The content of this page has been automatically translated by AI. If you encounter any problems while reading, you can view the corresponding content in Chinese.
Web Application Firewall (WAF) is able to defeat CC attacks. WAF can work with Anti-DDoS Pro to provide an all-out protection against non-HTTP requests.
With DDoS protection capability of hundreds of Gbps, Anti-DDoS Pro can easily deal with DDoS attacks and ensure the availability of your business.
WAF can block web attacks in real time to ensure the security of your business data and information.
Directions
Step 1: Configure WAF
1. Log in to the WAF Console, in the left navigation, select Access Management.
2. On the Domain Access page, click Add Domain.
3. On the Add Domain page, configure relevant parameters, click OK.
Parameter Description:
Domain Name: enter the domain name to be protected.
Server Configuration: Choose the protocol type and port based on actual circumstances. By default, select the HTTP protocol. If the website is HTTPS encrypted, select HTTPS and complete the corresponding configuration and input.
Proxy Situation: Select "Yes", WAF will retrieve the customer's real IP address as the source address through the XFF field, with the risk of source IP spoofing being acknowledged.
Origin Server Address: Enter the real IP address of the origin server of the website to be protected, which is the public IP address of the origin server.
CLB Strategy: Choose between round-robin or IP hash based on actual circumstances.
Note:
If the origin server has multiple origin-pulling IPs, choose according to actual needs. The current strategy supports round-robin (requests from the same source IP are forwarded sequentially to different origin servers) or IP hash (requests from the same source IP are forwarded to the same origin server). Round-robin is used by default.
Advanced Settings:
Origin-pull connection method: Persistent connection is used for forwarding by default. Make sure the origin server supports persistent connection; otherwise, even if persistent connection is selected, non-persistent connection will still be used.
Enable HTTP 2.0: Select HTTPS for Protocol Type and HTTPS for Origin Retrieval Method, then you can choose Yes.
Enable WebSocket: If your website uses WebSocket, it is recommended to select Yes.
Step 2. Configure Anti-DDoS Pro
1. Log in to Anti-DDoS Pro Console and select Instance List from the left navigation.
2. On the Instance List page, select the desired instance and click Manage Protected Objects in the Action column.
3. On the Manage Protected Objects page, select "Associate Device Types" as WAF, and set "Select Resource Instances" to the corresponding WAF-protected IP address.
Note:
For a CLB WAF, select "Associate Device Types" as CLB in the binding interface, and set "Resource Instances" to the corresponding CLB public IP address.
Search for the required CAM policy as needed, and click to complete policy association.
