- Release Notes and Announcements
- Release Notes
- Announcements
- [Important] API Gateway Product Sales Discontinuation Announcement
- [August 30, 2024] Discontinuation Notice for Toronto Region
- [March 1, 2024] Security Management Notice for the Use of Default Domain Name in API Gateway
- [August 15, 2022] Billing of Public Network Outbound Traffic from API Gateway to Backend Services
- Product Introduction
- Purchase Guide
- Getting Started
- Operation Guide
- Instance Management
- Service Management
- Creating API
- API Creation Overview
- Creating APIs Connecting to the Public URL/IP Backend
- Creating APIs Connecting to the VPC Resource Backend
- Creating APIs Connecting to the SCF Backend
- Creating API for Interconnecting Backend with COS
- Creating APIs Connecting to the Mock Backend
- Creating APIs Connecting to the TSF Backend
- Importing APIs
- API Management
- Calling API
- Release and Access
- Custom Domain Name and Certificate
- Usage Plan
- Backend Upstream
- Verification and Security
- Log Statistics
- Access Monitoring
- API Doc Generator
- Application Management
- Permission Management
- Precautions
- Private IP Ranges and Public VIPs of API Gateway Regions
- Plugin Usage
- Practical Tutorial
- Making Serverless Service Available quickly through API Gateway
- Integrating WAF to API Gateway for Security Protection
- Accessing Resources in IDC via API Gateway Dedicated Instance
- Quick Access to TEM Application via API Gateway
- Integrating ECDN to API Gateway for Acceleration
- API Gateway Providing the Access Capability for TKE
- Migrating from Region A to Region B
- Development Guide
- API Documentation
- Legacy Features
- FAQs
- Service Level Agreement
- Contact Us
- Glossary
- Release Notes and Announcements
- Release Notes
- Announcements
- [Important] API Gateway Product Sales Discontinuation Announcement
- [August 30, 2024] Discontinuation Notice for Toronto Region
- [March 1, 2024] Security Management Notice for the Use of Default Domain Name in API Gateway
- [August 15, 2022] Billing of Public Network Outbound Traffic from API Gateway to Backend Services
- Product Introduction
- Purchase Guide
- Getting Started
- Operation Guide
- Instance Management
- Service Management
- Creating API
- API Creation Overview
- Creating APIs Connecting to the Public URL/IP Backend
- Creating APIs Connecting to the VPC Resource Backend
- Creating APIs Connecting to the SCF Backend
- Creating API for Interconnecting Backend with COS
- Creating APIs Connecting to the Mock Backend
- Creating APIs Connecting to the TSF Backend
- Importing APIs
- API Management
- Calling API
- Release and Access
- Custom Domain Name and Certificate
- Usage Plan
- Backend Upstream
- Verification and Security
- Log Statistics
- Access Monitoring
- API Doc Generator
- Application Management
- Permission Management
- Precautions
- Private IP Ranges and Public VIPs of API Gateway Regions
- Plugin Usage
- Practical Tutorial
- Making Serverless Service Available quickly through API Gateway
- Integrating WAF to API Gateway for Security Protection
- Accessing Resources in IDC via API Gateway Dedicated Instance
- Quick Access to TEM Application via API Gateway
- Integrating ECDN to API Gateway for Acceleration
- API Gateway Providing the Access Capability for TKE
- Migrating from Region A to Region B
- Development Guide
- API Documentation
- Legacy Features
- FAQs
- Service Level Agreement
- Contact Us
- Glossary
Integrating WAF to API Gateway for Security Protection
Last updated: 2023-12-22 10:02:33
Overview
Tencent Cloud Web Application Firewall (WAF) is an AI-based one-stop web service protection solution.
This document describes how to integrate WAF to the API Gateway to protect your APIs.
Prerequisites
You have activated Web Application Firewall.
You have released APIs using the API Gateway.
Directions
Step 1. Bind a custom domain name in the API Gateway console
For more information about how to bind a custom domain name in the API Gateway console, see Custom Domain Name and Certificate.
Note:
When a custom domain name is bound to the API Gateway console, the system will check whether you have configured CNAME and resolved it to the service subdomain name. Be sure to first configure CNAME and resolve it to the subdomain name of the API Gateway, modify the CNAME record, and point the custom domain name to the WAF domain name.
Step 2. Configure WAF
1. Log in to the WAF console.
2. Click Web Application Firewall > Defense Settings in the left sidebar.
3. Click Add domains at the top of the Domain name list module.
4. Select Domain name as the real server address and enter the subdomain name of the API Gateway. Complete the other configurations.
5. Click Save. The domain name should now be in the “CNAME record not configured” status.
Step 3. Modify the CNAME record
1. Modify the CNAME record and resolve the custom domain name to the WAF domain name.
2. Log in to WAF console. Click Web Application Firewall > Defense Settings in the left sidebar.
3. Click the refresh icon in the Protection status column. The status should change to Normal protection.
Yes
No
Was this page helpful?