    RulePriorityIntegerYesThe rule weight. Value range: 0-100.
    RuleIDIntegerNoRule ID, which is only used as an output parameter.
    FreqFieldsArray of StringNoThe filter. Values:
  • sip: Client IP

  • This parameter is left empty by default.
    UpdateTimeStringNoUpdate time. It is only used as a response parameter, and defaults to the current time.
    FreqScopeArray of StringNoQuery scope. Values:
  • source_to_eo: (Response) Traffic going from the origin to EdgeOne.
  • client_to_eo: (Request) Traffic going from the client to EdgeOne.

  • Default: source_to_eo.
    NameStringNoName of the custom return page. It's required when Action=page.
    CustomResponseIdStringNoID of custom response. The ID can be obtained via the DescribeCustomErrorPages API. It's required when Action=page.
    ResponseCodeIntegerNoThe response code to trigger the return page. It's required when Action=page. Value: 100-600. 3xx response codes are not supported. Default value: 567.
    RedirectUrlStringNoThe redirection URL. It's required when Action=redirect.

    RateLimitingRule

    Specifies the rate limit configuration.

    Used by actions: CreateWebSecurityTemplate, DescribeSecurityPolicy, DescribeWebSecurityTemplate, ModifySecurityPolicy, ModifyWebSecurityTemplate.

    NameTypeRequiredDescription
    IdStringNoThe ID of precise rate limiting. rule ID supports different rule configuration operations:
  • add a new rule: leave the ID empty or do not specify the ID parameter.
  • modify an existing rule: specify the rule ID that needs to be updated/modified.
  • delete an existing rule: existing Rules not included in the Rules list under the RateLimitingRules parameter will be deleted.
  • .
    NameStringNoSpecifies the name of the precise rate limit.
    ConditionStringNoThe specific content of precise speed limit shall comply with the expression syntax. for detailed specifications, see the product documentation.
    CountByArray of StringNoRate threshold request feature match mode. this field is required when Enabled is on. when there are multiple conditions, composite multiple conditions will perform statistics count. the maximum number of conditions must not exceed 5. valid values:
  • http.request.ip: client ip;
  • http.request.xff_header_ip: client ip (priority match xff header);
  • http.request.uri.path: request access path;
  • http.request.cookies['session']: Cookie named session, where session can be replaced with your own specified parameter;
  • http.request.headers['user-agent']: http header named user-agent, where user-agent can be replaced with your own specified parameter;
  • http.request.ja3: request ja3 fingerprint;
  • http.request.uri.query['test']: URL query parameter named test, where test can be replaced with your own specified parameter.
  • .
    MaxRequestThresholdIntegerNoPrecision rate limiting specifies the cumulative number of interceptions within the time range. value ranges from 1 to 100000.
    CountingPeriodStringNoSpecifies the time window for statistics. valid values:
  • 1s: 1 second;
  • 5s: 5 seconds;
  • 10s: 10 seconds;
  • 20s: 20 seconds;
  • 30s: 30 seconds;
  • 40s: 40 seconds;
  • 50s: 50 seconds;
  • 1m: 1 minute;
  • 2m: 2 minutes;
  • 5m: 5 minutes;
  • 10m: 10 minutes;
  • 1h: 1 hour.
  • .
    ActionDurationStringNoThe duration of an Action is only supported in the following units:
  • s: seconds, value range 1–120;
  • m: minutes, value range 1–120;
  • h: hours, value range 1–48;
  • d: days, value range 1–30.
  • .
    ActionSecurityActionNoPrecision rate limiting handling methods. valid values:
  • Monitor: Monitor;
  • Deny: block, where DenyActionParameters.Name supports Deny and ReturnCustomPage;
  • Challenge: Challenge, where ChallengeActionParameters.Name supports JSChallenge and ManagedChallenge;
  • Redirect: Redirect to URL;
  • .
    PriorityIntegerNoPrecision rate limiting specifies the priority. value range is 0 to 100. default is 0.
    EnabledStringNoWhether the precise rate limiting rule is enabled. valid values:
  • on: enabled;
  • off: disabled.
  • .

    RateLimitingRules

    Precision rate limiting configuration.

    Used by actions: CreateWebSecurityTemplate, DescribeSecurityPolicy, DescribeWebSecurityTemplate, ModifySecurityPolicy, ModifyWebSecurityTemplate.

    NameTypeRequiredDescription
    RulesArray of RateLimitingRuleNoDefinition list of precise rate limiting. when using ModifySecurityPolicy to modify the Web protection configuration:
  • if the Rules parameter is not specified or its length is zero: clear all precision rate limiting configurations.
  • if the RateLimitingRules parameter value is unspecified in the SecurityPolicy parameter: retain the existing custom rule configuration without modification.
  • .

    RealtimeLogDeliveryTask

    Real-time log delivery task

    Used by actions: DescribeRealtimeLogDeliveryTasks.

    NameTypeDescription
    TaskIdStringID of a real-time log shipping task.
    TaskNameStringName of a real-time log shipping task.
    DeliveryStatusStringStatus of a real-time log shipping task. Valid values:
  • enabled: enabled;
  • disabled: disabled;
  • deleted: deleted abnormally. Check whether the destination log set/log topic of Tencent Cloud CLS has been deleted.
  • TaskTypeStringType of a real-time log shipping task. Valid values:
  • cls: push to Tencent Cloud CLS;
  • custom_endpoint: push to a custom HTTP(S) address;
  • s3: push to an AWS S3-compatible bucket address.
  • EntityListArray of StringList of entities (L7 domain names or L4 proxy instances) corresponding to a real-time log shipping task. Valid value examples:
  • L7 domain name: domain.example.com;
  • L4 proxy instance: sid-2s69eb5wcms7.
  • LogTypeStringData shipping type. Valid values:
  • domain: site acceleration logs;
  • application: L4 proxy logs;
  • web-rateLiming: rate limiting and CC attack defense logs;
  • web-attack: managed rule logs;
  • web-rule: custom rule logs;
  • web-bot: Bot management logs.
  • AreaStringData shipping area. Valid values:
  • mainland: within the Chinese mainland;
  • overseas: global (excluding the Chinese mainland).
  • FieldsArray of StringList of predefined fields for shipping.
    CustomFieldsArray of CustomFieldList of custom fields for shipping.
    DeliveryConditionsArray of DeliveryConditionFilter criteria of log shipping.
    SampleIntegerSampling ratio in permille. Value range: 1-1000. For example, 605 indicates a sampling ratio of 60.5%.
    LogFormatLogFormatOutput format for log delivery. When the output parameter is null, the default format is used, which works as follows:
  • When TaskType is 'custom_endpoint', the default format is an array of JSON objects, with each JSON object representing a log entry;
  • When TaskType is 's3', the default format is JSON Lines.

  • Note: This field may return 'null', which indicates a failure to obtain a valid value.
    CLSCLSTopicConfiguration information of the CLS.
    Note: This field may return null, which indicates a failure to obtain a valid value.
    CustomEndpointCustomEndpointConfiguration information of the custom HTTP service.
    Note: This field may return null, which indicates a failure to obtain a valid value.
    S3S3Configuration information of the AWS S3-compatible bucket.
    Note: This field may return null, which indicates a failure to obtain a valid value.
    CreateTimeTimestamp ISO8601Creation time.
    UpdateTimeTimestamp ISO8601Update time.

    RedirectActionParameters

    Additional parameter for SecurityAction Redirect.

    Used by actions: CreateWebSecurityTemplate, DescribeSecurityPolicy, DescribeWebSecurityTemplate, ModifySecurityPolicy, ModifyWebSecurityTemplate.

    NameTypeRequiredDescription
    URLStringYesRedirect URL.

    RenewFlag

    Auto-renewal configuration item in a prepaid plan.

    Used by actions: ModifyPlan.

    NameTypeRequiredDescription
    SwitchStringYesThe auto-renewal flag for prepaid plan has the following values:
  • on: Enable auto-renewal;
  • off: Disable auto-renewal.
  • RequestBodyTransferTimeout

    Body transfer timeout duration configuration.

    Used by actions: CreateWebSecurityTemplate, DescribeSecurityPolicy, DescribeWebSecurityTemplate, ModifySecurityPolicy, ModifyWebSecurityTemplate.

    NameTypeRequiredDescription
    IdleTimeoutStringYesBody transfer timeout duration. valid values: 5-120. measurement unit: seconds (s) only.
    EnabledStringYesWhether body transfer timeout is enabled. valid values:
  • on: enable
  • off: disable
  • .

    RequestFieldsForException

    Skipped fields configuration in exception rules.

    Used by actions: CreateWebSecurityTemplate, DescribeSecurityPolicy, DescribeWebSecurityTemplate, ModifySecurityPolicy, ModifyWebSecurityTemplate.

