All Products
Search

This Product

    Web Application Firewall:FAQ about the cloud native mode

    Document Center

    Web Application Firewall:FAQ about the cloud native mode

    Last Updated:Oct 20, 2023

    This topic provides answers to some frequently asked questions about the cloud native mode of Web Application Firewall (WAF) 3.0.

    Why am I unable to find the Classic Load Balancer (CLB) or Elastic Compute Service (ECS) instance that I want to add to WAF on the Website Configuration page?

    Problem description

    You cannot find the CLB or ECS instance that you want to add to WAF on the Website Configuration page.

    Solutions

    Possible cause

    Operation

    The CLB or ECS instance that you want to add to WAF does not meet the requirements.

    To check whether the CLB or ECS instance that you want to add to WAF meets the requirements, see the "Limits" sections in the following topics: Add a Layer 7 CLB instance to WAF, Add a Layer 4 CLB instance to WAF, and Add an ECS instance to WAF.

    No corresponding listeners are added to the CLB instance that you want to add to WAF.

    The instance failed to be synchronized to WAF.

    1. Log on to the WAF 3.0 console. In the top navigation bar, select the resource group and the region in which the WAF instance is deployed. You can select Chinese Mainland or Outside Chinese Mainland.

    2. In the left-side navigation pane, click Website Configuration.

    3. Select the corresponding cloud service type and click Add.

    4. In the panel that appears, click Synchronize Instances.

    What do I do if an error message indicating that the certificate is incomplete is displayed when I add an HTTPS traffic redirection port?

    Problem description

    When you add an HTTPS traffic redirection port, WAF checks the certificate that is configured for the port. If the certificate is not purchased by using Alibaba Cloud Certificate Management Service (Original SSL Certificate) or not uploaded to Alibaba Cloud Certificate Management Service (Original SSL Certificate), the following error message is displayed: The certificate configured for ports {port} of the CLB instance is incomplete. Go to the CLB console and select a certificate that you purchase from Certificate Management Service.

    Important

    If you do not upload your certificate to Certificate Management Service (Original SSL Certificate) and then select the certificate in the CLB console, you cannot add your CLB instance to WAF.

    Possible causes

    The certificate that is configured for the HTTPS port is uploaded in the CLB console.

    The certificate that is uploaded in the CLB console is not automatically synchronized to Certificate Management Service (Original SSL Certificate). WAF cannot check whether the source of the certificate is Alibaba Cloud Certificate Management Service.

    Solutions

    1. Upload your certificate to Certificate Management Service (Original SSL Certificate). For more information, see Upload an SSL certificate.

    2. In the CLB console, select the certificate that you uploaded. For more information, see Step 2: Configure an SSL certificate.