WAF can be connected with servers in data centers outside Tencent Cloud. WAF protects servers in any public networks, including but not limited to Tencent Cloud, and clouds and IDCs from other vendors.
Domain names connected in the Chinese mainland must be ICP filed as required by the Ministry of Industry and Information Technology of China.
WAF fully supports HTTPS services. You just need to upload the SSL certificate and private key as instructed or select the Tencent Cloud-hosted certificate to use WAF for HTTPS traffic protection.
The QPS limit in WAF is for the entire instance. For example, if three domain names are protected, the total QPS of the three domain names cannot exceed the limit. If the QPS limit of the purchased instance is exceeded, speed will be limited and packets will be lost.
When adding a domain name to WAF, the real server address must be a domain name or a public IP, such as CVM public IP, CLB public IP, or Egress IP of other local IDCs, while a CVM private IP is not supported.
Yes, you can empower WAF with high DDoS protection capability simply by selecting IPs specified in a WAF instance on the configuration page in the Anti-DDoS Pro console. For more information, please see Combination of Anti-DDoS Pro and Web Application Firewall.
Up to 20 forwarding IPs can be set for one protected domain name in WAF.
If multiple forwarding IPs are configured, WAF achieves load balancing for access requests by polling.
Health check is enabled for WAF by default. WAF checks the connection status of all real server IPs. For the real server IP that does not respond, WAF will not forward requests to this IP until its connection status becomes normal.
Session persistence is supported and enabled by default in WAF.
In general, a configuration change takes effect within 10 seconds.
WAF does not automatically add a forwarding IP range to a security group. To do so, please see Getting Started.
If WAF is disabled, the file will not be blocked. If WAF is enabled and the blocking mode is set, WAF will block malicious files uploaded over HTTP or HTTPS, but will not block files uploaded over SFTP. SFTP is a non-HTTP or non-HTTPS protocol beyond the protection of WAF.
It is supported by CLB WAF but not by SaaS WAF.
Customization for TLS protocol and cipher suite is available in the Dedicated edition.