Web Application Firewall (WAF) is an all-in-one service that protects your websites and applications. You can use WAF to prevent data breaches, HTTP flood attacks, webshells, and web page tampering. WAF also provides virtual patches. After you enable WAF for an Application Load Balancer (ALB) Ingress, network traffic is filtered by WAF before it is routed to ALB listeners. This topic describes how to enable WAF for an ALB Ingress.

Prerequisites

Enable WAF when you create an ALB Ingress

When you create an AlbConfig object, set edition to StandardWithWaf. The following code block provides an example. For more information, see Access Services by using an ALB Ingress and Configure AlbConfig objects.
apiVersion: alibabacloud.com/v1
kind: AlbConfig
metadata:
  name: alb-demo
spec:
  config:
    name: alb-test
    addressType: Internet
    edition: StandardWithWaf
    zoneMappings:
    - vSwitchId: vsw-2zee5b2w0bgkaundk2lne
    - vSwitchId: vsw-2zeajfktcyxs0ru1xfiqo

Enable WAF for an existing ALB Ingress

Modify the YAML file of the corresponding AlbConfig object by changing the value of edition to StandardWithWaf. For more information, see Configure AlbConfig objects.