Help Center/ Web Application Firewall/ User Guide/ Connecting Your Website to WAF/ Recommended Configurations After Website Connection/ Enabling to Protect Origin Servers
Updated on 2025-10-20 GMT+08:00
View PDF

Enabling to Protect Origin Servers

If a large number of 502 Bad Gateway and 504 Gateway Timeout errors are detected, you can enable WAF breakdown protection and connection protection to let WAF suspend your website and protect your origin servers from being crashed. When the 502/504 error requests and pending URL requests reach the thresholds you configure, WAF enables corresponding protection for your website.

Prerequisites

  • You have added the website to WAF.
  • You have upgraded the dedicated WAF instance to the latest version. For details, see .

Constraints

  • This function is only supported by dedicated mode access.

Enabling

  1. Log in to the WAF console.
  2. Click in the upper left corner and select a region or project.
  3. (Optional) If you have enabled the enterprise project function, in the upper part of the navigation pane on the left, select your enterprise project from the Filter by enterprise project drop-down list. Then, WAF will display the related security data in the enterprise project on the page.
  4. In the navigation pane on the left, click Website Settings.
  5. On the Website Settings page, click the target website domain name.
  6. Click next to each parameter, edit Breakdown Protection and Connection Protection parameters to meet your requirements, and click to save settings. Table 1 describes these parameters.

    Table 1 Connection Protection parameters

    Parameter

    Description

    Example Value

    Breakdown Protection

    502/504 Error Threshold

    30s 502/504 Error Threshold

    1000

    502/504 Error Percentage (%)

    A breakdown is triggered when the 502/504 error threshold and percentage threshold have been reached.

    90

    Initial Downtime (s)

    Protection period upon the first breakdown. During this period, WAF stops forwarding client requests.

    180

    Multiplier for Consecutive Breakdowns

    The maximum multiplier you can use for consecutive breakdowns. The number of breakdowns is counted from 0 every time the accumulated breakdown protection duration reaches 3,600s.

    For example, assume that Initial Downtime (s) is set to 180s and Multiplier for Consecutive Breakdowns is set to 3.
    • If the breakdown is triggered for the second time, that is, less than 3, the protection duration is 360s (180s x 2).
    • If the breakdown is triggered for the third or fourth time, that is, greater than or equal to 3, the protection duration is 540s (180s x 3).
    • The breakdowns are counted from 0 when the total downtime duration exceeds one hour (3,600s).

    3

    Connection Protection

    Pending URL Request Threshold

    Connection Protection is triggered when the number of read URL requests reaches the threshold you configure.

    6,000

    Duration (s)

    Protection duration. During this period, WAF stops forwarding client requests.

    60