Help Center> Web Application Firewall> User Guide> Website Settings> Connecting a Website to WAF (Dedicated Mode)> Connection Process (Dedicated Mode)
Updated on 2024-04-17 GMT+08:00
View PDF

Connection Process (Dedicated Mode)

To let a dedicated WAF instance protect your website, the domain name of the website must be connected to the dedicated WAF instance so that the website incoming traffic can go to WAF first.

Constraints

  • Dedicated WAF instances can protect only web applications and websites with servers deployed on Huawei Cloud and accessible through domain names or IP addresses. For details about WAF dedicated instances, see Edition Differences.
  • A dedicated Elastic Load Balance (ELB) load balancer has been used to distribute workloads for the website you want to add to WAF. For details about load balancer types, see Differences Between Dedicated and Shared Load Balancers.

    Dedicated WAF instances issued before April 2023 cannot be used with dedicated network load balancers. If you use a dedicated network load balancer (TCP/UDP), ensure that your dedicated WAF instance has been upgraded to the latest version (issued after April 2023). For details, see Dedicated Engine Version Iteration.

Processes of Connecting a Website to WAF

Before using a dedicated WAF instance, complete the required configurations by following the process shown in Figure 1.

Figure 1 Process of connecting a website to a dedicated WAF instance

Collecting Domain Name/IP Address Details

Before adding a domain name or IP address to WAF, obtain the information listed in Table 1.

Table 1 Domain name or IP address details required

Information

Parameter

Description

Example

Parameters

Protected Object
  • Domain name: used by visitors to access your website. A domain name consists of letters separated by dots (.). It is a human readable address that maps to the machine readable IP address of your server.
  • IP: IP address of the website.

www.example.com

Protected Port

The service port corresponding to the domain name of the website you want to protect.

  • Standard ports
    • 80: default port when the client protocol is HTTP
    • 443: default port when the client protocol is HTTPS
  • Non-standard ports

    Ports other than ports 80 and 443

    NOTICE:

    If your website uses a non-standard port, check whether the WAF edition you plan to buy can protect the non-standard port before you make a purchase. For details, see Ports Supported by WAF.

80

Client Protocol

Protocol used by a client (for example, a browser) to access the website. WAF supports HTTP and HTTPS.

HTTP

Server Protocol

Protocol used by WAF to forward requests from the client (such as a browser). The options are HTTP and HTTPS.

HTTP

VPC

Select the VPC that the dedicated WAF instance belongs to.

vpc-default

Server Address

Private IP address of the website server.

Log in to the ECS or ELB console and view the private IP address of the server in the instance list.

NOTE:

The origin server address cannot be the same as that of the protected object.

192.168.1.1

(Optional) Certificate

Certificate Name

If you set Client Protocol to HTTPS, you are required to configure a certificate on WAF and associate the certificate with the domain name.

NOTICE:
  • Only .pem certificates can be used in WAF. If the certificate is not in PEM format, convert it into pem format by referring to How Do I Convert a Certificate into PEM Format?
  • Currently, certificates purchased in Huawei Cloud SCM can be pushed only to the default enterprise project. For other enterprise projects, SSL certificates pushed by SCM cannot be used.

-

Fixing Inaccessible Websites

If a domain name fails to be connected to WAF, its access status is Inaccessible. To fix this issue, see Why Is the Access Status of a Domain Name or IP Address Inaccessible?

Parent Topic: Connecting a Website to WAF (Dedicated Mode)