edit-icon download-icon

Step 1: Set up the WAF console

Last Updated: Jan 15, 2018

Procedure

To set up a WAF console, follow these steps:

  1. Log on to the Alibaba Cloud console.

  2. Click Web Application Firewall service under Security.

  3. Click Domain Name Configuration to view the domain list.

  4. Enter a Domain name and Origin’s IP, and then select Protocol type.

    1

    Note:

    • The domain name option supports the use of wildcards. For example, “*.nice2meetu.top” can be used to match “www.nice2meetup.top”, “mail.nice2meetu.top”, and “blog.nice2meetu.top”.
    • If the Protocol type is HTTPS, the associated SSL certificate and private key is required (see how to upload these items in the following section).
    • Up to 20 IPs can be added to one origin for load balancing. Multiple origins are load balanced based on the IP hash algorithm.
    • If you have layer-7 proxies in front of the WAF, such as Anti-DDoS and CDN, check Yes for the proxy option. Then, the WAF can obtain the real client IP.
  5. Click Add Domain. A new entry is added to the list with a CNAME generated by the WAF.

    2

Upload the SSL certificates and private key (for HTTPS domains)

  1. Click Upload Certificate under the domain to be configured.

  2. Generate your certificate and private key as plain text and paste them separately into the corresponding text areas on the upload page.

    3

  • Certificate example:

    1. -----BEGIN CERTIFICATE-----
    2. 62EcYPWd2Oy1vs6MTXcJSfN9Z7rZ9fmxWr2BFN2XbahgnsSXM48ixZJ4krc+1M+j2kcubVpsE2cgHdj4v8H6jUz9Ji4mr7vMNS6dXv8PUkl/qoDeNGCNdyTS5NIL5ir+g92cL8IGOkjgvhlqt9vc65Cgb4mL+n5+DV9uOyTZTW/MojmlgfUekC2xiXa54nxJf17Y1TADGSbyJbsC0Q9nIrHsPl8YKkvRWvIAqYxXZ7wRwWWmv4TMxFhWRiNY7yZIo2ZUhl02SIDNggIEeg==
    3. -----END CERTIFICATE-----
  • Private key example:

    1. -----BEGIN RSA PRIVATE KEY-----
    2. DADTPZoOHd9WtZ3UKHJTRgNQmioPQn2bqdKHop+B/dn/4VZL7Jt8zSDGM9sTMThLyvsmLQKBgQCr+ujntC1kN6pGBj2Fw2l/EA/W3rYEce2tyhjgmG7rZ+A/jVE9fld5sQra6ZdwBcQJaiygoIYoaMF2EjRwc0qwHaluq0C15f6ujSoHh2e+D5zdmkTg/3NKNjqNv6xA2gYpinVDzFdZ9Zujxvuh9o4Vqf0YF8bv5UK5G04RtKadOw==
    3. -----END RSA PRIVATE KEY-----
Thank you! We've received your feedback.