How Do I Use a Dedicated WAF Instance to Protect Non-Standard Ports That Are Not Supported by the Dedicated Instance?
To use a dedicated WAF instance to protect a non-standard port that is not supported by dedicated instance, configure an ELB load balancer to distribute traffic to any non-standard port that is supported by the dedicated instance. For supported non-standard ports, see Which Non-Standard Ports Does WAF Support?
For example, a client sends requests over HTTP to the dedicated WAF instance, and you protect the website whose domain name is www.example.com:1234. The dedicated instance cannot protect non-standard port 1234. In this case, you can configure a load balancer to distribute traffic to any other non-standard port (for example, port 81) that can be protected by the dedicated instance. In this way, traffic designated to non-standard port 1234 will be checked by WAF.
To ensure that the configuration takes effect, a wildcard domain name corresponding to the protected domain name is recommended for the Domain Name field. For example, if you want to protect www.example.com:1234, set Domain Name to *.example.com.
Perform the following steps:
- Log in to the management console.
- Add the domain name of the website you want to protect on the WAF console.
- Click in the upper left corner and choose Web Application Firewall under Security & Compliance.
- In the navigation pane on the left, choose Website Settings.
- In the upper left corner of the website list, click Add Website. On the displayed page, select Dedicated mode, enter the wildcard domain name *.example.com corresponding to www.example.com:1234 in the Domain Name text box, and select a port (for example, 81) from the Protected Port drop-down list.
- Select Layer-7 proxy for Proxy Configured and click Confirm.
- Close the dialog box displayed.
You can view the added websites in the protected website list.
- Configure a load balancer on the ELB console.
- Click in the upper left corner of the page and choose Elastic Load Balance under Network to go to the Load Balancers page.
- Click the name of the load balancer you want in the Name column to go to the Basic Information page.
- Locate the IP as a Backend row, enable the function. In the displayed dialog box, click OK.
- Select the Listeners tab, click Add Listener, and configure the listener port to 1234.
- Click Next: Configure Request Routing Policy.
- Click Next: Add Backend Server. Then, select the IP as Backend Servers tab.
- Click Add IP as Backend Server. In the displayed dialog box, configure Backend Server IP Address and Backend Port.
- Backend Server IP Address: Enter the IP address of the dedicated WAF engine, which you can obtain from the dedicated engine list.
- Backend Port: 81, which is the same as the port you configured in 2.c.
- Click OK.
- Click Next: Confirm, confirm the information, and click Submit.
- Unbind an elastic IP address (EIP) from the origin server and bind the EIP to the load balancer configured for the dedicated WAF instance.
Domain Name and Port Configuration FAQs
- How Do I Add a Domain Name/IP Address to WAF?
- Which Non-Standard Ports Does WAF Support?
- How Do I Use a Dedicated WAF Instance to Protect Non-Standard Ports That Are Not Supported by the Dedicated Instance?
- How Do I Configure Domain Names to Be Protected When Adding Domain Names?
- Do I Have to Configure the Same Port as That of the Origin Server When Adding a Website to WAF?
- How Do I Configure Non-standard Ports When Adding a Protected Domain Name?
- What Can I Do If One of Ports on an Origin Server Does Not Require WAF Protection?
- What Data Is Required for Connecting a Domain Name/IP Address to WAF?
- How Do I Safely Delete a Protected Domain Name?
- How Long Will CNAME Records Be Retained After I Delete a Domain Name from WAF?
- Can I Change the Domain Name That Has Been Added to WAF?
- What Are the Precautions for Configuring Multiple Server Addresses for Backend Servers?
- Does WAF Support Wildcard Domain Names?
- Does WAF Protect Chinese Domain Names?
- How Do I Route Website Traffic to My Cloud WAF Instance?
- What Can I Do If the Message "Illegal server address" Is Displayed When I Add a Domain Name?
- Why Am I Seeing That My Domain Quota Is Insufficient When There Is Still Remaining Quota?
- Can I Configure Multiple Load Balancers for a Dedicated WAF Instance?
- Why Am I Seeing the "Someone else has already added this domain name. Please confirm that the domain name belongs to you" Error Message?
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbotmore