Help Center/ Web Application Firewall/ FAQs/ Website Connect Issues/ How Can I Forward Requests Directly to the Origin Server Without Passing Through WAF?
Updated on 2024-10-25 GMT+08:00

How Can I Forward Requests Directly to the Origin Server Without Passing Through WAF?

If you select Cloud Mode - CNAME or Dedicated Mode as the access mode, take the following steps to route your website traffic to origin servers.
  • Cloud Mode - CNAME

    Resolve the domain name to the IP address of the origin server on the DNS platform your domain name is hosted.

  • Dedicated mode
    • If your website has a private network load balancer deployed behind the dedicated WAF instance, as shown in Figure 1, unbind the EIP from the internet-facing load balancer and then bind the EIP to the private load balancer. In doing so, your website traffic will bypass WAF and directly go to the origin server.
      Figure 1 Dedicated WAF instance deployment architecture (private network load balancers deployed behind dedicated WAF instances)
    • If your website has no private network load balancer deployed behind the dedicated WAF instance, as shown in Figure 2, unbind the EIP from the dedicated WAF instance and then bind the EIP to the origin server. In doing so, your website traffic will bypass WAF and directly go to the origin server.
      Figure 2 Dedicated WAF instance deployment architecture (no private network load balancer deployed behind dedicated WAF instances)

Procedure for Bypassing a Dedicated WAF Instance in Scenarios Where a Private Network Load Balancer Is Deployed Behind a WAF Instance

You can unbind the EIP from the public network load balancer and then bind it to the private load balancer so that the traffic to your protected website can bypass WAF and directly go to the origin server.

  1. Click in the upper left corner of the management console and select a region or project.
  2. Click in the upper left corner of the page and choose Elastic Load Balance under Network to go to the Load Balancers page.
  3. On the Load Balancers page, locate the row that contains the internet-facing load balancer, click More in the Operation column, and select Unbind IPv4 EIP. Figure 3 shows an example.

    Figure 3 Unbinding an EIP from an internet-facing load balancer

  4. In the displayed dialog box, click Yes to unbind the EIP from the load balancer.
  5. On the Load Balancers page, locate the row that contains the private load balancer, click More in the Operation column, and select Bind IPv4 EIP.
  6. In the displayed Bind IPv4 EIP dialog box, select the public IP address you unbind in Step 3 and click OK.

Procedure for Bypassing a Dedicated WAF Instance in Scenarios Where No Private Network Load Balancer Is Deployed Behind WAF Instances

You can remove the dedicated WAF instance from the public network load balancer and add the origin server to the internet-facing load balancer so that the traffic to your website can bypass WAF and directly go to the origin server.

  1. Click in the upper left corner of the management console and select a region or project.
  2. Click in the upper left corner of the page and choose Elastic Load Balance under Network to go to the Load Balancers page.
  3. Click the name of the load balancer you want in the Name column to go to the Basic Information page.

    Figure 4 Load balancer list

  4. Click the Backend Server Groups tab, select the dedicated WAF instance you want to remove, and click Remove in the Operation column. Figure 5 shows an example.

    Figure 5 Removing a dedicated WAF instance from an internet-facing load balancer

  5. In the displayed dialog box, click Yes.
  6. Click Add Backend Server and select servers in the displayed Add Backend Server dialog box.
  7. Click Next, configure the service port, and click Finish.