Help Center > > Getting Started> Enabling WAF Protection
None

Enabling WAF Protection

Updated at: Apr 13, 2020 GMT+08:00
  • WAF is designed to keep web applications stable and secure. It examines all HTTP and HTTPS requests to detect and block attacks such as SQL injection, XSS, webshell, command and code injection, file inclusion, sensitive file access, third-party vulnerability exploits, CC attacks, malicious crawlers, and cross-site request forgery (CSRF).

  • This section describes how to enable WAF protection to protect your web applications from common web exploits.

Step 1: Buy WAF

1. Log in to the management console. Choose Service List > Security > Web Application Firewall.
2. Click Buy Now. On the page for buying WAF, set the number of domain and bandwidth expansion packages and required duration.

Note

1. For details about WAF editions, see Edition
2. The Auto-renew option enables the system to renew your service by the purchased period when the service is about to expire.

1

Choose Security > Web Application Firewall.

Apply for a VPC.

2

Buy Web Application Firewall.

Apply for an ECS.

View Image

Step 2: Create a Domain Name

1. In the navigation pane, choose Domains. In the upper left corner of the domain list, Click Add Domain Name.
2. Configure Domain Name. This field can be a single domain (www.domain.com) or wildcard domain (*.domain.com).
3. Configure Server Configuration: including the Client ProtocolServer Protocol,Server Address, and Server Port.
4. Proxy Configured: If your website is using a proxy such as Advanced Anti-DDoS (AAD), Content Delivery Network (CDN), or any other cloud acceleration service, select Yes so that the WAF security policies take effect on the origin server IP address.

Note

1. WAF protects ports 88 and 443 by default. To protect another port, select Non-standard Port and then select a value from the Port drop-down list. 
2. If Client Protocol is set to HTTPS, select an existing certificate or import a new certificate. For details about how to import a new certificate, see Updating a Certificate.

1

Add a domain name.

Select the charging mode.

2

Configure Domain Name.

Select the charging mode.

3

Configure server information.

选择实例配置

4

Set Proxy Configured.

选择实例配置

View Image

Step 3: Connect a Domain Name

1. (No proxy used) Switch to the page of your DNS provider as prompted and point your domain to the new CNAME. 
2. (A proxy used) Modify the back-to-source IP address of the proxy (such as Advanced Anti-DDoS or CDN) as prompted.To prevent other users from configuring your domain names on WAF in advance (this will cause interference on your domain name protection), you are advised to add the subdomain name and TXT record at your DNS provider. For details about the configuration method, see What Are the Impacts If a Subdomain Name and TXT Record Are Not Configured?.

Note

1. By default, WAF detects the DNS status of each protected domain name hourly. If you have performed domain connection and Access Status is Accessed, the domain name has been connected to WAF.
2. The default status of WAF is Log only. Switch the WAF status to Block by referring to Step 4.

1

No proxy used.

Obtain the instance's connection address.

2

A proxy used.

Download and install a client.

View Image

Step 4: Enable WAF Protection

1. In the Operation column of the row containing the target domain name, click Configure Policy.
2. In the Basic Web Protection configuration area, set Mode to Block.

Note

After Block is selected, attacks are blocked and logged once they are detected.

1

Click Configure Policy.

Obtain the instance's connection address.

2

Set Mode to Block.

Download and install a client.

View Image

Operation Tutorials

helpcenter-videoicon Created with Sketch.

Video Name Example

helpcenter-videoicon Created with Sketch.

Video Name Example

helpcenter-videoicon Created with Sketch.

Video Name Example

Did you find this page helpful?

Submit successfully!

Thank you for your feedback. Your feedback helps make our documentation better.

Failed to submit the feedback. Please try again later.

Which of the following issues have you encountered?







Please complete at least one feedback item.

Content most length 200 character

Content is empty.

OK Cancel