tencent cloud

Web Application Firewall

Release Notes and Announcements
Release Notes
Product Announcement
Security Advisory
Product Introduction
Overview
Product Category
Strengths
Scenarios
Plans and Editions
Supported Regions
Basic Concepts
Getting Started
Getting Started
FAQs for Beginners
Operation Guide
Overview
Connection Management
Security Operations
Protection Policies
Service Settings
사례 튜토리얼
WAF CCP Overview
Bot Management
API Security
Integration
Protection Configuration
FAQS
Product Consultation
Connection
Usage
Permissions
Sandbox Isolation Status
WAF 정책
개인 정보 보호 정책
데이터 처리 및 보안 계약
문서Web Application FirewallOperation GuideConnection ManagementDomain namesCLB WAF ConnectionPrecise Domain AccessIntegration of APISIX Application Gateway

Integration of APISIX Application Gateway

PDF
포커스 모드
폰트 크기
마지막 업데이트 시간: 2025-07-07 17:39:10
For users on Tencent Cloud using the unified access layer APISIX Gateway service with web protection needs, the Web Application Firewall (WAF) offers two options: customized access and hybrid cloud WAF, to suit user requirements.
For APISIX Gateway services on Tencent Cloud, the SDK integration mode must be used for customized access. This mode requires the SDK plugin to be deployed uniformly on the APISIX Gateway. The SDK plugin will duplicate and forward the gateway's business traffic to the WAF protection cluster. In this mode, the WAF protection cluster does not participate in traffic forwarding, thus achieving separation of business forwarding and detection.

Step 1: Deploy SDK Plugin

To deploy the SDK plugin provided by Tencent Cloud WAF, please contact Tencent Cloud experts for the SDK plugin. Afterward, your business operations team will integrate the Tencent Cloud WAF SDK plugin into the APISIX Gateway, directing web traffic to the Tencent public cloud WAF service cluster.

Step 2: Configure WAF

1. Log in to the WAF console and select Connection Mangement > Domain Onboarding on the left sidebar.
2. On the domain onboarding page, click Add domain, configure relevant parameters, and click OK.

Field description
Associated instance: Select the CLB type and an instance name.
Domain name: Enter the domain name to be protected, such as test.com.
Traffic source: Select APISIX.
Use proxy: Select whether proxy services including Anti-DDoS and CDN are used based on the actual conditions.
Note:
If you select Yes, WAF will get real client IPs, which may be forged, from the XFF field as the source IPs.
Outside China: Select as needed.
Remarks: Enter your remark.
3. After clicking OK, return to the domain access page where you can view the protected domain, gateway instance ID, and name, along with other information.

Step 3: Verification Test

In the browser, enter the URL http://<Gateway Domain or IP>/?test=alert(123)and access it. If the browser returns a blocked page, it indicates that the Web Application Firewall protection function is working properly.


이전 주제: Integration with Cloud Functions다음 주제: Custom Application Gateway Integration

도움말 및 지원

문제 해결에 도움이 되었나요?

피드백