diff --git a/go.mod b/go.mod
index 798c12ef622..1301cb840d3 100644
--- a/go.mod
+++ b/go.mod
@@ -88,7 +88,7 @@ require (
 	k8s.io/client-go v0.19.3
 	k8s.io/cluster-bootstrap v0.19.3
 	moul.io/http2curl/v2 v2.3.0
-	yunion.io/x/cloudmux v0.3.10-0-alpha.1.0.20240521070416-7668541b2a63
+	yunion.io/x/cloudmux v0.3.10-0-alpha.1.0.20240522122302-b27cdcdc15cb
 	yunion.io/x/executor v0.0.0-20230705125604-c5ac3141db32
 	yunion.io/x/jsonutils v1.0.1-0.20240203102553-4096f103b401
 	yunion.io/x/log v1.0.1-0.20240305175729-7cf2d6cd5a91
diff --git a/go.sum b/go.sum
index c95f293f1d4..8dbe785f67f 100644
--- a/go.sum
+++ b/go.sum
@@ -1208,8 +1208,8 @@ sigs.k8s.io/structured-merge-diff/v4 v4.0.1/go.mod h1:bJZC9H9iH24zzfZ/41RGcq60oK
 sigs.k8s.io/yaml v1.1.0/go.mod h1:UJmg0vDUVViEyp3mgSv9WPwZCDxu4rQW1olrI1uml+o=
 sigs.k8s.io/yaml v1.2.0 h1:kr/MCeFWJWTwyaHoR9c8EjH9OumOmoF9YGiZd7lFm/Q=
 sigs.k8s.io/yaml v1.2.0/go.mod h1:yfXDCHCao9+ENCvLSE62v9VSji2MKu5jeNfTrofGhJc=
-yunion.io/x/cloudmux v0.3.10-0-alpha.1.0.20240521070416-7668541b2a63 h1:j0GXmbJsm6C+ByDNIv1bITMlSkuGHJ53BvdZcWS3ww4=
-yunion.io/x/cloudmux v0.3.10-0-alpha.1.0.20240521070416-7668541b2a63/go.mod h1:quoJjGTJ2PjAY0+3YeN5JuN136whECKmfkJQwIsXKjM=
+yunion.io/x/cloudmux v0.3.10-0-alpha.1.0.20240522122302-b27cdcdc15cb h1:f8Qlj4PPHTm8ffZX44Ua69v5/eJhR5rJFQl3/LyuCLw=
+yunion.io/x/cloudmux v0.3.10-0-alpha.1.0.20240522122302-b27cdcdc15cb/go.mod h1:quoJjGTJ2PjAY0+3YeN5JuN136whECKmfkJQwIsXKjM=
 yunion.io/x/executor v0.0.0-20230705125604-c5ac3141db32 h1:v7POYkQwo1XzOxBoIoRVr/k0V9Y5JyjpshlIFa9raug=
 yunion.io/x/executor v0.0.0-20230705125604-c5ac3141db32/go.mod h1:Uxuou9WQIeJXNpy7t2fPLL0BYLvLiMvGQwY7Qc6aSws=
 yunion.io/x/jsonutils v0.0.0-20190625054549-a964e1e8a051/go.mod h1:4N0/RVzsYL3kH3WE/H1BjUQdFiWu50JGCFQuuy+Z634=
diff --git a/pkg/compute/models/waf_instances.go b/pkg/compute/models/waf_instances.go
index 749d92d532d..899380177f8 100644
--- a/pkg/compute/models/waf_instances.go
+++ b/pkg/compute/models/waf_instances.go
@@ -76,6 +76,9 @@ type SWafInstance struct {
 	SourceIps       []string `width:"512" charset:"utf8" nullable:"true" list:"user" update:"admin"`
 	HttpPorts       []int    `width:"64" charset:"utf8" nullable:"true" list:"user" update:"admin"`
 	HttpsPorts      []int    `width:"64" charset:"utf8" nullable:"true" list:"user" update:"admin"`
+
+	UpstreamScheme string `width:"32" charset:"utf8" nullable:"true" list:"user" update:"admin"`
+	UpstreamPort   int    `nullable:"true" list:"user" update:"admin"`
 }
 
