Article directory
-
- 1. Website structure changes
- 2. Configure WAF application firewall
- 3. Configure CDN accelerator back-to-origin WAF firewall
- 4. Point the domain name DNS resolution to the domain name of the CDN
- 5. Test whether the website can be accessed normally
- 6. Simulate attacks to observe the role of WAF
- 7. Unblock IPs banned by WAF
- 8. View WAF protection records
Rough implementation steps:
1. Configure the WAF firewall to access the website (configure the website domain name, protocol type, server address, protocol port, and load algorithm)
2. Generate WAF CNAME domain name address
3. Configure the HTTPS certificate in the WAF website access and use HTTPS to access the website.
4. Adjust the CDN’s return-to-source address to the WAF’s CNAME address and return to the WAF.
5. Point the DNS resolution record of the domain name to the domain name address of the CDN.
KodCloud is accessed via HTTPS, so CDN, WAF, and SLB all need to be configured with HTTPS. If the website is deployed to force HTTPS, then the port number of the WAF back to the source SLB can be 80.
1. Website structure changes
The current website architecture is that when users request the cloud disk system, DNS will resolve the domain name to the domain name server provided by the CDN. When the requested data does not exist in the CDN, it will return to the source to obtain the data from SLB.
We need to connect the KodCloud cloud disk system to the WAF application firewall to ensure website security.
The architecture diagram after connecting to WAF is as follows: DNS—>CDN acceleration—>data return to WAF—>data return to SLB.
2. Configure WAF application firewall
It is necessary to configure website access, WAF back-to-origin, and configure HTTPS.
2.1. Configure the website to access the WAF firewall
1) Configure website access method
Click Website Access—>Domain Name List—>Website Access.
The access method is Cname manual access.
2) Fill in the website information
1) Fill in the website domain name: kodcloud.jiangxl.com.cn
2) For protocol type, check HTTP, HTTPS and HTTP2
3) Check to enable back-to-origin SNI to be consistent with the actual request host (if there are multiple projects in the load balancer, this item must be checked to follow the source address forwarding)
4) The server address is the address to be protected and the data return address. Fill in the address of the load balancer here: 47.95.212.251
5) The server port number is 80 for HTTP and 443 for HTTPS.
6) Load balancing algorithm selection polling
7) If there is a seven-layer proxy in front of the WAF, select Yes. There will be a CDN accelerator in front of the WAF. Check the first IP in X-Forwarded-For as the client source IP.
8) After the configuration is completed, click Next.
2.2.WAF firewall generates CNAME address
After configuring WAF website access, the CNAME address of WAF will be provided in the second step. We need to configure the CNAME address in the CDN accelerator. We will not configure it at this time.
WAF’s CNAME address: 7wciklcupr28znnhkwrghcsgdjahwszt.yundunwaf1.com
Then click Next to complete the configuration of the website access WAF firewall. The third step will prompt us to add the WAF address to the whitelist to avoid accidental blocking.
2.3. Configure WAF firewall HTTPS certificate
When the website connects to WAF, the HTTPS protocol is selected. At this time, the HTTPS certificate needs to be configured in the WAF firewall, otherwise the program will not be accessible.
1) Find the kodcloud website in website access, and click to upload the certificate in the source site information column.
2) Select an existing certificate—>select the domain name certificate of the website
3) The certificate is added.
2.4.WAF firewall enables HTTP back-to-origin SLB
This option is not available when you start configuring WAF. This function is only available when you click Edit after the WAF configuration is completed.
Find our website in the website access list and click the edit button in the operation column.
After entering the editing page, find the protocol type -> check to enable HTTP back-to-origin. At this time, the WAF back-to-origin SLB will use HTTP.
If you want WAF to use HTTP to return to the origin, you must turn off HTTP forced redirection in SLB. Otherwise, website requests will always be redirected and the website will be inaccessible.
Since my website is forced to HTTPS, I will not enable HTTP back-to-origin here.
3. Configure CDN accelerator back-to-origin WAF firewall
1) Enter the CDN’s domain name management page—>Basic Settings—>Find the previously added origin site information—>Edit.
2) Modify the origin site information to the origin site domain name -> fill in the CNAME domain name address of the WAF - use port 443.
3) The CDN back-to-origin pointing to WAF configuration is completed.
4. Point the domain name DNS resolution to the domain name of the CDN
The domain name has been pointed to the domain name of the CDN in the previous analysis.
5. Test whether the website can be accessed normally
At this time, kodcloud's website architecture has been connected to the WAF firewall. Let's test whether the website can be opened normally.
The website opens with no problem.
6. Simulate attacks to observe the role of WAF
At present, the website can be accessed normally when connected to the WAF firewall, but we cannot see the effect compared to before. Let us now simulate the total number of websites and observe the effect of WAF.
Let's simulate an xss attack and add a simulated xss public attack after my website domain name ?alert('xss')
.
https://kodcloud.jiangxl.com.cn/index.php?alert(%27xss%27)
After visiting it a few times, the page shown below will appear. You can see that the abnormal traffic has been intercepted by WAF.
This user's computer has tried to attack our website many times and has been blacklisted by WAF. Even normal access cannot succeed.
7. Unblock IPs banned by WAF
The high-frequency tool kodcloud website will be intercepted and blocked by WAF. As shown in the figure above, we can also manually unblock it.
Click Website Protection—>High Frequency WEB Attack Block—>Unblock the currently blocked IP.
Refresh the website again to access it normally.
8. View WAF protection records
In the WAF overview, you can observe how much intrusion prevention and traffic analysis has been intercepted by the WAF.
It can also be browsed in the security report.