Help Center/ Web Application Firewall/ Best Practices/ Migrating Protection Policies for Your Website
Updated on 2025-12-26 GMT+08:00
View PDF
Share

Migrating Protection Policies for Your Website

Application Scenarios

This topic will walk you through on how to migrate your website protection policies from Alibaba Cloud WAF to Huawei Cloud WAF.

We will show how to complete the migration from Alibaba Cloud pay-per-use WAF 3.0 to Huawei Cloud professional edition cloud WAF.

Resource and Cost Planning

Table 1 Resources and costs

Resource

Description

Monthly Fee

Web Application Firewall (WAF)
Cloud mode - professional edition:
  • Billing mode: Yearly/Monthly
  • Number of domain names that can be protected: 50
  • QPS quota: 5,000 QPS
  • Maximum bandwidth:
    • Origin servers deployed on Huawei Cloud: 200 Mbit/s
    • Origin servers deployed outside Huawei Cloud: 50 Mbit/s

For details about pricing rules, see Billing Description.

Step 1: Buy Huawei Cloud Professional Edition Cloud WAF

  1. Log in to the WAF console.
  2. In the upper right corner of the page, click Buy WAF. On the purchase page displayed, select Cloud Mode for WAF Mode.

    • Region: Select the region nearest to your services WAF will protect.
    • Edition: Select Professional.
    • Expansion Package and Required Duration: Set them based on site requirements.

  3. Confirm the product details and click Buy Now in the lower right corner of the page.
  4. Check the order details and read the WAF Disclaimer. Then, select the box and click Pay Now.
  5. On the payment page, select a payment method and pay for your order.

    After the order is paid, click Access Console to go to the Dashboard page. Hover over the Product Details area to view the edition of the purchased instance and its specifications.

Step 2: Connect the Website to Huawei Cloud WAF

  1. In the navigation pane on the left, choose Website Settings.
  2. In the upper left corner of the website list, click Add Website.
  3. Select Cloud - CNAME and click Configure Now.
  4. Configure website details. Table 2 describes the parameter mappings between Huawei Cloud and Alibaba Cloud.

    On the Alibaba Cloud WAF console, choose Website Configuration > CNAME Record. In the Actions column of the row containing the target domain name, click Edit and check its configuration details.

    Figure 1 Domain name configuration page
    Table 2 Parameter mappings

    Parameter No

    Alibaba Cloud

    Huawei Cloud

    Domain Name

    Domain Name

    Protocol Type/Port

    Client Protocol/Protected Port

    Whether Layer 7 Proxy, Such as Anti-DDoS Pro, Anti-DDoS Premium, or Alibaba Cloud CDN, Is Deployed in Front of WAF

    Use Layer-7 Proxy

    IPv6

    IPv6 Protection

    Load Balancing Algorithm

    Load Balancing Algorithm

    Origin Server Address

    Server Address

    Protection Resource

    Automatically generated

  5. Click Next and complete the basic information about the website to be protected. Perform the following operations as prompted on the Add Website page:

    Figure 2 Domain name added to WAF
    1. Whitelist back-to-source IP addresses.
    2. Test WAF.

    After the preceding steps are complete, you can check the Access Status of the added domain name in the domain name list. The Access Status of the domain name is Inaccessible at first. You need to modify the DNS record.

Step 3: Migrating Protection Rules

Table 3 summarizes mappings between Alibaba Cloud WAF rules and Huawei Cloud WAF rules.

Table 3 Protection rule mappings

Alibaba Cloud

Huawei Cloud

Reference

Basic protection rule

Basic web protection

Configuring Basic Web Protection Rules to Defend Against Common Web Attacks

Whitelist
  • Blacklist and whitelist
  • Global protection whitelist

IP address blacklist

Blacklist and whitelist

Custom rules

Precise protection

Configuring Custom Precise Protection Rules

Scan protection

Scanning protection

Configuring Scan Protection Rules to Block Heavy-Traffic Attacks

Custom response

Alarm page

Modifying the Alarm Page

HTTP flood protection (CC attack defense)

CC attack protection

Configuring a CC Attack Protection Rule

Region blacklist rule

Geolocation access control

Configuring Geolocation Access Control Rules to Block or Allow Requests from Specific Locations

