WAF supports access for users from off-cloud data centers and can protect any servers on the public network, including but not limited to Tencent Cloud, clouds from other vendors, IDC, and so on.
Note:
Domain names accessed in the Chinese Mainland (Mainland) must be filed for ICP in accordance with the requirements of the MIIT.
Does WAF Support HTTPS Protection?
WAF fully supports HTTPS services. Once users upload SSL Certificates and private keys as prompted, or select Tencent Cloud-hosted certificates, WAF can protect HTTPS service traffic.
How Many Origin-Pull IP Addresses Can Be Set for a Protected Domain Name of WAF?
A protected domain name in WAF can set up to 20 origin-pull IPs.
Does WAF Support Health Checks?
WAF enables health checks by default. It detects the connection status of all origin server IP addresses. If an origin server IP has no response, WAF will no longer forward requests to this IP until the access status returns to normal.
Whether WAF supports session persistence?
WAF supports enabling session persistence. To enable it, please submit a ticket to contact us for assistance.
How Long Does It Approximately Take for the Configuration Change to Take Effect in the WAF Console?
Generally, the changed configuration takes effect within 10 seconds.
Do both SaaS-based and Cloud Native WAFs support mutual SSL authentication?
SaaS WAF does not support SSL mutual authentication, while Cloud Native WAF supports SSL mutual authentication.
Will the domain name origin-pull IP address change?
WAF may change the domain name origin-pull IP addresses during maintenance, upgrades, and so on. If changes occur, we will notify you in advance via SMS, email, or in-site messages. The specific origin-pull IP addresses shall prevail as shown in the Domain List in the console.
Whether the service VIP address for SaaS WAF instance domain name access changes
To provide disaster recovery capabilities across multiple regions and multiple availability zones (AZs) in the same region, WAF may change service VIP addresses during maintenance, upgrades, and so on. To ensure business stability, WAF only supports CNAME-based access, enabling flexible and elastic migration, scaling out, and scaling in. Directly resolving to VIP addresses or binding service VIP addresses of WAF instances directly to business applications is not supported.
Can the service VIP address for SaaS WAF instance domain access be updated upon request?
SaaS WAF instances do not support requesting changes to the service VIP addresses of domain names. If service abnormalities occur on a domain name bound to such an instance, first check whether it is under DDoS attack. You can also submit a ticket to contact us, and we will handle it promptly for you.
Which methods are supported for domain name origin-pull?
Support for domain name origin-pull and IP address origin-pull is available. You can select and configure them as needed. For details, see Domain Addition.
After a domain name is added to WAF, how do I bind a CNAME?
You can bind the CNAME at your DNS service provider by referring to the Operations Guide in the CNAME documentation.
Will logs still be recorded after the WAF switch in the Domain List is disabled?
After the WAF switch is disabled, all protection features of WAF will be turned off, and it will enter a pure traffic forwarding mode without logging any data.
Whether the CNAME changes after a domain name is deleted and re-added
After deleting and re-adding a domain name, the CNAME remains unchanged. You can view it in the Basic Settings section by clicking the domain name in the WAF Console Domain List.
