This document describes how to configure WAF to protect APIs on API Gateway.
Step 1. Bind a custom domain name in the API Gateway console
When a custom domain name is bound to API Gateway, the system will check whether you have configured CNAME and resolved it to the service subdomain name. Therefore, you need to configure CNAME and resolve the custom domain name to the subdomain name of API Gateway, modify the DNS record, and point the custom domain name to the WAF CNAME domain name.
Step 2. Configure WAF
1. Log in to the WAF console and select Connection Management on the left sidebar. 2. On the page that appears, click Add domain name.
3. Configure required parameters and click OK.
4. The domain name should now be in the No CNAME records added status.
Step 3. Modify the CNAME record
1. Modify the CNAME record at your DNS service provider and resolve the custom domain name to the WAF domain name.
2. Log in to the WAF console, select Connection Management on the left sidebar and then the Domain names tab.