 func (manager *SWafInstanceManager) GetContextManagers() [][]db.IModelManager {
@@ -441,10 +444,13 @@ func (self *SWafInstance) SyncWithCloudWafInstance(ctx context.Context, userCred
 		self.DefaultAction = ext.GetDefaultAction()
 		self.Status = ext.GetStatus()
 		self.IsAccessProduct = ext.GetIsAccessProduct()
+		self.Type = ext.GetWafType()
 		self.HttpsPorts = ext.GetHttpsPorts()
 		self.HttpPorts = ext.GetHttpPorts()
 		self.Cname = ext.GetCname()
 		self.SourceIps = ext.GetSourceIps()
+		self.UpstreamScheme = ext.GetUpstreamScheme()
+		self.UpstreamPort = ext.GetUpstreamPort()
 		self.AccessHeaders = ext.GetAccessHeaders()
 		return nil
 	})
@@ -474,6 +480,8 @@ func (self *SCloudregion) newFromCloudWafInstance(ctx context.Context, userCred
 	waf.HttpsPorts = ext.GetHttpsPorts()
 	waf.HttpPorts = ext.GetHttpPorts()
 	waf.Cname = ext.GetCname()
+	waf.UpstreamScheme = ext.GetUpstreamScheme()
+	waf.UpstreamPort = ext.GetUpstreamPort()
 	waf.SourceIps = ext.GetSourceIps()
 	waf.AccessHeaders = ext.GetAccessHeaders()
 	var err = func() error {
diff --git a/vendor/modules.txt b/vendor/modules.txt
index b8cdfd0f39d..da462602f94 100644
--- a/vendor/modules.txt
+++ b/vendor/modules.txt
@@ -1479,7 +1479,7 @@ sigs.k8s.io/structured-merge-diff/v4/value
 # sigs.k8s.io/yaml v1.2.0
 ## explicit; go 1.12
 sigs.k8s.io/yaml
-# yunion.io/x/cloudmux v0.3.10-0-alpha.1.0.20240521070416-7668541b2a63
+# yunion.io/x/cloudmux v0.3.10-0-alpha.1.0.20240522122302-b27cdcdc15cb
 ## explicit; go 1.18
 yunion.io/x/cloudmux/pkg/apis
 yunion.io/x/cloudmux/pkg/apis/billing
diff --git a/vendor/yunion.io/x/cloudmux/pkg/cloudprovider/resources.go b/vendor/yunion.io/x/cloudmux/pkg/cloudprovider/resources.go
index 9f0d195a482..89d7e9c602d 100644
--- a/vendor/yunion.io/x/cloudmux/pkg/cloudprovider/resources.go
+++ b/vendor/yunion.io/x/cloudmux/pkg/cloudprovider/resources.go
@@ -1487,6 +1487,8 @@ type ICloudWafInstance interface {
 	GetHttpsPorts() []int
 	GetCname() string
 	GetSourceIps() []string
+	GetUpstreamScheme() string
+	GetUpstreamPort() int
 
 	Delete() error
 }
diff --git a/vendor/yunion.io/x/cloudmux/pkg/cloudprovider/waf.go b/vendor/yunion.io/x/cloudmux/pkg/cloudprovider/waf.go
index 14b3a771031..2f01b4bd302 100644
--- a/vendor/yunion.io/x/cloudmux/pkg/cloudprovider/waf.go
+++ b/vendor/yunion.io/x/cloudmux/pkg/cloudprovider/waf.go
@@ -37,6 +37,9 @@ var (
 	WafTypeDefault    = TWafType("Default")
 	WafTypeAppGateway = TWafType("AppGateway")
 
