This document describes how to configure WAF to protect APIs on API Gateway.
Step 1. Bind a custom domain name in the API Gateway console
For more information about how to bind a custom domain name in the API Gateway console, see Custom Domain Name and Certificate.
When a custom domain name is bound to API Gateway, the system will check whether you have configured CNAME and resolved it to the service subdomain name. Therefore, you need to configure CNAME and resolve the custom domain name to the subdomain name of API Gateway, modify the DNS record, and point the custom domain name to the WAF CNAME domain name.
Step 2. Configure WAF
- Log in to the WAF console and select Domain name list on the left sidebar.
- On the Domain name list page, select the target instance and click Add domain name.
- On the Add domain name page, configure relevant parameters and click OK.
- After the configuration is completed, the domain name connection status will become No CNAME records added.
Step 3. Modify the CNAME record
- Modify the CNAME record at your DNS service provider and resolve the custom domain name to the WAF domain name.
- Log in to the WAF console, select Domain name list, and you see the Normal protection flag.