Help Center/ Web Application Firewall/ User Guide/ Instance Management/ Managing Dedicated WAF Engines
Updated on 2025-10-20 GMT+08:00
View PDF

Managing Dedicated WAF Engines

This topic describes how to manage your dedicated WAF instances (or engines). You can view instance information, view instance monitoring configurations, upgrade the edition of an instance, and delete an instance.

Prerequisites

Viewing Information About a Dedicated WAF Instance

  1. Log in to the WAF console.
  2. Click in the upper left corner and select a region or project.
  3. (Optional) If you have enabled the enterprise project function, in the upper part of the navigation pane on the left, select your enterprise project from the Filter by enterprise project drop-down list. Then, WAF will display the related security data in the enterprise project on the page.
  4. In the navigation pane on the left, choose Instance Management > Dedicated Engine.
  5. On the Dedicated Engine page, view the details about dedicated engine instances. Table 1 shows an example.

    Figure 1 Dedicated engine list
    Table 1 Key parameters of dedicated WAF instances

    Parameter

    Description

    Example Value

    Instance Name

    Name automatically generated when an instance is created.

    None

    Protected Website

    Domain name of the website protected by the instance.

    www.example.com

    VPC

    VPC where the instance resides

    vpc-waf

    Subnet

    Subnet where an instance resides

    subnet-62bb

    IP Address

    IP address of the subnet in the VPC where the WAF instance is deployed.

    192.168.0.186

    Access Status

    Connection status of the instance.

    Accessible

    Running Status

    Status of the instance.

    Running

    Version

    Dedicated WAF version.

    202304

    Deployment

    How the instance is deployed.

    Standard mode (reverse proxy)

    Specifications

    Specifications of resources hosting the instance.

    WI-500 (specifications of dedicated engine instances)

    x1.8u.32g (Specifications of the ECS housing the dedicated engine. Specifications: x86: 8 vCPUs | 32 GB)

Viewing Metrics of a Dedicated WAF Instance

When a WAF instance is in the Running status, you can view the monitored metrics about the instance.

  1. Log in to the WAF console.
  2. Click in the upper left corner and select a region or project.
  3. (Optional) If you have enabled the enterprise project function, in the upper part of the navigation pane on the left, select your enterprise project from the Filter by enterprise project drop-down list. Then, WAF will display the related security data in the enterprise project on the page.
  4. In the navigation pane on the left, choose Instance Management > Dedicated Engine.
  5. In the row of the instance, click Cloud Eye in the Operation column to go to the Cloud Eye console and view the monitoring information, such as CPU, memory, and bandwidth.

Upgrading a Dedicated WAF Instance

Only dedicated WAF instances in the Running status can be upgraded to the latest version.

  • It takes about 20 minutes for upgrading an instance. During the upgrade, the instance is not available and cannot protect your domain names connected to it. To prevent service interruptions, use either of the following solutions:
    • Solution 1: Deploy multiple dedicated WAF instances for your domain name, add them to a backend server group of your load balancer, and enable the health check policy for the load balancer. In this way, if one dedicated WAF instance is not available, WAF automatically distributes the traffic to other healthy instances. There is almost no impact on your services except that website requests might be intermittently interrupted for few seconds.
    • Solution 2: If you deploy only one dedicated WAF instance, configure a load balancer before you start to let website traffic bypass WAF during the upgrade. After the upgrade is complete, configure the load balancer to distribute traffic to WAF.
  • If you are using the latest version of WAF, the Upgrade button is grayed out.
  1. Log in to the WAF console.
  2. Click in the upper left corner and select a region or project.
  3. (Optional) If you have enabled the enterprise project function, in the upper part of the navigation pane on the left, select your enterprise project from the Filter by enterprise project drop-down list. Then, WAF will display the related security data in the enterprise project on the page.
  4. In the navigation pane on the left, choose Instance Management > Dedicated Engine.
  5. In the row containing the instance you want to upgrade, click Upgrade in the Operation column.
  6. Confirm the upgrade conditions and click Confirm.

    Click View Details to view details of all dedicated WAF instance versions.

Rolling Back a Dedicated WAF Instance

The version can be rolled back only to the original version.

  1. Log in to the WAF console.
  2. Click in the upper left corner and select a region or project.
  3. (Optional) If you have enabled the enterprise project function, in the upper part of the navigation pane on the left, select your enterprise project from the Filter by enterprise project drop-down list. Then, WAF will display the related security data in the enterprise project on the page.
  4. In the navigation pane on the left, choose Instance Management > Dedicated Engine.
  5. In the row of the instance, click More > Roll Back in the Operation column.
  6. In the dialog box displayed, confirm that the following conditions are met and select the following three conditions. Then, click Confirm.

    An instance can be rolled back only when the following conditions are met:
    • Multiple active instances are available or no services are connected to the instance.
    • ELB HTTP/HTTPS health check has been enabled.
    • ELB sticky session has been disabled.

Change Security Group for a Dedicated WAF Instance

If you select Network Interface for Instance Type, you can change the security group to which your dedicated instance belongs. After you select a security group, the WAF instance will be protected by the access rules of the security group.

  1. Log in to the WAF console.
  2. Click in the upper left corner and select a region or project.
  3. (Optional) If you have enabled the enterprise project function, in the upper part of the navigation pane on the left, select your enterprise project from the Filter by enterprise project drop-down list. Then, WAF will display the related security data in the enterprise project on the page.
  4. In the navigation pane on the left, choose Instance Management > Dedicated Engine.
  5. In the row containing the instance, choose More > Change Security Group in the Operation column.
  6. In the dialog box displayed, select the new security group and click Confirm.

Deleting a Dedicated WAF Instance

You can delete a dedicated WAF instance at any time. After it is deleted, the billing ends.

Resources on deleted instance are released and cannot be restored. Exercise caution when performing this operation.

  1. Log in to the WAF console.
  2. Click in the upper left corner and select a region or project.
  3. (Optional) If you have enabled the enterprise project function, in the upper part of the navigation pane on the left, select your enterprise project from the Filter by enterprise project drop-down list. Then, WAF will display the related security data in the enterprise project on the page.
  4. In the navigation pane on the left, choose Instance Management > Dedicated Engine.
  5. In the row containing the instance, click More > Delete in the Operation column.
  6. In the displayed dialog box, enter DELETE and click Confirm.
Parent topic: Instance Management