Enabling WAF

Prerequisites

• You have obtained management console login credentials for an account with the WAF Administrator and WAF FullAccess permissions.
• You have applied for a VPC before applying for a dedicated WAF instance.
• You have created resource sets.

Applying for a Cloud WAF Instance

1. Log in to the management console.
2. Click in the upper left corner of the management console and select a region or project.
3. Click in the left upper corner and choose Security > Web Application Firewall to go to the Dashboard page.
4. In the upper right corner of the page, click Create WAF.
5. Select Cloud Mode.
6. On the displayed page, select a region.
7. In the lower right corner of the page, click Next.
8. Click Back to Website Settings and add domain names of websites to be protected to WAF.

Applying for a Dedicated WAF Instance

1. Log in to the management console.
2. Click in the upper left corner of the management console and select a region or project.
3. Click in the left upper corner and choose Security > Web Application Firewall to go to the Dashboard page.
4. In the upper right corner of the page, click Create WAF.
5. Select Dedicated Mode.
6. On the Apply for Web Application Firewall page, set WAF instance parameters by referring to Table 1.

   Table 1 Parameters of a dedicated WAF instance

   Parameter	Description
   Billing Mode	Dedicated WAF instances are billed on a pay-per-use basis. You are billed for the required duration by the second, which starts when the instance is created and ends when the instance is deleted.
   Region	Generally, a WAF instance you apply for in any region can protect web services in all regions. To make a WAF instance forward your website traffic faster, select the region nearest to your services.
   AZ	Select an AZ in the selected region.
   Instance Name Prefix	Set a prefix of the dedicated WAF instance name. If you apply for multiple instances at a time, the prefix to each instance name is the same.
   Quantity	Set the number of WAF instances you want to apply for. To ensure the SLA and prevent single points of failure (SPOFs), apply for at least two WAF instances for your workloads.
   Specifications	Select specifications for your instance. WAF offers two types of specifications, 500 Mbit/s and 100 Mbit/s.
   WAF Instance Type	ECS Your WAF instance will be created on your ECS. You can view details of the ECS on the ECS console.
   CPU Architecture	Select CPU architecture for your instance.
   CPU Specifications	Select CPU specifications for your instance.
   ECS Specifications	Select ECS specifications for your instance.
   VPC	Select the VPC to which the origin server belongs.
   Subnet	Select a subnet configured in the VPC.
   Security Group	Select a security group in the region or click Manage Security Group to go to the VPC console and create a security group. After you select a security group, the WAF instance will be protected by the access rules of the security group. NOTICE: You can configure your security group as follows: Inbound rules Add an inbound rule to allow incoming network traffic to pass through over a specified port based on your service requirements. For example, if you want to allow access from port 80, you can add a rule that allows TCP and port 80. Outbound rules The value is Default. All outgoing network traffic is allowed by default. If your dedicated WAF instance and origin server are not in the same VPC, enable communications between the instance and the subnet of the origin server in the security group.

7. In the lower right corner of the page, click Next.
8. Confirm the configuration and click Apply Now.
9. Click Back to Dedicated Engine List. On the Dedicated Engine page, view the instance status.