- Release Notes and Announcements
- Release Notes
- Adjusting Billing of WAF BOT Traffic Management
- Announcements
- Security Advisory
- Notice for Apache Log4j 2 RCE Vulnerability (CVE-2021-44832)
- Notice for Apache Log4j 2 RCE Vulnerability (CVE-2021-45046)
- Notice for Apache Log4j 2 RCE Vulnerability (CVE-2021-44228)
- Notice for WebLogic Console HTTP RCE Vulnerability
- Notice for Exchange Server Command Execution Vulnerability
- Notice for Yonyou GRP-U8 SQL Injection Vulnerability
- Notice for Apache Cocoon XXE Vulnerability (CVE-2020-11991)
- Notice for WordPress File Manager Arbitrary Code Execution Vulnerability
- Jenkins Security Advisory for September
- Notice for Apache Struts 2 RCE Vulnerabilities (CVE-2019-0230 and CVE-2019-0233)
- Notice for Apache SkyWalking SQL Injection Vulnerability (CVE-2020-13921)
- User Guide
- Product Introduction
- Purchase Guide
- Getting Started
- Operation Guide
- Best Practice
- FAQS
- Service Level Agreement
- WAF Policy
- Contact Us
- Glossary
- Release Notes and Announcements
- Release Notes
- Adjusting Billing of WAF BOT Traffic Management
- Announcements
- Security Advisory
- Notice for Apache Log4j 2 RCE Vulnerability (CVE-2021-44832)
- Notice for Apache Log4j 2 RCE Vulnerability (CVE-2021-45046)
- Notice for Apache Log4j 2 RCE Vulnerability (CVE-2021-44228)
- Notice for WebLogic Console HTTP RCE Vulnerability
- Notice for Exchange Server Command Execution Vulnerability
- Notice for Yonyou GRP-U8 SQL Injection Vulnerability
- Notice for Apache Cocoon XXE Vulnerability (CVE-2020-11991)
- Notice for WordPress File Manager Arbitrary Code Execution Vulnerability
- Jenkins Security Advisory for September
- Notice for Apache Struts 2 RCE Vulnerabilities (CVE-2019-0230 and CVE-2019-0233)
- Notice for Apache SkyWalking SQL Injection Vulnerability (CVE-2020-13921)
- User Guide
- Product Introduction
- Purchase Guide
- Getting Started
- Operation Guide
- Best Practice
- FAQS
- Service Level Agreement
- WAF Policy
- Contact Us
- Glossary
This document will guide you to set a security group and allow only traffic from WAF to access websites.
Directions
Security group is an instance-level firewall service provided by Tencent Cloud to control inbound and outbound traffic of CVM instances. You can configure a security group to allow only traffic from WAF to access your website, preventing attackers from bypassing WAF and directly attacking your origin server.
The following uses allowing the WAF intermediate IP 111.230.27.90 in the security group as an example to describe how to configure the security group.
Note:The intermediate IP can be viewed at Domain Name List in the WAF console.
- Log in to the CVM console and click Security Group on the left sidebar.
- Click Create. On the pop-page, select Custom for the template, enter the security group name (such as
my-security-group) and remarks, and click OK.
- In the security group list, find the newly created security group, and click its ID to enter its details page.
- On the inbound rule page, click Add rule.
- In the pop-up window, select "HTTP (80)" as the type, enter the intermediate IP that needs to be allowed for the source, and enter the port and policy as required. After completing the settings, click OK.
- Click the Associate Instance tab and click Add Instance on the CVM page.
- In the pop-up window, select the CVM instance to be bound to and click OK.
Alternatively, you can go to the CVM instance list page to view or modify the security group bound to a CVM instance. On the list page, select the ID of the CVM instance whose security group you want to adjust and click More > Security Groups > Configure Security Groups in the Operation column on the right for configuration.
Yes
No
Was this page helpful?