API Gateway:Enable WAF for a route

Configure a WAF policy

1. You can configure WAF policies in the Cloud-native API Gateway console in one of the following ways:

   Outside an instance

   1. Log on to the Cloud-native API Gateway console. In the navigation pane on the left, click API and select a region from the top menu bar.

   2. Click the target API. From the drop-down list, select the instance where you want to configure a WAF policy, or select All Instances.

   3. In the Routes list, select the target route.

   Inside an instance

   1. Log on to the Cloud-native API Gateway console. In the navigation pane on the left, click Instance and select a region from the top menu bar.

   2. On the Instance page, click the ID of the target gateway instance. In the navigation pane on the left, click API, and then click the target API.

   3. In the Routes list, select the target route.

2. Click the Policy Configuration tab. Then, in the Inbound Processing section, click Enable Policy/Plug-in.

3. Click the WAF Policy card, and then click Enable Route-level WAF Protection (Recommended).

4. In the Enable Route-level WAF Protection dialog box, click OK.

What to do next

After you enable protection, website traffic is routed to the built-in WAF and filtered. WAF includes multiple protection modules to defend your website against various security threats. By default, the Protection Rules Engine and CC protection modules are enabled. The Protection Rules Engine defends against common web app attacks, such as SQL injection, cross-site scripting (XSS), and webshell uploads. The CC protection module defends against CC attacks. You must manually enable other protection modules and configure their rules. For more information, see Overview of gateway mitigation settings.

References

For more information about how to enable instance-level WAF protection, see Enable Web Application Firewall.