yexinru/doc-exports
1
0
Fork 0
forked from docs/doc-exports
Code Pull Requests Activity
Files
9d532fb0cfb20f82255cb81244d288412aa56dc0
doc-exports/docs/wafd/umn/waf_01_0287.html
qiaoli 9d532fb0cf WAF Dedicated UMN 20250119 version 
Reviewed-by: Rogal, Marcel <mrogal@noreply.gitea.eco.tsi-dev.otc-service.com>
Co-authored-by: qiaoli <qiaoli@huawei.com>
Co-committed-by: qiaoli <qiaoli@huawei.com>
2025-01-24 09:50:15 +00:00

89 lines
12 KiB
HTML
Raw Blame History

<a name="waf_01_0287"></a><a name="waf_01_0287"></a>
<h1 class="topictitle1">Connecting Your Website to WAF (ELB Access Mode)</h1>
<div id="body8662426"><p id="waf_01_0287__p1651010883916">If your service servers are deployed on the cloud, you can select WAF ELB access mode to add your website IP address or domain name to WAF.</p>
<div class="note" id="waf_01_0287__en-us_topic_0000001871474014_note114919335815"><img src="public_sys-resources/note_3.0-en-us.png"><span class="notetitle"> </span><div class="notebody"><p id="waf_01_0287__en-us_topic_0000001871474014_p171536318584">If you have enabled enterprise projects, you can select an enterprise project from the <strong id="waf_01_0287__en-us_topic_0000001871474014_b9218321552">Enterprise Project</strong> drop-down list and add websites to be protected in the project.</p>
</div></div>
<div class="section" id="waf_01_0287__section19116221204118"><h4 class="sectiontitle">Prerequisites</h4><ul id="waf_01_0287__ul20231194314120"><li id="waf_01_0287__li5231114313415">You have <a href="waf_01_1072.html">applied for a dedicated WAF instance</a>.</li><li id="waf_01_0287__li1272714508430">You have contacted technical support to apply for the ELB access mode.</li><li id="waf_01_0287__li1827425144216">You have applied for a dedicated load balancer. Its specifications must be <span class="parmvalue" id="waf_01_0287__parmvalue743073074315"><b>Application load balancing (HTTP/HTTPS)</b></span>. Note that the account you use to apply for the load balancer must have WAF dedicated mode enabled.</li></ul>
</div>
<div class="section" id="waf_01_0287__section5824152333016"><h4 class="sectiontitle">Connecting a Website to WAF in ELB Access Mode</h4><ol id="waf_01_0287__ol10332142763019"><li id="waf_01_0287__li1633214279300"><span>Log in to the management console.</span></li><li id="waf_01_0287__li19333327173010"><span>Click <span><img id="waf_01_0287__image1633352713012" src="en-us_image_0000002046002725.jpg"></span> in the upper left corner of the management console and select a region or project.</span></li><li id="waf_01_0287__li933417274300"><span>Click <span><img id="waf_01_0287__image53345270304" src="en-us_image_0000002009764796.png"></span> in the upper left corner and choose <strong id="waf_01_0287__b1446464616137">Web Application Firewall (Dedicated)</strong> under <strong id="waf_01_0287__b0464346171315">Security</strong>.</span></li><li id="waf_01_0287__li633420275307"><span>In the navigation pane on the left, choose <strong id="waf_01_0287__b198465538132">Website Settings</strong>.</span></li><li id="waf_01_0287__li2334122718301"><span>In the upper left corner of the website list, click <strong id="waf_01_0287__b1420062825">Add Website</strong>.</span></li><li id="waf_01_0287__li1633415277306"><span>Choose <span class="parmvalue" id="waf_01_0287__parmvalue163441356201320"><b>ELB access</b></span> and click <span class="uicontrol" id="waf_01_0287__uicontrol734485615135"><b>OK</b></span>.</span></li><li id="waf_01_0287__li1533542715309"><span>On the displayed domain name details page, configure basic settings by referring to <a href="#waf_01_0287__table113358275303">Table 1</a>.</span><p><div class="p" id="waf_01_0287__p53351127123012">
<div class="tablenoborder"><a name="waf_01_0287__table113358275303"></a><a name="table113358275303"></a><table cellpadding="4" cellspacing="0" summary="" id="waf_01_0287__table113358275303" frame="border" border="1" rules="all"><caption><b>Table 1 </b>Parameter description</caption><thead align="left"><tr id="waf_01_0287__row733512270303"><th align="left" class="cellrowborder" valign="top" width="20.71%" id="mcps1.3.4.2.7.2.1.1.2.4.1.1"><p id="waf_01_0287__p133511279300">Parameter</p>
</th>
<th align="left" class="cellrowborder" valign="top" width="58.5%" id="mcps1.3.4.2.7.2.1.1.2.4.1.2"><p id="waf_01_0287__p13351027143013">Description</p>
