Common Tasks
WAF provides a series of common practices for you. These practices can help you start WAF protection for your workloads quickly.
|
Practice |
Description |
|
|---|---|---|
|
Connecting a domain name to WAF |
Connecting a Domain Name to WAF for Websites with no Proxy Used |
If your website is not added to WAF, DNS resolves your domain name to the IP address of the origin server. If your website is added to WAF, DNS resolves your domain name to the CNAME of WAF. In this way, the traffic passes through WAF. WAF inspects every traffic coming from the client and filters out malicious traffic. This section describes how to change DNS settings for WAF to take effect. |
|
Combining CDN and WAF to Get Improved Protection and Load Speed |
The combination of CDN and WAF can protect websites on Huawei Cloud, other clouds, or on-premises and make websites respond more fast. |
|
|
Policy configuration |
This topic describes how Web Application Firewall (WAF) protects workloads in different scenarios. You can refer to configurations in this topic to make WAF work better for you. |
|
|
This section guides you through configuring IP address-based rate limiting and cookie-based protection rules against Challenge Collapsar (CC) attacks. |
||
|
WAF provides three anti-crawler policies, bot detection by identifying User-Agent, website anti-crawler by checking browser validity, and CC attack protection by limiting the access frequency, to help mitigate crawler attacks against your websites. |
||
|
Verifying a Global Protection Whitelist Rule by Simulating Requests with Postman |
After your website is connected to WAF, you can use an API test tool to send HTTP/HTTPS requests to the website and verify that WAF protection rules take effect. This topic uses Postman as an example to describe how to verify a global protection whitelist (formerly false alarm masking) rule. |
|
|
With HSS and WAF in place, you can stop worrying about web page tampering. |
||
|
Configuring TLS encryption |
Configuring the Minimum TLS Version and Cipher Suite to Better Secure Connections |
HTTPS is a network protocol constructed based on Transport Layer Security (TLS) and HTTP for encrypted transmission and identity authentication. When you add a domain name to WAF, set Client Protocol to HTTPS. Then, you can configure the minimum TLS version and cipher suite to harden website security. |
|
Protecting origin servers |
Configuring the Minimum TLS Version and Cipher Suite to Better Secure Connections |
HTTPS is a network protocol constructed based on Transport Layer Security (TLS) and HTTP for encrypted transmission and identity authentication. If a client uses HTTPS to access WAF, that is, the client protocol is set to HTTPS, you can configure the minimum TLS version and cipher suite for the domain name to ensure website security. |
|
Configuring ECS and ELB Access Control Policies to Protect Origin Servers |
This topic describes how to protect origin servers deployed on ECSs or added to ELB backend server groups. It helps you:
|
|
|
Obtaining real client IP addresses |
This topic describes how to obtain the client IP address from WAF and how to configure different types of web application servers, including Tomcat, Apache, Nginx, IIS 6, and IIS 7, to obtain the client IP address. |
|
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.
