A200161411/web-application-firewall-dedicated
1
0
Fork 0
forked from docs/web-application-firewall-dedicated
Code Pull Requests Activity
web-application-firewall-de.../umn/source/dedicated_waf_engine_management.rst
proposalbot 392c14c1f9 Changes to wafd_umn from docs/doc-exports#694 (WAF Dedicated UMN 20230329 versio 
Reviewed-by: Belejkanic, Lukas <lukas.belejkanic@t-systems.com>
Co-authored-by: proposalbot <proposalbot@otc-service.com>
Co-committed-by: proposalbot <proposalbot@otc-service.com>
2023-04-20 07:55:56 +00:00

14 KiB
Raw Permalink Blame History

original_name

waf_01_0253.html

Dedicated WAF Engine Management

This topic describes how to manage your dedicated WAF instances (or engines), including viewing instance information, upgrading the instance edition, or deleting an instance.

Note

If you have enabled enterprise projects, ensure that you have all operation permissions for the project where your WAF instances locate. Then, you can select the project from the Enterprise Project drop-down list and manage dedicated WAF instances in the project.

Prerequisites

You have applied for a dedicated WAF instance.

Viewing Information About a Dedicated WAF Instance

  1. Log in to the management console.

  2. Click image1 in the upper left corner of the management console and select a region or project.

  3. Click image2 in the upper left corner and choose Web Application Firewall (Dedicated) under Security.

  4. In the navigation pane on the left, choose Instance Management > Dedicated Engine to go to the dedicated WAF instance page.

    Figure 1 Dedicated engine list

  5. View information about a dedicated WAF instance. Table 1 <waf_01_0253__table8106945160> describes parameters.

    Table 1 Parameters of a dedicated instance
    Parameter Description Example Value
    Instance Name Name automatically generated when an instance is created. None
    Protected Website Domain name of the website protected by the instance. www.example.com
    VPC VPC where the instance resides vpc-waf
    Subnet Subnet where an instance resides subnet-62bb
    IP Addresses IP address of the subnet in the VPC where the WAF instance is deployed. 192.168.0.186
    Access Status Connection status of the instance. Accessible
    Running Status Status of the instance. Running
    Deployment How the instance is deployed. Standard mode (reverse proxy)
    Specifications Specifications of resources hosting the instance. 8 vCPUs | 16 GB
    Operation
    • Cloud Eye: View the monitoring information about the dedicated instance. For details, see Viewing Metrics of a Dedicated WAF Instance <waf_01_0253__section14699725145814>.
    • Delete: Delete the dedicated instance. For details, see Deleting a Dedicated WAF Instance <waf_01_0253__section773017566122>.
    • More > Upgrade: Upgrade the dedicated instance version. For details, see Upgrading a Dedicated WAF Instance <waf_01_0253__section38005331521>.
    • More > Change Security Group: Change the security group for the dedicated instance. For details, see Change Security Group for a Dedicated WAF Instance <waf_01_0253__section17581742182617>.
    		 -

Viewing Metrics of a Dedicated WAF Instance

When a WAF instance is in the Running status, you can view the monitored metrics about the instance.

  1. Log in to the management console.

  2. Click image3 in the upper left corner of the management console and select a region or project.

  3. Click image4 in the upper left corner and choose Web Application Firewall (Dedicated) under Security.

  4. In the navigation pane on the left, choose Instance Management > Dedicated Engine to go to the dedicated WAF instance page.

    Figure 2 Dedicated engine list

  5. In the row of the instance, click Cloud Eye in the Operation column to go to the Cloud Eye console and view the monitoring information, such as CPU, memory, and bandwidth.

Upgrading a Dedicated WAF Instance

Only dedicated WAF instances in the Running status can be upgraded to the latest version.

Important

  • It takes about 20 minutes for upgrading an instance. During the upgrade, the instance is not available and cannot protect your domain names connected to it. To prevent service interruptions, use either of the following solutions:
    • Solution 1: Deploy multiple dedicated WAF instances for your domain name, add them to a backend server group of your load balancer, and enable the health check policy for the load balancer. In this way, if one dedicated WAF instance is not available, WAF automatically distributes the traffic to other healthy instances. There is almost no impact on your services except that website requests might be intermittently interrupted for few seconds.
    • Solution 2: If you deploy only one dedicated WAF instance, configure a load balancer before you start to let website traffic bypass WAF during the upgrade. After the upgrade is complete, configure the load balancer to distribute traffic to WAF.
  • If you are using the latest version of WAF, the Upgrade button is grayed out.

  1. Log in to the management console.

  2. Click image5 in the upper left corner of the management console and select a region or project.

  3. Click image6 in the upper left corner and choose Web Application Firewall (Dedicated) under Security.

  4. In the navigation pane on the left, choose Instance Management > Dedicated Engine to go to the dedicated WAF instance page.

    Figure 3 Dedicated engine list

  5. In the row containing the instance you want to upgrade, click More > Upgrade in the Operation column.

  6. Confirm the upgrade conditions and click Confirm.

Change Security Group for a Dedicated WAF Instance

If you select Network Interface for Instance Type, you can change the security group to which your dedicated instance belongs. After you select a security group, the WAF instance will be protected by the access rules of the security group.

  1. Log in to the management console.

  2. Click image7 in the upper left corner of the management console and select a region or project.

  3. Click image8 in the upper left corner and choose Web Application Firewall (Dedicated) under Security.

  4. In the navigation pane on the left, choose Instance Management > Dedicated Engine to go to the dedicated WAF instance page.

    Figure 4 Dedicated engine list

  5. In the row containing the instance, choose More > Change Security Group in the Operation column.

  6. In the dialog box displayed, select the new security group and click Confirm.

Deleting a Dedicated WAF Instance

You can delete a dedicated WAF instance anytime. A deleted dedicated WAF instance will no longer protect the website added to it.

Important

Resources on deleted instance are released and cannot be restored. Exercise caution when performing this operation.

  1. Log in to the management console.

  2. Click image9 in the upper left corner of the management console and select a region or project.

  3. Click image10 in the upper left corner and choose Web Application Firewall (Dedicated) under Security.

  4. In the navigation pane on the left, choose Instance Management > Dedicated Engine to go to the dedicated WAF instance page.

    Figure 5 Dedicated engine list

  5. In the row of the instance, click Delete in the Operation column.

  6. Click Confirm.

    Figure 6 Deleting an instance