+	WafTypeSaaS         = TWafType("SaaS")
+	WafTypeLoadbalancer = TWafType("Loadbalancer")
+
 	WafStatementTypeByteMatch        = TWafStatementType("ByteMatch")
 	WafStatementTypeGeoMatch         = TWafStatementType("GeoMatch")
 	WafStatementTypeIPSet            = TWafStatementType("IPSet")
diff --git a/vendor/yunion.io/x/cloudmux/pkg/multicloud/aliyun/waf_domain.go b/vendor/yunion.io/x/cloudmux/pkg/multicloud/aliyun/waf_domain.go
index 0bbcd38edee..99819407ce9 100644
--- a/vendor/yunion.io/x/cloudmux/pkg/multicloud/aliyun/waf_domain.go
+++ b/vendor/yunion.io/x/cloudmux/pkg/multicloud/aliyun/waf_domain.go
@@ -32,7 +32,7 @@ type SWafDomain struct {
 
 	insId           string
 	name            string
-	Httptouserip    int           `json:"HttpToUserIp"`
+	HttpToUserIp    int           `json:"HttpToUserIp"`
 	HttpPort        []int         `json:"HttpPort"`
 	IsAccessProduct int           `json:"IsAccessProduct"`
 	Resourcegroupid string        `json:"ResourceGroupId"`
@@ -150,6 +150,14 @@ func (self *SWafDomain) GetStatus() string {
 	return api.WAF_STATUS_AVAILABLE
 }
 
+func (self *SWafDomain) GetUpstreamPort() int {
+	return 0
+}
+
+func (self *SWafDomain) GetUpstreamScheme() string {
+	return ""
+}
+
 func (self *SWafDomain) GetWafType() cloudprovider.TWafType {
 	return cloudprovider.WafTypeDefault
 }
diff --git a/vendor/yunion.io/x/cloudmux/pkg/multicloud/aliyun/waf_v2_domains.go b/vendor/yunion.io/x/cloudmux/pkg/multicloud/aliyun/waf_v2_domains.go
index 33b48f92efd..164fd2b879f 100644
--- a/vendor/yunion.io/x/cloudmux/pkg/multicloud/aliyun/waf_v2_domains.go
+++ b/vendor/yunion.io/x/cloudmux/pkg/multicloud/aliyun/waf_v2_domains.go
@@ -105,6 +105,14 @@ func (self *SWafDomainV2) GetCname() string {
 	return self.Cname
 }
 
+func (self *SWafDomainV2) GetUpstreamPort() int {
+	return 0
+}
+
+func (self *SWafDomainV2) GetUpstreamScheme() string {
+	return ""
+}
+
 func (self *SWafDomainV2) GetSourceIps() []string {
 	ret := []string{}
 	for _, backend := range self.Redirect.Backends {
diff --git a/vendor/yunion.io/x/cloudmux/pkg/multicloud/aws/waf.go b/vendor/yunion.io/x/cloudmux/pkg/multicloud/aws/waf.go
index c52085e17f5..6ac8979c1d2 100644
--- a/vendor/yunion.io/x/cloudmux/pkg/multicloud/aws/waf.go
+++ b/vendor/yunion.io/x/cloudmux/pkg/multicloud/aws/waf.go
@@ -84,6 +84,14 @@ func (self *SWebAcl) GetCname() string {
 	return ""
 }
 
+func (self *SWebAcl) GetUpstreamScheme() string {
+	return ""
+}
+
+func (self *SWebAcl) GetUpstreamPort() int {
+	return 0
+}
+
 func (self *SWebAcl) GetSourceIps() []string {
 	return []string{}
 }
diff --git a/vendor/yunion.io/x/cloudmux/pkg/multicloud/azure/waf.go b/vendor/yunion.io/x/cloudmux/pkg/multicloud/azure/waf.go
index 1422eff64b8..dd1737ce28d 100644
--- a/vendor/yunion.io/x/cloudmux/pkg/multicloud/azure/waf.go
+++ b/vendor/yunion.io/x/cloudmux/pkg/multicloud/azure/waf.go
@@ -462,6 +462,14 @@ func (self *SAppGatewayWaf) GetCname() string {
 	return ""
 }
 
+func (self *SAppGatewayWaf) GetUpstreamScheme() string {
+	return ""
+}
+
+func (self *SAppGatewayWaf) GetUpstreamPort() int {
+	return 0
+}
+
 func (self *SAppGatewayWaf) GetSourceIps() []string {
 	return []string{}
 }
diff --git a/vendor/yunion.io/x/cloudmux/pkg/multicloud/qcloud/waf.go b/vendor/yunion.io/x/cloudmux/pkg/multicloud/qcloud/waf.go
index 85687aa4d47..5b08c180625 100644
--- a/vendor/yunion.io/x/cloudmux/pkg/multicloud/qcloud/waf.go
+++ b/vendor/yunion.io/x/cloudmux/pkg/multicloud/qcloud/waf.go
@@ -22,6 +22,7 @@ import (
 	"yunion.io/x/cloudmux/pkg/cloudprovider"
 	"yunion.io/x/cloudmux/pkg/multicloud"
 	"yunion.io/x/jsonutils"
+	"yunion.io/x/pkg/errors"
 )
 
 type SWafInstance struct {
@@ -29,31 +30,33 @@ type SWafInstance struct {
 	QcloudTags
 	region *SRegion
 
