Getting Started with WAF
Web Application Firewall (WAF) examines HTTP/HTTPS requests to identify and block malicious traffic, keeping your core service data secure and web server performance stable. This document describes how to quickly use WAF to protect your services.
Overview
A glance at WAF:
Step 1: Buy a WAF Instance
- Log in to Huawei Cloud management console. On the console page, choose Security & Compliance > Web Application Firewall.
- In the upper right corner of the page, click Buy WAF. On the purchase page displayed, select a WAF mode. For details, see Buying Cloud WAF Instance.
Step 2: Connect a Website to WAF
After buying a WAF instance, you need to add it to WAF, or WAF cannot check HTTP or HTTPS requests.
Access Mode |
Reference Document |
---|---|
Cloud Mode |
Take the following steps to connect your website to a cloud WAF instance through CNAME records: |
Dedicated mode |
Take the following five steps to connect a website to a dedicated WAF instance: |
Step 3: Configure a Protection Policy
After your website is connected to WAF, WAF automatically applies a protection policy to your website and enables General Check (with Protective Action set to Log only and Protection Level set to Medium) in Basic Web Protection and enables Scanner check (with Protective Action set to Log only) in Anti-Crawler protection.
- If you do not have special security requirements, you can retain the default settings and view WAF protection logs on the Events page at any time. For details, see Viewing Protection Event Logs.
- If your website were under attacks, you can configure a custom protection policy based on attack details on the Dashboard and Events pages. For details, see Adding Rules to One or More Policies.
Step 4: View Protection Logs
On the Events page, view the protection details of the configured protection policy and handle the source IP address.
- To quickly whitelist a source IP address, locate the row that contains the corresponding event, choose Handle as False Alarm in the Operation column, and configure a global protection whitelist rule.
- To block or allow a source IP address, add it to an IP address blacklist or whitelist.
For details, see Handling False Alarms.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.