Updated on 2024-11-05 GMT+08:00

Managing Dedicated WAF Engines

This topic describes how to manage your dedicated WAF instances (or engines), including viewing instance information, viewing instance monitoring configurations, upgrading the instance edition, or deleting an instance.

If you have enabled enterprise projects, ensure that you have all operation permissions for the project where your WAF instances locate. Then, you can select the project from the Enterprise Project drop-down list and manage dedicated WAF instances in the project.

Prerequisites

  • You have purchased a dedicated WAF instance.
  • Your login account has the IAM ReadOnly permission.

Viewing Information About a Dedicated WAF Instance

  1. Log in to the management console.
  2. Click in the upper left corner of the management console and select a region or project.
  3. Click in the upper left corner of the page and choose Security > Web Application Firewall.
  4. In the navigation pane on the left, choose Instance Management > Dedicated Engine to go to the dedicated WAF instance page.

    Figure 1 Dedicated engine list

  5. View information about a dedicated WAF instance. Table 1 describes parameters.

    Table 1 Key parameters of dedicated WAF instances

    Parameter

    Description

    Example Value

    Instance Name

    Name automatically generated when an instance is created.

    None

    Protected Website

    Domain name of the website protected by the instance.

    www.example.com

    VPC

    VPC where the instance resides

    vpc-waf

    Subnet

    Subnet where an instance resides

    subnet-62bb

    IP Address

    IP address of the subnet in the VPC where the WAF instance is deployed.

    192.168.0.186

    Access Status

    Connection status of the instance.

    Accessible

    Running Status

    Status of the instance.

    Running

    Version

    Dedicated WAF version.

    202304

    Deployment

    How the instance is deployed.

    Standard mode (reverse proxy)

    Specifications

    Specifications of resources hosting the instance.

    8 vCPUs | 16 GB

Viewing Metrics of a Dedicated WAF Instance

When a WAF instance is in the Running status, you can view the monitored metrics about the instance.

  1. Log in to the management console.
  2. Click in the upper left corner of the management console and select a region or project.
  3. Click in the upper left corner of the page and choose Security > Web Application Firewall.
  4. In the navigation pane on the left, choose Instance Management > Dedicated Engine to go to the dedicated WAF instance page.

    Figure 2 Dedicated engine list

  5. In the row of the instance, click Cloud Eye in the Operation column to go to the Cloud Eye console and view the monitoring information, such as CPU, memory, and bandwidth.

Upgrading a Dedicated WAF Instance

Only dedicated WAF instances in the Running status can be upgraded to the latest version.

  • It takes about 20 minutes for upgrading an instance. During the upgrade, the instance is not available and cannot protect your domain names connected to it. To prevent service interruptions, use either of the following solutions:
    • Solution 1: Deploy multiple dedicated WAF instances for your domain name, add them to a backend server group of your load balancer, and enable the health check policy for the load balancer. In this way, if one dedicated WAF instance is not available, WAF automatically distributes the traffic to other healthy instances. There is almost no impact on your services except that website requests might be intermittently interrupted for few seconds.
    • Solution 2: If you deploy only one dedicated WAF instance, configure a load balancer before you start to let website traffic bypass WAF during the upgrade. After the upgrade is complete, configure the load balancer to distribute traffic to WAF.
  • If you are using the latest version of WAF, the Upgrade button is grayed out.
  1. Log in to the management console.
  2. Click in the upper left corner of the management console and select a region or project.
  3. Click in the upper left corner of the page and choose Security > Web Application Firewall.
  4. In the navigation pane on the left, choose Instance Management > Dedicated Engine to go to the dedicated WAF instance page.

    Figure 3 Dedicated engine list

  5. In the row containing the instance you want to upgrade, click Upgrade in the Operation column.
  6. Confirm the upgrade conditions and click Confirm.

    Click View Details to view details of all dedicated WAF instance versions.

Rolling Back a Dedicated WAF Instance

The version can be rolled back only to the original version.

  1. Log in to the management console.
  2. Click in the upper left corner of the management console and select a region or project.
  3. Click in the upper left corner of the page and choose Security > Web Application Firewall.
  4. In the navigation pane on the left, choose Instance Management > Dedicated Engine to go to the dedicated WAF instance page.
  5. In the row of the instance, click More > Roll Back in the Operation column.
  6. In the dialog box displayed, confirm that the following conditions are met and select the following three conditions. Then, click Confirm.

    An instance can be rolled back only when the following conditions are met:
    • Multiple active instances are available or no services are connected to the instance.
    • ELB HTTP/HTTPS health check has been enabled.
    • ELB sticky session has been disabled.

Change Security Group for a Dedicated WAF Instance

If you select Network Interface for Instance Type, you can change the security group to which your dedicated instance belongs. After you select a security group, the WAF instance will be protected by the access rules of the security group.

  1. Log in to the management console.
  2. Click in the upper left corner of the management console and select a region or project.
  3. Click in the upper left corner of the page and choose Security > Web Application Firewall.
  4. In the navigation pane on the left, choose Instance Management > Dedicated Engine to go to the dedicated WAF instance page.

    Figure 4 Dedicated engine list

  5. In the row containing the instance, choose More > Change Security Group in the Operation column.
  6. In the dialog box displayed, select the new security group and click Confirm.

Deleting a Dedicated WAF Instance

You can delete a dedicated WAF instance at any time. After it is deleted, the billing ends.

Resources on deleted instance are released and cannot be restored. Exercise caution when performing this operation.

  1. Log in to the management console.
  2. Click in the upper left corner of the management console and select a region or project.
  3. Click in the upper left corner of the page and choose Security > Web Application Firewall.
  4. In the navigation pane on the left, choose Instance Management > Dedicated Engine to go to the dedicated WAF instance page.

    Figure 5 Dedicated engine list

  5. In the row of the instance, click More > Delete in the Operation column.
  6. In the displayed dialog box, enter DELETE and click Confirm.