CDN in Combination with UWAF
?> Note:
Based on SaaS version of UWAF.
Web Application Firewall (UWAF) can be used in combination with CDNs such as Wangsu, Jiasule, Qiniu, Youpai, Alibaba Cloud, UCloud Global, etc., to provide WEB application layer security protection for sites that use CDN.
Deployment Architecture
Purchase UWAF
Log in to the UCloud Global console, select UWAF from the product list: [All Products] -> [Security Protection] -> [WEB Application Firewall UWAF], then click [Start using] (if the service is not activated, please activate it first).
Add Domain Name
In the UWAF console’s [Domain Management] tab, click [Add Domain], fill in the site domain name, source station IP, etc. in the pop-up window. The domain name can be a wildcard domain name or a complete subdomain. Click [OK] to get the generated CNAME information from the interface.
!> Attention:
The domain name must have been filed. If not filed, the domain name cannot be added. Overseas regions are not restricted by filing.
If the site to be protected is an HTTPS site, the site’s SSL certificate needs to be uploaded. If the certificate is purchased fromUSSL or the certificate is hosted inUSSL, the certificate of the corresponding domain name will be automatically pulled when adding the HTTPS site.
Modify CDN Back-to-source Domain Name
Modify the CDN back-to-source to the CNAME generated by UWAF. If you are using the UCDN cloud distribution service of UCloud Global, please follow the process shown below:
Top left of the console [All Products] -> [Cloud Distribution UCDN] -> [Domain Management] -> Select a domain -> Click [Details] ->[Domain Configuration] ->[Basic Settings] ->Modify the [Source Station] to the CNAME protection domain name obtained from the UWAF console.
Notes
- The domain name of CDN should be consistent with the domain name added in UWAF
- Fill in the CNAME generated by UWAF in the source station
- If the real client IP is not passed from XFF by CDN, it may cause the CDN neighbor IP of the user to be mistakenly blocked