Comparison of Access Methods
Last updated:2025-07-07 17:39:10
The current CLB WAF supports five types of traffic sources: Layer-7 CLB instances (both internal and public), API Gateway, SCF, APISIX Gateway, and custom application gateways. The comparison is as follows:
Instance Type | Applicable Scenarios | Core Advantages | Access Method | Supported Regions |
Suitable for users who are using or planning to use Tencent Cloud public or internal Layer-7 CLB, such as high-concurrency web applications. | Supports both mirror and protection modes. No need to adjust architecture, supports one-click bypass, stable and reliable. | Connect via domain and instance object. | Siliconvalley、Bangkok、 Hong Kong Special Administrative Region 、Mumbai、Singapore、Frankfurt、Moscow、Virginia、Jakarta、Seoul、Tokyo、Toronto | |
Suitable for users of Tencent Cloud API gateways, such as microservices architecture, API open platforms, etc., needing unified management of API security. | Supports protection mode. Separation of forwarding and protection, more reliable with API gateway controlling traffic access. | Associate WAF policies in the API Gateway configuration to achieve security protection for API traffic. It supports domain and instance object connect. Details can be found in API Gateway product documentation. | Singapore | |
Suitable for Cloud Function (SCF) users, such as serverless web applications, event-driven business protection. | Supports protection mode. Separation of forwarding and protection, more reliable with Cloud Function controlling traffic access. | Connect via SCF trigger and WAF interaction. Flow details on the SCF side can be found in the Cloud Function product documentation. | Hong Kong Special Administrative Region 、Virginia、Siliconvalley、SaoPaulo、Frankfurt、Seoul、Mumbai、Tokyo、Singapore、Bangkok | |
Suitable for APISIX gateway users who want to combine Tencent Cloud WAF for enhanced security protection. | Compatible with the open-source ecosystem. Supports SDK plugin integration, autonomous and controllable. | Connect via SDK integration, forwarding business traffic to Tencent Cloud WAF cluster (custom integration required). | Custom access in Frankfurt and Singapore | |
Suitable for customers in mixed-cloud WAF deployment scenarios in both cloud and on-premises environments. | Compatible with any environment. Supports SDK plugin integration, autonomous and controllable. | Connect via customer gateway integration, forwarding business traffic to Tencent Cloud WAF hybrid cloud protection cluster. | Customer-defined region |
Domain Connect Method Comparison
Layer-7 CLB Instance: By binding the domain and Layer-7 Load Balancer (CLB) resources (listeners) in the WAF console, HTTP/HTTPS traffic passing through the load balancer listener undergoes bypass threat detection and cleansing, achieving separation of business forwarding and security protection.
API Gateway and Cloud Function Instances: Enable WAF protection through the API Gateway console (refer to API Gateway product documentation) and the Cloud Function console. After configuring the domain in the WAF console, HTTP/HTTPS traffic passing through the API Gateway and Cloud Function Gateway undergoes bypass threat detection and cleansing, achieving separation of business forwarding and security protection.
APISIX Gateway Service: APISIX Gateway integrates SDK and forwards business traffic to the Tencent Cloud WAF cluster (custom integration required).
Custom Application Gateway Services: Customer gateways integrate SDK and forward business traffic to the Tencent Cloud WAF hybrid cloud protection cluster.
Was this page helpful?
You can also Contact Sales or Submit a Ticket for help.
Yes
No
Feedback