    NameTypeRequiredDescription
    ScopeStringYesSkip specific field. supported values:.
  • body.json: parameter content in json requests. at this point, Condition supports key and value, TargetField supports key and value, for example { "Scope": "body.json", "Condition": "", "TargetField": "key" }, which means all parameters in json requests skip WAF scan.
  • .
  • cookie: cookie; at this point Condition supports key, value, TargetField supports key, value, for example { "Scope": "cookie", "Condition": "${key} in ['account-id'] and ${value} like ['prefix-']", "TargetField": "value" }, which means the cookie parameter name equals account-id and the parameter value wildcard matches prefix- to skip WAF scan;
  • .
  • header: HTTP header parameters. at this point, Condition supports key and value, TargetField supports key and value, for example { "Scope": "header", "Condition": "${key} like ['x-auth-']", "TargetField": "value" }, which means header parameter name wildcard match x-auth- skips WAF scan.
  • .
  • uri.query: URL encoding content/query parameter. at this point, Condition supports key and value, TargetField supports key and value. example: { "Scope": "uri.query", "Condition": "${key} in ['action'] and ${value} in ['upload', 'delete']", "TargetField": "value" }. indicates URL encoding content/query parameter name equal to action and parameter value equal to upload or delete skips WAF scan.
  • .
  • uri: specifies the request path uri. at this point, Condition must be empty. TargetField supports query, path, fullpath, such as {"Scope": "uri", "Condition": "", "TargetField": "query"}, indicates the request path uri skips WAF scan for query parameters.
  • .
  • body: request body content. at this point Condition must be empty, TargetField supports fullbody, multipart, such as { "Scope": "body", "Condition": "", "TargetField": "fullbody" }, which means the request body content skips WAF scan as a full request.
  • .
    ConditionStringYesSkip specific field expression must comply with expression grammar.
    Condition supports expression configuration syntax:
  • write according to the matching conditional expression syntax of rules, with support for referencing key and value.
  • supports in, like operators, and logical combination with and.
  • .
    For example:
  • ${key} in ['x-trace-id']: the parameter name equals x-trace-id.
  • ${key} in ['x-trace-id'] and ${value} like ['Bearer *']: the parameter name equals x-trace-id and the parameter value wildcard matches Bearer *.
  • .
    TargetFieldStringYesThe Scope parameter takes different values. the TargetField expression supports the following values:.
  • body.json: supports key, value.
  • .
  • cookie: supports key and value.
  • .
  • header: supports key, value
  • .
  • uri.query: supports key and value
  • .
  • uri. specifies path, query, or fullpath.
  • .
  • Body: supports fullbody and multipart.
  • .

    Resource

    Billable resource

    Used by actions: DescribeZones.

    NameTypeDescription
    IdStringThe resource ID.
    PayModeIntegerBilling mode
    0: Pay-as-you-go
    CreateTimeTimestamp ISO8601The creation time.
    EnableTimeTimestamp ISO8601The effective time.
    ExpireTimeTimestamp ISO8601The expiration time.
    StatusStringThe plan status. Values:
  • normal: Normal
  • isolated: Isolated
  • destroyed: Terminated
  • SvArray of SvPricing query parameter
    AutoRenewFlagIntegerWhether to enable auto-renewal. Values:
  • 0: Default status.
  • 1: Enable auto-renewal.
  • 2: Disable auto-renewal.
  • PlanIdStringID of the resource associated with the plan.
    AreaStringApplicable area. Values:
  • mainland: Chinese mainland
  • overseas: Regions outside the Chinese mainland
  • global: Global
  • GroupStringThe resource type. Values:
  • plan: Plan resources
  • pay-as-you-go: Pay-as-you-go resources
  • value-added: Value-added resources

  • Note: This field may return null, indicating that no valid values can be obtained.
    ZoneNumberIntegerThe sites that are associated with the current resources.
    Note: This field may return null, indicating that no valid values can be obtained.
    TypeStringResource tag type. Valid values:
  • vodeo: vodeo resource.
  • ResponseSpeedLimitParameters

    Single-link download speed limit configuration parameters

    Used by actions: CreateL7AccRules, DescribeL7AccRules, ModifyL7AccRule.

    NameTypeRequiredDescription
    ModeStringYesDownload rate limit mode. valid values:.
  • LimitUponDownload: rate limit throughout the download process;
  • .
  • LimitAfterSpecificBytesDownloaded: rate limit after downloading specific bytes at full speed;
  • .
  • LimitAfterSpecificSecondsDownloaded: start speed limit after downloading at full speed for a specific duration.
  • .
    MaxSpeedStringYesThe speed limit value specifies the size of the speed limit. fill in a value or variable with a unit. the currently supported unit is: KB/s.
    StartAtStringNoThe speed limit start value can be download size or specified duration. fill in a value with unit or variable to specify download size or specified duration.

    -When the Mode value is LimitAfterSpecificBytesDownloaded, the valid values of the unit are: KB.

    -When the Mode value is LimitAfterSpecificSecondsDownloaded, the valid value of the unit is: s.

    ReturnCustomPageActionParameters

    Additional parameter for SecurityAction ReturnCustomPage.

    Used by actions: CreateWebSecurityTemplate, DescribeSecurityPolicy, DescribeWebSecurityTemplate, ModifySecurityPolicy, ModifyWebSecurityTemplate.

    NameTypeRequiredDescription
    ResponseCodeStringYesResponse custom status code.
    ErrorPageIdStringYesResponse custom page ID.

    RewriteAction

    Rule engine action for the HTTP request/response header

    Used by actions: CreateRule, DescribeRules, ModifyRule.

    NameTypeRequiredDescription
    ActionStringYesFeature name. For details, see DescribeRulesSetting API
    ParametersArray of RuleRewriteActionParamsYesParameter

    Rule

    Rule item of the rule engine. The items in the Conditions array are in OR relationship, and the items in the inner Conditions list are in AND relationship.

    Used by actions: CreateRule, DescribeRules, ModifyRule.

    NameTypeRequiredDescription
    ConditionsArray of RuleAndConditionsYesJudgment condition for executing the feature.
    Note: The feature can be executed if any condition in the array is met.
    ActionsArray of ActionNoExecuted feature. Note: Actions and SubRules cannot be both empty.
    SubRulesArray of SubRuleItemNoNested rule. Note: SubRules and Actions cannot be both empty.

    RuleAndConditions

    List of rule engine conditions in AND relationship

    Used by actions: CreateRule, DescribeRules, ModifyRule.

    NameTypeRequiredDescription
    ConditionsArray of RuleConditionYesRule engine condition. This condition will be considered met if all items in the array are met.

    RuleBranch

    Sub-rule branch.

    Used by actions: CreateL7AccRules, DescribeL7AccRules, ModifyL7AccRule.

    NameTypeRequiredDescription
    ConditionStringNoMatch condition (https://intl.cloud.tencent.com/document/product/1552/90438?from_cn_redirect=1#33f65828-c6c6-4b66-a011-25a20b548d5d).
    ActionsArray of RuleEngineActionNoOperations.
    Note: actions and subrules cannot both be empty.
    Note: this field may return null, which indicates a failure to obtain a valid value.
    SubRulesArray of RuleEngineSubRuleNoList of sub-rules. multiple rules exist in this list and are executed sequentially from top to bottom.
    note: subrules and actions cannot both be empty. currently, only one layer of subrules is supported.
    Note: this field may return null, which indicates a failure to obtain a valid value.

    RuleChoicePropertiesItem

    Detailed settings of the rule engine that can be used for request match, which are optional parameter configuration items.

    Used by actions: DescribeRulesSetting.

    NameTypeDescription
    NameStringThe parameter name.
    TypeStringThe parameter value type.
  • CHOICE: The parameter value can be selected only from Values.
  • TOGGLE: The parameter value is of switch type and can be selected from ChoicesValue.
  • CUSTOM_NUM: The parameter value is a custom integer.
  • CUSTOM_STRING: The parameter value is a custom string.
  • ChoicesValueArray of StringValid parameter values.
    Note: If Type is CUSTOM_NUM or CUSTOM_STRING, this parameter will be an empty array.
    MinIntegerMinimum value. If both Min and Max are set to 0, this parameter does not take effect.
    MaxIntegerMaximum value. If both Min and Max are set to 0, this parameter does not take effect.
    IsMultipleBooleanWhether multiple values can be selected or entered.
    IsAllowEmptyBooleanWhether the parameter can be left empty.
    ExtraParameterRuleExtraParameterSpecial parameter.
  • NULL: Select NormalAction for RuleAction.
  • If the member parameter Id is Action, select RewirteAction for RuleAction.
  • If the member parameter Id is StatusCode, select CodeAction for RuleAction.
  • RuleCodeActionParams

    Parameters of the action with the StatusCode field as the rule engine condition

    Used by actions: CreateRule, DescribeRules, ModifyRule.

    NameTypeRequiredDescription
    StatusCodeIntegerYesThe status code.
    NameStringYesThe parameter name. For details, see DescribeRulesSetting.
    ValuesArray of StringYesThe parameter value.

    RuleCondition

    Rule engine condition parameters

    Used by actions: CreateFunctionRule, CreateRule, DescribeRules, ModifyFunctionRule, ModifyRule.

    NameTypeRequiredDescription
    OperatorStringYesOperator. Valid values:
  • equal: Equal
  • notEquals: Does not equal
  • exist: Exists
  • notexist: Does not exist
  • TargetStringYesMatching type. Valid values:
  • filename: Filename;
  • extension: File suffix;
  • host: Host;
  • full_url: A complete URL path under the current site, including the HTTP protocol, the host, and the path;
  • url: The request for a URL path under the current site;
  • client_country: Client country/region;
  • query_string: The query string for a requested URL under the current site;
  • request_header: HTTP request header;
  • client_ip: Client IP;
  • request_protocol: Request protocol;
  • request_method: HTTP request method.
  • ValuesArray of StringNoParameter values for corresponding matching types. It is allowed to pass an empty array only when the matching type is query_string or request_header and the operator value is exist or not exist. Corresponding match types include:
  • extension: File suffix such as jpg or txt;
  • filename: For example, foo in foo.jpg;
  • all (any request under the site): all;
  • host: The host under the current site. For example, www.maxx55.com;
  • URL path: The request for a URL path under the current site. For example, /example;
  • URL full: The request for a complete URL under the current site, including the HTTP protocol, the host, and the path. For example: https://www.maxx55.cn/example;
  • client_country: Country/region identifier compliant with the ISO3166 standard;
  • query_string: The parameter value in the query string of the requested URL under the current site. For example, cn and 1 in lang=cn&version=1;
  • request_header: The value of the HTTP request header field. For example, zh-CN,zh;q=0.9 in Accept-Language:zh-CN,zh;q=0.9;
  • client_ip: The client request IP carried in the current request, which supports IPv4/IPv6 and an IP range;
  • request_protocol: The protocol of the current request. Valid values: HTTP and HTTPS;
  • request_method: The method of the current request. Valid values: GET, HEAD, POST, PUT, DELETE, TRACE, CONNECT, OPTIONS, PATCH, COPY, LOCK, MKCOL, MOVE, PROPFIND, PROPPATCH, and UNLOCK.
  • IgnoreCaseBooleanNoWhether the parameter value is case insensitive. Default value: false.
    NameStringNoThe parameter name of the match type. This field is required only when Target=query_string/request_header.
  • query_string: Name of the query string, such as "lang" and "version" in "lang=cn&version=1".
  • request_header: Name of the HTTP request header, such as "Accept-Language" in the "Accept-Language:zh-CN,zh;q=0.9" header.
  • RuleEngineAction

    Rule engine operations.

