Updated on 2024-03-14 GMT+08:00

Why Is My Domain Name or IP Address Inaccessible?

Symptoms

After a domain name or IP address is added to WAF, the connection between WAF and the domain name or IP address fails to be established.

  • WAF automatically checks the access status of protected websites every hour. If WAF detects that a protected website has received 20 access requests within 5 minutes, it considers that the website has been successfully connected to WAF.
  • By default, WAF checks only the Access Status of domain names added or updated over the last two weeks. If a domain name was added to WAF two weeks ago and has not been modified in the last two weeks, you can click in the Access Progress column to refresh the progress.

Troubleshooting and Solutions for Cloud WAF Instances

Refer to Figure 1 and Table 1 to fix connection failures for websites protected in cloud mode.

Figure 1 Troubleshooting for Cloud WAF
Table 1 Solutions for failures of WAF instances

Possible Cause

Solution

Cause 1: Access Status of Protected Website not updated

In the Access Status column for the protected website, click to update the status.

Cause 2: Website access traffic not enough for WAF to consider the website accessible

NOTICE:

After you connect a website to WAF, the website is considered accessible only when WAF detects at least 20 requests to the website within 5 minutes.

  1. Access the protected website for many times within 1 minute.
  2. In the Access Status column for the website, click to update the status.

Cause 3: Incorrect domain name settings

NOTICE:
WAF can protect the website using the following types of domain names:
  • Top-level domain names, for example, example.com
  • Single domain names/Second-level domains, for example, www.example.com
  • Wildcard domain names, for example, *.example.com

Domain names example.com and www.example.com are different. Ensure that correct domain names are added to WAF.

Perform the following steps to ensure that the domain name settings are correct.

  1. In Windows OSs, choose Start > Run. Then enter cmd and press Enter.
  2. Ping the CNAME record of the domain name to obtain the WAF back-to-source IP address.
  3. Use a text editor to open the hosts file. Generally, the hosts file is stored in the C:\Windows\System32\drivers\etc\ directory.
  4. Add a record into the hosts file in the format of DomainName WAF back-to-source IP address.
  5. Save the hosts file after the record is added. In the CLI, run the ping Domain name added to WAF command, for example, ping www.example.com.

    If the WAF back-to-source IP address in 2 is displayed in the command output, the domain name settings are correct.

If there are incorrect domain name settings, remove the domain name from WAF and add it to WAF again.

Cause 4: DNS record or the back-to-source IP addresses of proxies not configured

Check whether the website connected to WAF uses proxies such as advanced anti-DDoS, CDN, and cloud acceleration service.
  • Yes.
    • Change the back-to-source IP address of the proxy such as CDN to the CNAME record of WAF.
    • (Optional) Add a WAF subdomain name and TXT record at your DNS provider.
  • If no, contact your DNS service provider to configure a CNAME record for the domain name.

Cause 5: Incorrect DNS record or proxy back-to-source address

Perform the following steps to check whether the domain name CNAME record takes effect:

  1. In Windows OSs, choose Start > Run. Then enter cmd and press Enter.
  2. Run a nslookup command to query the CNAME record.

    If the command output displays the CNAME record of WAF, the record takes effect.

    Using www.example.com as an example, the output is as follows:

    nslookup www.example.com

Troubleshooting and Solutions for Dedicated WAF

Refer to Figure 2 and Table 2 to fix connection failures.

Figure 2 Troubleshooting for dedicated mode
Table 2 Solutions for dedicated mode

Possible Cause

Solution

Cause 1: Access Status for Domain Name/IP Address not updated

In the Access Status column for the website, click to update the status.

Cause 2: Website access traffic not enough for WAF to consider the website accessible

NOTICE:

After you connect a website to WAF, the website is considered accessible only when WAF detects at least 20 requests to the website within 5 minutes.

  1. Access the protected website many times within 1 minute.
  2. In the Access Status column for the website, click to update the status.

Cause 3: Incorrect domain name or IP address settings

Check domain name or IP address settings.

If there are incorrect settings for the domain name or IP address, remove this domain name or IP address from WAF and add it to WAF again.

Cause 4: No load balancer configured for the dedicated WAF instance or no EIP bound to the load balancer configured for the dedicated WAF instance

  1. Configure a load balancer for dedicated WAF instances by referring to Configuring a Load Balancer.
  2. Bind an EIP to a Load Balancer.

Cause 5: Incorrect load balancer configured or incorrect EIP bound to the load balancer