How Do I Route Website Traffic to My Cloud WAF Instance?
In cloud CNAME access mode, after you add your website to WAF, resolve the website domain name to WAF so that the traffic can pass through WAF. Then, WAF will filter out malicious requests and forward only legitimate requests to the origin server.
How WAF Works
- No proxy used
DNS resolves your domain name to the origin server IP address before the site is connected to WAF. DNS resolves your domain name to the CNAME of WAF after the site is connected to WAF. Then WAF inspects the incoming traffic and filters out malicious traffic.
- A proxy (such as anti-DDoS service) used
If a proxy such as anti-DDoS service is used on your site before it is connected to WAF, DNS resolves the domain name of your site to the anti-DDoS IP address. The traffic goes to the anti-DDoS service and the anti-DDoS service then routes the traffic back to the origin server. After you connect your website to WAF, change the back-to-source address of the proxy (such as anti-DDoS service) to the CNAME of WAF. In this way, the proxy forwards the traffic to WAF. WAF then filters out illegitimate traffic and only routes legitimate traffic back to the origin server.
- To ensure that WAF can properly forward requests, perform local verification by referring to Testing WAF before modifying the DNS configuration.
- To prevent other users from configuring your domain names on WAF in advance (this will cause interference on your domain name protection), add the subdomain name and TXT record on your DNS management platform. WAF can determine which user owns the domain name based on the subdomain name and TXT record. For details about the configuration method, see What Are Impacts If No Subdomain Name and TXT Record Are Configured?
Operation Guide
After a domain name is added, WAF generates a CNAME record, or CNAME, subdomain name, and TXT record for DNS to resolve the domain name to WAF so that website traffic can pass through WAF for detection. For details, see Table 1.
Scenario |
Generated Parameter Value |
Operation Related to Domain Name Resolution |
---|---|---|
No proxy used |
CNAME |
The DNS obtains the CNAME of WAF. |
Proxy used |
CNAME, subdomain name, and TXT record |
|
Procedure
For details, see Connecting a Domain Name to WAF.
Website Connect Issues FAQs
- How Do I Add a Domain Name/IP Address to WAF?
- Which Non-Standard Ports Does WAF Support?
- How Do I Use a Dedicated WAF Instance to Protect Non-Standard Ports That Are Not Supported by the Dedicated Instance?
- How Do I Configure Domain Names to Be Protected When Adding Domain Names?
- Do I Have to Configure the Same Port as That of the Origin Server When Adding a Website to WAF?
- How Do I Whitelist Back-to-Source IP Addresses of Cloud WAF?
- How Do I Configure Non-standard Ports When Adding a Protected Domain Name?
- What Data Is Required for Connecting a Domain Name/IP Address to WAF?
- How Do I Safely Delete a Protected Domain Name?
- How Long Will CNAME Records Be Retained After I Delete a Domain Name from WAF?
- Can I Change the Domain Name That Has Been Added to WAF?
- What Are the Precautions for Configuring Multiple Server Addresses for Backend Servers?
- Does WAF Support Wildcard Domain Names?
- Does WAF Protect Chinese Domain Names?
- How Do I Route Website Traffic to My Cloud WAF Instance?
- What Can I Do If the Message "Illegal server address" Is Displayed When I Add a Domain Name?
- Why Am I Seeing That My Domain Quota Is Insufficient When There Is Still Remaining Quota?
- Can I Configure Multiple Load Balancers for a Dedicated WAF Instance?
- Why Am I Seeing the "Someone else has already added this domain name. Please confirm that the domain name belongs to you" Error Message?
- How Do I Configure the Client Protocol and Server Protocol?
- Why Cannot I Select a Client Protocol When Adding a Domain Name?
- Can I Set the Origin Server Address to a CNAME Record If I Use Cloud WAF?
- How Do I Modify DNS Record on Huawei Cloud DNS?
- How Do I Verify Domain Ownership Using Huawei Cloud DNS?
- How Do I Configure the TXT Record on HUAWEI CLOUD DNS Service?
- What Are Impacts If No Subdomain Name and TXT Record Are Configured?
- How Do I Query a Domain Name Provider?
- How Do I Use A Records for Domain Name Resolution?
- What Are the Differences Between the Old and New CNAME Records?
- Can I Access a Website Using an IP Address After a Domain Name Is Connected to WAF?
- How Do I Test WAF?
- How Can I Forward Requests Directly to the Origin Server Without Passing Through WAF?
- Why Cannot the Protection Mode Be Enabled After a Domain Name Is Connected to WAF?
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbotmore