Web Application Firewall

WAF Service

AIONCLOUD's web application firewall (WAF) provides security functions for various web vulnerabilities, user-defined access control, and web cache function to improve web service quality.

Domain Information Menu

Domain management menu where you can search the list of domains registered in WAF and add/change/delete domains.

① Add Domain : This button takes you to the 'Register Domain' page where you can register a new domain.

② Domain List : A list of domains registered for protection with the WAF.

For the root domain, the DNS button is displayed on the right. The DNS button is displayed on the right. You can click the DNS button to go to the DNS management menu for that root domain. Subdomains that are children of the root domain are displayed as sets of children of the root domain.

In the case of sub domains where the root domain is not registered, it is displayed as a separate list as shown in the figure below.

Click on each domain listing to see a month-long summary of that domain. The data of summary information is initialized on the 1st of every month.

Port
Port information set as a WAF protection target. Requests received to ports that are not set as protection targets will be rejected.
Traffic
Capacity information for traffic handled by WAF. Traffic is expressed in MBytes or GBytes.
Visit
Number of transactions processed by WAF.
Threats
Number of transactions blocked by WAF's security policy.
DNS Status
Information on whether the DNS record for that domain has been changed to the WAF's proxy address.

The DNS lookup result for that domain is not in the WAF's proxy address.
In this case, the domain is not covered by WAF's security services.

The DNS record for that domain is set to the proxy address of the WAF, and traffic is passing through the WAF.

Edit / Delete / Detail

A button that lets you navigate to the Modify Domain Information menu.

This button allows you to delete a domain.

A button that allows you to view details other than domain summary information.

Domain
The name of the registered domain.
CNAME
The name of the CNAME record issued for that domain.
Origin
The destination address of the destination (web server) to which the WAF proxy forwards traffic.
Depending on the type of destination address, it is output in the form of an A record or CNAME record.
Certificate Expiration Date
Information about the expiration date of the registered domain certificate. Output only if HTTPS is being serviced.
Certificate Type
Printed if you used a free certificate from AIONCLOUD.

Domain Registration

To use WAF's security features, you must first register the domain associated with the web server.

Before registering the domain in WAF, please check the following information in advance.

The type of domain you want to register(Root domain or subdomain)
In AIONCLOUD WAF, as shown in the figure below, a domain with a prefix such as 'www' is called a 'subdomain', and a domain without a prefix is called a 'root domain'.
Depending on the type of domain, the method of connecting the domain with the WAF proxy will be different.

Whether the domain is hosted or not
Only web services in which the domain is actually hosted and in service can be registered in WAF.
If you would like to register a domain with WAF before hosting your web service, please contact our support center.
Web service Protocol and Port
SSL certificate and key file
If your web server is serving HTTPS, please obtain an SSL certificate and key file in advance.
The types of certificate files that can be registered with WAF are crt, pem, and pfx.

If you cannot obtain an SSL certificate and key file, or if you are not serving HTTPS, you can obtain and use a free certificate from AIONCLOUD.

① Go to domain registration menu

To register a new domain in WAF, click the Add Domain button at the top right of the 'Domain Info' menu to move to the domain registration menu.

② Enter domain information

Select Domain Type
Select the type of domain you want to register.

Enter domain & check domain
Enter the domain you want to register and click the Domain Check button on the right. When checking a domain, the following verification is performed.
- Whether the domain is hosted
- Whether the domain is reachable
- Whether the domain is duplicate
- Check Google Safe browsing

Protocol / Port Settings
Enter the protocol (HTTP or HTTPS) of the web service and the service port for that protocol and click the Add button.
You can add one or more protocols and ports.

Set web service address
Select the address type (IP or CNAME) of the web service, enter the address, and click the Add button.

SLB Setting (when there are more than two addresses)
In order to set more than one web service address, it must be used together with WAF's Server Load Balancing (SLB) function.

- Health Check URL & Test
  Set up health check rules for web server load balancing. You can validate the health check rule by clicking the Test button.

- Method
  You can choose between 'HEAD' and 'GET'.
- Path

- Sorry Page
  Set the type of Sorry page to respond to clients when all web server health checks fail.
  - Sorry Page - HTML
    Sorry responds to the HTML entered on the page.
  - Sorry page - URL redirect
    Redirect to URL entered in Sorry page URL.

Certificate Settings
Sets the SSL certificate to use for connections between the client and the WAF during HTTPS service.
Certificate options can be set as follows.

- No Certificate
  Select if HTTPS is not serviced HTTPS.
- AIONCLOUD Certificate
  Select if you want to use the free certificate provided by AIONCLOUD.
  You can also choose if you do not own an SSL certificate, or if your web server is not serving HTTPS.
  The AIONCLOUD certificate is valid for 3 months from the issuance date and automatically renews before the expiration date.

When using the AIONCLOUD certificate, the certificate issuance process starts when you change the domain's DNS record to the WAF's address.
It takes about 10 minutes to issue. Until the certificate is issued, a certificate error may occur when accessing the web service.