How Can I Forward Requests Directly to the Origin Server Without Passing Through WAF?
- Cloud - CNAME
Switch the WAF working Mode to Bypassed. Then, your website requests directly go to the origin servers without passing through WAF. It takes about 3 to 5 minutes for WAF bypass to take effect.
- Dedicated mode
- If your website has a private network load balancer deployed behind the dedicated WAF instance, as shown in Figure 1, unbind the EIP from the internet-facing load balancer and then bind the EIP to the private load balancer. In doing so, your website traffic will bypass WAF and directly go to the origin server.
- If your website has no private network load balancer deployed behind the dedicated WAF instance, as shown in Figure 2, unbind the EIP from the dedicated WAF instance and then bind the EIP to the origin server. In doing so, your website traffic will bypass WAF and directly go to the origin server.
Constraints
- Website services need to be restored to the status when the website is not connected to WAF.
- You need to investigate website errors, such as 502, 504, or other incompatibility issues.
- No proxy is configured between the client and WAF.
Configuring CNAME Access in Cloud Mode
The following procedure walks you through how to configure the WAF Bypassed mode.
- Log in to the management console.
- Click
in the upper left corner of the management console and select a region or project.
- Click
in the upper left corner and choose Web Application Firewall under Security & Compliance.
- In the navigation pane on the left, choose Website Settings.
- In the row containing the target domain name, click
in the Mode column and select a mode you want.
Figure 3 Switching WAF working mode
Procedure for Bypassing a Dedicated WAF Instance in Scenarios Where a Private Network Load Balancer Is Deployed Behind a WAF Instance
You can unbind the EIP from the public network load balancer and then bind it to the private load balancer so that the traffic to your protected website can bypass WAF and directly go to the origin server.
- Click
in the upper left corner of the management console and select a region or project.
- Click
in the upper left corner of the page and choose Elastic Load Balance under Network to go to the Load Balancers page.
- On the Load Balancers page, locate the row that contains the internet-facing load balancer, click More in the Operation column, and select Unbind IPv4 EIP. Figure 4 shows an example.
- In the displayed dialog box, click Yes to unbind the EIP from the load balancer.
- On the Load Balancers page, locate the row that contains the private load balancer, click More in the Operation column, and select Bind IPv4 EIP.
- In the displayed Bind IPv4 EIP dialog box, select the public IP address you unbind in Step 3 and click OK.
Procedure for Bypassing a Dedicated WAF Instance in Scenarios Where No Private Network Load Balancer Is Deployed Behind WAF Instances
You can remove the dedicated WAF instance from the public network load balancer and add the origin server to the internet-facing load balancer so that the traffic to your website can bypass WAF and directly go to the origin server.
- Click
in the upper left corner of the management console and select a region or project.
- Click
in the upper left corner of the page and choose Elastic Load Balance under Network to go to the Load Balancers page.
- Click the name of the load balancer you want in the Name column to go to the Basic Information page.
Figure 5 Load balancer list
- Click the Backend Server Groups tab, select the dedicated WAF instance you want to remove, and click Remove in the Operation column. Figure 6 shows an example.
- In the displayed dialog box, click Yes.
- Click Add Backend Server and select servers in the displayed Add Backend Server dialog box.
- Click Next, configure the service port, and click Finish.
Website Connect Issues FAQs
- How Do I Add a Domain Name/IP Address to WAF?
- Which Non-Standard Ports Does WAF Support?
- How Do I Use a Dedicated WAF Instance to Protect Non-Standard Ports That Are Not Supported by the Dedicated Instance?
- How Do I Configure Domain Names to Be Protected When Adding Domain Names?
- Do I Have to Configure the Same Port as That of the Origin Server When Adding a Website to WAF?
- How Do I Whitelist Back-to-Source IP Addresses of Cloud WAF?
- How Do I Configure Non-standard Ports When Adding a Protected Domain Name?
- What Data Is Required for Connecting a Domain Name/IP Address to WAF?
- How Do I Safely Delete a Protected Domain Name?
- How Long Will CNAME Records Be Retained After I Delete a Domain Name from WAF?
- Can I Change the Domain Name That Has Been Added to WAF?
- What Are the Precautions for Configuring Multiple Server Addresses for Backend Servers?
- Does WAF Support Wildcard Domain Names?
- Does WAF Protect Chinese Domain Names?
- How Do I Route Website Traffic to My Cloud WAF Instance?
- What Can I Do If the Message "Illegal server address" Is Displayed When I Add a Domain Name?
- Why Am I Seeing That My Domain Quota Is Insufficient When There Is Still Remaining Quota?
- Can I Configure Multiple Load Balancers for a Dedicated WAF Instance?
- Why Am I Seeing the "Someone else has already added this domain name. Please confirm that the domain name belongs to you" Error Message?
- How Do I Configure the Client Protocol and Server Protocol?
- Why Cannot I Select a Client Protocol When Adding a Domain Name?
- Can I Set the Origin Server Address to a CNAME Record If I Use Cloud WAF?
- How Do I Modify DNS Record on Huawei Cloud DNS?
- How Do I Verify Domain Ownership Using Huawei Cloud DNS?
- How Do I Configure the TXT Record on HUAWEI CLOUD DNS Service?
- What Are Impacts If No Subdomain Name and TXT Record Are Configured?
- How Do I Query a Domain Name Provider?
- How Do I Use A Records for Domain Name Resolution?
- What Are the Differences Between the Old and New CNAME Records?
- Can I Access a Website Using an IP Address After a Domain Name Is Connected to WAF?
- How Do I Test WAF?
- How Can I Forward Requests Directly to the Origin Server Without Passing Through WAF?
- Why Cannot the Protection Mode Be Enabled After a Domain Name Is Connected to WAF?
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbotmore