Docs
uewaf
Quick Start
Access ULB version UWAF

Accessing ULB Version UWAF

After using the ULB (Request Proxy Type) service, in addition to improving business availability and resource utilization, users can directly bind Web Application Firewalls (UWAF) to obtain security protection for layer 7 HTTP/HTTPS services.

ULB version UWAF provides web security defense capabilities based on the 7-layer transfer capability provided by ULB. Compared with the non-ULB version of UWAF, it does not have external source station, view CC blockade IP, intercept page, webpage anti-tampering function. For other features, please refer to UWAF Enterprise Edition, for specific information please refer to Version Selection-Function Comparison.

You can purchase UWAF and bind it to ULB resources. You need to bind at least 1 ULB, and multiple ULB bindings are billed cumulatively, and the version quota will also accumulate. For example, if you bind 2 ULBs, it will cost 7300 yuan/month, supporting 40 domain names, and other quotas will also double.

After successfully purchasing and accessing the domain name to UWAF, the daily use is mostly the same as the non-ULB version of WAF, but you need to adjust forwarding-related features, such as bandwidth and ports, in the basic network UNet console or load balancing ULB console.

If the ULB already exists and has accessed the business, which means adding WAF protection capabilities to existing request proxy-based load balancing, you can start from here.

Notes

  1. The currently supported availability zones for the ULB Special Edition can be found in Price Explanation.
  2. The configuration of the ULB version UWAF domain name, source station, bandwidth, port, SSL certificate, HTTP2.0, and IPv6 cannot be adjusted in the UWAF console. If adjustment is required, please go to the basic network UNet console for bandwidth and IPv6 configuration, and the load balancing ULB console for other configurations.
  3. The QPS index of the ULB version UWAF refers to the performance indicators of ULB.

Purchase ULB Version WAF

Purchase UWAF and bind ULB resources

Users can select Web Application Firewall UWAF under [All Products] and click [Start Using]. On the purchase page of UWAF, select [ULB Special Edition] to purchase.

Please purchase 1 ULB resource first, otherwise, you will not be able to successfully purchase the ULB version WAF. If you have already purchased the ULB service, you can see the configured ULB service in the dropdown of [Binding ULB Resources]. Choose the ULB resource you need to add, and you can bind this resource. Then select the domain name or log expansion package as needed and click [Buy Now].

The ULB Special Edition UWAF provides a quota of 20 domain names by default, and a domain name extension package can add 10 domain name configurations; the log service provides log storage and download within 7 days by default, and the log extension package service supports up to 180 days of log storage and download. Both expansion packs are billed monthly.

Access to ULB Version UWAF

Load Balancing Configuration

In the [Load Balancing Management] interface of the ULB console, select the ULB resource that has been bound to UWAF. Click [Details] in the Operation column to perform operations. It consists of three steps:

  1. Select [VServer Management] and click [Add VServer], fill in the VServer name and the protocol and port, and click [OK] to confirm. For detailed instructions, see the ULB Document: Adding VServer
  2. In the [VServer Management] page, select [Service Node] and click [Add Node]. Add the hosts listed on the left to the right as per business needs and click [OK] to confirm. For detailed instructions, see the ULB Document: Adding Service Nodes
  1. On the [VServer Management] page, select [Content Forwarding], click [Add Rule], select [Domain Name] for forwarding rules, and select [Wildcard Parsing] from the dropdown box on the right. Fill in the domain name that needs to be protected (UWAF does not support PCRE regular expressions, please be sure to select [Wildcard Parsing]), Add the resources from the optional nodes on the left to the forwarding nodes on the right according to business needs, then click [OK] to confirm. For a detailed explanation, refer to the ULB document: Add content forwarding rules

!> Note: Since ULB does not prevent malicious parsing, all requests will be forwarded to the source station by default, which may impact your normal business. Considering your web application security, we strongly recommend you refer to the following steps to close the ULB’s default all forwarding function.
(1) Select [Content Forwarding] in the [VServer] interface, then select [Default] forwarding rule and click [Manage]
(2) Select the forwarding node on the right and click the button in the middle to delete the node
(3) Repeat (2) until all nodes are deleted, then click [OK] to turn off ULB’s default all forwarding function
After closing, if a user visits a domain name not listed in the forwarding rule through ULB, it will return a 502 error status code.

UWAF Configuration

In the [Domain Name Management] interface of the UWAF console, click [Add Domain Name], and you can see the bound ULB resources in the pop-up configuration interface. Drop down the domain name and select the domain name you need to protect. If there is a proxy server such as CDN or high defense in front of ULB, you need to turn on [Is there a proxy in front of WAF] option and configure the correct proxy head, and then click [OK] to add the domain name. After this, accessing this domain name through ULB will have security protection capabilities. The security protection configuration can refer to the non-ULB version of UWAF.

Modify DNS Resolution

If your business has been resolved to the ULB, you do not need to modify the DNS resolution record.

If your business has not yet been resolved to ULB, you need to add the corresponding domain’s A record at the domain’s DNS service provider, and fill in the IP address of the basic network bound by ULB as the record value.

Unbind and Delete

If you want to unbind UWAF from ULB, you only need to select the corresponding ULB resource on the [Load Balancing Management] page of the ULB console, select [Firewall] after clicking [Details], and unbind the corresponding Web Application Firewall.

To delete the ULB version of UWAF, you need to delete all domain names on the [Domain Management] page of the UWAF console, and then click [Shut Down UWAF] on the [Overview] page to delete UWAF. After deducting the conversion costs of the used time, the remaining costs will automatically be returned within 1 hour.

Access SaaS version UWAFCDN combined with UWAF