    Used by actions: CreateL7AccRules, DescribeL7AccRules, ModifyL7AccRule.

    NameTypeRequiredDescription
    NameStringYesOperation Name. the Name must correspond to the parameter structure, for example, if Name=Cache, CacheParameters is required.
  • Cache: specifies the node Cache TTL.
  • .
  • CacheKey: specifies the custom cache key.
  • .
  • CachePrefresh: cache pre-refresh;
  • .
  • AccessURLRedirect: url redirection;
  • .
  • UpstreamURLRewrite: specifies the origin-pull url rewrite.
  • .
  • QUIC:QUIC;
  • WebSocket:WebSocket;
  • Authentication: Token Authentication;
  • .
  • MaxAge: browser caching TTL;
  • .
  • StatusCodeCache: specifies the status code cache TTL.
  • .
  • OfflineCache: offline caching;
  • .
  • SmartRouting: smart acceleration;
  • .
  • RangeOriginPull: range-based origin pull;
  • .
  • UpstreamHTTP2: http/2 origin pull;
  • .
  • HostHeader: host header rewrite;
  • .
  • ForceRedirectHTTPS: force https redirect configuration for access protocol.
  • .
  • OriginPullProtocol: HTTPS origin pull;
  • .
  • Compression: intelligent compression configuration;
  • .
  • HSTS:HSTS;

  • ClientIPHeader: configuration for storing client request ip in header information;
  • .
  • OCSPStapling: ocsp stapling;
  • .
  • HTTP2: http/2 integration;
  • .
  • PostMaxSize: maximum size of the file uploaded for streaming via a POST request;
  • .
  • ClientIPCountry: region of the client ip during origin-pull;
  • .
  • UpstreamFollowRedirect: specifies the parameter configuration for redirection during origin pull.
  • .
  • UpstreamRequest: origin pull request parameter;
  • .
  • TLSConfig: specifies SSL/TLS security.
  • .
  • ModifyOrigin: modify origin server;
  • .
  • HTTPUpstreamTimeout: specifies the layer 7 origin pull timeout configuration.
  • .
  • HttpResponse: HTTP response;
  • .
  • ErrorPage: specifies the custom error page.
  • .
  • ModifyResponseHeader: modifies the HTTP node response header.
  • .
  • ModifyRequestHeader: modifies the HTTP node request header.
  • .
  • ResponseSpeedLimit: download speed limit for a single connection;
  • .
  • SetContentIdentifier: sets the content identifier;
  • .
  • Vary: vary feature configuration.
  • .
    CacheParametersCacheParametersNoNode cache ttl configuration parameter. when name is cache, this parameter is required.
    Note: this field may return null, which indicates a failure to obtain a valid value.
    CacheKeyParametersCacheKeyParametersNoCustom cache key configuration parameter. when name is cachekey, this parameter is required.
    Note: this field may return null, which indicates a failure to obtain a valid value.
    CachePrefreshParametersCachePrefreshParametersNoThe cache prefresh configuration parameter. this parameter is required when name is cacheprefresh.
    Note: this field may return null, which indicates a failure to obtain a valid value.
    AccessURLRedirectParametersAccessURLRedirectParametersNoThe access url redirection configuration parameter. this parameter is required when name is accessurlredirect.
    Note: this field may return null, which indicates a failure to obtain a valid value.
    UpstreamURLRewriteParametersUpstreamURLRewriteParametersNoThe origin-pull url rewrite configuration parameter. this parameter is required when name is upstreamurlrewrite.
    Note: this field may return null, which indicates a failure to obtain a valid value.
    QUICParametersQUICParametersNoThe quic configuration parameter. this parameter is required when name is quic.
    Note: this field may return null, which indicates a failure to obtain a valid value.
    WebSocketParametersWebSocketParametersNoThe websocket configuration parameter. this parameter is required when name is websocket.
    Note: this field may return null, which indicates a failure to obtain a valid value.
    AuthenticationParametersAuthenticationParametersNoToken authentication configuration parameter. this parameter is required when name is authentication.
    Note: this field may return null, which indicates a failure to obtain a valid value.
    MaxAgeParametersMaxAgeParametersNoBrowser cache ttl configuration parameter. this parameter is required when name is maxage.
    Note: this field may return null, which indicates a failure to obtain a valid value.
    StatusCodeCacheParametersStatusCodeCacheParametersNoStatus code cache ttl configuration parameter. this parameter is required when name is statuscodecache.
    Note: this field may return null, which indicates a failure to obtain a valid value.
    OfflineCacheParametersOfflineCacheParametersNoOffline cache configuration parameter. this parameter is required when name is offlinecache.
    Note: this field may return null, which indicates a failure to obtain a valid value.
    SmartRoutingParametersSmartRoutingParametersNoSmart acceleration configuration parameter. this parameter is required when name is smartrouting.
    Note: this field may return null, which indicates a failure to obtain a valid value.
    RangeOriginPullParametersRangeOriginPullParametersNoShard source retrieval configuration parameter. this parameter is required when name is set to rangeoriginpull.
    Note: this field may return null, which indicates a failure to obtain a valid value.
    UpstreamHTTP2ParametersUpstreamHTTP2ParametersNoHTTP2 origin-pull configuration parameter. this parameter is required when name is set to upstreamhttp2.
    Note: this field may return null, which indicates a failure to obtain a valid value.
    HostHeaderParametersHostHeaderParametersNoHost header rewrite configuration parameter. this parameter is required when name is set to hostheader.
    Note: this field may return null, which indicates a failure to obtain a valid value.
    ForceRedirectHTTPSParametersForceRedirectHTTPSParametersNoForce https redirect configuration parameter. this parameter is required when the name is set to forceredirecthttps.
    Note: this field may return null, which indicates a failure to obtain a valid value.
    CompressionParametersCompressionParametersNoIntelligent compression configuration. this parameter is required when name is set to compression.
    Note: this field may return null, which indicates a failure to obtain a valid value.
    HSTSParametersHSTSParametersNoHSTS configuration parameter. this parameter is required when name is hsts.
    Note: this field may return null, which indicates a failure to obtain a valid value.
    ClientIPHeaderParametersClientIPHeaderParametersNoClient ip header configuration for storing client request ip information. this parameter is required when name is clientipheader.
    Note: this field may return null, which indicates a failure to obtain a valid value.
    OCSPStaplingParametersOCSPStaplingParametersNoOCSP stapling configuration parameter. this parameter is required when the name is set to ocspstapling.
    Note: this field may return null, which indicates a failure to obtain a valid value.
    HTTP2ParametersHTTP2ParametersNoHTTP2 access configuration parameter. this parameter is required when name is http2.
    Note: this field may return null, which indicates a failure to obtain a valid value.
    PostMaxSizeParametersPostMaxSizeParametersNoMaximum size configuration for file streaming upload via a post request. this parameter is required when name is postmaxsize.
    Note: this field may return null, which indicates a failure to obtain a valid value.
    ClientIPCountryParametersClientIPCountryParametersNoConfiguration parameter for carrying the region information of the client ip during origin-pull. this parameter is required when the name is set to clientipcountry.
    Note: this field may return null, which indicates a failure to obtain a valid value.
    UpstreamFollowRedirectParametersUpstreamFollowRedirectParametersNoConfiguration parameter for following redirects during origin-pull. this parameter is required when the name is set to upstreamfollowredirect.
    Note: this field may return null, which indicates a failure to obtain a valid value.
    UpstreamRequestParametersUpstreamRequestParametersNoConfiguration parameter for origin-pull request. this parameter is required when the name is set to upstreamrequest.
    Note: this field may return null, which indicates a failure to obtain a valid value.
    TLSConfigParametersTLSConfigParametersNoSSL/TLS security configuration parameter. this parameter is required when the name is set to tlsconfig.
    Note: this field may return null, which indicates a failure to obtain a valid value.
    ModifyOriginParametersModifyOriginParametersNoConfiguration parameter for modifying the origin server. this parameter is required when the name is set to modifyorigin.
    Note: this field may return null, which indicates a failure to obtain a valid value.
    HTTPUpstreamTimeoutParametersHTTPUpstreamTimeoutParametersNoConfiguration of layer 7 origin timeout. this parameter is required when name is httpupstreamtimeout.
    Note: this field may return null, which indicates a failure to obtain a valid value.
    HttpResponseParametersHTTPResponseParametersNoHTTP response configuration parameters. this parameter is required when name is httpresponse.
    Note: this field may return null, which indicates a failure to obtain a valid value.
    ErrorPageParametersErrorPageParametersNoCustom error page configuration parameters. this parameter is required when name is errorpage.
    Note: this field may return null, which indicates a failure to obtain a valid value.
    ModifyResponseHeaderParametersModifyResponseHeaderParametersNoModify http node response header configuration parameters. this parameter is required when name is modifyresponseheader.
    Note: this field may return null, which indicates a failure to obtain a valid value.
    ModifyRequestHeaderParametersModifyRequestHeaderParametersNoModify http node request header configuration parameters. this parameter is required when name is modifyrequestheader.
    Note: this field may return null, which indicates a failure to obtain a valid value.
    ResponseSpeedLimitParametersResponseSpeedLimitParametersNoSingle connection download speed limit configuration parameter. this parameter is required when name is responsespeedlimit.
    Note: this field may return null, which indicates a failure to obtain a valid value.
    SetContentIdentifierParametersSetContentIdentifierParametersNoSpecifies the content identification configuration parameter. this parameter is required when the Name value is SetContentIdentifier.

    Note: This field may return null, which indicates a failure to obtain a valid value.
    VaryParametersVaryParametersNoVary feature configuration parameter. when Name value is Vary, this parameter is required.

