Help Center> Web Application Firewall> FAQs> Service Interruption Check> Why Is My Domain Name or IP Address Inaccessible?
Updated on 2024-02-01 GMT+08:00

Why Is My Domain Name or IP Address Inaccessible?

Symptoms

If Access Progress for a website you have added to WAF is Accessible, the connection between WAF and the website domain name or IP address has been established.

  • WAF automatically checks the access status of protected websites every hour. If WAF detects that a protected website has received 20 access requests within 5 minutes, it considers that the website has been successfully connected to WAF.
  • By default, WAF checks only the Access Status of domain names added or updated over the last two weeks. If a domain name was added to WAF two weeks ago and has not been modified in the last two weeks, you can click in the Access Progress column to refresh the progress.
When adding a website to WAF, you can select Cloud - CNAME, Cloud - Load balancer, or Dedicated for Protection. Before you start, get familiar with the following differences:
  • Cloud - CNAME: protects your web applications that have domain name and are deployed on any clouds or in on-premises data centers.
  • Cloud - Load balancer: protects your web applications that are deployed on Huawei Cloud and accessible over domain names or IP addresses.
  • Dedicated: protects your web applications that are deployed on Huawei Cloud and accessible over domain names or IP addresses.

Troubleshooting and Solutions for Cloud WAF Instances

Refer to Figure 1 and Table 1 to fix connection failures for websites protected in cloud mode.

Figure 1 Troubleshooting for Cloud WAF
Table 1 Solutions for failures of WAF instances

Possible Cause

Solution

Cause 1: Access Status of Protected Website not updated

In the Access Status column for the protected website, click to update the status.

Cause 2: Website access traffic not enough for WAF to consider the website accessible

NOTICE:

After you connect a website to WAF, the website is considered accessible only when WAF detects at least 20 requests to the website within 5 minutes.

  1. Access the protected website for many times within 1 minute.
  2. In the Access Status column for the website, click to update the status.

Cause 3: Incorrect domain name settings

NOTICE:
WAF can protect the website using the following types of domain names:
  • Top-level domain names, for example, example.com
  • Single domain names/Second-level domains, for example, www.example.com
  • Wildcard domain names, for example, *.example.com

Domain names example.com and www.example.com are different. Ensure that correct domain names are added to WAF.

Perform the following steps to ensure that the domain name settings are correct.

  1. In Windows OSs, choose Start > Run. Then enter cmd and press Enter.
  2. Ping the CNAME record (for example, ping e59e684e2278043ae98a5423aef8ee329.vip.huaweicloudwaf.com) of the domain name to obtain the WAF back-to-source IP address.
  3. Use a text editor to open the hosts file. Generally, the hosts file is stored in the C:\Windows\System32\drivers\etc\ directory.
  4. Add a record into the hosts file in the format of DomainName WAF back-to-source IP address.
  5. Save the hosts file after the record is added. In the CLI, run the ping Domain name added to WAF command, for example, ping www.example.com.

    If the WAF back-to-source IP address in 2 is displayed in the command output, the domain name settings are correct.

For details, see Testing WAF.

If there are incorrect domain name settings, remove the domain name from WAF and add it to WAF again.

Cause 4: DNS record or the back-to-source IP addresses of proxies not configured

Check whether the website connected to WAF uses proxies such as advanced anti-DDoS, CDN, and cloud acceleration service.
  • Yes. Make sure that you have selected Layer-4 proxy or Layer-7 proxy for Proxy Configured.
    • Change the back-to-source IP address of the proxy such as CDN to the CNAME record of WAF.
    • (Optional) Add a WAF subdomain name and TXT record at your DNS provider.
  • If no, contact your DNS service provider to configure a CNAME record for the domain name.

For details, see Connecting a Domain Name to WAF.

Cause 5: Incorrect DNS record or proxy back-to-source address

Perform the following steps to check whether the domain name CNAME record takes effect:

  1. In Windows OSs, choose Start > Run. Then enter cmd and press Enter.
  2. Run a nslookup command to query the CNAME record.

    If the command output displays the CNAME record of WAF, the record takes effect.

    Using www.example.com as an example, the output is as follows:

    nslookup www.example.com

If the CNAME record fails to take effect, modify the DNS record or back-to-source address. For details, see Connecting a Domain Name to WAF.

Troubleshooting and Solutions for Dedicated WAF

Refer to Figure 2 and Table 2 to fix connection failures.

Figure 2 Troubleshooting for dedicated mode
Table 2 Solutions for dedicated mode

Possible Cause

Solution

Cause 1: Access Status for Domain Name/IP Address not updated

In the Access Status column for the website, click to update the status.

Cause 2: Website access traffic not enough for WAF to consider the website accessible

NOTICE:

After you connect a website to WAF, the website is considered accessible only when WAF detects at least 20 requests to the website within 5 minutes.

  1. Access the protected website many times within 1 minute.
  2. In the Access Status column for the website, click to update the status.

Cause 3: Incorrect domain name or IP address settings

Check domain name or IP address settings by referring to View the basic information about the domain name.

If there are incorrect settings for the domain name or IP address, remove this domain name or IP address from WAF and add it to WAF again.

Cause 4: No load balancer configured for the dedicated WAF instance or no EIP bound to the load balancer configured for the dedicated WAF instance

  1. Configure a load balancer for dedicated WAF instances by referring to Configuring a Load Balancer.
  2. Bind an EIP to a Load Balancer.

Cause 5: Incorrect load balancer configured or incorrect EIP bound to the load balancer

Troubleshooting and Solutions for Cloud ELB-Access WAF

Refer to Figure 3 and Table 3 to fix connection failures.

Figure 3 Troubleshooting for ELB-mode WAF
Table 3 Solutions for ELB mode

Possible Cause

Solution

Cause 1: Access Status for Domain Name/IP Address not updated

In the Access Status column for the protected website, click to update the status.

Cause 2: Website access traffic not enough for WAF to consider the website accessible

NOTICE:

After you connect a website to WAF, the website is considered accessible only when WAF detects at least 20 requests to the website within 5 minutes.

  1. Access the protected website for many times within 1 minute.
  2. In the Access Status column for the website, click to update the status.

Cause 3: Incorrect domain name or IP address settings

View the basic information about the domain name and check whether the domain name or IP address settings are correct.

If there are incorrect settings, remove the domain name or IP address from WAF and add it to WAF again.

Service Interruption Check FAQs

more