This document will guide you to set a security group and allow only traffic from WAF to access websites.
Directions
Security group is an instance-level firewall service provided by Tencent Cloud to control inbound and outbound traffic of CVM instances. You can configure a security group to allow only traffic from WAF to access your website, preventing attackers from bypassing WAF and directly attacking your origin server.
The following uses allowing the WAF intermediate IP 111.230.27.90 in the security group as an example to describe how to configure the security group.
Note:
The intermediate IP can be viewed at Domain Name List in the WAF console.
1. Log in to the CVM console and click Security Group on the left sidebar.
2. Click Create. On the pop-page, select Custom for the template, enter the security group name (such as my-security-group) and remarks, and click OK.
3. In the security group list, find the newly created security group, and click its ID to enter its details page.
4. On the inbound rule page, click Add rule.
5. In the pop-up window, select "HTTP (80)" as the type, enter the intermediate IP that needs to be allowed for the source, and enter the port and policy as required. After completing the settings, click OK.
6. Click the Associate Instance tab and click Add Instance on the CVM page.
7. In the pop-up window, select the CVM instance to be bound to and click OK.
Alternatively, you can go to the CVM instance list page to view or modify the security group bound to a CVM instance. On the list page, select the ID of the CVM instance whose security group you want to adjust and click More > Security Groups > Configure Security Groups in the Operation column on the right for configuration.
Yes
No
Was this page helpful?