Deploying Anti-DDoS, CDN, and WAF on Alibaba Cloud

Scenario Description

In case of “China service”, for those who want to apply Anti-DDoS, CDN, and WAF features together on Alibaba Cloud environment, consider using SCDN(Secure CDN) on a Domestic account and WAF on an International account together. In case of International account, we cannot simultaneously utilize Anti-DDoS and CDN at the time of writing. In this way, this alternative can make it possible, before SCDN product on International account is released. Once again, this scenario works only for Chinese regions.

Architecture Diagram

The diagram describes the traffic flow from Clients to an Elastic Compute Service (ECS) instance. Server Load Balancer (SLB) is optional, you may remove it from your architecture.

Step 1: Configure WAF on International Account

  1. Add your service domain on WAF
  • International account -> WAF -> Management -> Website Configuration -> Add Domain

Step 2: Configure SCDN on Domestic Account

  1. Add your service domain on SCDN
  • Domestic account -> SCDN -> Domain Management -> Add domain name

Step 3: Configure CNAME Record of SCDN on DNS

  1. Update service domain “www.test.com" with cname record from SCDN “www.test.com.scdnpesk.com" .
    Note:You can refer to this document for more information: Update the DNS settings
  2. As soon as update your DNS, please make sure your service can successfully lookup cname from SCDN.

Step 4: Security Hardening on SLB or ECS

Make sure your SLB and ECS have Public IP. This means that anyone can access your service directly without SCDN or WAF service(note, normally “http port” is any opened 0.0.0.0/0). In this way, these two products(SLB, ECS) have to configure access control to allow traffic the only from WAF on Alibaba Cloud, and all deny from any for security purposes.

Troubleshooting

If your web browser cannot correctly display, make sure the option or domain has been set up correctly. Here are some troubleshooting tips that can potentially solve the errors.

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Alibaba Cloud

Alibaba Cloud

Follow me to keep abreast with the latest technology news, industry insights, and developer trends. Alibaba Cloud website:https://www.alibabacloud.com