Release Notes and Announcements
- Release Notes
- Product Announcement
- Security Advisory
User Guide
Product Introduction
Purchase Guide
- Billing Overview
- Purchase Guide
- WAF Plan Upgrade Method
- Renewing Connections
- Payment Overdue
- Refund
Getting Started
- Getting Started
- FAQs for Beginners
Operation Guide
- Security Overview
- Connection Management
- Security Operations
- Protection Policies
- Service Settings
Practical Tutorial
- WAF CCP Overview
- Bot Management
- API Security
- Integration
- Protection Configuration
API Documentation
- History
- Introduction
- API Category
- Making API Requests
- Asset Management APIs
- Billing APIs
- Protection Settings APIs
- Other APIs
- IP Management APIs
- Integration APIs
- Log Service APIs
- Security Overview APIs
- Rule Engine APIs
- Data Types
- Error Codes
FAQS
- Product Consultation
- Connection
- Usage
- Permissions
- Sandbox Isolation Status
Service Level Agreement
WAF Policy
- Privacy Policy
- Data Processing And Security Agreement
Contact Us
Glossary

APISIX Gateway Connection

Focus Mode

Font Size

Last updated: 2026-04-21 14:42:22

For users who utilize the unified access layer APISIX gateway service on Tencent Cloud and require Web protection, Web Application Firewall (WAF) offers two solutions—customized access and hybrid cloud WAF—to meet their needs.
For APISIX gateway services on Tencent Cloud, the SDK integration mode is required for customized access. This mode mandates the uniform deployment of SDK plugins on the APISIX gateway. The SDK plugin copies and forwards service traffic to the WAF protection cluster. In this mode, the WAF protection cluster does not participate in traffic forwarding, thereby separating service forwarding and detection.
Step 1: Deploy SDK plugin
Tencent Cloud WAF integrated deployment: For the SDK plugin provided by Web Application Firewall, contact Tencent Cloud experts to obtain the SDK plugin. Your business Ops team will then integrate the Tencent Cloud WAF SDK plugin into the APISIX gateway to redirect Web traffic to Tencent's public cloud WAF service cluster.
Step 2: Configure WAF
1. Log in to the WAF console, choose Connection Management > Domain Onboarding in the left sidebar.
2. On the Domain names page, click Add domain, enter the relevant configuration parameters, and click OK.
Field Description
Associated instance: Select the Cloud Native type and the corresponding Cloud Native WAF instance name.
Domain name: In the domain input box, add the domain to be protected, such as test.com.
Traffic source: Select the APISIX gateway.
Use proxy: Select whether proxies such as Anti-DDoS, CDN, or Cloud Acceleration are used based on the actual situation.
Note:
Selecting "Yes" allows WAF to obtain the client's real IP address through the XFF field as the source address, which may carry the risk of source IP spoofing.
Outside Mainland China: Selected based on actual requirements.
Remarks: Enter remarks as needed.
3. After clicking Confirm, you will return to the Domain Access page where you can view information such as the protected domain name, Gateway Instance ID, and name.
Step 3: Verification Test
Enter the URL http://<gateway domain name or IP address>/?test=alert(123) in the browser and access it. The browser returns a block page, indicating that the WAF protection feature is functioning properly.
﻿
﻿

Help and Support

Was this page helpful?

You can also Contact sales or Submit a Ticket for help.

Help us improve! Rate your documentation experience in 5 mins.

Feedback

tencent cloud

Web Application Firewall

APISIX Gateway Connection

Step 1: Deploy SDK plugin

Step 2: Configure WAF

Step 3: Verification Test

Help and Support