If your Web business has enabled Cloud Load Balancer (CLB), you can integrate precision domain name protection in the WAF instance or enable cloud-native object policy protection. This document guides you on how to enable the default protection for CLB instance objects.
Note:
Object access is supported only in the Enterprise Edition and later. Upgrade the WAF instance package edition to the Enterprise Edition to access cloud-native protection objects.
Background
Cloud-native object access supports integration based on cloud-native instance objects (CLB, cloud-native gateways, APISIX gateways, etc.) or other hybrid cloud cluster objects accessed through application gateway SDKs. After integration, a default basic security protection policy set is automatically generated based on cloud-native instance ID objects or hybrid cloud cluster ID objects. This provides default protection for Web traffic without configured domain name access and allows customer-defined management of the corresponding protection policies.
The relevant protection activation sequence is as follows:
Configuration Instructions
1. Log in to the WAF console, and choose Asset Center > Connection Management > Instances in the left sidebar. 2. On the object access page, view all instance information for CLB or cloud-native gateways.
After the current account is authorized, the system will automatically synchronize discovered instances of CLB or cloud-native gateways within 5 minutes. If the accessed instances of CLB or cloud-native gateways are not listed, you can click Sync assets to synchronize updated assets.
If some web traffic of the current CLB or cloud-native gateway instance has been accessed through an exact domain name, you can view it through the WAF instance ID/name column. For web traffic already protected by an exact domain name, the protection policy of the exact domain name is matched first. If there is no such policy or if it is not hit, the protection policy based on the CLB instance object will automatically take effect.
3. Enable WAF protection.
3.1 Select the instance of the CLB or cloud-native gateway with enabled WAF protection, and click in the WAF switch column. 3.2 In the confirmation popup for enabling, click OK to enable WAF protection.
Note:
After it is enabled, WAF will protect the traffic passing through the CLB listener, intercept attack behaviors, and record attack logs.
If you only have one CLB-type WAF instance, you can directly enable WAF protection with one click.
If you have multiple CLB-type WAF instances, first bind the corresponding WAF instance to the CLB instance in the WAF instance ID/name column, and then enable WAF protection with one click.
4. Disable WAF protection.
4.1 Select the instance of the CLB or cloud-native gateway with enabled WAF protection, and click in the WAF switch column. 4.2 In the confirmation popup for disabling, click OK to disable WAF protection.
Note:
After it is disabled, WAF will no longer protect the traffic passing through the CLB listener, and all WAF features will become ineffective.
5. Enable the Bot Traffic Analysis switch.
5.1 Select the instance of the CLB or cloud-native gateway with enabled WAF protection, and click in the bot switch column. 5.2 In the confirmation popup for enabling, click OK to enable bot protection.
Note:
Only CLB object types support enabling the bot traffic switch.
6. Enable the API Security Switch.
6.1 Select the instance of the CLB or cloud-native gateway with enabled WAF protection, and click in the API Security Switch column. 6.2 In the confirmation popup for enabling, click OK to enable API security protection.
Note:
Only CLB object types support enabling the API Security Switch.
Was this page helpful?