Updated on 2023-04-25 GMT+08:00

Introduction

Application Scenarios

This solution helps you deploy a web application firewall (WAF) on Huawei Cloud ECSs in just a few clicks with open-source software ModSecurity. Combining with the flexibility and efficiency of Nginx, this solution can significantly enhance your web security. ModSecurity is an open-source cross-platform web application firewall (WAF). It can protect websites by checking the data received and sent by web servers.

Solution Architecture

This solution uses the open-source ModSecurity software to establish a WAF on Huawei Cloud ECSs. The following figure shows the deployment architecture.
Figure 1 Solution architecture

This solution will:

  • Create a Linux ECS, which is used for setting up a Web Application Firewall (WAF) and installing Nginx.
  • Install and configure Nginx on a Linux ECS to balance workloads.
  • Install and configure ModSecurity on a Linux ECS to provide WAF capabilities.
  • Create an EIP and bind it to a server so that the server can access the Internet and be accessed from the Internet.

Advantages

  • Cost-effectiveness

    Huawei Cloud ECSs provide ultimate performance at competitive prices. You can build a custom WAF on ECSs with open-source ModSecurity.

  • Quick deployment

    You can create ECSs and install a WAF on them in just a few clicks.

  • Open source and customization

    This solution is open-source and free for commercial use. You can also make custom development based on source code.

Constraints

  • Before you start, ensure that you have an account with Huawei Cloud and your account is not in arrears or frozen. You can estimate the total price according to Table 1.
  • Ensure that you have created a VPC, a subnet, a security group, and service ECSs.