Help Center/ Web Application Firewall/ Drawer/ Adding a Domain Name to WAF (Cloud Mode)/ Testing WAF
Updated on 2025-07-04 GMT+08:00
Share

Testing WAF

Description

You can configure local DNS records for domain name resolution by modifying local hosts file. To test connection between WAF and your website locally, you need to resolve the website domain name to WAF IP addresses on a local computer. In this way, you can access the protected domain name from the local computer to verify whether the domain name is accessible after it has been added to WAF, preventing website access exceptions caused by incorrect domain name configurations.

Procedure

  1. Click to copy the CNAME record of WAF.
  2. Ping the CNAME record and record the corresponding IP address.

    Use www.example5.com as an example and its CNAME record is xxxxxxxdc1b71f718f233caf77.waf.huaweicloud.com.

    Open cmd in Windows or bash in Linux and run the ping xxxxxxxdc1b71f718f233caf77.waf.huaweicloud.com command to obtain the WAF access IP addresses. As shown in Figure 1, the WAF access IP address is displayed.
    Figure 1 ping cname

    Open the CLI and run the ping CNAME command to obtain the WAF access IP address. The WAF access IP address is returned.

    If no WAF access IP addresses are returned after you ping the CNAME record, your network may be unstable. You can ping the CNAME record again when your network is stable.

  3. Add the domain name and WAF access IP addresses pointed to CNAME to the hosts file.

    1. Use a text editor to edit the hosts file. In Windows, the location of the hosts file is as follows:
      • Windows: C:\Windows\System32\drivers\etc
      • Linux: /etc/hosts
    2. Add a record for the WAF access IP address obtained in 2 and protected domain name to the hosts file.
      Figure 2 Adding a record
    3. Save the hosts file and ping the protected domain name on the local PC.
      Figure 3 Pinging the domain name

      It is expected that the resolved IP address is the access IP address of WAF obtained in 3.b. If the origin server address is returned, refresh the local DNS cache. (Run ipconfig/flushdns in Windows cmd or systemd-resolved in Linux Bash.)

  4. Verify the access.

    1. Clear the browser cache and enter the domain name in the address bar to check whether the website is accessible.

      If the domain name has been resolved to WAF back-to-source IP addresses and WAF configurations are correct, the website is accessible.

    2. Simulate simple web attack commands.
      1. Set the mode of Basic Web Protection to Block.
      2. Clear the browser cache, enter the domain name in the address bar, and check whether WAF blocks the simulated SQL injection attack against the domain name.
      3. In the navigation pane on the left, choose Events to view test data.

  5. Verify that the preceding steps are complete and select Finished.
Parent Topic: Adding a Domain Name to WAF (Cloud Mode)