Cloud Native API Gateway Connection
Step 1: Confirm Cloud Native API Gateway configuration
If your Web service has enabled Tencent Cloud Cloud Native Gateway, you can access domain protection in the Cloud Native Gateway WAF instance. Please log in to the API Gateway console to confirm whether you are using Cloud Native Gateway.
Note:
Different WAF versions support varying numbers of domains. For details, refer to WAF Plans and Versions.
Cloud Native Gateway currently only supports enabling allowlist for new purchases in the microservices scenario, specifically as the service access layer for Polaris (North Star). Other scenarios do not support new access. When accessing the console in non-aforementioned scenarios, users will be redirected to the Polaris (North Star) console. If you have a new purchase requirement, please submit a ticket. For more details, see API Gateway product documentation.
Step 2: Add Domain and Bind Cloud Native API Gateway
1. Log in to the WAF console. In the left sidebar, choose Connection Management > Domain Onbroading.
2. On the Domain names page, click Add domain, enter the relevant configuration parameters, and click OK.
Field Description
Associated instance: Select the Cloud Native type and the corresponding Cloud Native WAF instance name.
Domain name: In the domain input box, add the domain name to be protected, such as
test.com.Traffic source: Select Cloud Native API Gateway.
Use proxy: Select whether proxies such as Anti-DDoS, CDN, or Cloud Acceleration are used based on the actual situation.
Note:
Selecting "Yes" allows WAF to obtain the client's real IP address through the XFF field as the source address, which may carry the risk of source IP address spoofing.
Outside Mainland China: Selected based on the geographical location of the Cloud Native Gateway.
Remarks: Enter remarks as needed.
3. After clicking Confirm, you will return to the Domain Access page where you can view information such as the protected domain name, Gateway Instance ID, and name.
4. Log in to API Gateway console, on the instance page, click the target instance ID.
5. In the Instance Details page, click Security Protection > WAF protection. In the Protected Domain Names module, click Add domain.
6. In the Add Domain window, select or enter a domain name that has been connected to WAF. You can choose domain names already added in Certificate Management or manually enter a domain name for addition.
7. Click Confirm to confirm that the WAF-protected domain name is added.
Note:
Ensure that the WAF-protected domain name is connected to WAF. Otherwise, requests from the domain name cannot be sent for review.
8. For more operations, see API Gateway product documentation.
Step 3: Verification Test
1. Log in to API Gateway console, click instance ID, in the left sidebar, select security protection.
2. Confirm that the domain protection status is partially enabled or fully enabled on the Security Protection page.
3. Enter the URL
http://<gateway domain name or IP>/?test=alert(123) in the browser and access it. The browser returns a block page, indicating that the WAF protection feature is functioning properly.
Help and Support
Was this page helpful?
You can also Contact sales or Submit a Ticket for help.
Help us improve! Rate your documentation experience in 5 mins.
Feedback