WAF Operation Guide

After you enable the WAF service, you need to connect your website domain name to WAF so that all access requests are forwarded to WAF for protection.

Procedure for Using WAF

Figure 1 shows the procedure. Table 1 describes the procedure.

Figure 1 Procedure for using WAF
Click to enlarge

**Table 1** Procedure for using WAF
Operation	Description
Apply for a WAF Instance	Apply for a WAF instance to enable WAF protection.
Add a website to WAF.	Add websites you want to protect to your WAF instance. Cloud mode: See Step 1: Add a Domain Name to WAF (Cloud Mode). Dedicated mode: See Step 1: Add a Website to WAF (Dedicated Mode). NOTE: Using WAF does not affect your web server performance because the WAF engine is not running on your web server. After your domain name is connected to WAF, there will be a latency of tens of milliseconds, which might be raised based on the size of the requested page or number of incoming requests.
Configure a protection policy.	A policy is a combination of rules, such as basic web protection, blacklist, whitelist, and precise protection rules. A policy can be applied to multiple domain names, but only one policy can be used for a domain name.
Analyze logs.	WAF displays blocked or logged-only attacks on the Events page. You can view and analyze protection logs to adjust your website protection policies or mask false alarms.
(Optional) Enable alarm notifications.	Enable this function to receive an alarm notification the instant an attack is detected.

Related Functions

Beyond functions in Procedure for Using WAF, WAF also provides the following functions for you to improve your website security performance.

**Table 2** Related functions
Function	Description
Dashboard	You can view protection data of yesterday, today, last 3 days, last 7 days, or last 30 days.
Configuring PCI DSS/3DS Certification Check and Configuring the Minimum TLS Version and Cipher Suite	TLS v1.0 and the cipher suite 1 are configured by default in WAF for general security. To protect your websites better, set the minimum TLS version to a later version and select a more secure cipher suite.
Enabling the HTTP/2 Protocol	HTTP/2 can be used only for access between the client and WAF on the condition that at least one origin server has HTTPS used for Client Protocol.
Configuring Connection Timeout	The default timeout for connections from a browser to WAF is 120 seconds. The value varies depending on your browser settings and cannot be changed on the WAF console. The default timeout for the connection between WAF and an origin server is 30 seconds. You can manually set the timeout on the WAF console.
Configuring a Traffic Identifier for a Known Attack Source	WAF allows you to configure traffic identifiers by IP address, session, or user tag to block possibly malicious requests from known attack sources based on IP address, Cookie, or Params.
Editing Response Page for Blocked Requests	If a visitor is blocked by WAF, the Default block page of WAF is returned by default. You can also configure Custom or Redirection for the block page to be returned as required.
Forwarding Custom Header Fields	You can use WAF to add additional header information, for example, $request_id, to associate requests on the entire link. You can follow this topic to let WAF insert additional fields into a header and forward requests to origin servers.
Managing Certificates	If you upload a certificate to WAF, you can directly select the certificate when adding a website to WAF.
Managing IP Address Blacklist and Whitelist Groups	With IP address groups, you can quickly add IP addresses or IP address ranges to a blacklist or whitelist rule.
Managing Dedicated Engines	This topic describes how to manage your dedicated WAF instances (or engines), including viewing instance information, viewing instance monitoring configurations, upgrading the instance edition, or deleting an instance.
Viewing Product Details	On the Product Details page, you can view information about all your WAF instances, including the edition, domain quotas, and specifications.