• Web Application Firewall

  1. Help Center
  2. Web Application Firewall
  3. User Guide
  4. Getting Started
  5. Overview


Before using WAF, you need to connect your domain name to it and enable it for protection to take effect.

Table 1 describes the procedure to use WAF.
Table 1 Procedure to use WAF



Creating a domain name

Add a website to be protected. For details, see Creating a Domain Name.

Enabling WAF protection

Enable WAF protection to protect your web services. For details, see Enabling WAF Protection.

  • The WAF engine is not running on your web server. Therefore, your web server performance is not affected.
  • After the domain name is connected to WAF, there will be a latency of tens of milliseconds, but might be raised based on the size of the requested page or number of incoming requests.

Configuring rules

In addition to the built-in protection rules, WAF provides a rich set of custom rules. For details, see Rule Configurations.

Enabling alarm notification

Once the function is enabled, users can receive attack logs at the earliest moment. For details, see Enabling Alarm Notification.

Handling false alarms

If the attack events blocked or logged are false positives, mask them. For details, see Handling False Alarms.

Viewing Dashboard

View the request and attack statistics, event distribution, and top 5 attack resource IP addresses of yesterday, today, past 3 days, past 7 days, or past 30 days. For details, see Dashboard.

For details about how to connect your domain name to WAF, see Figure 1.
Figure 1 Flowchart for connecting your domain name to WAF