Help Center/ Web Application Firewall/ User Guide/ Website Settings/ Managing Websites/ Switching WAF Working Mode
Updated on 2024-11-01 GMT+08:00
View PDF

Switching WAF Working Mode

You can change the working mode of WAF. WAF can work in Enabled, Suspended, or Bypassed mode.

If you have enabled enterprise projects, ensure that you have all operation permissions for the project where your WAF instance locates. Then, you can select the enterprise project from the Enterprise Project drop-down list and switch WAF working mode for a specific domain name.

Prerequisites

The website you want to protect has been connected to WAF.

Constraints

  • The Bypassed mode is available only when Protection is set to Cloud.
  • Before switching to the bypass mode, ensure that the service port of the origin server has been enabled.
  • If you connect a domain name to WAF with different protection ports configured, WAF cannot be switched to the Bypassed for the domain name.
  • In Bypassed mode, requests for the domain name are sent to the backend server directly and do not pass through WAF. Your domain name may become inaccessible if any of the following happens:
    • In the website server configuration, settings for Client Protocol and Server Protocol are inconsistent.
    • Different ports are set for Protected Port and Server Port.

Application Scenarios

  • Enabled: In this mode, WAF defends your website against attacks based on configured policies.
  • Suspended: If a large number of normal requests are blocked, for example, status code 418 is frequently returned, then you can switch the mode to Suspended. In this mode, your website is not protected because WAF only forwards requests. It does not scan for or log attacks. This mode is risky. You are advised to use the global protection whitelist rules to reduce false alarms.
  • Bypassed: Requests are directly sent to backend origin servers without passing through WAF. Before enabling this mode, enable the service port of origin servers to let requests go to origin servers. The Bypassed mode can be enabled only when one of the following conditions is met:
    • Website services need to be restored to the status when the website is not connected to WAF.
    • You need to investigate website errors, such as 502, 504, or other incompatibility issues.
    • No proxies are configured between the client and WAF.

Impact on the System

In Suspended mode, your website is not protected because WAF only forwards requests. It does not scan for attacks. To avoid normal requests from being blocked, configure global protection whitelist rules, instead of using the Suspended mode.

Switching WAF Working Mode

  1. Log in to the management console.
  2. Click in the upper left corner of the management console and select a region or project.
  3. Click in the upper left corner of the page and choose Security > Web Application Firewall.
  4. In the navigation pane on the left, choose Website Settings.
  5. In the Operation column of the row containing the target domain name, select a protection mode. In the dialog box displayed, click Confirm.

    • After you select Enabled, the Status of the domain name is Protected.
    • After you select Suspended, the Status of the domain name is Unprotected.
    • After you select Bypassed, the Status of the domain name is Bypassed.

Related Operations

Parent topic: Managing Websites