AIONCLOUD DocsV3
Go to DocsV2

Web Application Firewall

WAF Service

AIONCLOUD's web application firewall (WAF) provides security functions for various web vulnerabilities, user-defined access control, and web cache function to improve web service quality.

image.png




Domain Information Menu

Domain management menu where you can search the list of domains registered in WAF and add/change/delete domains.

image.png

DOMAININFO_EN.png

① Add Domain : This button takes you to the 'Register Domain' page where you can register a new domain.

② Domain List : A list of domains registered for protection with the WAF.


For the root domain, the DNS button is displayed on the right. The DNS button is displayed on the right. You can click the DNS button to go to the DNS management menu for that root domain. Subdomains that are children of the root domain are displayed as sets of children of the root domain.

image.png


In the case of sub domains where the root domain is not registered, it is displayed as a separate list as shown in the figure below.

image.png


Click on each domain listing to see a month-long summary of that domain. The data of summary information is initialized on the 1st of every month.

image.png

  • Port
    Port information set as a WAF protection target. Requests received to ports that are not set as protection targets will be rejected.

  • Traffic
    Capacity information for traffic handled by WAF. Traffic is expressed in MBytes or GBytes.

  • Visit
    Number of transactions processed by WAF.

  • Threats
    Number of transactions blocked by WAF's security policy.

  • DNS Status
    Information on whether the DNS record for that domain has been changed to the WAF's proxy address.

image.png
The DNS lookup result for that domain is not in the WAF's proxy address.
In this case, the domain is not covered by WAF's security services.

image.png
The DNS record for that domain is set to the proxy address of the WAF, and traffic is passing through the WAF.

  • Edit / Delete / Detail

image.png
A button that lets you navigate to the Modify Domain Information menu.

image.png
This button allows you to delete a domain.

image.png
A button that allows you to view details other than domain summary information.

image.png

  • Domain
    The name of the registered domain.

  • CNAME
    The name of the CNAME record issued for that domain.

  • Origin
    The destination address of the destination (web server) to which the WAF proxy forwards traffic.
    Depending on the type of destination address, it is output in the form of an A record or CNAME record.

  • Certificate Expiration Date
    Information about the expiration date of the registered domain certificate. Output only if HTTPS is being serviced.

  • Certificate Type
    Printed if you used a free certificate from AIONCLOUD.

    image.png




Domain Registration

To use WAF's security features, you must first register the domain associated with the web server.
Before registering the domain in WAF, please check the following information in advance.
  • The type of domain you want to register(Root domain or subdomain)
    In AIONCLOUD WAF, as shown in the figure below, a domain with a prefix such as 'www' is called a 'subdomain', and a domain without a prefix is ​​called a 'root domain'.
    Depending on the type of domain, the method of connecting the domain with the WAF proxy will be different.

ROOT_SUBDOMAIN_EN.png


  • Whether the domain is hosted or not
    Only web services in which the domain is actually hosted and in service can be registered in WAF.
    If you would like to register a domain with WAF before hosting your web service, please contact our support center.
  • Web service Protocol and Port

  • SSL certificate and key file
    If your web server is serving HTTPS, please obtain an SSL certificate and key file in advance.
    The types of certificate files that can be registered with WAF are crt, pem, and pfx.

    If you cannot obtain an SSL certificate and key file, or if you are not serving HTTPS, you can obtain and use a free certificate from AIONCLOUD.


① Go to domain registration menu

 To register a new domain in WAF, click the Add Domain button at the top right of the 'Domain Info' menu to move to the domain registration menu.

image.png

image.png


② Enter domain information

  • Select Domain Type
    Select the type of domain you want to register.

image.png

  • Enter domain & check domain
    Enter the domain you want to register and click the Domain Check button on the right. When checking a domain, the following verification is performed. 
    • Whether the domain is hosted
    • Whether the domain is reachable
    • Whether the domain is duplicate
    • Check Google Safe browsing 

image.png

  • Protocol / Port Settings
    Enter the protocol (HTTP or HTTPS) of the web service and the service port for that protocol and click the Add button.
    You can add one or more protocols and ports.

image.png

  • Set web service address
    Select the address type (IP or CNAME) of the web service, enter the address, and click the Add button.

image.png

  • SLB Setting (when there are more than two addresses)
    In order to set more than one web service address, it must be used together with WAF's Server Load Balancing (SLB) function.

image.png


    • Health Check URL & Test
      Set up health check rules for web server load balancing. You can validate the health check rule by clicking the Test button.  

image.png

    • Method
      You can choose between 'HEAD' and 'GET'.

    • Path
    • Sorry Page
      Set the type of Sorry page to respond to clients when all web server health checks fail.
      • Sorry Page - HTML
        Sorry responds to the HTML entered on the page.

        image.png

      • Sorry page - URL redirect
        Redirect to URL entered in Sorry page URL.

        image.png



  • Certificate Settings
    Sets the SSL certificate to use for connections between the client and the WAF during HTTPS service.
    Certificate options can be set as follows.
    • No Certificate
      Select if HTTPS is not serviced HTTPS.

      image.png

    • AIONCLOUD Certificate
      Select if you want to use the free certificate provided by AIONCLOUD.
      You can also choose if you do not own an SSL certificate, or if your web server is not serving HTTPS.
      The AIONCLOUD certificate is valid for 3 months from the issuance date and automatically renews before the expiration date.

When using the AIONCLOUD certificate, the certificate issuance process starts when you change the domain's DNS record to the WAF's address.
It takes about 10 minutes to issue. Until the certificate is issued, a certificate error may occur when accessing the web service.