    RuleEngineItem

    Rule details of the rule engine.

    Used by actions: CreateL7AccRules, DescribeL7AccRules, ModifyL7AccRule.

    NameTypeRequiredDescription
    StatusStringNoRule status. values:
  • enable: enabled
  • disable: disabled
  • .
    RuleIdStringNoRule id. a unique identifier for the rule. this parameter is required when calling modifyl7accrules.
    RuleNameStringNoRule name. name length limit: 255 characters.
    DescriptionArray of StringNoRule annotation. multiple annotations can be added.
    BranchesArray of RuleBranchNoSub-Rule branch. this list currently supports filling in only one rule; multiple entries are invalid.
    Note: this field may return null, which indicates a failure to obtain a valid value.
    RulePriorityIntegerNoRule priority. only used as an output parameter.

    RuleEngineSubRule

    Sub-rule

    Used by actions: CreateL7AccRules, DescribeL7AccRules, ModifyL7AccRule.

    NameTypeRequiredDescription
    BranchesArray of RuleBranchNoSub-Rule branch.
    Note: this field may return null, which indicates a failure to obtain a valid value.
    DescriptionArray of StringNoRule comments.

    RuleExtraParameter

    Rule engine parameter details and special parameter types.

    Used by actions: DescribeRulesSetting.

    NameTypeDescription
    IdStringParameter name. Valid values:
  • Action: Required parameter for HTTP header modification when RewirteAction is selected for RuleAction.
  • StatusCode: Required parameter for the status code feature when CodeAction is selected for RuleAction.
  • TypeStringParameter value type.
  • CHOICE: The parameter value can be selected only from Values.
  • CUSTOM_NUM: The parameter value is a custom integer.
  • CUSTOM_STRING: The parameter value is a custom string.
  • ChoicesArray of StringValid values.
    Note: If the value of Id is StatusCode, values in the array are all integer values. When entering a parameter value, enter the integer value of the string.

    RuleItem

    Rule details of the rule engine

    Used by actions: DescribeRules.

    NameTypeDescription
    RuleIdStringThe rule ID.
    RuleNameStringThe rule name. It is a string that can contain 1–255 characters.
    StatusStringRule status. Values:
  • enable: Enabled
  • disable: Disabled
  • RulesArray of RuleThe rule content.
    RulePriorityIntegerThe rule priority. The greater the value, the higher the priority. The minimum value is 1.
    TagsArray of StringTag of the rule.

    RuleNormalActionParams

    Common action parameter of a rule engine condition

    Used by actions: CreateRule, DescribeRules, ModifyRule.

    NameTypeRequiredDescription
    NameStringYesThe parameter name. For details, see DescribeRulesSetting.
    ValuesArray of StringYesThe parameter value.

    RuleRewriteActionParams

    Parameter of the action for the HTTP request/response header of a rule engine condition.

    Used by actions: CreateRule, DescribeRules, ModifyRule.

    NameTypeRequiredDescription
    ActionStringYesFeature parameter name. For details, see DescribeRulesSetting.
  • add: Add the HTTP header.
  • set: Rewrite the HTTP header.
  • del: Delete the HTTP header.
  • NameStringYesParameter name
    ValuesArray of StringYesParameter value

    RulesProperties

    Detailed settings of the rule engine that can be used for request match.

    Used by actions: DescribeRulesSetting.

    NameTypeDescription
    NameStringParameter name.
    MinIntegerMinimum value. If both Min and Max are set to 0, this parameter does not take effect.
    ChoicesValueArray of StringValid parameter values.
    Note: If Type is CUSTOM_NUM or CUSTOM_STRING, this parameter will be an empty array.
    TypeStringThe parameter value type.
  • CHOICE: the parameter value can only be selected from choicesvalue.
  • .
  • TOGGLE: the parameter value is of switch type and can be selected from choicesvalue.
  • .
  • OBJECT: the parameter value is of object type, and choiceproperties are the properties associated with this object type.
  • .
  • CUSTOM_NUM: (integer) custom value.
  • .
  • custom_string: parameter value is user-customized, string type.
  • note: when the parameter type is object, please refer to example 2: creating a parameter of object type.
    MaxIntegerMaximum value. If both Min and Max are set to 0, this parameter does not take effect.
    IsMultipleBooleanWhether multiple values can be selected or entered.
    IsAllowEmptyBooleanWhether the parameter can be left empty.
    ChoicePropertiesArray of RuleChoicePropertiesItemAssociated configuration parameters of this parameter, which are required for API call.
    Note: This parameter will be an empty array if no special parameters are added as optional parameters.
    ExtraParameterRuleExtraParameter
  • NULL: No special parameters when NormalAction is selected for RuleAction.

  • Note: This field may return null, indicating that no valid values can be obtained.

    RulesSettingAction

    List of the settings of the rule engine that can be used for request match and their detailed information.

    Used by actions: DescribeRulesSetting.

    NameTypeDescription
    ActionStringFeature name. Valid values:
  • Access URL rewrite (AccessUrlRedirect).
  • Origin-pull URL rewrite (UpstreamUrlRedirect).
  • Custom error page
    (ErrorPage).
  • QUIC (QUIC).
  • WebSocket (WebSocket).
  • Video dragging (VideoSeek).
  • Token authentication (Authentication).
  • CacheKey: Custom cache key.
  • Cache: Node cache TTL.
  • MaxAge: Browser cache TTL.
  • OfflineCache: Offline cache.
  • SmartRouting: Smart acceleration.
  • RangeOriginPull: Range GETs.
  • UpstreamHttp2: HTTP/2 forwarding.
  • HostHeader: Host header rewrite.
  • ForceRedirect: Force HTTPS.
  • OriginPullProtocol: Origin-pull HTTPS.
  • CachePrefresh: Cache prefresh.
  • Compression: Smart compression.
  • RequestHeader: HTTP request header modification.
  • HTTP response header modification (ResponseHeader).
  • Status code cache TTL (StatusCodeCache).
  • Hsts.
  • ClientIpHeader.
  • TlsVersion.
  • OcspStapling.
  • PropertiesArray of RulesPropertiesParameter information

    S3

    The configuration information of real-time log delivery to an AWS S3 compatible bucket

    Used by actions: CreateRealtimeLogDeliveryTask, DescribeRealtimeLogDeliveryTasks, ModifyRealtimeLogDeliveryTask.

    NameTypeRequiredDescription
    EndpointStringYesThe URL without bucket name or path, for example: https://storage.googleapis.com, https://s3.ap-northeast-2.amazonaws.com, and https://cos.ap-nanjing.myqcloud.com.
    RegionStringYesThe region where the bucket is located, for example: ap-northeast-2.
    BucketStringYesThe bucket name and log storage directory, for example: your_bucket_name/EO-logs/. If the directory does not exist in the bucket, it will be created automatically.
    AccessIdStringYesThe Access Key ID used to access the bucket.
    AccessKeyStringYesThe secret key used to access the bucket.
    CompressTypeStringNoThe data compress type. Valid values:
  • gzip: gzip compression.
  • If this field is not filled in, compression is disabled.

    SecEntry

    Returned value of security data entry

    Used by actions: DescribeDDoSAttackData.

    NameTypeDescription
    KeyStringThe query dimension value.
    ValueArray of SecEntryValueThe details.

    SecEntryValue

    The security data queried by metric

    Used by actions: DescribeDDoSAttackData.

    NameTypeDescription
    MetricStringThe metric name.
    DetailArray of TimingDataItemThe time-series data details.
    MaxIntegerThe maximum value.
    AvgFloatThe average value.
    SumFloatSum

    SecurityAction

    Action for security operation.

    Used by actions: CreateWebSecurityTemplate, DescribeSecurityPolicy, DescribeWebSecurityTemplate, ModifySecurityPolicy, ModifyWebSecurityTemplate.

    NameTypeRequiredDescription
    NameStringYesSafe execution actions. valid values:.
  • Deny: block request to access site resource;
  • .
  • Monitor: observe; only record logs
  • .
  • Redirect: Redirect to URL
  • .
  • Disabled: disabled; specify rule is not enabled.
  • .
  • Allow: allow access but delay processing the request.
  • .
  • Challenge: challenge, respond to challenge content;
  • .
  • BlockIP: to be deprecated, ip block;
  • .
  • ReturnCustomPage: to be deprecated, use specified page block;
  • .
  • JSChallenge: to be deprecated, JavaScript challenge;
  • .
  • ManagedChallenge: to be deprecated. managed challenge.
  • .
    DenyActionParametersDenyActionParametersNoAdditional parameters when Name is Deny.
    RedirectActionParametersRedirectActionParametersNoAdditional parameter when Name is Redirect.
    AllowActionParametersAllowActionParametersNoAdditional parameters when Name is Allow.
    ChallengeActionParametersChallengeActionParametersNoAdditional parameter when Name is Challenge.
    BlockIPActionParametersBlockIPActionParametersNoTo be deprecated, additional parameter when Name is BlockIP.
    ReturnCustomPageActionParametersReturnCustomPageActionParametersNoTo be deprecated, additional parameter when Name is ReturnCustomPage.

    SecurityConfig

    Web security configuration.

    Used by actions: ModifySecurityPolicy.

    NameTypeRequiredDescription
    WafConfigWafConfigNoManaged rule. if the parameter is null or not filled, use the last set configuration by default.
    RateLimitConfigRateLimitConfigNoRate limiting. if the parameter is null or not filled, the configuration last set will be used by default.
    AclConfigAclConfigNoCustom rule. specifies if the parameter is null or not filled, use the last set configuration by default.
    BotConfigBotConfigNoBot configuration. if the parameter is null or not filled, use the last set configuration by default.
    SwitchConfigSwitchConfigNoSwitch setting of the 7-layer protection. if the parameter is null or not filled, use the last set configuration by default.
    IpTableConfigIpTableConfigNoBasic access control. if the parameter is null or not filled, use the last set configuration by default.
    ExceptConfigExceptConfigNoException rule configuration. if the parameter is null or not filled, use the last set configuration by default.
    DropPageConfigDropPageConfigNoCustom block page settings. if the parameter is null or not filled, use the last set configuration by default.
    TemplateConfigTemplateConfigNoTemplate configuration. specifies parameter usage for output only.
    SlowPostConfigSlowPostConfigNoSlow attack configuration. if the parameter is null or not filled, use the last set configuration by default.
    DetectLengthLimitConfigDetectLengthLimitConfigNoDetect length limit configuration. for output usage only.

