Integration of Cloud-Native API Gateway
Last updated: 2025-07-07 17:39:11
Step 1: Verify Cloud-Native API Gateway Configuration
If your web service has enabled Tencent Cloud API Gateway, you can configure domain protection in the API Gateway WAF instance. Please log in to the API Gateway console to verify whether the API Gateway is in use.
Note:
Different WAF versions support a different number of domains. For detailed information, please refer to the. WAF plans and version description.
Currently, the cloud-native API Gateway only supports the microservice scenario, where it acts as the Polaris (North Star) service access layer for new whitelist purchases. Other scenarios do not support new access. Accessing the console in non-supported scenarios will be redirected to the Polaris (North Star) console. If you have new purchase requirements, please submit a support ticket for processing. For more details, please refer to the API Gateway product documentation.
Step 2: Add Domain and Bind to Cloud-Native API Gateway
1. Log in to the WAF console and select Connection Mangement > Domain Onboarding on the left sidebar.
2. On the domain onboarding page, click Add domain, select Domain name as the real server address and enter the subdomain name of the API Gateway, configure relevant parameters, and click OK.
Field description
Associated instance: Select the CLB type and an instance name.
Domain name: Enter the domain name to be protected, such as
test.com.Traffic source: Select Cloud Native API Gateway.
Use proxy: Select whether proxy services including Anti-DDoS and CDN are used based on the actual conditions.
Note:
If you select Yes, WAF will get real client IPs, which may be forged, from the XFF field as the source IPs.
Outside China: Select according to the location of the API gateway.
Remarks: Enter your remark.
3. After clicking OK, return to the domain access page where you can view the protected domain, gateway instance ID, name, and other information.
4. Log in to the API Gateway console, go to the instance page, and click on the target instance ID.
5. In the instance details page, click on Security protection > WAF protection. In the protection domain module, click Add Domain.
6. In the Add Domain page, select or add a domain that has already been connected to WAF. You can also select a domain from the certificate management section that has an associated certificate, or manually enter a domain to add.
7. Click OK to confirm that the protection domain has been added successfully.
Note:
You need to ensure that the protected domain has been fully integrated with WAF, otherwise, requests for the corresponding domain cannot be submitted for review.
8. For more operations, please refer to the API Gateway product documentation.
Step 4: Verification Test
1. Log in to the API Gateway console, click on the instance ID, and in the left navigation bar, select Security protection.
2. On the Security protection page, confirm that the domain protection status is either partially enabled or fully enabled.
3. In the browser, enter the URL
http://<Gateway Domain or IP>/?test=alert(123)and access it. If the browser returns a blocked page, it indicates that the Web Application Firewall protection function is working properly.
Was this page helpful?
You can also Contact Sales or Submit a Ticket for help.
Yes
No
Feedback