</th>
<th align="left" class="cellrowborder" valign="top" width="20.79%" id="mcps1.3.4.2.7.2.1.1.2.4.1.3"><p id="waf_01_0287__p533532717306">Example Value</p>
</th>
</tr>
</thead>
<tbody><tr id="waf_01_0287__row133351527183010"><td class="cellrowborder" valign="top" width="20.71%" headers="mcps1.3.4.2.7.2.1.1.2.4.1.1 "><p id="waf_01_0287__p1335152793019">ELB (Load Balancer)</p>
</td>
<td class="cellrowborder" valign="top" width="58.5%" headers="mcps1.3.4.2.7.2.1.1.2.4.1.2 "><p id="waf_01_0287__p16336132713014">Select an ELB load balancer from the drop-down list. Make sure the server address of the protected website has been added to the ELB load balancer.</p>
</td>
<td class="cellrowborder" valign="top" width="20.79%" headers="mcps1.3.4.2.7.2.1.1.2.4.1.3 "><p id="waf_01_0287__p15336152793017">elb-waf-test</p>
</td>
</tr>
<tr id="waf_01_0287__row233612711309"><td class="cellrowborder" valign="top" width="20.71%" headers="mcps1.3.4.2.7.2.1.1.2.4.1.1 "><p id="waf_01_0287__p433672773014">ELB Listener</p>
</td>
<td class="cellrowborder" valign="top" width="58.5%" headers="mcps1.3.4.2.7.2.1.1.2.4.1.2 "><p id="waf_01_0287__p1033617279309">Listener configured for the selected ELB load balancer.</p>
<ul id="waf_01_0287__ul1833692719301"><li id="waf_01_0287__li433611277307"><strong id="waf_01_0287__b2002994741">All listeners</strong></li><li id="waf_01_0287__li193361027113015"><strong id="waf_01_0287__b213741993">Specific listener</strong></li></ul>
</td>
<td class="cellrowborder" valign="top" width="20.79%" headers="mcps1.3.4.2.7.2.1.1.2.4.1.3 "><p id="waf_01_0287__p53361027123011">All listeners</p>
</td>
</tr>
<tr id="waf_01_0287__row3336727173013"><td class="cellrowborder" valign="top" width="20.71%" headers="mcps1.3.4.2.7.2.1.1.2.4.1.1 "><p id="waf_01_0287__p1433619272303">Website Name</p>
</td>
<td class="cellrowborder" valign="top" width="58.5%" headers="mcps1.3.4.2.7.2.1.1.2.4.1.2 "><p id="waf_01_0287__p1133652703020">(Optional) You can specify a name for your website.</p>
</td>
<td class="cellrowborder" valign="top" width="20.79%" headers="mcps1.3.4.2.7.2.1.1.2.4.1.3 "><p id="waf_01_0287__p1533632715306">None</p>
</td>
</tr>
<tr id="waf_01_0287__row8336727163014"><td class="cellrowborder" valign="top" width="20.71%" headers="mcps1.3.4.2.7.2.1.1.2.4.1.1 "><p id="waf_01_0287__p333632733017">Domain Name</p>
</td>
<td class="cellrowborder" valign="top" width="58.5%" headers="mcps1.3.4.2.7.2.1.1.2.4.1.2 "><p id="waf_01_0287__p63361627173016">Set this parameter to the domain name or IP address you want to protect. Make sure that the domain name has been resolved to the EIP of the load balancer.</p>
<p id="waf_01_0287__p933613275300">Single domain names or wildcard domain names are supported.</p>
<ul id="waf_01_0287__ul23361275301"><li id="waf_01_0287__li1633619272304">Single domain name: Enter a single domain name, for example, www.example.com.</li><li id="waf_01_0287__li1333722715307">Wildcard domain name<ul id="waf_01_0287__ul0337427193018"><li id="waf_01_0287__li333720275304">If the server IP address of each subdomain name is the same, enter a wildcard domain name. For example, if the subdomain names <em id="waf_01_0287__i1706415666"><strong id="waf_01_0287__b1038107804">a.example.com</strong></em>, <strong id="waf_01_0287__b1983403437"><em id="waf_01_0287__i1237531474">b.example.com</em></strong>, and <em id="waf_01_0287__i1410141913"><strong id="waf_01_0287__b71607969">c.example.com</strong></em> have the same server IP address, you can add the wildcard domain name <strong id="waf_01_0287__b872291741"><em id="waf_01_0287__i305059053">*.example.com</em></strong> to WAF to protect all three.</li><li id="waf_01_0287__li14337102773015">If the server IP addresses of subdomain names are different, add subdomain names as single domain names one by one.</li><li id="waf_01_0287__li203373279308">Wildcard domain name<span class="parmvalue" id="waf_01_0287__parmvalue844699704"><b>*</b></span> can be added.</li></ul>
</li></ul>
</td>
<td class="cellrowborder" valign="top" width="20.79%" headers="mcps1.3.4.2.7.2.1.1.2.4.1.3 "><p id="waf_01_0287__p163373279301">Single domain name: <strong id="waf_01_0287__b495914787">www.example.com</strong></p>
