Help Center/ Web Application Firewall/ Service Overview/ What Is WAF?
Updated on 2024-11-18 GMT+08:00
View PDF
Share

What Is WAF?

Web Application Firewall (WAF) keeps web services stable and secure. It examines all HTTP and HTTPS requests to detect and block the following attacks: Structured Query Language (SQL) injection, cross-site scripting (XSS), web shells, command and code injections, file inclusion, sensitive file access, third-party vulnerability exploits, Challenge Collapsar (CC) attacks, malicious crawlers, and cross-site request forgery (CSRF).

How WAF Works (Cloud Mode - CNAME Access Mode and Dedicated Mode)

After a website is connected to cloud WAF through a CNAME record, all website access requests are forwarded to WAF first. WAF detects and filters out malicious attack traffic, and returns normal traffic to the origin server to ensure that the origin server is secure, stable, and available.

Dedicated WAF instances are not available in some regions. For details, see Notice on Web Application Firewall (Dedicated Mode) Discontinued.

Figure 1 How WAF Works

The process of forwarding traffic from WAF to origin servers is called back-to-source. WAF uses back-to-source IP addresses to send client requests to the origin server. When a website is connected to WAF, the destination IP addresses to the client are the IP addresses of WAF, so that the origin server IP address is invisible to the client.

Figure 2 Back-to-source IP address

How WAF Works (Cloud Mode - Load Balancer Access)

If you connect a website to WAF in cloud load balancer access mode, WAF works as follows:

  • In this mode, WAF is integrated into the gateway of an ELB load balancer through an SDK module. WAF extracts traffic through the SDK module embedded in the gateway for inspection.
  • WAF synchronizes the inspection result to the load balancer, and the load balancer determines whether to forward client requests to the origin server based on the inspection result.
  • In this method, WAF does not forward traffic. This reduces compatibility and stability problems.
Figure 3 How WAF in ELB load balancer access mode works

What WAF Protects

When adding a website to WAF, you can select Cloud Mode - CNAME, Cloud Mode - Load balancer, or Dedicated Mode. Before you start, get familiar with their differences:
  • Cloud Mode - CNAME: protects your web applications that have domain name and are deployed on any clouds or in on-premises data centers.
  • Cloud Mode - Load balancer: protects your web applications that are deployed on Huawei Cloud and accessible over domain names or IP addresses (public or private IP addresses).
  • Dedicated Mode: protects your web applications that are deployed on Huawei Cloud and accessible over domain names or IP addresses (public or private IP addresses).