Web Application Firewall (WAF) is an all-in-one service that protects your websites and applications. You can use WAF to prevent data breaches, HTTP flood attacks, webshells, and web page tampering. WAF also provides virtual patches. After you enable WAF for an Application Load Balancer (ALB) Ingress, network traffic is filtered by WAF before it is routed to ALB listeners. This topic describes how to enable WAF for an ALB Ingress.
Enable WAF when you create an ALB Ingress
When you create an AlbConfig, set edition
to StandardWithWaf
. The following code provides an example. For more information, see Access Services by using an ALB Ingress and Use AlbConfigs to configure ALB instances.
apiVersion: alibabacloud.com/v1
kind: AlbConfig
metadata:
name: alb-demo
spec:
config:
name: alb-test
addressType: Internet
edition: StandardWithWaf # Enable WAF protection.
zoneMappings:
-vSwitchId: the vsw-2zee5b2w0bgkau******# The vSwitch of the AlbConfig. You must specify two vSwitches.
-vSwitchId: the vsw-2zeajfktcyxs0r******# The vSwitch of the AlbConfig.
Enable WAF for an existing ALB Ingress
Change edition
in the YAML file of the AlbConfig to StandardWithWaf
. For more information, see Use AlbConfigs to configure ALB instances. \