Managing Dedicated WAF Engines

Prerequisites

• You have applied for a dedicated WAF instance.
• Your login account has the IAM ReadOnly permission.

Viewing Information About a Dedicated WAF Instance

1. Log in to the management console.
2. Click in the upper left corner of the management console and select a region or project.
3. Click in the upper left corner and choose Web Application Firewall under Security & Compliance.
4. In the navigation pane on the left, choose Instance Management > Dedicated Engine to go to the dedicated WAF instance page.
   Figure 1 Dedicated engine list
   

5. View information about a dedicated WAF instance. Table 1 describes parameters.

   Table 1 Key parameters of dedicated WAF instances

   Parameter	Description	Example Value
   Instance Name	Name automatically generated when an instance is created.	None
   Protected Website	Domain name of the website protected by the instance.	www.example.com
   VPC	VPC where the instance resides	vpc-waf
   Subnet	Subnet where an instance resides	subnet-62bb
   IP Address	IP address of the subnet in the VPC where the WAF instance is deployed.	192.168.0.186
   Access Status	Connection status of the instance.	Accessible
   Running Status	Status of the instance.	Running
   Version	Dedicated WAF	202304
   Deployment	How the instance is deployed.	Standard mode (reverse proxy)
   Specifications	Specifications of resources hosting the instance.	8 vCPUs | 16 GB

Viewing Metrics of a Dedicated WAF Instance

When a WAF instance is in the Running status, you can view the monitored metrics about the instance.

1. Log in to the management console.
2. Click in the upper left corner of the management console and select a region or project.
3. Click in the upper left corner and choose Web Application Firewall under Security & Compliance.
4. In the navigation pane on the left, choose Instance Management > Dedicated Engine to go to the dedicated WAF instance page.
   Figure 2 Dedicated engine list
   

5. In the row of the instance, click Cloud Eye in the Operation column to go to the Cloud Eye console and view the monitoring information, such as CPU, memory, and bandwidth.

Upgrading a Dedicated WAF Instance

Only dedicated WAF instances in the Running status can be upgraded to the latest version.

• It takes about 20 minutes for upgrading an instance. During the upgrade, the instance is not available and cannot protect your domain names connected to it. To prevent service interruptions, use either of the following solutions:
  • Solution 1: Deploy multiple dedicated WAF instances for your domain name, add them to a backend server group of your load balancer, and enable the health check policy for the load balancer. In this way, if one dedicated WAF instance is not available, WAF automatically distributes the traffic to other healthy instances. There is almost no impact on your services except that website requests might be intermittently interrupted for few seconds.
  • Solution 2: If you deploy only one dedicated WAF instance, configure a load balancer before you start to let website traffic bypass WAF during the upgrade. After the upgrade is complete, configure the load balancer to distribute traffic to WAF.
• If you are using the latest version of WAF, the Upgrade button is grayed out.

1. Log in to the management console.
2. Click in the upper left corner of the management console and select a region or project.
3. Click in the upper left corner and choose Web Application Firewall under Security & Compliance.
4. In the navigation pane on the left, choose Instance Management > Dedicated Engine to go to the dedicated WAF instance page.
   Figure 3 Dedicated engine list
   

5. In the row containing the instance you want to upgrade, click Upgrade in the Operation column.
6. Confirm the upgrade conditions and click Confirm.

   Click View Details to view details of all dedicated WAF instance versions.

Change Security Group for a Dedicated WAF Instance

If you select Network Interface for Instance Type, you can change the security group to which your dedicated instance belongs. After you select a security group, the WAF instance will be protected by the access rules of the security group.

1. Log in to the management console.
2. Click in the upper left corner of the management console and select a region or project.
3. Click in the upper left corner and choose Web Application Firewall under Security & Compliance.
4. In the navigation pane on the left, choose Instance Management > Dedicated Engine to go to the dedicated WAF instance page.
   Figure 4 Dedicated engine list
   

5. In the row containing the instance, choose More > Change Security Group in the Operation column.
6. In the dialog box displayed, select the new security group and click Confirm.

Deleting a Dedicated WAF Instance

You can delete a dedicated WAF instance anytime. A deleted dedicated WAF instance will no longer protect the website added to it.

Resources on deleted instance are released and cannot be restored. Exercise caution when performing this operation.

1. Log in to the management console.
2. Click in the upper left corner of the management console and select a region or project.
3. Click in the upper left corner and choose Web Application Firewall under Security & Compliance.
4. In the navigation pane on the left, choose Instance Management > Dedicated Engine to go to the dedicated WAF instance page.
   Figure 5 Dedicated engine list
   

5. In the row of the instance, click More > Delete in the Operation column.
6. In the displayed dialog box, enter DELETE and click Confirm.