Dedicated WAF Engine Management¶
This topic describes how to manage your dedicated WAF instances (or engines), including viewing instance information, upgrading the instance edition, or deleting an instance.
Note
If you have enabled enterprise projects, ensure that you have all operation permissions for the project where your WAF instances locate. Then, you can select the project from the Enterprise Project drop-down list and manage dedicated WAF instances in the project.
Prerequisites¶
You have applied for a dedicated WAF instance.
Viewing Information About a Dedicated WAF Instance¶
Log in to the management console.
Click in the upper left corner of the management console and select a region or project.
Click in the upper left corner and choose Web Application Firewall (Dedicated) under Security.
In the navigation pane on the left, choose Instance Management > Dedicated Engine to go to the dedicated WAF instance page.
View information about a dedicated WAF instance. Table 1 describes parameters.
¶ Parameter
Description
Example Value
Instance Name
Name automatically generated when an instance is created.
None
Protected Website
Domain name of the website protected by the instance.
www.example.com
VPC
VPC where the instance resides
vpc-waf
Subnet
Subnet where an instance resides
subnet-62bb
IP Addresses
IP address of the subnet in the VPC where the WAF instance is deployed.
192.168.0.186
Access Status
Connection status of the instance.
Accessible
Running Status
Status of the instance.
Running
Deployment
How the instance is deployed.
Standard mode (reverse proxy)
Specifications
Specifications of resources hosting the instance.
8 vCPUs | 16 GB
Operation
Cloud Eye: View the monitoring information about the dedicated instance. For details, see Viewing Metrics of a Dedicated WAF Instance.
Delete: Delete the dedicated instance. For details, see Deleting a Dedicated WAF Instance.
More > Upgrade: Upgrade the dedicated instance version. For details, see Upgrading a Dedicated WAF Instance.
More > Change Security Group: Change the security group for the dedicated instance. For details, see Change Security Group for a Dedicated WAF Instance.
-
Viewing Metrics of a Dedicated WAF Instance¶
When a WAF instance is in the Running status, you can view the monitored metrics about the instance.
Log in to the management console.
Click in the upper left corner of the management console and select a region or project.
Click in the upper left corner and choose Web Application Firewall (Dedicated) under Security.
In the navigation pane on the left, choose Instance Management > Dedicated Engine to go to the dedicated WAF instance page.
In the row of the instance, click Cloud Eye in the Operation column to go to the Cloud Eye console and view the monitoring information, such as CPU, memory, and bandwidth.
Upgrading a Dedicated WAF Instance¶
Only dedicated WAF instances in the Running status can be upgraded to the latest version.
Important
It takes about 20 minutes for upgrading an instance. During the upgrade, the instance is not available and cannot protect your domain names connected to it. To prevent service interruptions, use either of the following solutions:
Solution 1: Deploy multiple dedicated WAF instances for your domain name, add them to a backend server group of your load balancer, and enable the health check policy for the load balancer. In this way, if one dedicated WAF instance is not available, WAF automatically distributes the traffic to other healthy instances. There is almost no impact on your services except that website requests might be intermittently interrupted for few seconds.
Solution 2: If you deploy only one dedicated WAF instance, configure a load balancer before you start to let website traffic bypass WAF during the upgrade. After the upgrade is complete, configure the load balancer to distribute traffic to WAF.
If you are using the latest version of WAF, the Upgrade button is grayed out.
Log in to the management console.
Click in the upper left corner of the management console and select a region or project.
Click in the upper left corner and choose Web Application Firewall (Dedicated) under Security.
In the navigation pane on the left, choose Instance Management > Dedicated Engine to go to the dedicated WAF instance page.
In the row containing the instance you want to upgrade, click More > Upgrade in the Operation column.
Confirm the upgrade conditions and click Confirm.
Change Security Group for a Dedicated WAF Instance¶
If you select Network Interface for Instance Type, you can change the security group to which your dedicated instance belongs. After you select a security group, the WAF instance will be protected by the access rules of the security group.
Log in to the management console.
Click in the upper left corner of the management console and select a region or project.
Click in the upper left corner and choose Web Application Firewall (Dedicated) under Security.
In the navigation pane on the left, choose Instance Management > Dedicated Engine to go to the dedicated WAF instance page.
In the row containing the instance, choose More > Change Security Group in the Operation column.
In the dialog box displayed, select the new security group and click Confirm.
Deleting a Dedicated WAF Instance¶
You can delete a dedicated WAF instance anytime. A deleted dedicated WAF instance will no longer protect the website added to it.
Important
Resources on deleted instance are released and cannot be restored. Exercise caution when performing this operation.
Log in to the management console.
Click in the upper left corner of the management console and select a region or project.
Click in the upper left corner and choose Web Application Firewall (Dedicated) under Security.
In the navigation pane on the left, choose Instance Management > Dedicated Engine to go to the dedicated WAF instance page.
In the row of the instance, click Delete in the Operation column.
Click Confirm.