Updated on 2023-01-05 GMT+08:00

Overview

Before using WAF, you need to connect your domain name to it and enable it for protection to take effect.

Table 1 describes the procedure to use WAF.
Table 1 Procedure to use WAF

Step

Description

Creating a domain name

Add a website to be protected. For details, see Creating a Domain Name.

Enabling WAF protection

Enable WAF protection to protect your web services. For details, see Enabling WAF Protection.

NOTE:
  • The WAF engine does not run on your web server. Therefore, your web server performance will not be affected.
  • After your domain name is connected to WAF, there will be a latency of tens of milliseconds, but might be raised based on the size of the requested page or number of incoming requests.
  • You are billed for queries per second (QPS) or service bandwidth. One HTTP GET request is counted as a query, and the maximum QPS WAF can handle is 10,000. The total volume of normal traffic to a website or domain names protected by WAF is counted as the service bandwidth, and the maximum service bandwidth WAF can handle is 300 Mbit/s.

Configuring rules

In addition to the built-in protection rules, WAF provides a rich set of custom rules. For details, see Rule Configurations.

Enabling alarm notification

Once the function is enabled, users can receive attack logs at the earliest moment. For details, see Enabling Alarm Notification.

Handling false alarms

If the attack events blocked or logged are false positives, mask them. For details, see Handling False Alarms.

Viewing Dashboard

View the request and attack statistics, event distribution, and top 5 attack resource IP addresses of yesterday, today, past 3 days, past 7 days, or past 30 days. For details, see Dashboard.

For details about how to connect your website to WAF, see Figure 1.
Figure 1 Flowchart for connecting your website to WAF