Help Center/ Cloud Firewall/ Best Practices/ Configuration Suggestions for Using CFW with WAF, Advanced Anti-DDoS, and CDN
Updated on 2024-11-04 GMT+08:00

Configuration Suggestions for Using CFW with WAF, Advanced Anti-DDoS, and CDN

This section describes where CFW is deployed in the network architecture for inbound cloud traffic protection and how to configure CFW when it is used with other Huawei Cloud services.

Overview

Web Application Firewall (WAF), Advanced Anti-DDoS (AAD), and Content Delivery Network (CDN) work as reverse proxies. If these services are deployed, the source IP addresses received by CFW is the back-to-origin IP addresses returned by these services.

If other Huawei Cloud products are configured, traffic will be protected by multiple services. For inbound traffic protection, if a reverse proxy service, such as Content Delivery Network (CDN), Anti-DDoS Service (AAD), or cloud Web Application Firewall (cloud WAF), is deployed before CFW, you need to configure a policy that allows back-to-source IP addresses to avoid misblocking. If a dedicated or load-balancing WAF instance is purchased, configure it as needed.

References