Anti-DDoS Pro or Anti-DDoS Premium and Web Application Firewall (WAF) can be used together to protect websites against both DDoS attacks and web application attacks. This topic describes how to add a website to both Anti-DDoS Pro or Anti-DDoS Premium and WAF.

Prerequisites

Background information

To configure Anti-DDoS Pro or Anti-DDoS Premium and WAF for your website, you can deploy the following network architecture: Use Anti-DDoS Pro or Anti-DDoS Premium at the ingress to defend against DDoS attacks. Use WAF at the intermediate layer to defend against web application attacks. Configure an ECS instance, SLB instance, or on-premises server as the origin server.
Note After you apply the preceding architecture, access requests are sent to multiple intermediate proxy servers before reaching the origin server. The origin server cannot directly obtain the actual source IP addresses of the requests. For more information about how to obtain the actual source IP addresses, see Obtain the real IP address of a visitor.

Procedure

  1. Add the domain name of your website to WAF. For more information, see Add domain names.
    In the Enter your website information step, set Destination Server (IP Address) to IP and enter the public IP address of the origin server. The origin server can be an SLB instance, ECS instance, or on-premises server. Set Does a layer 7 proxy (DDoS Protection/CDN, etc.) exist in front of WAF to Yes.WAF configuration
    After you add the domain name to WAF, go to the Website Access page in the WAF console to obtain the CNAME address of WAF.waf CName
  2. Add your website service to Anti-DDoS Pro or Anti-DDoS Premium. For more information, see Add a website.
    In the Enter Site Information step, set Server IP to Origin Server Domain and enter the CNAME address of WAF obtained in the previous step.Configuration of Anti-DDoS Pro or Anti-DDoS Premium
    After you add the domain name to Anti-DDoS Pro or Anti-DDoS Premium, go to the Website Config page in the Anti-DDoS Pro or Anti-DDoS Premium console to obtain the CNAME address of Anti-DDoS Pro or Anti-DDoS Premium.CNAME address of Anti-DDoS Pro or Anti-DDoS Premium
  3. On the website of your DNS service provider, modify DNS records to point the domain name to the CNAME address of Anti-DDoS Pro or Anti-DDoS Premium. For more information, see Modify DNS records to protect websites.
    After the preceding configuration is complete, traffic to access your website is first scrubbed by Anti-DDoS Pro or Anti-DDoS Premium and then forwarded to WAF to filter out web application attacks. Only normal traffic is forwarded to the origin server.