<p id="waf_01_0287__p19337122763014">Wildcard domain name: <strong id="waf_01_0287__b806622053">*.example.com</strong></p>
<p id="waf_01_0287__p203374276307">IP Address:</p>
<p id="waf_01_0287__p1633732717304">XXX.XXX.1.1</p>
</td>
</tr>
<tr id="waf_01_0287__row143377279307"><td class="cellrowborder" valign="top" width="20.71%" headers="mcps1.3.4.2.7.2.1.1.2.4.1.1 "><p id="waf_01_0287__p1633710277307">Website Remarks</p>
</td>
<td class="cellrowborder" valign="top" width="58.5%" headers="mcps1.3.4.2.7.2.1.1.2.4.1.2 "><p id="waf_01_0287__p033782710302">(Optional) You can enter a description for your website.</p>
</td>
<td class="cellrowborder" valign="top" width="20.79%" headers="mcps1.3.4.2.7.2.1.1.2.4.1.3 "><p id="waf_01_0287__p1233792718308">-</p>
</td>
</tr>
<tr id="waf_01_0287__row183375270305"><td class="cellrowborder" valign="top" width="20.71%" headers="mcps1.3.4.2.7.2.1.1.2.4.1.1 "><p id="waf_01_0287__p19337182723012">Policy</p>
</td>
<td class="cellrowborder" valign="top" width="58.5%" headers="mcps1.3.4.2.7.2.1.1.2.4.1.2 "><p id="waf_01_0287__p1337142712303">The <strong id="waf_01_0287__b589149423">system-generated policy</strong> is selected by default. You can select a policy you configured before. You can also customize rules after the domain name is connected to WAF.</p>
<p id="waf_01_0287__p53375272303">System-generated policies</p>
<ul id="waf_01_0287__ul1333772714308"><li id="waf_01_0287__li19338427193018">Basic web protection (<strong id="waf_01_0287__b2100001422">Log only</strong> mode and common checks)<p id="waf_01_0287__p153381527193015">The basic web protection defends against attacks such as SQL injections, XSS, remote overflow vulnerabilities, file inclusions, Bash vulnerabilities, remote command execution, directory traversal, sensitive file access, and command/code injections.</p>
</li><li id="waf_01_0287__li17338122783016">Anti-crawler (<strong id="waf_01_0287__b87242610">Log only</strong> mode and <strong id="waf_01_0287__b245308457">Scanner</strong> feature)<p id="waf_01_0287__p63381127153011">WAF only logs web scanning tasks, such as vulnerability scanning and virus scanning, such as crawling behavior of OpenVAS and Nmap.</p>
</li></ul>
<div class="note" id="waf_01_0287__note133386275303"><span class="notetitle"> NOTE: </span><div class="notebody"><ul id="waf_01_0287__ul14338427183019"><li id="waf_01_0287__li133387273307"><strong id="waf_01_0287__b1301048244">Log only</strong>: WAF only logs detected attacks instead of blocking them.</li><li id="waf_01_0287__li10338327143012">Only the professional and platinum editions allow you to specify a custom policy for <strong id="waf_01_0287__b1028783880">Policy</strong>.</li></ul>
</div></div>
</td>
<td class="cellrowborder" valign="top" width="20.79%" headers="mcps1.3.4.2.7.2.1.1.2.4.1.3 "><p id="waf_01_0287__p73381827103013">System-generated policy</p>
</td>
</tr>
</tbody>
</table>
</div>
</div>
</p></li><li id="waf_01_0287__li15338132783010"><span>Click <strong id="waf_01_0287__b702950166">OK</strong>.</span><p><p id="waf_01_0287__p9338142763015">You can view the added websites in the protected website list.</p>
</p></li></ol>
</div>
<div class="section" id="waf_01_0287__en-us_topic_0000001871474014_section048163615716"><h4 class="sectiontitle">Follow-up Operations</h4><ul id="waf_01_0287__ul11170121873520"><li id="waf_01_0287__li151701018153512">The initial <strong id="waf_01_0287__b8986124252020">Access Status</strong> of a website is <strong id="waf_01_0287__b1987042172020">Unaccessed</strong>. When a request reaches the WAF instance configured for the website, the access status automatically changes to <strong id="waf_01_0287__b1498710428203">Accessed</strong>. To address access failure, see </li><li id="waf_01_0287__li1551305011359"><a href="waf_01_3274.html">Complete Recommended Configurations</a></li><li id="waf_01_0287__li275382463515">Adjust the protection policy configured for the protected domain name based on protection requirements. For details, see <a href="waf_01_0129.html">Protection Configuration Overview</a>.</li></ul>
</div>
</div>
<div>
<div class="familylinks">
<div class="parentlink"><strong>Parent topic:</strong> <a href="waf_01_1108.html">Connecting a Website to WAF</a></div>
</div>
</div>
View Git Blame Copy Permalink