    SecurityPolicy

    Web security policy.

    Used by actions: CreateWebSecurityTemplate, DescribeSecurityPolicy, DescribeWebSecurityTemplate, ModifySecurityPolicy, ModifyWebSecurityTemplate.

    NameTypeRequiredDescription
    CustomRulesCustomRulesNoCustom rules. If the parameter is null or not filled, the configuration last set will be used by default.
    Note: This field may return null, indicating that no valid value can be obtained.
    ManagedRulesManagedRulesNoManaged. If the parameter is null or not filled, the configuration last set will be used by default.
    Note: This field may return null, indicating that no valid value can be obtained.
    HttpDDoSProtectionHttpDDoSProtectionNoHTTP DDOS protection configuration.
    RateLimitingRulesRateLimitingRulesNoConfigures the rate limiting rule.
    ExceptionRulesExceptionRulesNoException rule configuration.
    BotManagementBotManagementNoBot management configuration.

    SecurityPolicyTemplateInfo

    Policy template information.

    Used by actions: DescribeWebSecurityTemplates.

    NameTypeDescription
    ZoneIdStringThe zone ID to which the policy template belongs.
    TemplateIdStringPolicy template ID.
    TemplateNameStringThe name of the policy template.
    BindDomainsArray of BindDomainInfoInformation about domains bound to the policy template.

    SecurityTemplateBinding

    Bindings of a security policy template

    Used by actions: DescribeSecurityTemplateBindings.

    NameTypeDescription
    TemplateIdStringtemplate ID
    TemplateScopeArray of TemplateScopeBinding status of the template.

    SecurityType

    The security type setting item.

    Used by actions: DescribeHostsSetting.

    NameTypeRequiredDescription
    SwitchStringYesWhether to enable the security type setting. Values:
  • on: Enable
  • off: Disable
  • ServerCertInfo

    HTTPS server certificate configuration

    Used by actions: DescribeHostsSetting, ModifyHostsCertificate, ModifyZoneSetting.

    NameTypeRequiredDescription
    CertIdStringYesSpecifies the server certificate ID, which originates from the SSL side. you can check the CertId from the SSL certificate list.
    AliasStringNoCertificate remark name.
    TypeStringNoCertificate type. valid values:.
  • Specifies the default certificate.
  • .
  • Upload: user upload;
  • .
  • managed: tencent cloud hosted.
  • .
    ExpireTimeTimestamp ISO8601NoCertificate expiration time.
    DeployTimeTimestamp ISO8601NoSpecifies the cert deployment time.
    SignAlgoStringNoSignature algorithm.
    CommonNameStringNoDomain name of the certificate.

    SetContentIdentifierParameters

    Content identifier configuration parameters

    Used by actions: CreateL7AccRules, DescribeL7AccRules, ModifyL7AccRule.

    NameTypeRequiredDescription
    ContentIdentifierStringNoContent identifier id.

    SkipCondition

    Exception rule conditions, used to filter requests by specific fields

    Used by actions: ModifySecurityPolicy.

    NameTypeRequiredDescription
    TypeStringYesThe field type. Values:
  • header_fields: HTTP request header
  • cookie: HTTP request cookie
  • query_string: Query string in the HTTP request URL
  • uri: HTTP request URI
  • body_raw: HTTP request body
  • body_json: JSON HTTP request body
  • SelectorStringYesThe specific field. Values:
  • args: Query parameter in the URI, such as "?name1=jack&age=12"
  • path: Partial path in the URI, such as "/path/to/resource.jpg"
  • full: Full path in the URI, such as "example.com/path/to/resource.jpg?name1=jack&age=12"
  • upload_filename: File path segment
  • keys: All keys
  • values: Values of all keys
  • key_value: Key and its value
  • MatchFromTypeStringNoThe match method used to match the key. Values:
  • equal: Exact match
  • wildcard: Wildcard match (only asterisks)
  • MatchFromArray of StringNoMatch the Key value.
    MatchContentTypeStringNoThe match method used to match the content.
  • equal: Exact match
  • wildcard: Wildcard match (only asterisks)
  • MatchContentArray of StringNoMatch the Value.

    SlowAttackDefense

    Slow attack protection configuration.

    Used by actions: CreateWebSecurityTemplate, DescribeSecurityPolicy, DescribeWebSecurityTemplate, ModifySecurityPolicy, ModifyWebSecurityTemplate.

    NameTypeRequiredDescription
    EnabledStringYesWhether slow attack protection is enabled. valid values:
  • on: enabled;
  • off: disabled.
  • .
    ActionSecurityActionNoSlow attack protection handling method. required when Enabled is on. valid values for SecurityAction Name:
  • Monitor: observation;
  • Deny: block;
  • .
    MinimalRequestBodyTransferRateMinimalRequestBodyTransferRateNoThe specific configuration of the minimum body transfer rate threshold is required when Enabled is on.
    RequestBodyTransferTimeoutRequestBodyTransferTimeoutNoSpecifies the specific configuration of body transfer timeout duration. required when Enabled is on.

    SlowPostConfig

    Slow attack defense configuration.

    Used by actions: ModifySecurityPolicy.

    NameTypeRequiredDescription
    SwitchStringYesValues:
  • on: Enable
  • off: Disable
  • FirstPartConfigFirstPartConfigNoFirst packet configuration.
    SlowRateConfigSlowRateConfigNoSpecifies the basic configuration.
    ActionStringNoHandling action for slow attack. valid values:.
  • monitor: observe
  • .
  • drop: block the request.
  • .
    RuleIdIntegerNoSpecifies the Id of this rule.

    SlowRateConfig

    The configuration to detect slow attacks

    Used by actions: ModifySecurityPolicy.

    NameTypeRequiredDescription
    SwitchStringYesSwitch. Values:
  • on: Enable
  • off: Disable
  • IntervalIntegerNoThe statistics interval in seconds. after the first packet transfer, the data transmission axis is split by this parameter for separate computing of slow attacks on each shard.
    ThresholdIntegerNoSpecifies the rate threshold applied during statistics in bps. if the transmission rate in this shard does not reach the parameter value, it is identified as a slow attack and the slow attack handling method is applied.

    SmartRouting

    Smart acceleration configuration

    Used by actions: DescribeHostsSetting, DescribeZoneSetting, ModifyZoneSetting.

    NameTypeRequiredDescription
    SwitchStringYesWhether to enable smart acceleration. Values:
  • on: Enable
  • off: Disable
  • SmartRoutingParameters

    Smart acceleration configuration.

    Used by actions: CreateL7AccRules, DescribeL7AccRules, DescribeL7AccSetting, ModifyL7AccRule, ModifyL7AccSetting.

    NameTypeRequiredDescription
    SwitchStringNoWhether to enable smart acceleration. values:.
  • On: enable;

  • .
  • Off: disable.
  • .

    StandardDebug

    Standard debugging

    Used by actions: DescribeZoneSetting, ModifyZoneSetting.

    NameTypeRequiredDescription
    SwitchStringYesWhether to enable standard debugging. Values:
  • on: Enable
  • off: Disable
  • AllowClientIPListArray of StringYesThe client IP to allow. It can be an IPv4/IPv6 address or a CIDR block. If not specified, it means to allow any client IP
    ExpireTimeTimestamp ISO8601YesThe time when the standard debugging setting expires. If it is exceeded, this feature becomes invalid.

    StandardDebugParameters

    Debug structure.

    Used by actions: DescribeL7AccSetting, ModifyL7AccSetting.

    NameTypeRequiredDescription
    SwitchStringNoWhether to enable standard debugging. values:.
  • On: enable;

  • .
  • Off: disable.
  • .
    AllowClientIPListArray of StringNoThe client ip to allow. it can be an ipv4/ipv6 address or a cidr block. 0.0.0.0/0 means to allow all ipv4 clients for debugging; ::/0 means to allow all ipv6 clients for debugging; 127.0.0.1 is not allowed.
    note: this field is required when switch=on and the number of entries should be 1-100. when switch=off, this field is not required and any value specified will not take effect.
    ExpiresTimestamp ISO8601NoDebug feature expiration time. the feature will be disabled after the set time.
    note: this field is required when switch=on. when switch=off, this field is not required and any value specified will not take effect.

    StatusCodeCacheParam

    Status Code Cache TTL configuration internal structure.

    Used by actions: CreateL7AccRules, DescribeL7AccRules, ModifyL7AccRule.

    NameTypeRequiredDescription
    StatusCodeIntegerNoStatus code. valid values: 400, 401, 403, 404, 405, 407, 414, 500, 501, 502, 503, 504, 509, 514.
    CacheTimeIntegerNoCache time value in seconds. value range: 0–31536000.

    StatusCodeCacheParameters

    Status Code Cache TTL configuration parameters.

    Used by actions: CreateL7AccRules, DescribeL7AccRules, ModifyL7AccRule.

    NameTypeRequiredDescription
    StatusCodeCacheParamsArray of StatusCodeCacheParamNoStatus code cache ttl.
    Note: this field may return null, which indicates a failure to obtain a valid value.

    SubRule

    Nested rule settings

    Used by actions: CreateRule, DescribeRules, ModifyRule.

    NameTypeRequiredDescription
    ConditionsArray of RuleAndConditionsYesThe condition that determines if a feature should run.
    Note: If any condition in the array is met, the feature will run.
    ActionsArray of ActionYesThe feature to be executed.

    SubRuleItem

    Rule engine nested rule

    Used by actions: CreateRule, DescribeRules, ModifyRule.

