Help Center/ Web Application Firewall/ Best Practices/ Migrating Protection Policies for Your Website
Updated on 2024-12-20 GMT+08:00

Migrating Protection Policies for Your Website

Application Scenarios

This topic will walk you through on how to migrate your website protection policies from Alibaba Cloud WAF to Huawei Cloud WAF.

We will show how to complete the migration from Alibaba Cloud pay-per-use WAF 3.0 to Huawei Cloud professional edition cloud WAF.

Resource and Cost Planning

Table 1 Resources and costs

Resource

Description

Monthly Fee

Web Application Firewall (WAF)

Cloud - professional edition:
  • Billing mode: Yearly/Monthly
  • Number of domain names that can be protected: 50
  • QPS quota: 5,000 QPS
  • Peak bandwidth: 200 Mbit/s inside the cloud and 50 Mbit/s outside the cloud

For details about pricing rules, see Billing Description.

Step 1: Buy Huawei Cloud Professional Edition Cloud WAF

  1. Log in to Huawei Cloud management console.
  2. On the management console page, choose Security & Compliance > Web Application Firewall.
  3. In the upper right corner of the page, click Buy WAF. On the purchase page displayed, select Cloud Mode for WAF Mode.

    • Region: Select the region nearest to your services WAF will protect.
    • Edition: Select Profesional.
    • Expansion Package and Required Duration: Set them based on site requirements.

  4. Confirm the product details and click Buy Now in the lower right corner of the page.
  5. Check the order details and read the WAF Disclaimer. Then, select the box and click Pay Now.
  6. On the payment page, select a payment method and pay for your order.

Step 2: Connect the Website to Huawei Cloud WAF

  1. In the navigation pane on the left, choose Website Settings.
  2. In the upper left corner of the website list, click Add Website.
  3. Select Cloud - CNAME and click Configure Now.
  4. Configure website details. Table 2 describes the parameter mappings between Huawei Cloud and Alibaba Cloud.

    On the Alibaba Cloud WAF console, choose Website Configuration > CNAME Record. In the Actions column of the row containing the target domain name, click Edit and check its configuration details.

    Figure 1 Domain name configuration page
    Table 2 Parameter mappings

    Parameter No. in Figure 1

    Alibaba Cloud

    Huawei Cloud

    Domain Name

    Domain Name

    Protocol Type/Port

    Client Protocol/Protected Port

    Whether Layer 7 Proxy, Such as Anti-DDoS Pro, Anti-DDoS Premium, or Alibaba Cloud CDN, Is Deployed in Front of WAF

    Use Layer-7 Proxy

    IPv6

    IPv6 Protection

    Load Balancing Algorithm

    Load Balancing Algorithm

    Origin Server Address

    Server Address

    Protection Resource

    Automatically generated

  5. Click Next. Then, whitelist WAF back-to-source IP address, test WAF, and modify DNS records as prompted.

    Figure 2 Domain name added to WAF

Step 3: Migrating Protection Rules

Table 3 summarizes mappings between Alibaba Cloud WAF rules and Huawei Cloud WAF rules.

Table 3 Protection rule mappings

Alibaba Cloud

Huawei Cloud

Reference

Basic protection rule

Basic web protection

Configuring Basic Web Protection Rules to Defend Against Common Web Attacks

Whitelist

  • Blacklist and whitelist
  • Global protection whitelist

IP address blacklist

Blacklist and whitelist

Custom rules

Precise protection

Configuring Custom Precise Protection Rules

Scan protection

Scanning protection

Configuring Scan Protection Rules to Block Heavy-Traffic Attacks

Custom response

Alarm page

Modifying the Alarm Page

HTTP flood protection (CC attack defense)

CC attack protection

Configuring a CC Attack Protection Rule

Region blacklist rule

Geolocation access control

Configuring Geolocation Access Control Rules to Block or Allow Requests from Specific Locations

Web Tamper Protection

Web tamper protection

Configuring Web Tamper Protection Rules to Prevent Static Web Pages from Being Tampered With

Data leakage prevention

Information leakage prevention

Configuring Information Leakage Prevention Rules to Prevent Sensitive Information Leakage