Get started with Web Application Firewall
This topic describes common operations and best practices for activating and using Web Application Firewall (waf), and helps you learn about WAF and its configuration procedure.
How to use WAF
Web Application Firewall (WAF) helps you monitor HTTP and HTTPS requests to your website and implement access control. WAF supports custom acl rules and provides Web attack protection.
- Activate WAF and configure WAF for your website to redirect requests that are sent to your website to WAF for monitoring.
- After you have configured WAF for your website, specify WAF protection policies. WAF detects and filters malicious requests to your website based on the specified protection policy. Only valid requests are allowed to access the origin server.
- After WAF starts to work, you can view WAF security reports to learn about security details. You can also configure WAF settings to view WAF resource usage and adjust alert settings.
- You can use WAF best practices to improve security management and contact customer services for technical support.
WAF supports the subscription billing method. If you use the subscription billing method, you are billed monthly or annually. After you choose a subscription plan, the payment must be settled immediately. WAF services are available during the specified subscription period.
After you activate WAF, you will obtain a WAF instance with a WAF IP address. This WAF instance can protect up to 10 domains. These domains must use the same top-level domain.
WAF instance specifications
After you activate WAF, you can use the transparent proxy mode or DNS proxy mode to configure WAF for your website.
- Transparent proxy mode: This mode reroutes HTTP requests that are received on port 80 of the specified origin server to WAF. WAF processes these requests and then redirects the requests to the origin server.
- DNS proxy mode: This mode reroutes the requests that are sent to the protected domain to WAF by modifying the DNS record. WAF then processes and redirects the requests to the origin server.To use this mode, you must add the domain that needs protection on the Website Configuration page in the WAF console and use DNS resolution to reroute the requests sent to the protected website to WAF.
- Add the website configuration. Website configuration specifies the domain that needs protection and how the traffic bound to the domain is forwarded. WAF can automatically add website configuration. You can also manually add website configuration. You must specify required information including the domain name of the website that needs protection and the IP address of the server that hosts the website in the website configuration. After you add website configuration, WAF assigns an exclusive CNAME record for the domain name.
- Change the DNS record. To reroute the traffic targeting a protected website to WAF, you must add and apply the cname record generated by WAF for this domain name.
After you configure WAF for your website, WAF can filter out malicious requests and allow only valid requests to access the origin server.