Web Tamper Protection

Web tamper protection

Configuring Web Tamper Protection Rules to Prevent Static Web Pages from Being Tampered With

Data leakage prevention

Information leakage prevention

Configuring Information Leakage Prevention Rules to Prevent Sensitive Information Leakage

Migrating Basic Protection Rules

  1. Log in to the Alibaba Cloud WAF console. In the navigation pane on the left, choose Protection Configuration > Protection Rules. On the displayed page, expand the Basic Protection Rule area. In the Action column of the row containing the target rule, click Edit and check the rule details.
  2. Log in to the Huawei Cloud WAF console and go to the Huawei Cloud WAF protection rule configuration page by referring to Figure 3.

    Figure 3 Protection rules

  3. Select the Basic Web Protection configuration box, enable it, and migrate related configurations to Huawei Cloud WAF based on Table 4.

    Table 4 Parameter mappings

    Alibaba Cloud

    Huawei Cloud

    Basic Protection Rule

    Basic Web Protection

    Create Template

    Status

    : enabled.

    Intelligent Whitelist

    None

    Rule Configuration

    General Check/Deep Inspection/Header Inspection/Shiro Decryption Check

    Protocol Compliance

    None

    Semantic Engine

    General Check

Migrating Whitelist Rules

  1. Log in to the Alibaba Cloud WAF console. In the navigation pane on the left, choose Protection Configuration > Protection Rules. On the displayed page, expand the Whitelist area. In the Actions column of the row containing the target rule, click Edit and check the rule details.
  2. Log in to the Huawei Cloud WAF console and go to the Huawei Cloud WAF protection rule configuration page by referring to Figure 4.

    Figure 4 Protection rules

  3. In the Global Protection Whitelist configuration box, enable it, and click Add Rule. Then, migrate related configurations to Huawei Cloud WAF based on Table 5.

    Table 5 Parameter mappings

    Alibaba Cloud

    Huawei Cloud

    Whitelist

    Global Protection Whitelist

    Create Template

    Status

    : enabled.

    Match Field

    Field in the Condition List area

    Logical Operator

    Logic

    Match Content

    Content

    Bypassed Modules

    Example: Basic Protection Rule - All Rules

    Ignore WAF Protection

    Example: Basic Web Protection - All built-in rules

Migrating IP Address Blacklist Rules

  1. Log in to the Alibaba Cloud WAF console. In the navigation pane on the left, choose Protection Configuration > Protection Rules. On the displayed page, expand the IP Address Blacklist area. In the Actions column of the row containing the target rule, click Edit and check the rule details.
  2. Log in to the Huawei Cloud WAF console and go to the Huawei Cloud WAF protection rule configuration page by referring to Figure 5.

    Figure 5 Protection rules

  3. Choose Blacklist and Whitelist, enable it, and click Add Rule. Then, migrate related configurations to Huawei Cloud WAF based on Table 6.

    Table 6 Parameter mappings

    Alibaba Cloud

    Huawei Cloud

    IP Address Blacklist

    Blacklist and Whitelist

    Create Template

    Status

    : enabled.

    IP Address Blacklist

    IP Address/Range

    Action

    Protective Action

Migrating Custom Rules

  1. Log in to the Alibaba Cloud WAF console. In the navigation pane on the left, choose Protection Configuration > Protection Rules. On the displayed page, expand the Custom Rules area. In the Actions column of the row containing the target rule, click Edit and check the rule details.
  2. Log in to the Huawei Cloud WAF console and go to the Huawei Cloud WAF protection rule configuration page by referring to Figure 6.

    Figure 6 Protection rules

  3. Click the Precise Protection configuration box, enable it, and click Add Rule. Then, migrate related configurations to Huawei Cloud WAF based on Table 7.

    Table 7 Parameter mappings

    Alibaba Cloud

    Huawei Cloud

    Custom Rules

    Precise Protection

    Create Template

    Status

    : enabled.

    Match Field

    Field

    Logical Operator

    Logic

    Match Content

    Content

    Protection Type

    None

    Action

    Protective Action

    Effective Mode

    Apply

Migrating Custom Response Rules

  1. Log in to the Alibaba Cloud WAF console. In the navigation pane on the left, choose Protection Configuration > Protection Rules. On the displayed page, expand the Custom Response area. In the Actions column of the row containing the target rule, click Edit and check the rule details.
  2. Log in to the Huawei Cloud WAF console. In the navigation pane on the left, choose Website Settings. Click the target domain name to go to its details page.
  3. Click the edit icon next to the page template name in the row where Alarm Page is located. In the displayed Alarm Page dialog box, specify Page Template.

    Migrate related configurations to Huawei Cloud WAF based on Table 8.
    Table 8 Parameter mappings

    Alibaba Cloud

    Huawei Cloud

    Custom Response

    Block Page

    Create Template

    Page Template

    Status Code

    HTTP Return Code

    Response Body

    Page Content

Migrating CC Attack Protection Rules

  1. Log in to the Alibaba Cloud WAF console. In the navigation pane on the left, choose Protection Configuration > Protection Rules. On the displayed page, expand the HTTP Flood Protection area. In the Actions column of the row containing the target rule, click Edit and check the rule details.
  2. Log in to the Huawei Cloud WAF console and go to the Huawei Cloud WAF protection rule configuration page by referring to Figure 7.

    Figure 7 Protection rules

  3. Click the CC Attack Protection configuration box, enable it, and click Add Rule. Then, migrate related configurations to Huawei Cloud WAF based on Table 9.

    Table 9 Parameter mappings

    Alibaba Cloud

    Huawei Cloud

    HTTP Flood Protection (CC attack defense)

    CC Attack Protection

    Create Template

    Status

    : enabled.

    Action

    Protective Action

    Protected objects

    This parameter is not required for Huawei Cloud WAF.

Migrating Region Blacklist Rules

  1. Log in to the Alibaba Cloud WAF console. In the navigation pane on the left, choose Protection Configuration > Protection Rules. On the displayed page, expand the Region Blacklist area. In the Actions column of the row containing the target rule, click Edit and check the rule details.
  2. Log in to the Huawei Cloud WAF console and go to the Huawei Cloud WAF protection rule configuration page by referring to Figure 8.

    Figure 8 Protection rules

  3. In the Geolocation Access Control configuration box, enable it, and click Add Rule. Then, migrate related configurations to Huawei Cloud WAF based on Table 10.

    Table 10 Parameter mappings

    Alibaba Cloud

    Huawei Cloud

    Region Blacklist Rule

    Geolocation Access Control

    Create Template

    Status

    : enabled.

    Action

    Protective Action

    Select Regions to Block

    Geolocation

Migrating Website Tamper Protection Rules

  1. Log in to the Alibaba Cloud WAF console. In the navigation pane on the left, choose Protection Configuration > Protection Rules. On the displayed page, expand the Website Tamper-proofing area. In the Actions column of the row containing the target rule, click Edit and check the rule details.
  2. Log in to the Huawei Cloud WAF console and go to the Huawei Cloud WAF protection rule configuration page by referring to Figure 9.

    Figure 9 Protection rules

  3. In the Web Tamper Protection configuration box, enable it, and click Add Rule. Then, migrate related configurations to Huawei Cloud WAF based on Table 11.

    Table 11 Parameter mappings

    Alibaba Cloud

    Huawei Cloud

    Website Tamper-proofing

    Web Tamper Protection

    Create Template

    Status

    : enabled.

    Address of Cached Page

    Path

Migrating Data Leakage Prevention Rules

  1. Log in to the Alibaba Cloud WAF console. In the navigation pane on the left, choose Protection Configuration > Protection Rules. On the displayed page, expand the Data Leakage Prevention area. In the Actions column of the row containing the target rule, click Edit and check the rule details.
  2. Log in to the Huawei Cloud WAF console and go to the Huawei Cloud WAF protection rule configuration page by referring to Figure 10.

    Figure 10 Protection rules

  3. Click the Information Leakage Prevention configuration box, enable it, and click Add Rule. Then, migrate related configurations to Huawei Cloud WAF based on Table 12.

    Table 12 Parameter mappings

    Alibaba Cloud

    Huawei Cloud

    Data Leak Prevention

    Information Leakage Prevention

    Create Template

    Status

    : enabled.

    Match Condition

    Type

    Sensitive Info

    Content

    Action

    Protective Action