This document will guide you to set a security group and allow only traffic from WAF to access websites.
Security group is an instance-level firewall service provided by Tencent Cloud to control inbound and outbound traffic of CVM instances. You can configure a security group to allow only traffic from WAF to access your website, preventing attackers from bypassing WAF and directly attacking your real server.
The following uses allowing the WAF intermediate IP
22.214.171.124 in the security group as an example to describe how to configure the security group.
You can get the intermediate IP on the Domain Name Connection page in the WAF console.
- Log in to the CVM Console and click Security Group on the left sidebar.
- On the security group page, click Create, enter the information as required, select Custom as the template, enter the security group name (such as
my-security-group) and remarks, and click OK.
- In the security group list, find the newly created security group, and click its ID to enter its details page.
- On the inbound rule page, click Add Rule.
- In the pop-up window, enter relevant information, select "HTTP (80)" as the type, enter the intermediate IP that needs to be allowed for the source, and enter the port and policy as required. After completing the settings, click OK.
- Click the Associate Instance tab and click Add Association on the CVM page.
- In the pop-up window, select the CVM instance to be bound to and click OK.
Alternatively, you can go to the CVM instance list page to view or modify the security group bound to a CVM instance. On the list page, select the ID of the CVM instance whose security group you want to adjust and click More -> Security Group -> Configure Security Group in the Operation column on the right for configuration.