This topic describes the access traffic flow of Web Application Firewall (WAF).
Access traffic flow description:
Note IP addresses of WAF instances are all deployed on the cloud. You can use a virtual IP address that is configured for a WAF instance to view traffic over Banff. A WAF instance that is configured with a virtual IP address is an LVS cluster. The virtual IP address is similar to a virtual IP address of an SLB instance. You can view the virtual IP address of the WAF instance and the IP address of a WAF engine at the backend in SLB/VPC Operations and Maintenance System.
- A client sends a request to access the virtual IP address of a WAF instance.
- The WAF instance forwards the request to backend server A of an LVS cluster.
- Server A parses request packets to Layer 7 and checks whether this request is a malicious
access request or an attack.
- If this request is a normal access request, server A forwards it to an origin server.
- If this request is a malicious access request, server A blocks the request and returns the parsed packet information to the client. The traffic flow ends.
- The origin server processes the forwarded request and returns processing results to
Note Server A has different roles in Step 3 and Step 4.
- For the client, server A acts as a server.
- For the origin server, server A acts as a client.
- Server A returns packet information to the client by using the IP address of the LVS cluster. The traffic flow ends.