Alibaba Cloud addresses the complex challenge of dynamic IP management by seamlessly integrating Cloud Firewall with Edge Security Acceleration ESA. This integration facilitates an automated protection solution utilizing a dynamic address book, making origin security management effortless.
Prerequisites
The origin must have a Cloud Firewall Internet border policy configured.
The origin should utilize Alibaba Cloud products.
Mechanism of referencing ESA address book on Cloud Firewall side
When your origin has Cloud Firewall enabled, it utilizes origin protection by using the ESA address book (ESA Back-to-origin Address) within Cloud Firewall. The ESA address book includes ESA node IPs. By adding the ESA address book to your Cloud Firewall border policy, you can filter out traffic from non-ESA nodes. If the back-to-origin IP for ESA changes, the address book automatically syncs and updates the IP, thus removing the need for manual maintenance of the origin IP list and ensuring zero-maintenance protection.
Reference the ESA address book on Cloud Firewall side
Log in to the Cloud Firewall console.
In the left-side navigation pane, select .
On the Inbound tab, select the desired IP type (IPv4 is the default), and then click Create Policy.
In the Create Inbound Policy panel, select the Create Policy tab.
Click Source Type and then Address Book.
Click
and select Cloud Address Book.
Select the ESA Back-to-origin Address, then click Select in the Action column.
Enter your origin IP in the Destination field.
You should choose the protocol type based on your business scenario. If you're uncertain about the scenario, it's advisable to select ANY, input your business port in Port, and set Application to ANY.
Set Action to Allow, set Priority to First, define Policy Validity Period as Always, and toggle Enable Status to
.