WAF can be connected with servers in data centers outside Tencent Cloud. WAF protects servers in any public networks, including but not limited to Tencent Cloud, and clouds and IDCs from other vendors.
Note:Domain names connected in the Chinese mainland must be ICP filed as required by the Ministry of Industry and Information Technology of China.
WAF fully supports HTTPS services. You just need to upload the SSL certificate and private key as instructed or select the Tencent Cloud-hosted certificate to use WAF for HTTPS traffic protection.
Up to 20 intermediate IPs can be set for one protected domain name in WAF.
Health check is enabled for WAF by default. WAF checks the connection status of all real server IPs. For the real server IP that does not respond, WAF will not forward requests to this IP until its connection status becomes normal.
WAF supports session persistence. You can submit a ticket to activate this feature.
In general, a configuration change takes effect within 10 seconds.
It is supported by CLB WAF but not by SaaS WAF.
You can connect a domain name using the WAF Console. For more information, see Add a Domain Name.
The intermediate IP address may change due to WAF maintenance and upgrades. You will be notified via SMS, email, or Message Center if it changes. You can view your intermediate IP address in the Domain Name List.
The VIP address may change when WAF is maintaining and upgrading its in/cross-region disaster recovery capabilities. To ensure the service availability, WAF only supports configuring VIP addresses by adding the CNAME.
A SaaS WAF-connected VIP address cannot be modified. If the associated domain name fails due to DDoS attacks, you can submit a ticket for assistance.
WAF performs origin-pull based on domain name or IP. You can choose which option to configure as you need. For more information, see Add a Domain Name.
See CNAME Configuration for how to bind CNAME with your DNS service provider.
Once WAF is disabled, all its protection features are unavailable, and only the traffic forwarding mode starts to run instead, with no logs recorded.
No, it won’t. You can go to the WAF Console, click your domain name in the Domain Name List, and view the CNAME in Basic Settings.
Was this page helpful?