Why Is My Domain Name or IP Address Inaccessible?

Symptoms

If Access Progress for a website you have added to WAF is Accessible, the connection between WAF and the website domain name or IP address has been established.

Troubleshooting and Solutions for Cloud WAF Instances

Refer to Figure 1 and Table 1 to fix connection failures for websites protected in cloud mode.

Figure 1 Troubleshooting for Cloud WAF
Click to enlarge

**Table 1** Solutions for failures of WAF instances
Possible Cause	Solution
Cause 1: Access Status of Protected Website not updated	In the Access Status column for the protected website, click to update the status.
Cause 2: Website access traffic not enough for WAF to consider the website accessible NOTICE: After you connect a website to WAF, the website is considered accessible only when WAF detects at least 20 requests to the website within 5 minutes.	Access the protected website for many times within 1 minute. In the Access Status column for the website, click to update the status.
Cause 3: Incorrect domain name settings	NOTICE: WAF can protect the website using the following types of domain names: Top-level domain names, for example, example.com Single domain names/Second-level domains, for example, www.example.com Wildcard domain names, for example, .example.com Domain names example.com and www.example.com are different. Ensure that correct domain names are added to WAF. Perform the following steps to ensure that the domain name settings are correct. In Windows OSs, choose Start* > Run. Then enter cmd and press Enter. Ping the CNAME record of the domain name to obtain the WAF back-to-source IP address. Use a text editor to open the hosts file. Generally, the hosts file is stored in the C:\Windows\System32\drivers\etc\ directory. Add a record into the hosts file in the format of *DomainName* WAF back-to-source IP address. Save the hosts file after the record is added. In the CLI, run the ping Domain name added to WAF command, for example, ping www.example.com. If the WAF back-to-source IP address in 2 is displayed in the command output, the domain name settings are correct. For details, see Testing WAF. If there are incorrect domain name settings, remove the domain name from WAF and add it to WAF again.
Cause 4: DNS record or the back-to-source IP addresses of proxies not configured	Check whether the website connected to WAF uses proxies such as advanced anti-DDoS, CDN, and cloud acceleration service. Yes. Change the back-to-source IP address of the proxy such as CDN to the CNAME record of WAF. (Optional) Add a WAF subdomain name and TXT record at your DNS provider. If no, contact your DNS service provider to configure a CNAME record for the domain name. For details, see Connecting a Domain Name to WAF.
Cause 5: Incorrect DNS record or proxy back-to-source address	Perform the following steps to check whether the domain name CNAME record takes effect: In Windows OSs, choose Start > Run. Then enter cmd and press Enter. Run a nslookup command to query the CNAME record. If the command output displays the CNAME record of WAF, the record takes effect. Using www.example.com as an example, the output is as follows: nslookup www.example.com If the CNAME record fails to take effect, modify the DNS record or back-to-source address. For details, see Connecting a Domain Name to WAF.

Parent topic: Service Interruption Check

Service Interruption Check FAQs

Feedback

Was this page helpful?

Helpful Not helpful

Provide feedback

Thank you very much for your feedback. We will continue working to improve the documentation.

The system is busy. Please try again later.

Which of the following issues have you encountered?

Content is inconsistent with the product UI

Unclear descriptions

Lack of examples or code

Incorrect steps

Can't find what I need

Lack of best practices

Feedback (optional)

0/500

Select at least one type of issue, and enter your comments or suggestions.

Enter a maximum of 500 characters.

Submit Cancel

more