If you want to use Web Application Firewall (WAF) to protect your web services, you must add your web services to WAF. You can add your web services to WAF 3.0 in cloud native mode or CNAME record mode. You can select a mode based on the deployment of your web services. This topic describes the implementation, recommended scenarios, added objects, and access methods of the cloud native mode and CNAME record mode.
Cloud native mode
CNAME record mode
If you use Alibaba Cloud Application Load Balancer (ALB), Microservices Engine (MSE), or Function Compute for your web services, we recommend that you add your web services to WAF in cloud native mode.
If you use Alibaba Cloud Classic Load Balancer (CLB) or Elastic Compute Service (ECS) for your web services, we recommend that you add your web services to WAF in cloud native mode.
If you do not use ALB, MSE, Function Compute, CLB, or ECS for your web services, you can add your web services to WAF in CNAME record mode.
CLB or ECS instances, including all domain names that are deployed on the instances.
In the WAF console, add the traffic redirection ports of CLB instances or ECS instances to WAF. For more information, see Add a Layer 7 CLB instance to WAF, Add a Layer 4 CLB instance to WAF, and Add an ECS instance to WAF.