Protect your Function Compute applications from web attacks by integrating Alibaba Cloud Web Application Firewall (WAF) 3.0 with a custom domain name. WAF 3.0 inspects incoming traffic, filters malicious requests, and forwards clean traffic to your backend functions — providing end-to-end security protection for your websites and applications.
Supported regions
WAF integration for Function Compute custom domain names is available only in the following regions:
China (Hangzhou)
China (Shanghai)
China (Beijing)
China (Shenzhen)
China (Zhangjiakou)
Billing
After you enable WAF for a custom domain name, charges apply based on WAF 3.0 usage. For details, see Billing overview.
Prerequisites
Before you begin, ensure that you have:
A WAF 3.0 instance (subscription or pay-as-you-go). See Purchase a subscription WAF 3.0 instance and Activate a pay-as-you-go WAF 3.0 instance
A custom domain name configured in Function Compute, or a plan to create one
Enable WAF when creating a custom domain name
Log on to the Function Compute console. In the left-side navigation pane, choose Advanced Features > Custom Domains.
In the top navigation bar, select the target region. On the Custom Domains page, click Add Custom Domain Name.
On the Add Custom Domain Name page, configure the Domain Name parameter. In the WAF Settings section, set Web Application Firewall (WAF) to Enable, then click Create.
For all other domain name parameters, see the "Step 3: Add the custom domain name" section of Configure a custom domain name.
Enable WAF for an existing custom domain name
Log on to the Function Compute console. In the left-side navigation pane, choose Advanced Features > Custom Domains.
On the Custom Domains page, find the target domain name and click Modify in the Actions column.
On the Modify Custom Domain Name page, set Web Application Firewall (WAF) to Enable, then click Save.
What's next
After WAF is enabled, all traffic to the custom domain name passes through WAF before reaching your functions.
Two protection features are enabled by default:
| Feature | Protects against |
|---|---|
| Protection rules engine | SQL injections, cross-site scripting (XSS) attacks, and webshell uploads |
| HTTP flood protection | HTTP flood attacks |
To configure additional protection features and custom protection rules, see Protection configuration overview.