The content of this page has been automatically translated by AI. If you encounter any problems while reading, you can view the corresponding content in Chinese.
Help & Documentation>Web Application Firewall>Practical Tutorial>API Security>Use WAF and API Gateway together for security protection

Use WAF and API Gateway together for security protection

Last updated: 2024-11-26 09:48:39

On this page:

This document describes how to configure WAF to provide security protection for APIs on API Gateway.

Prerequisites

Activated WAF .
The API has been published on API Gateway. For details, see Quick Start.

Directions

Step 1. Bind a custom domain name in the API Gateway console

For more information about how to bind a custom domain name in the API Gateway console, see Configuring a Custom Domain Name.
Note:
When a custom domain name is bound to API Gateway, the system will check whether you have configured CNAME and resolved it to the service subdomain name. Therefore, you need to configure CNAME and resolve the custom domain name to the subdomain name of API Gateway, modify the DNS record, and point the custom domain name to the WAF CNAME domain name.


Step 2. Configure WAF

1. Log in to the WAF Console, in the left navigation, select Access Management.
2. On the Domain Access page, click Add Domain.

3. On the Add Domain page, configure relevant parameters, click OK.

4. After completing the configuration, the domain access status will be "CNAME Record Not Configured".


Step 3. Modify the CNAME record

1. Modify the CNAME record at your DNS service provider and resolve the custom domain name to the WAF domain name.
2. Log in to WAF Console, select Access Management, go to the Domain Access page, and you will see the protection status page.

中国站 - English