Help Center/ Web Application Firewall/ User Guide (Ankara Region)/ Applying for a Dedicated WAF Engine
Updated on 2024-04-12 GMT+08:00

Applying for a Dedicated WAF Engine

If your service servers are deployed on the cloud, you can apply for dedicated WAF engines (or dedicated WAF instances) to protect important websites through domain names or web applications with only IP addresses.

Prerequisites

  • You have obtained management console login credentials for an account with the WAF Administrator and WAF FullAccess permissions.
  • A VPC is available.
  • Resource sets have been created.

Precautions

After your application for a dedicated WAF instance succeeds, its specifications cannot be modified.

It takes about 10 minutes to create a dedicated WAF instance. If the instance is in the Running status, the instance has been created successfully.

Procedure

  1. Log in to the management console.
  2. Click in the upper left corner of the management console and select a region or project.
  3. Click in the upper left corner and choose Web Application Firewall under Security.
  4. If you are a first-time user for dedicated WAF instances, click Apply for Dedicated Engine Now on the left of the page.

    If you are not a first-time user for dedicated WAF instances, click Create WAF in the upper right corner of the page.

  5. On the Apply for Web Application Firewall page, set WAF instance parameters by referring to Table 1.

    Table 1 Parameters of a dedicated WAF instance

    Parameter

    Description

    Billing Mode

    Dedicated WAF instances are billed on a pay-per-use basis. You are billed for the required duration by the second, which starts when the instance is created and ends when the instance is deleted.

    Region

    Generally, a WAF instance you apply for in any region can protect web services in all regions. To make a WAF instance forward your website traffic faster, select the region nearest to your services.

    AZ

    Select an AZ in the selected region.

    Instance Name Prefix

    Set a prefix of the dedicated WAF instance name. If you apply for multiple instances at a time, the prefix to each instance name is the same.

    Quantity

    Set the number of WAF instances you want to apply for.

    Specifications

    Select specifications for your instance. WAF offers two types of specifications, 500 Mbit/s and 100 Mbit/s.

    WAF Instance Type

    ECS

    Your WAF instance will be created on your ECS. You can view details of the ECS on the ECS console.

    CPU Architecture

    Select CPU specifications for your instance.

    ECS Specifications

    Select ECS specifications for your instance.

    Estimated Final Specifications

    Expected throughput for your reference.

    VPC

    Select the VPC to which the origin server belongs.

    NOTICE:

    If you select a VPC that supports IPv6 and enable IPv6, the dedicated WAF instance supports IPv6 protection.

    Subnet

    Select a subnet configured in the VPC.

    Security Group

    Select a security group in the region or click Manage Security Group to go to the VPC console and create a security group. After you select a security group, the WAF instance will be protected by the access rules of the security group.

    NOTICE:
    • You can configure your security group as follows:
      • Inbound rules

        Add an inbound rule to allow incoming network traffic to pass through over a specified port based on your service requirements. For example, if you want to allow access from port 80, you can add a rule that allows TCP and port 80.

      • Outbound rules

        All outgoing network traffic is allowed by default.

    • If your dedicated WAF instance and origin server are not in the same VPC, enable communications between the instance and the subnet of the origin server in the security group.

  6. In the lower right corner of the page, click Next.
  7. Confirm the configuration and click Apply Now.
  1. Click Back to Dedicated Engine List. On the Dedicated Engine page, view the instance status.

    It takes about 10 minutes to create a dedicated WAF instance. If the instance is in the Running status, the instance has been created successfully.