    NameTypeRequiredDescription
    RulesArray of SubRuleYesNested rule settings
    TagsArray of StringNoTag of the rule.

    Sv

    Pricing query parameter

    Used by actions: DescribeZones.

    NameTypeRequiredDescription
    KeyStringYesThe parameter key.
    ValueStringYesThe parameter value.
    PackStringNoQuota for a resource. Values:
  • zone: Quota for sites
  • custom-rule: Quota for custom rules
  • rate-limiting-rule: Quota for rate limiting rules
  • l4-proxy-instance: Quota for L4 proxy instances

  • Note: This field may return null, indicating that no valid values can be obtained.
    InstanceIdStringNoID of the L4 proxy instance.
    Note: This field may return null, indicating that no valid values can be obtained.
    ProtectionSpecsStringNoThe protection specification.
    Values:
  • cm_30G: 30 Gbps base protection bandwidth in Chinese mainland service area
  • cm_60G: 60 Gbps base protection bandwidth in Chinese mainland service area
  • cm_100G: 100 Gbps base protection bandwidth in Chinese mainland service area
  • anycast_300G: 300 Gbps Anycast-based protection in Global (MLC) service area
  • anycast_unlimited: Unlimited Anycast-based protection bandwidth in Global (MLC) service area
  • cm_30G_anycast_300G: 30 Gbps base protection bandwidth in Chinese mainland service area and 300 Gbps Anycast-based protection bandwidth in Global (MLC) service area
  • cm_30G_anycast_unlimited: 30 Gbps base protection bandwidth in Chinese mainland service area and unlimited Anycast-based protection bandwidth in Global (MLC) service area
  • cm_60G_anycast_300G: 60 Gbps base protection bandwidth in **Chinese mainland** service area and 300 Gbps Anycast-based protection bandwidth in **Global (MLC)** service area</li><li> cm_60G_anycast_unlimited: 60 Gbps base protection bandwidth in Chinese mainland service area and unlimited Anycast-based protection bandwidth in Global (MLC) service area
  • cm_100G_anycast_300G: 100 Gbps base protection bandwidth in Chinese mainland service area and 300 Gbps Anycast-based protection bandwidth in Global (MLC) service area
  • cm_100G_anycast_unlimited`: 100 Gbps base protection bandwidth in Chinese mainland service area and unlimited Anycast-based protection bandwidth in Global (MLC) service area

  • Note: This field may return null, indicating that no valid values can be obtained.

    SwitchConfig

    Web security configuration switch

    Used by actions: ModifySecurityPolicy.

    NameTypeRequiredDescription
    WebSwitchStringYesWhether to enable web protection. Values:
  • on: Enable
  • off: Disable
  • It does not affect DDoS and bot configuration.

    TCCaptchaOption

    CAPTCHA authentication instance information.

    Used by actions: CreateSecurityClientAttester, DescribeSecurityClientAttester, ModifySecurityClientAttester.

    NameTypeRequiredDescription
    CaptchaAppIdStringYesCaptchaAppId information.
    AppSecretKeyStringYesAppSecretKey information.

    TCRCEOption

    RCE authentication option instance information.

    Used by actions: CreateSecurityClientAttester, DescribeSecurityClientAttester, ModifySecurityClientAttester.

    NameTypeRequiredDescription
    ChannelStringYesChannel information.

    TLSConfigParameters

    SSL/TLS Security configuration parameters.

    Used by actions: CreateL7AccRules, DescribeL7AccRules, DescribeL7AccSetting, ModifyL7AccRule, ModifyL7AccSetting.

    NameTypeRequiredDescription
    VersionArray of StringNoTLS version. at least one must be specified. if multiple versions are specified, they must be consecutive, e.g., enable tls1, 1.1, 1.2, and 1.3. it is not allowed to enable only 1 and 1.2 while disabling 1.1. valid values:
  • tlsv1: tlsv1 version;
  • tlsv1.1: tlsv1.1 version;
  • tlsv1.2: tlsv1.2 version;
  • tlsv1.3: tlsv1.3 version.
  • .
    CipherSuiteStringNoCipher suite. for detailed information, please refer to tls versions and cipher suites description. valid values:
  • loose-v2023: loose-v2023 cipher suite;
  • general-v2023: general-v2023 cipher suite;
  • strict-v2023: strict-v2023 cipher suite.
  • .

    Tag

    Tag configuration

    Used by actions: CreateContentIdentifier, CreateZone, DescribeContentIdentifiers, DescribeZones.

    NameTypeRequiredDescription
    TagKeyStringYesThe tag key.
    Note: This field may return null, indicating that no valid values can be obtained.
    TagValueStringYesThe tag value.
    Note: This field may return null, indicating that no valid values can be obtained.

    Task

    Content management task result

    Used by actions: DescribePrefetchTasks, DescribePurgeTasks.

    NameTypeDescription
    JobIdStringID of the task.
    TargetStringResource.
    TypeStringType of the task.
    MethodStringNode cache purge method. valid values:.
  • invalidate: marks as expired. a back-to-origin validation is triggered upon user request, sending an HTTP conditional request with If-None-Match and If-Modified-Since headers. If the origin server responds with 200, the node will fetch new resources from the origin and update the cache; If the origin server responds with 304, the cache will not be updated;
  • .
  • Delete: directly deletes the node's cache, triggering a resource fetch from the origin upon user request.
  • .
    StatusStringStatus. valid values:.
  • processing: indicates the operation is in progress.
  • .
  • Success: specifies the success status.
  • .
  • failed: indicates a failure.
  • .
  • Timeout: specifies the timeout period.
  • .
  • Canceled: canceled.
  • .
    CreateTimeTimestamp ISO8601Creation time of the task.
    UpdateTimeTimestamp ISO8601Completion time of the task.
    FailTypeStringRefresh and preheat failure type. valid values:.
  • taskFailed: specifies the task failure.
  • .
  • quotaExceeded: specifies the quota exceeded status.
  • .
  • downloadManifestFailed: specifies the file failed to download.
  • .
  • accessDenied: specifies access denied.
  • .
  • originPullFailed: specifies the origin-pull failure.
  • .
    FailMessageStringFailure description for refresh and preheating.

    TemplateConfig

    Security template settings

    Used by actions: ModifySecurityPolicy.

    NameTypeRequiredDescription
    TemplateIdStringYesThe template ID.
    TemplateNameStringYesThe template name.

    TemplateScope

    Domain names bound with the template.

    Used by actions: DescribeSecurityTemplateBindings.

    NameTypeRequiredDescription
    ZoneIdStringNoID of the site.
    Note: This field may return·null, indicating that no valid values can be obtained.
    EntityStatusArray of EntityStatusNoList of instance statuses
    Note: This field may return·null, indicating that no valid values can be obtained.

    TimingDataItem

    Data items of the statistical curve

    Used by actions: DescribeDDoSAttackData, DescribeOverviewL7Data, DescribeTimingL4Data, DescribeTimingL7AnalysisData, DescribeTimingL7CacheData.

    NameTypeDescription
    TimestampIntegerTime point for returning data, in the format of Unix timestamp in seconds.
    ValueIntegerThe value.

    TimingDataRecord

    The time-series data

    Used by actions: DescribeOverviewL7Data, DescribeTimingL4Data, DescribeTimingL7AnalysisData, DescribeTimingL7CacheData.

    NameTypeDescription
    TypeKeyStringThe query dimension value.
    TypeValueArray of TimingTypeValueDetailed time series data

    TimingTypeValue

    Detailed data of time series type

    Used by actions: DescribeOverviewL7Data, DescribeTimingL4Data, DescribeTimingL7AnalysisData, DescribeTimingL7CacheData.

    NameTypeDescription
    SumIntegerSum.
    MaxIntegerThe maximum value.
    AvgIntegerThe average value.
    MetricNameStringMetric name.
    DetailArray of TimingDataItemDetails.
    Note: This field may return null, indicating that no valid values can be obtained.

    TopDataRecord

    The top-ranked data record

    Used by actions: DescribeTopL7AnalysisData, DescribeTopL7CacheData.

    NameTypeDescription
    TypeKeyStringThe query dimension value.
    DetailDataArray of TopDetailDataTop data rankings

    TopDetailData

    The top-ranked data details

    Used by actions: DescribeTopL7AnalysisData, DescribeTopL7CacheData.

    NameTypeDescription
    KeyStringThe field name.
    ValueIntegerThe field value.

    TopEntry

    The Top-ranked data

    Used by actions: DescribeDDoSAttackTopData.

    NameTypeDescription
    KeyStringThe query dimension value.
    ValueArray of TopEntryValueThe details.

    TopEntryValue

    The top-ranked data

    Used by actions: DescribeDDoSAttackTopData.

    NameTypeDescription
    NameStringThe item name.
    CountIntegerThe number of items.

    URLPath

    Access URL redirect path configuration parameters.

    Used by actions: CreateL7AccRules, DescribeL7AccRules, ModifyL7AccRule.

    NameTypeRequiredDescription
    ActionStringNoAction to be executed. values:.
  • Follow: follow the request;
  • .
  • Custom: custom;
  • .
  • Regex: regular expression matching.
  • .
    RegexStringNoRegular expression matching expression, length range is 1-1024.
    note: when action is regex, this field is required; when action is follow or custom, this field is not required and will not take effect if filled.
    ValueStringNoRedirect target url, length range is 1-1024.
    note: when action is regex or custom, this field is required; when action is follow, this field is not required and will not take effect if filled.

    UpstreamCertInfo

    The certificate carried during EO node origin-pull is used when the origin server enables the mutual authentication handshake to validate the client certificate, ensuring that the request originates from a trusted EO node.

    Used by actions: DescribeAccelerationDomains.

    NameTypeRequiredDescription
    UpstreamMutualTLSMutualTLSNoIn the origin-pull mutual authentication scenario, this field represents the certificate (including the public and private keys) carried during EO node origin-pull, which is deployed in the EO node for the origin server to authenticate the EO node. When used as an input parameter, it is left blank to indicate retaining the original configuration.

