Anti-DDoS Pro or Anti-DDoS Premium and Web Application Firewall (WAF) can be used together to protect websites against both DDoS attacks and web application attacks. This topic describes how to add a website to both Anti-DDoS Pro or Anti-DDoS Premium and WAF.
Prerequisites
- An Anti-DDoS Pro or Anti-DDoS Premium instance is purchased. For more information, see Purchase mitigation plans for Anti-DDoS Pro and Anti-DDoS Premium.
- A WAF instance is purchased. For more information, see Activate Alibaba Cloud WAF.
Background information
Note After you apply the preceding architecture, access requests are sent to multiple intermediate
proxy servers before reaching the origin server. The origin server cannot directly
obtain the actual source IP addresses of the requests. For more information about
how to obtain the actual source IP addresses, see Obtain the real IP address of a visitor.
Procedure
- Add the domain name of your website to WAF. For more information, see Add domain names.In the Enter your website information step, set Destination Server (IP Address) to IP and enter the public IP address of the origin server. The origin server can be an SLB instance, ECS instance, or on-premises server. Set Does a layer 7 proxy (DDoS Protection/CDN, etc.) exist in front of WAF to Yes.
After you add the domain name to WAF, go to the Website Access page in the WAF console to obtain the CNAME address of WAF.
- Add your website service to Anti-DDoS Pro or Anti-DDoS Premium. For more information,
see Add a website.In the Enter Site Information step, set Server IP to Origin Server Domain and enter the CNAME address of WAF obtained in the previous step.
After you add the domain name to Anti-DDoS Pro or Anti-DDoS Premium, go to the Website Config page in the Anti-DDoS Pro or Anti-DDoS Premium console to obtain the CNAME address of Anti-DDoS Pro or Anti-DDoS Premium.