WEB Firewall Self service provides guides to create and operate web firewall instances to help protect web servers. This document introduces how to use the WEB Firewall Self service.
To use the WEB Firewall service, log in to NHN Cloud Console and click on Security>WEB Firewall in the service list.
※ Service fee will be charged as soon as the instance is created.
Select and delete a Web firewall instance.
※ When configuring a web firewall, traffic goes through the web firewall, and service failure may occur if the instance is deleted while in use.
※ Please delete instance after checking the web service you are using.
※ Set up a security group for trusted IPs and ports to use, as shown in the example below.
Direction | IP Protocol | Port range | Remote | Description |
---|---|---|---|---|
Ingress | TCP | 80 (HTTP) | 0.0.0.0/0 (CIDR) | WAF web service port |
Ingress | TCP | 443 (HTTPS) | 0.0.0.0/0 (CIDR) | WAF web service port |
Ingress | TCP | 5001 | x.x.x.x/32 (CIDR) | WAF management tool(UI) pot (Only allow administrator IP) |
Ingress | TCP | 22 (SSH) | x.x.x.x/32 (CIDR) | WAF SSH Terminal port (Only allow administrator IP) |
Ingress | TCP/HTTP | 5000 | IP of top LB of WAF x.x.x.x/32 (CIDR) |
health check port between WAF(redundancy) and Top LB |
Egress | TCP | 443 (HTTPS) | 218.145.29.166/32 (CIDR) | WAF License Update server |
Egress | TCP | 443 (HTTPS) | 218.145.29.101/32 (CIDR) | WAF License Update server |
Egress | TCP | 5001 | 218.145.29.168/32 (CIDR) | WAF Security rule(custom rule) Update server |
※ Note : When using WAF redundancy (when using the settings synchronization function) or Auto Scaling, ports 5984 and 6984 must be allowed between WAFs.
Initial setup after WAF initial run
Access Web Firewall Web Management Tool (UI) from a browser (chrome recommended)
Settings > System > Set time synchronization
Network Settings > Proxy IP Settings
Set WAF Protection Targets
Set Protection Policy
Set X-Forwarded-For IP
Notes when applying WAF
※ Self-service only provides the user guide and Managed Service provides operating agency service and 24-hour security control services.