tencent cloud

Integration of APISIX Application Gateway
Download PDF
Last updated:2025-07-07 17:39:10
Integration of APISIX Application Gateway
Last updated: 2025-07-07 17:39:10
Download PDF
For users on Tencent Cloud using the unified access layer APISIX Gateway service with web protection needs, the Web Application Firewall (WAF) offers two options: customized access and hybrid cloud WAF, to suit user requirements.
For APISIX Gateway services on Tencent Cloud, the SDK integration mode must be used for customized access. This mode requires the SDK plugin to be deployed uniformly on the APISIX Gateway. The SDK plugin will duplicate and forward the gateway's business traffic to the WAF protection cluster. In this mode, the WAF protection cluster does not participate in traffic forwarding, thus achieving separation of business forwarding and detection.

Step 1: Deploy SDK Plugin

To deploy the SDK plugin provided by Tencent Cloud WAF, please contact Tencent Cloud experts for the SDK plugin. Afterward, your business operations team will integrate the Tencent Cloud WAF SDK plugin into the APISIX Gateway, directing web traffic to the Tencent public cloud WAF service cluster.

Step 2: Configure WAF

1. Log in to the WAF console and select Connection Mangement > Domain Onboarding on the left sidebar.
2. On the domain onboarding page, click Add domain, configure relevant parameters, and click OK.

Field description
Associated instance: Select the CLB type and an instance name.
Domain name: Enter the domain name to be protected, such as test.com.
Traffic source: Select APISIX.
Use proxy: Select whether proxy services including Anti-DDoS and CDN are used based on the actual conditions.
Note:
If you select Yes, WAF will get real client IPs, which may be forged, from the XFF field as the source IPs.
Outside China: Select as needed.
Remarks: Enter your remark.
3. After clicking OK, return to the domain access page where you can view the protected domain, gateway instance ID, and name, along with other information.

Step 3: Verification Test

In the browser, enter the URL http://<Gateway Domain or IP>/?test=alert(123)and access it. If the browser returns a blocked page, it indicates that the Web Application Firewall protection function is working properly.


Was this page helpful?
You can also Contact Sales or Submit a Ticket for help.
Yes
No

Feedback