Buying Cloud Mode WAF
If you plan to use cloud mode - CNAME access or cloud mode - load balancer access to connect your website to WAF, you need to buy cloud mode WAF.
- Cloud mode - CNAME access: applies to the scenario where service servers are deployed on Huawei Cloud, other cloud other than Huawei Cloud, or on-premises and the protected object is a domain name. For more details, see Connecting Your Website to WAF with Cloud Mode - CNAME Access.
- Cloud mode - load balancer access: applies to the scenario where service servers are deployed on Huawei Cloud and the protected object is a domain name, public IP address, or private IP address. For more details, see Connecting Your Website to WAF with Cloud Mode - Load Balancer Access.
After buying cloud mode WAF, you still need to submit a service ticket to enable the load balancer access method. For details about supported regions, see Function Overview.
Before You Start
- Only one billing mode can be selected for your WAF instance in an account.
- You can switch between yearly/monthly and pay-per-use billing modes for your WAF. For details, see Can I Switch Between Yearly/Monthly and Pay-per-Use Payments for WAF?
- If your yearly/monthly cloud mode WAF expires or is unsubscribed, you can buy a yearly/monthly or pay-per-use WAF again.
- If you buy a pay-per-use WAF in the same project where your original WAF is deployed, the WAF configuration data will be retained.
- If you buy a yearly/monthly WAF in the same region where your original WAF is deployed, the WAF configuration data will be retained.
- You can disable pay-per-use billing mode and then buy a yearly/monthly or pay-per-use WAF.
After the pay-per-use billing mode is disabled, the WAF billing stops, the WAF configuration data is saved, and WAF Mode changes to Suspended. In this situation, WAF forwards your website traffic without inspecting traffic.
Prerequisites
IAM users for logging in to the WAF console must have the WAF Administrator and BSS Administrator permissions.
Constraints
- WAF supports protection for all regions. For details about supported regions, see In Which Regions Is WAF Available?
- Only one edition can be selected in a larger geographical region using the same account.
- CN North: CN North-Beijing1, CN North-Beijing4, CN North-Beijing2, CN North-Ulanqab1, CN North-Ulanqab201, CN North-Ulanqab202, and CN North-Beijing3
- CN East: CN East-Shanghai1, CN East-Shanghai2, CN East-Qingdao, and CN East 2
- CN South: CN South-Guangzhou and CN South-Shenzhen
- With professional or enterprise WAF, you can protect any non-standard ports for your website. To do so, submit a ticket to enable them first.
Buying a Yearly/monthly Cloud WAF Instance
- Log in to the WAF console.
- Click
in the upper left corner and select a region or project.
- (Optional) If you have enabled the enterprise project function, in the upper part of the navigation pane on the left, select your enterprise project from the Filter by enterprise project drop-down list. Then, WAF will display the related security data in the enterprise project on the page.
- In the upper right corner of the page, click Buy WAF.
- On the Dashboard page, click Buy WAF.
- On the Buy Web Application Firewall page, complete the following configurations.
Table 1 Parameters for purchasing yearly/monthly cloud mode WAF. Parameter
Description
Example Value
Basic Settings
WAF Mode
WAF mode you want to buy. If you select Cloud Mode, you can use Cloud Mode - CNAME Access or Cloud Mode - Load balancer access to connect websites to WAF.
Cloud Mode
Billing Mode
Billing mode of WAF.
- Yearly/Monthly: a prepaid billing mode.
- Pay-per-use: a postpaid billing mode.
For details about billing modes, see WAF Billing Overview.
Yearly/Monthly billing
Region
Region where the WAF instance will be deployed. Select a region from the Region drop-down list. Only one WAF edition can be purchased in a region.
Generally, a WAF instance purchased in any region can protect web services in all regions. To make a WAF instance forward your website traffic faster, select the region nearest to your services.
CN-Hong Kong
Edition
Edition
Select Basic course. WAF provides many tiered specifications, including Starter, Standard, Professional, and Enterprise editions, ranking from low to high specifications.
- For details service scale and function differences, see Edition Differences.
- To use Cloud Mode - Load balancer access, you need to buy the standard, professional, or enterprise edition first.
Cloud Mode - Load balancer shares its domain name, QPS, and rule expansion package quotas with Cloud Mode - CNAME, and the service specifications are the same as those of the basic package for cloud mode you buy.
Professional
Expansion Packages
You can buy domain name, bandwidth, and rule expansion packages to obtain extra quotas based on the basic package. For more details, see Expansion Packages (Optional).
- Domain expansion packages: 1
- Bandwidth expansion package: 1
- Rule expansion packages: 1
Final Specifications
After you select Basic course, Advanced Functions, and Expansion Packages, WAF calculates the total number of selected quotas in real time.
--
Usage Settings
Required Duration
Select the purchase duration. The duration ranges from one month to three years.
1 year
Auto-Renewal
Whether to automatically renew the WAF service when it expires. If you enable this, WAF will automatically renew the subscription upon expiration based on the required duration you configure.
Hover over View Billing Rules and Renewal Durations and click Learn More. For details, see Auto-Renewal Rules.
Auto-renewal
- Confirm the product details and click Buy Now.
- On the Confirm Configuration page, confirm the order details, select I have read and agree to the WAF Disclaimer, and click Pay.
- On the payment page, select a payment method and complete the payment.
After WAF is enabled, you can go to the WAF console. In the navigation pane on the left, choose Viewing Product Details.
. On the product details page, view the details of purchased instances. For details, see
Buying Pay-per-Use Cloud Mode WAF
To buy pay-per-use WAF instances, submit a service ticket to enable the service.
- Log in to the WAF console.
- Click
in the upper left corner and select a region or project.
- (Optional) If you have enabled the enterprise project function, in the upper part of the navigation pane on the left, select your enterprise project from the Filter by enterprise project drop-down list. Then, WAF will display the related security data in the enterprise project on the page.
- In the upper right corner of the page, click Buy WAF.
- On the Buy Web Application Firewall page, select Pay-per-use for Billing Mode and select a region.
Generally, a WAF instance purchased in any region can protect web services in all regions. To make a WAF instance forward your website traffic faster, select the region nearest to your services.
Figure 1 Pay-per-use
- In the lower right corner of the page, click Next.
- Click Back to Website Settings and add domain names of websites to be protected.
If you want to disable WAF, choose Disable Pay-Per-Use Billing next to Cloud Mode.
, and click- If you want to check the WAF edition in use and how long it will expire, choose Viewing Product Details. in the navigation pane on the left and view details. For details, see
- If you no longer need WAF, click Disable Pay-Per-Use Billing next to the Cloud Mode column on the Product Details page.
Follow-up Operations
- Connecting a Website to WAF: With cloud mode, you can use CNAME access and ELB load balancer access to connect a website to WAF over website domain names or IP addresses.
- Viewing Protection Events: After a domain name or IP address is connected to WAF, by default, WAF enables General Check in Basic Web Protection, with Protective Action set to Log only and Protection Level to medium, and enables Scanner in Anti-Crawler, with Protective Action set to Log only. You can view and handle protection events on the Events page.
- Configuring Protection Policies: If default protection rules cannot meet your website security requirements, you can configure custom protection rules.
- Querying a Protection Event: View website protection details.
Related Operations
- Changing Editions and Specifications: If you are using cloud mode WAF, you can upgrade the WAF edition in use or increase the quotas of expansion packages to protect more domain names or traffic.
- How Do I Unsubscribe from WAF?: You can unsubscribe from yearly/monthly WAF.
- How Do I Renew WAF?: You can renew yearly/monthly WAF.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot