Help Center/ Web Application Firewall/ User Guide/ Connecting Your Website to WAF/ Recommended Configurations After Website Connection/ Configuring Request and Response Header Forwarding
Updated on 2025-08-19 GMT+08:00
View PDF
Share

Configuring Request and Response Header Forwarding

If you enable and configure request and response header forwarding, WAF will insert fields you specify into the header field of requests and responses, and forwards the requests to your origin server, and the responses to the client. This helps you distinguish requests from different sources and better analyze website operational status.

Prerequisites

You have added the website you want to protect to WAF in Cloud Mode - CNAME or Dedicated Mode.

Constraints

  • This function is only supported by cloud mode - CNAME and dedicated mode access.
  • Forwarding custom request and response header fields is supported in some regions. For details, see Functions.
  • You can configure up to eight key/value pairs.
  • Dots (.) cannot be specified in the request header or response header for forwarding.
  • The value can be set to a custom string or a variable starting with $. Variables starting with $ support only the following fields: 
    $time_local
$request_id
$connection_requests
$tenant_id
$project_id
$remote_addr
$remote_port
$scheme
$request_method
$http_host
$origin_uri
$request_length
$ssl_server_name
$ssl_protocol
$ssl_curves
$ssl_session_reused

Configuring Request and Response Header Forwarding

  1. Log in to the WAF console.
  2. Click in the upper left corner and select a region or project.
  3. (Optional) If you have enabled the enterprise project function, in the upper part of the navigation pane on the left, select your enterprise project from the Filter by enterprise project drop-down list. Then, WAF will display the related security data in the enterprise project on the page.
  4. In the navigation pane on the left, click Website Settings.
  5. On the Website Settings page, click the target website domain name.
  6. In the Advanced Settings area, click Modify next to Request Header Field Forwarding or Response Header Field Forwarding.
  7. In the displayed dialog box, enter a key/value pair and click Add to add multiple fields.

    Figure 1 Request Header Field Forwarding
    Figure 2 Response Header Field Forwarding

  8. After fields are added, click OK.

    After the configuration is complete, check whether the configured request header forwarding fields are recorded in request headers and whether the configured response header forwarding fields are recorded in response headers.

Parent Topic: Recommended Configurations After Website Connection