-	AccessStatus string
-	AlbType      string
-	ApiStatus    int
-	AppId        string
-	BotStatus    string
-	CCList       []string
-	CdcClusters  string
-	CloudType    string
-	ClsStatus    string
-	Cname        string
-	IsCdn        *int
-	CreateTime   time.Time
-	Domain       string
-	DomainId     string
-	Edition      string
-	Engine       int
-	FlowMode     int
-	InstanceId   string
-	InstanceName string
-	Ipv6Status   int
-	Level        int
-	Mode         int
-	IpHeaders    *[]string
-	Note         string
-	Ports        []struct {
+	AccessStatus      string
+	AlbType           string
+	ApiStatus         int
+	AppId             string
+	BotStatus         string
+	CCList            []string
+	CdcClusters       string
+	CloudType         string
+	ClsStatus         string
+	Cname             string
+	IsCdn             *int
+	CreateTime        time.Time
+	Domain            string
+	DomainId          string
+	Edition           string
+	Engine            int
+	FlowMode          int
+	InstanceId        string
+	InstanceName      string
+	UpstreamScheme    *string
+	HttpsUpstreamPort *int
+	Ipv6Status        int
+	Level             int
+	Mode              int
+	IpHeaders         *[]string
+	Note              string
+	Ports             []struct {
 		NginxServerId    string
 		Port             int
 		Protocol         string
@@ -83,7 +86,14 @@ func (self *SWafInstance) GetId() string {
 }
 
 func (self *SWafInstance) GetWafType() cloudprovider.TWafType {
-	return cloudprovider.WafTypeDefault
+	switch self.Edition {
+	case "sparta-waf":
+		return cloudprovider.WafTypeSaaS
+	case "clb-waf", "cdc-clb-waf":
+		return cloudprovider.WafTypeLoadbalancer
+	default:
+		return cloudprovider.TWafType(self.Edition)
+	}
 }
 
 func (self *SWafInstance) GetCreatedAt() time.Time {
@@ -182,6 +192,26 @@ func (self *SWafInstance) Delete() error {
 	return cloudprovider.ErrNotImplemented
 }
 
+func (self *SWafInstance) GetUpstreamScheme() string {
+	if self.UpstreamScheme == nil {
+		self.Refresh()
+	}
+	if self.UpstreamScheme != nil {
+		return *self.UpstreamScheme
+	}
+	return ""
+}
+
+func (self *SWafInstance) GetUpstreamPort() int {
+	if self.HttpsUpstreamPort == nil {
+		self.Refresh()
+	}
+	if self.HttpsUpstreamPort != nil {
+		return *self.HttpsUpstreamPort
+	}
+	return 0
+}
+
 func (self *SRegion) GetWafInstances() ([]SWafInstance, error) {
 	params := map[string]string{
 		"Limit": "1000",
@@ -222,6 +252,20 @@ func (self *SRegion) GetICloudWafInstances() ([]cloudprovider.ICloudWafInstance,
 	return ret, nil
 }
 
+func (self *SRegion) GetICloudWafInstanceById(id string) (cloudprovider.ICloudWafInstance, error) {
+	wafs, err := self.GetWafInstances()
+	if err != nil {
+		return nil, err
+	}
+	for i := range wafs {
+		wafs[i].region = self
+		if wafs[i].GetGlobalId() == id {
+			return &wafs[i], nil
+		}
+	}
+	return nil, errors.Wrapf(cloudprovider.ErrNotFound, id)
+}
+
 func (self *SRegion) GetWafInstance(domain, domainId, instanceId string) (*SWafInstance, error) {
 	params := map[string]string{
 		"Domain":     domain,