    UpstreamFollowRedirectParameters

    Origin-pull redirection parameters configuration

    Used by actions: CreateL7AccRules, DescribeL7AccRules, ModifyL7AccRule.

    NameTypeRequiredDescription
    SwitchStringNoWhether to enable origin-pull to follow the redirection configuration. values:.
  • On: enable;

  • .
  • Off: disable.
  • .
    MaxTimesIntegerNoThe maximum number of redirects. value range: 1-5.
    Note: this field is required when switch is on; when switch is off, this field is not required and will not take effect if filled.

    UpstreamHTTP2Parameters

    HTTP2 origin-pull configuration

    Used by actions: CreateL7AccRules, DescribeL7AccRules, DescribeL7AccSetting, ModifyL7AccRule, ModifyL7AccSetting.

    NameTypeRequiredDescription
    SwitchStringNoWhether to enable http2 origin-pull. valid values:.
  • On: enable;

  • .
  • Off: disable.
  • .

    UpstreamHttp2

    HTTP2 origin-pull configuration

    Used by actions: DescribeZoneSetting, ModifyZoneSetting.

    NameTypeRequiredDescription
    SwitchStringYesWhether to enable HTTP2 origin-pull. Valid values:
  • on: Enable;
  • off: Disable.
  • UpstreamRequestCookie

    Origin-pull request parameters Cookie configuration

    Used by actions: CreateL7AccRules, DescribeL7AccRules, ModifyL7AccRule.

    NameTypeRequiredDescription
    SwitchStringNoWhether to enable the origin-pull request parameter cookie. valid values:.
  • On: enable;

  • .
  • Off: disable.
  • .
    ActionStringNoOrigin-Pull request parameter cookie mode. this parameter is required when switch is on. valid values are:.
  • Full: indicates full retention;
  • .
  • Ignore: ignore all.
  • .
  • IncludeCustom: retain partial parameters.
  • .
  • ExcludeCustom: ignore partial parameters.
  • .
    ValuesArray of StringNoSpecifies parameter values. this parameter takes effect only when the query string mode action is includecustom or excludecustom, and is used to specify the parameters to be reserved or ignored. up to 10 parameters are supported.

    UpstreamRequestParameters

    Origin-pull request parameters configuration.

    Used by actions: CreateL7AccRules, DescribeL7AccRules, ModifyL7AccRule.

    NameTypeRequiredDescription
    QueryStringUpstreamRequestQueryStringNoQuery string configuration. optional. if not provided, it will not be configured.
    Note: this field may return null, which indicates a failure to obtain a valid value.
    CookieUpstreamRequestCookieNoCookie configuration. optional. if not provided, it will not be configured.
    Note: this field may return null, which indicates a failure to obtain a valid value.

    UpstreamRequestQueryString

    Origin-pull request parameters query string configuration.

    Used by actions: CreateL7AccRules, DescribeL7AccRules, ModifyL7AccRule.

    NameTypeRequiredDescription
    SwitchStringNoWhether to enable origin-pull request parameter query string. values:.
  • On: enable;

  • .
  • Off: disable.
  • .
    ActionStringNoQuery string mode. this parameter is required when switch is on. values:.
  • Full: retain all
  • .
  • Ignore: ignore all;
  • .
  • IncludeCustom: retain partial parameters.
  • .
  • ExcludeCustom: ignore partial parameters.
  • .
    ValuesArray of StringNoSpecifies parameter values. this parameter takes effect only when the query string mode action is includecustom or excludecustom, and is used to specify the parameters to be reserved or ignored. up to 10 parameters are supported.

    UpstreamURLRewriteParameters

    Origin URL rewrite configuration parameters.

    Used by actions: CreateL7AccRules, DescribeL7AccRules, ModifyL7AccRule.

    NameTypeRequiredDescription
    TypeStringNoOrigin-Pull URL rewrite type. valid values: Path.
    ActionStringNoOrigin-Pull URL rewrite action. valid values:.
  • replace: replace the full Path. used to replace the complete request URL Path with the specified Path.
  • addPrefix: add Path prefix. used to add specified Path prefix to request URL Path.
  • .
  • rmvPrefix: specifies the removal of Path prefix. used to remove the specified Path prefix from the request URL Path.
  • regexReplace: refers to regular expression replacement of the full path. used for matching and replacing the full path via Google RE2 regular expressions.
  • ValueStringNoOrigin-Pull URL rewrite value. should meet URL Path standard and ensure the rewritten Path starts with / to prevent the Host of the origin-pull URL from being modified, with a length range of 1–1024. when Action is addPrefix, it cannot end with /. when Action is rmvPrefix, * cannot exist. when Action is regexReplace, $NUM can be used to refer to regular expression capture groups, where NUM represents the group number, such as $1, and supports up to $9.
    RegexStringNoOrigin-Pull URL rewrite used for regex replacement to match the full path regular expression. should meet Google RE2 standard with length range 1–1024. this field is required when Action is regexReplace, otherwise not required.

    VanityNameServers

    Custom name servers

    Used by actions: DescribeZones, ModifyZone.

    NameTypeRequiredDescription
    SwitchStringYesWhether to enable custom name servers. Values:
  • on: Enable
  • off: Disable
  • ServersArray of StringNoList of custom name servers

    VanityNameServersIps

    IP information of the custom name server

    Used by actions: DescribeZones.

    NameTypeDescription
    NameStringCustom name of the name server
    IPv4StringIPv4 address of the custom name server

    VaryParameters

    Vary feature configuration parameter.

    Used by actions: CreateL7AccRules, DescribeL7AccRules, ModifyL7AccRule.

    NameTypeRequiredDescription
    SwitchStringYesVary feature configuration switch. valid values:.
  • on: Enable;


  • off: Disable.
  • VideoTemplateInfo

    Video stream configuration parameters.

    Used by actions: CreateJustInTimeTranscodeTemplate, DescribeJustInTimeTranscodeTemplates.

    NameTypeRequiredDescription
    CodecStringYesEncoding format for video streams. valid values:
  • H.264: use H.264 encoding;
  • H.265: use H.265 encoding.
  • .
    FpsFloatNoVideo frame rate. value ranges from 0 to 30. measurement unit: Hz.
    If the value is 0, the frame rate will be the same as that of the source video, with a maximum not exceeding 30.
    Default value: 0.
    BitrateIntegerNoSpecifies the bitrate of video stream. valid values: 0 and [128, 10000]. measurement unit: kbps.
    Value is 0, means automatically select video bitrate based on video image and quality.
    Default value: 0.
    ResolutionAdaptiveStringNoResolution adaptation. available values:
  • open: enable. at this point, Width represents the long side of the video and Height represents the short side.
  • close: disable. at this point, Width represents the Width of the video and Height represents the Height.
  • default value: open.
    WidthIntegerNoThe maximum value of the video stream Width (or long side). valid values: 0 and [128, 1920]. unit: px.
  • when Width and Height are both 0, the resolution is from the same source;
  • when Width is 0 and Height is non-0, Width is scaled proportionally;
  • when Width is non-0 and Height is 0, Height is scaled proportionally;
  • when both Width and Height are non-0, the resolution is specified by the user.
  • default value: 0.
    HeightIntegerNoThe maximum value of the video stream Height (or short side). valid values: 0 and [128, 1080]. unit: px.
  • when Width and Height are both 0, the resolution is from the same source;
  • when Width is 0 and Height is non-0, Width is scaled proportionally;
  • when Width is non-0 and Height is 0, the Height is scaled proportionally;
  • when both Width and Height are non-0, the resolution is specified by the user.
  • default value: 0.
    FillTypeStringNoFilling method. specifies the processing method for transcoding when video stream configuration width and height parameters are inconsistent with the aspect ratio of the original video. valid values:
  • stretch: stretch each frame to fill the entire screen, possibly causing the transcoded video to be squashed or stretched.
  • black: maintain video aspect ratio with edges filled with black.
  • white: maintain video aspect ratio with edges filled with white.
  • gauss: maintain video aspect ratio with gaussian blur filling for the rest of the edges.
  • default value: black.

    Waf

    N/A

    Used by actions: DescribeHostsSetting.

    NameTypeRequiredDescription
    SwitchStringYesWhether to enable WAF. Values:
  • on: Enable
  • off: Disable
  • PolicyIdIntegerNoID of the policy

    WafConfig

    WAF configuration.

    Used by actions: ModifySecurityPolicy.

    NameTypeRequiredDescription
    SwitchStringYesWhether to enable WAF configuration. Values:
  • on: Enable
  • off: Disable
  • The configuration can be modified even when it is disabled.
    LevelStringYesThe protection level. Values:
  • loose: Loose
  • normal: Moderate
  • strict: Strict
  • stricter: Super strict
  • custom: Custom
  • ModeStringYesThe WAF global mode. Values:
  • block: Block globally
  • observe: Observe globally
  • WafRuleWafRuleNoThe settings of the managed rule. If it is null, the settings that were last configured will be used.
    AiRuleAiRuleNoThe setting of the AI rule engine. If it is null, the setting that was last configured will be used.

    WafRule

    WAF rule

    Used by actions: ModifySecurityPolicy.

    NameTypeRequiredDescription
    SwitchStringYesWhether to enable managed rules. Values:
  • on: Enable
  • off: Disable
  • BlockRuleIDsArray of IntegerYesIDs of the rules to be disabled.
    ObserveRuleIDsArray of IntegerYesIDs of the rules to be executed in Observe mode.

    WebSocket

    WebSocket configuration

    Used by actions: DescribeZoneSetting, ModifyZoneSetting.

    NameTypeRequiredDescription
    SwitchStringYesWhether to enable WebSocket connection timeout. Values:
  • on: The field "Timeout" can be configured.
  • off: The field "Timeout" is fixed to 15 seconds.
  • TimeoutIntegerNoThe timeout period in seconds. Maximum value: 120.

    WebSocketParameters

    WebSocket configuration

    Used by actions: CreateL7AccRules, DescribeL7AccRules, DescribeL7AccSetting, ModifyL7AccRule, ModifyL7AccSetting.

