qinweiwei
6f60ff9f8d
Reviewed-by: Rogal, Marcel <mrogal@noreply.gitea.eco.tsi-dev.otc-service.com> Co-authored-by: qinweiwei <qinweiwei@huawei.com> Co-committed-by: qinweiwei <qinweiwei@huawei.com>
13 KiB
WAF Operation Guide
To use Web Application Firewall (WAF) to protect your web services, the services must be connected to WAF. WAF provides two access modes for you to connect web services to WAF: ELB load balancer access and dedicated access modes. You can select the access mode that best fits your web services.
Application scenarios
WAF provides the following access modes for you to connect websites to WAF.
- ELB load balancer access mode:
- Service servers are deployed on the cloud.
This mode is suitable for large enterprise websites having high security requirements on service stability.
- Protected object: domain names and IP addresses (public or private IP addresses)
- Access method: Connecting a Website to WAF (Cloud - ELB Load Balancer Access Mode)
- Service servers are deployed on the cloud.
- Dedicated mode
- Service servers are deployed on the cloud.
This mode is suitable for large enterprise websites that have a large service scale and have customized security requirements.
- Protected object: domain names and IP addresses (public or private IP addresses)
- Access method: Connecting a Website to WAF (Dedicated Mode)
- Service servers are deployed on the cloud.
Procedure for Using WAF
Figure 1 shows the procedure. Table 1 describes the procedure.
Operation |
Description |
|---|---|
Apply for a dedicated WAF instance. |
|
Add websites you want to protect to your WAF instance.
NOTE:
|
|
A policy is a combination of rules, such as basic web protection, blacklist, whitelist, and precise protection rules. A policy can be applied to multiple domain names, but only one policy can be used for a domain name. |
|
WAF displays blocked or logged-only attacks on the Events page. You can view and analyze protection logs to adjust your website protection policies or mask false alarms. |
Related Functions
Beyond functions in Procedure for Using WAF, WAF also provides the following functions for you to improve your website security performance.
Function |
Description |
|---|---|
You can view protection data of yesterday, today, last 3 days, last 7 days, or last 30 days. |
|
Configuring PCI DSS/3DS Certification Check and Configuring the Minimum TLS Version and Cipher Suite |
TLS v1.0 and the cipher suite 1 are configured by default in WAF for general security. To protect your websites better, set the minimum TLS version to a later version and select a more secure cipher suite. |
|
|
If a large number of 502 Bad Gateway and 504 Gateway Timeout errors are detected, you can enable WAF breakdown protection and connection protection to let WAF suspend your website and protect your origin servers from being crashed. When the 502/504 error requests and pending URL requests reach the thresholds you configure, WAF enables corresponding protection for your website. |
|
WAF allows you to configure traffic identifiers by IP address, session, or user tag to block possibly malicious requests from known attack sources based on IP address, Cookie, or Params. |
|
If a visitor is blocked by WAF, the Default block page of WAF is returned by default. You can also configure Custom or Redirection for the block page to be returned as required. |
|
If you upload a certificate to WAF, you can directly select the certificate when adding a website to WAF. |
|
This topic describes how to manage your dedicated WAF instances (or engines). You can view instance information, view instance monitoring configurations, upgrade the edition of an instance, and delete an instance. |