Tencent Cloud Web Application Firewall (WAF) is an AI-based one-stop web service protection solution.
This document describes how to integrate WAF to the API Gateway to protect your APIs.
Step 1. Bind a custom domain name in the API Gateway console
For more information about how to bind a custom domain name in the API Gateway console, refer to Custom Domain Name and Certificate.
When a custom domain name is bound to the API Gateway console, the system will check whether you have configured CNAME and resolved it to the service subdomain name. Be sure to first configure CNAME and resolve it to the subdomain name of the API Gateway, modify the CNAME record, and point the custom domain name to the WAF domain name.
Step 2. Configure WAF
- Log in to the WAF console.
- Click Web Application Firewall -> Defense settings in the left sidebar to access the domain name list page.
- Click Add domains at the top of the Domain Name List module.
- Enter the Real Server Address and the subdomain name of the API Gateway, and complete the other configurations.
- Click Save. The domain name should now be in the “CNAME record not configured” status.
Step 3. Modify the CNAME record
- Modify the CNAME record and resolve the custom domain name to the WAF domain name.
- Log in to WAF console and click Web Application Firewall -> Defense settings in the left sidebar to access the domain name list page.
- Click the refresh icon in the Protection status column. The status should change to Normal protection.