Post

Alibaba Application Load Balancer with WAF

Posted
By Kadek Sena Perdiana 1 min read

Alibaba Cloud ALB distributes incoming internet traffic across multiple backend servers to ensure high availability. When integrated with WAF, it filters and protects traffic (e.g., rate limiting, geo-filtering) before forwarding only clean HTTP requests to the backend servers.

x


VPC

Before configuring ALB, we need to ensure that our External vSwitch has multi domain availability, here we create a Dummy vSwitch on a different zone to fulfill that requirement

x


Instances

For the instances, we have 2 linux servers serving web on port 8080

x

x


ALB

Next we go to Server Load Balancer and select create new on ALB

x


The network type is Internet and we choose our 2 vswitches on different zones, for the Edition we will configure standard for now and enable WAF later

x

x


After that we configure the Server Group, create new

x


We name it Web_Servers and configure Health Check on port 8080

x


Then add the backend servers, which are our linux servers

x

x


Back to our ALB Instance, now we configure the Listener

x


We set the listener to be on port 80 (HTTP) and point it to our Backend Servers

x

x


That should conclude our ALB configuration, we can see our listener is now up and healthy

x


And we can copy the Domain Name and the EIP for accessing the ALB from the internet

x


Accessing the EIP or the Domain Name allows us to reach the ALB which load balances the traffic to both our linux servers

x


WAF

Next we enable WAF, to do that open the ALB Instance and hit enable WAF

x

x


That will change the edition from Standard to WAF Enabled

x


We can open WAF dedicated console and on the Protected Objects we will see our ALB Instance

x


On Core Web Protection, we can configure rules that’s applied on the WAF, here we will configure geo-blocking and rate-limiting

x


First the Geo-blocking, we will block any traffic coming in from Russia

x


Then Rate-limiting, create new Custom Rule add a Rate Limiting Protection

x

x


Now the Core Web Protection shows that Custom Rule and Geo-Blocking has active rules

x


And finally if we try accessing it from Russia or spamming the url, we will get blocked

x


Cloud, Alibaba Cloud
Alibaba
This post is licensed under CC BY 4.0 by the author.