No, you cannot use, migrate, or share WAF instances across accounts.
WAF can be connected with servers in data centers outside Tencent Cloud. WAF protects servers in any public networks, including but not limited to Tencent Cloud, and clouds and IDCs from other vendors.
Note:Domain names connected in the Chinese mainland must be ICP filed as required by the Ministry of Industry and Information Technology of China.
WAF fully supports HTTPS services. You just need to upload the SSL certificate and private key as instructed or select the Tencent Cloud-hosted certificate to use WAF for HTTPS traffic protection.
The QPS limit in WAF is for the entire instance. For example, if three domain names are protected, the total QPS of the three domain names cannot exceed the limit. If the QPS limit of the purchased instance is exceeded, speed will be limited and packets will be lost.
Yes. You can empower WAF with high DDoS protection capabilities simply by selecting IPs specified in a WAF instance on the configuration page in the Anti-DDoS Pro console. For more information, see Combination of Anti-DDoS Pro and Web Application Firewall.
An SSL certificate's private key hosted on Tencent Cloud will enjoy extremely high security, in terms of:
The process from uploading the private key to configuring the certificate on the Tencent Cloud certificate hosting platform is protected with HTTPS, an encrypted communication, and enterprise SSL certificates, ensuring the safety of communication data.
It is supported by CLB WAF but not by SaaS WAF.
The differences are as follows:
Product Item |
Tencent Cloud WAF | Tencent Cloud CFW | |
---|---|---|---|
SaaS WAF | CLB WAF | ||
Protected Target | Websites and API services. | Websites and API services. | Businesses completely exposed on the internet |
Application Scenarios | It is applicable to those who require multi-level protection or cybersecurity assurance service, particularly for webs, APIs, application layers and anti-cheating behavior. | It is applicable to those who require multi-level protection or cybersecurity assurance service, particularly for webs, APIs, application layers and anti-cheating behavior, and who have used or plan to use layer-7 CLB instances on Tencent Cloud. | It is applicable to those who require multi-level protection or cybersecurity assurance service, or who require protection for CVMs and network. |
Core Protection Capability |
|
|
|
Core Strength | It is applicable to Tencent Cloud and non-Tencent Cloud users. | Cloud-native access ensures the safety, stability and reliability of Tencent Cloud users' website business with separation between forwarding and security protection via one-click bypass, which is implemented without changing the existing network architecture. Besides, multi-region access is also supported. | The cloud-native firewall can be enabled with one click, without affecting your business. It integrates security capabilities, such as IPS, threat intelligence, and omission scanning, necessary for multi-level protection and cybersecurity assurance scenarios, which is only available to Tencent Cloud users. |
How to Choose | SaaS WAF is recommended for those who require protection for websites and APIs on cloud and in local IDC. | CLB WAF is recommended for those who have used or plan to use layer-7 CLB instances. | CFW is recommended for those who have concerns over the security of CVM (whether it will be overwhelmed), and businesses exposed on the internet that expose public network businesses in addition to web businesses. |
WAF rules follow the following hit priorities: precise allowlist > IP allowlist > IP blocklist, regional blocking, access control, CC rules > bot protection > web protection (rule engine), AI engine, tamper protection, leakage protection.
Was this page helpful?