Updated on 2024-11-05 GMT+08:00

Before You Start

Web Application Firewall (WAF) examines HTTP/HTTPS requests to identify and block malicious traffic, keeping your core service data secure and web server performance stable. This document describes how to quickly use WAF to protect your workloads.

Step 1: Buy a WAF Instance

  1. Log in to Huawei Cloud management console. On the console page, choose Security & Compliance > Web Application Firewall.
  2. In the upper right corner of the page, click Buy WAF. On the purchase page displayed, select a WAF mode.

    WAF provides three access modes, CNAME and ELB access modes for cloud WAF and dedicated access mode for dedicated WAF. For their differences, see Edition Differences.

    Dedicated WAF instances are not available in some regions. For details, see Notice on Web Application Firewall (Dedicated Mode) Discontinued.

    • Buying a Cloud WAF Instance
      • To use ELB-access cloud WAF, you need to submit a service ticket to enable it for you first. ELB-access cloud WAF is available in some regions. For details, see Functions.
      • If you want to use the ELB access mode, make sure you are using standard, professional, or platinum cloud WAF. When you are using cloud WAF, the quotas for the domain name, QPS, and rule extension packages are shared between the ELB access and CNAME access modes.

Step 2: Connect a Website to WAF

After buying a WAF instance, you need to add it to WAF, or WAF cannot check HTTP or HTTPS requests.

Access Mode

Protection Scenario

Reference Document

Cloud Mode - CNAME Access

  • Service servers are deployed on any cloud or in on-premises data centers.
  • Protected objects: domain names

Connecting Your Website to WAF (Cloud Mode - CNAME Access)

Cloud Mode - Load Balancer Access

  • Service servers are deployed on Huawei Cloud.

    This mode suitable for large enterprise websites having high security requirements on service stability.

  • Protected objects: domain names and IP addresses

Connecting Your Website to WAF (Cloud Mode - Load Balancer Access)

Dedicated mode

  • Service servers are deployed on Huawei Cloud.

    This mode is suitable for large enterprise websites that have a large service scale and have customized security requirements.

  • Protected objects: domain names and IP addresses

Connecting Your Website to WAF (Dedicated Mode)

Step 3: Configure a Protection Policy

After your website is connected to WAF, WAF applies a protection policy to your website and enables General Check (with Protective Action set to Log only and Protection Level set to Medium) in Basic Web Protection and enables Scanner check (with Protective Action set to Log only) in Anti-Crawler protection.

  • If you do not have special security requirements, you can retain the default settings and view WAF protection logs on the Events page at any time. For details, see Viewing Protection Event Logs.
  • If your website were under attacks, you can configure a custom protection policy based on attack details on the Dashboard and Events pages. For details, see Adding Rules to One or More Policies.

Step 4: View Protection Logs

On the Events page, view the protection details of the configured protection policy and handle the source IP address.

  • To quickly whitelist a source IP address, locate the row that contains the corresponding event, choose Handle as False Alarm in the Operation column, and configure a global protection whitelist rule.
  • To block or allow a source IP address, add it to an IP address blacklist or whitelist.

For details, see Handling False Alarms.