    NameTypeRequiredDescription
    SwitchStringNoWhether to enable websocket connection timeout. values:.
  • On: use timeout as the websocket timeout;
  • .
  • Off: the platform still supports websocket connections, using the system default timeout of 15 seconds.
  • .
    TimeoutIntegerNoTimeout, unit: seconds. maximum timeout is 120 seconds.
    note: this field is required when switch is on; otherwise, this field will not take effect.

    Zone

    Site information

    Used by actions: DescribeZones.

    NameTypeDescription
    ZoneIdStringSite ID.
    ZoneNameStringThe site name.
    OriginalNameServersArray of StringList of name servers used by the site
    NameServersArray of StringThe list of name servers assigned by Tencent Cloud.
    StatusStringThe site status. Values:
    u200c
  • active: The name server is switched to EdgeOne.

  • u200c
  • pending: The name server is not switched.

  • u200c
  • moved: The name server is changed to other service providers.

  • u200c
  • deactivated: The site is blocked.
  • initializing: The site is not bound with any plan.
  • TypeStringSite access method. Valid values:
  • full: NS access;
  • partial: CNAME access;
  • noDomainAccess: access with no domain name.
  • PausedBooleanWhether the site is disabled.
    CnameSpeedUpStringWhether CNAME acceleration is enabled. Values:
  • enabled: Enabled
  • disabled: Disabled
  • CnameStatusStringCNAME record access status. Values:
  • finished: The site is verified.
  • pending: The site is being verified.
  • TagsArray of TagThe list of resource tags.
    ResourcesArray of ResourceThe list of billable resources.
    CreatedOnTimestamp ISO8601The creation time of the site.
    ModifiedOnTimestamp ISO8601The modification date of the site.
    AreaStringThe site access region. Values:
  • global: Global.
  • mainland: Chinese mainland.
  • overseas: Outside the Chinese mainland.
  • VanityNameServersVanityNameServersThe custom name server information.
    Note: This field may return null, indicating that no valid values can be obtained.
    VanityNameServersIpsArray of VanityNameServersIpsThe custom name server IP information.
    Note: This field may return null, indicating that no valid values can be obtained.
    ActiveStatusStringStatus of the proxy. Values:
  • active: Enabled
  • inactive: Not activated
  • paused: Disabled
  • AliasZoneNameStringSite alias. a composite of digits, numbers, english letters, -, and _, limited to 20 characters.
    IsFakeIntegerWhether it’s a fake site. Valid values:
  • 0: Non-fake site;
  • 1: Fake site.
  • LockStatusStringLock status. Values:
  • enable: Normal. Modification is allowed.
  • disable: Locked. Modification is not allowed.
  • plan_migrate: Adjusting the plan. Modification is not allowed.
  • OwnershipVerificationOwnershipVerificationOwnership verification information
    Note: This field may return·null, indicating that no valid values can be obtained.

    ZoneConfig

    Site acceleration configuration.

    Used by actions: DescribeL7AccSetting, ModifyL7AccSetting.

    NameTypeRequiredDescription
    SmartRoutingSmartRoutingParametersNo<Intelligent acceleration configuration.
    Note: this field may return null, which indicates a failure to obtain a valid value.
    CacheCacheConfigParametersNoNode cache expiration time configuration.
    .
    Note: this field may return null, which indicates a failure to obtain a valid value.
    MaxAgeMaxAgeParametersNoBrowser cache rule configuration, which is used to set the default value of maxage and is disabled by default.
    .
    Note: this field may return null, which indicates a failure to obtain a valid value.
    CacheKeyCacheKeyConfigParametersNoThe node cache key configuration.
    Note: this field may return null, which indicates a failure to obtain a valid value.
    CachePrefreshCachePrefreshParametersNoCache prefresh configuration.
    Note: this field may return null, which indicates a failure to obtain a valid value.
    OfflineCacheOfflineCacheParametersNoOffline cache configuration.
    Note: this field may return null, which indicates a failure to obtain a valid value.
    CompressionCompressionParametersNoSmart compression configuration.
    .
    Note: this field may return null, which indicates a failure to obtain a valid value.
    ForceRedirectHTTPSForceRedirectHTTPSParametersNoForced https redirect configuration for access protocols.
    .
    Note: this field may return null, which indicates a failure to obtain a valid value.
    HSTSHSTSParametersNoHSTS configuration.
    Note: this field may return null, which indicates a failure to obtain a valid value.
    TLSConfigTLSConfigParametersNoTLS configuration.
    Note: this field may return null, which indicates a failure to obtain a valid value.
    OCSPStaplingOCSPStaplingParametersNoOCSP stapling configuration.
    Note: this field may return null, which indicates a failure to obtain a valid value.
    HTTP2HTTP2ParametersNoHTTP/2 configuration.
    Note: this field may return null, which indicates a failure to obtain a valid value.
    QUICQUICParametersNoQUIC access configuration.
    Note: this field may return null, which indicates a failure to obtain a valid value.
    UpstreamHTTP2UpstreamHTTP2ParametersNoHTTP2 origin-pull configuration.
    Note: this field may return null, which indicates a failure to obtain a valid value.
    IPv6IPv6ParametersNoIPv6 access configuration.
    Note: this field may return null, which indicates a failure to obtain a valid value.
    WebSocketWebSocketParametersNoWebSocket configuration.
    Note: this field may return null, which indicates a failure to obtain a valid value.
    PostMaxSizePostMaxSizeParametersNoPOST request transport configuration.
    Note: this field may return null, which indicates a failure to obtain a valid value.
    ClientIPHeaderClientIPHeaderParametersNoClient ip origin-pull request header configuration.
    Note: this field may return null, which indicates a failure to obtain a valid value.
    ClientIPCountryClientIPCountryParametersNoWhether to carry the region information of the client ip during origin-pull.
    Note: this field may return null, which indicates a failure to obtain a valid value.
    GrpcGrpcParametersNoConfiguration of grpc support.
    Note: this field may return null, which indicates a failure to obtain a valid value.
    AccelerateMainlandAccelerateMainlandParametersNoAccelerate optimization and configuration in mainland china.
    Note: this field may return null, which indicates a failure to obtain a valid value.
    StandardDebugStandardDebugParametersNoStandard debugging configuration.
    .
    Note: this field may return null, which indicates a failure to obtain a valid value.

    ZoneConfigParameters

    Site configuration information.

    Used by actions: DescribeL7AccSetting.

    NameTypeDescription
    ZoneNameStringThe site name.
    ZoneConfigZoneConfigSite configuration information.
    Note: this field may return null, which indicates a failure to obtain a valid value.

    ZoneInfo

    Describes the returned site information.

    Used by actions: DescribePlans.

    NameTypeRequiredDescription
    ZoneIdStringNoSite id.
    ZoneNameStringNoSite name.
    PausedBooleanNoWhether to disable the site. valid values:
  • false: not disabled;
  • .
  • true: disabled.
  • .

    ZoneSetting

    The site configuration.

    Used by actions: DescribeZoneSetting.

    NameTypeDescription
    ZoneNameStringName of the site
    AreaStringSite acceleration region. Values:
  • mainland: Acceleration in the Chinese mainland.
  • overseas: Acceleration outside the Chinese mainland.
  • CacheKeyCacheKeyNode cache key configuration
    Note: This field may return null, indicating that no valid values can be obtained.
    QuicQuicThe QUIC access configuration.
    Note: This field may return null, indicating that no valid values can be obtained.
    PostMaxSizePostMaxSizeThe POST transport configuration.
    Note: This field may return null, indicating that no valid values can be obtained.
    CompressionCompressionSmart compression configuration.
    Note: This field may return null, indicating that no valid values can be obtained.
    UpstreamHttp2UpstreamHttp2HTTP2 origin-pull configuration
    Note: This field may return null, indicating that no valid values can be obtained.
    ForceRedirectForceRedirectForce HTTPS redirect configuration
    Note: This field may return null, indicating that no valid values can be obtained.
    CacheConfigCacheConfigCache expiration time configuration
    Note: This field may return null, indicating that no valid values can be obtained.
    OriginOriginOrigin server configuration.
    Note: This field may return null, indicating that no valid values can be obtained.
    SmartRoutingSmartRoutingSmart acceleration configuration
    Note: This field may return null, indicating that no valid values can be obtained.
    MaxAgeMaxAgeBrowser cache configuration
    Note: This field may return null, indicating that no valid values can be obtained.
    OfflineCacheOfflineCacheThe offline cache configuration.
    Note: This field may return null, indicating that no valid values can be obtained.
    WebSocketWebSocketWebSocket configuration.
    Note: This field may return null, indicating that no valid values can be obtained.
    ClientIpHeaderClientIpHeaderOrigin-pull client IP header configuration
    Note: This field may return null, indicating that no valid values can be obtained.
    CachePrefreshCachePrefreshCache prefresh configuration
    Note: This field may return null, indicating that no valid values can be obtained.
    Ipv6Ipv6IPv6 access configuration
    Note: This field may return null, indicating that no valid values can be obtained.
    HttpsHttpsHTTPS acceleration configuration
    Note: This field may return null, indicating that no valid values can be obtained.
    ClientIpCountryClientIpCountryWhether to carry the location information of the client IP during origin-pull.
    Note: This field may return null, indicating that no valid value can be obtained.
    GrpcGrpcConfiguration of gRPC support
    Note: This field may return null, indicating that no valid value can be obtained.
    ImageOptimizeImageOptimizeImage optimization configuration.
    Note: This field may return null, indicating that no valid value was found.
    AccelerateMainlandAccelerateMainlandCross-MLC-border acceleration.
    Note: This field may return null, indicating that no valid values can be obtained.
    StandardDebugStandardDebugStandard debugging configuration.
    Note: This field may return null, indicating that no valid values can be obtained.
    JITVideoProcessJITVideoProcessJust-in-time media processing configuration.
    Note: This field may return null, which indicates a failure to obtain a valid value.