tencent cloud


Last updated: 2022-06-23 10:11:32

    How do I download access logs of the last 180 days?

    Access logging is used to record access logs of domain names protected by WAF. It allows you to query and download access logs generated in the last 30 days and retain them for no fewer than 180 days. If you need logs of the last 180 days, submit a ticket for assistance. After enabling this feature, you can query and download access logs as needed to meet your security compliance and Ops requirements.

    Does WAF support health check?

    Health check is enabled for WAF by default. WAF checks the connection status of all real server IPs. For the real server IP that does not respond, WAF will not forward requests to this IP until its connection status becomes normal.

    Does WAF support session persistence?

    Session persistence is supported and enabled by default in WAF.

    Will logging still be available once WAF is disabled for the domain name list?

    Once WAF is disabled, all its protection features are unavailable, and only the traffic forwarding mode starts to run instead, with no logs recorded.

    When will a configuration change take effect?

    In general, a configuration change takes effect within 10 seconds.


    It applies to connection configurations (including setting the real server, link mode, and whether to enable HTTP2.0), instead of protection configurations.

    What should I do if the VIP address of my WAF-protected domain name is blocked due to DDoS?

    By default, WAF VIP addresses come with Anti-DDoS Basic capabilities (2 Gbps). If blocking occurs in the basic protection and you need to recover your business urgently, purchase an Anti-DDoS Pro instance and bind it to the VIP address of the WAF instance.

    If the uploaded files are blocked, will they still be blocked with HTTPS or SFTP?

    If WAF is disabled, the file will not be blocked. If WAF is enabled and the blocking mode is set, WAF will block malicious files uploaded over HTTP or HTTPS, but will not block files uploaded over SFTP. SFTP is a non-HTTP or non-HTTPS protocol beyond the protection of WAF.

    Will the persistent connection be disconnected for changing the WAF certificate?

    No. Renewing the certificate will reload nginx, and the thread will not be recycled until the end of the old request session, so it will not be disconnected.

    What cipher suite does the SaaS WAF or CLB WAF support?

    • SaaS WAF does not support setting SSL cipher suites.
    • CLB WAF supports:
    • WAF supports the following TLS versions:
      • TLSv1, TLSv1.1, and TLSv1.2.

    Customization for TLS protocol and cipher suite is available in Exclusive Edition.

    How do I query the module hit by a block page?

    1. When malicious users access a protected domain name illegally, WAF will block the request and redirect them to the block page that will return a UUID.
    2. Copy the UUID and search for it on the Attack Logs page to view the block packet information.

      • Check the time period before searching.
      • A packet mainly contains the following fields: attack_type, rule_id, and attack_content, from which you can query the hit rules for subsequent operations.

    Contact Us

    Contact our sales team or business advisors to help your business.

    Technical Support

    Open a ticket if you're looking for further assistance. Our Ticket is 7x24 avaliable.

    7x24 Phone Support