Step 2: Configure a Load Balancer

Prerequisites

• You have added a website to a dedicated WAF instance.
• You have created a load balancer.
• Related ports have been enabled in the security group to which the dedicated WAF instance belongs.
  You can configure your security group as follows:

  • Inbound rules

    Add an inbound rule to allow incoming network traffic to pass through over a specified port based on your service requirements. For example, if you want to allow access from port 80, add a rule that allows TCP and port 80.

  • Outbound rules

    Retain the default settings. All outgoing network traffic is allowed by default.

Constraints

The listening port of the dedicated WAF instance must be the same as that configured in Step 1: Add a Website to WAF.

Impact on the System

If you select Weighted round robin for Load Balancing Algorithm, disable Sticky Session. If you enable Sticky Session, the same requests will be forwarded to the same dedicated WAF instance. If this instance becomes faulty, an error will occur when the requests come to it next time.

Procedure

1. Log in to the management console.
2. Click in the upper left corner of the management console and select a region or project.
3. Click in the upper left corner of the page and choose Elastic Load Balance under Network to go to the ELB console.
4. Click the name of your load balancer in the Name column to go to the Basic Information page.
5. Click the Listeners tab, click Add Listener, and configure the listener information. Figure 1 shows an example.
   Figure 1 Configuring a listener
   

6. Click Next and configure the backend server group and health check. Figure 2 and Figure 3 show examples.
   Figure 2 Configuring a Backend Host Group
   
   

   If you select Round robin for Load Balancing Algorithm, disable Sticky Session. If you enable Sticky Session, the same requests will be forwarded to the same dedicated WAF instance. If this instance becomes faulty, an error will occur when the requests come to it next time.

   Figure 3 Health Check Settings
   

7. Click Next: Confirm.
8. Click Finish and then OK.
9. Go to the page of the added listener, select the Backend Server Groups tab, and click Add.
10. In the Add Backend Server dialog box, select the dedicated WAF instance you have created.
    Figure 4 Selecting the created dedicated WAF instance
    

11. Click Next and configure a port for the dedicated engine. Figure 5 shows an example.
    

    The listening port of the dedicated WAF instance must be the same as that configured in Step 1: Add a Website to WAF. If you configure a standard port for the website, set the HTTP listening port to 80 and HTTPS listening port to 443.

    Figure 5 Configuring a port for the dedicated WAF instance
    

12. Click Finish.