Why Is My Domain Name or IP Address Inaccessible?

Symptoms

If Access Progress for a website you have added to WAF is Accessible, the connection between WAF and the website domain name or IP address has been established.

WAF automatically checks the access status of protected websites every hour. If WAF detects that a protected website has received 20 access requests within 5 minutes, it considers that the website has been successfully connected to WAF.
By default, WAF checks only the Access Status of domain names added or updated over the last two weeks. If a domain name was added to WAF two weeks ago and has not been modified in the last two weeks, you can click in the Access Progress column to refresh the progress.

When adding a website to WAF, you can select Cloud - CNAME, Cloud - Load balancer, or Dedicated for Protection. Before you start, get familiar with the following differences:

Cloud - CNAME: protects your web applications that have domain name and are deployed on any clouds or in on-premises data centers.
Cloud - Load balancer: protects your web applications that are deployed on Huawei Cloud and accessible over domain names or IP addresses.
Dedicated: protects your web applications that are deployed on Huawei Cloud and accessible over domain names or IP addresses.

Troubleshooting and Solutions for Cloud WAF Instances

Refer to Figure 1 and Table 1 to fix connection failures for websites protected in cloud mode.

Figure 1 Troubleshooting for Cloud WAF
Click to enlarge

**Table 1** Solutions for failures of WAF instances
Possible Cause	Solution
Cause 1: Access Status of Protected Website not updated	In the Access Status column for the protected website, click to update the status.
Cause 2: Website access traffic not enough for WAF to consider the website accessible NOTICE: After you connect a website to WAF, the website is considered accessible only when WAF detects at least 20 requests to the website within 5 minutes.	Access the protected website for many times within 1 minute. In the Access Status column for the website, click to update the status.
Cause 3: Incorrect domain name settings	NOTICE: WAF can protect the website using the following types of domain names: Top-level domain names, for example, example.com Single domain names/Second-level domains, for example, www.example.com Wildcard domain names, for example, .example.com Domain names example.com and www.example.com are different. Ensure that correct domain names are added to WAF. Perform the following steps to ensure that the domain name settings are correct. In Windows OSs, choose Start* > Run. Then enter cmd and press Enter. Ping the CNAME record (for example, ping e59e684e2278043ae98a5423aef8ee329.vip.huaweicloudwaf.com) of the domain name to obtain the WAF back-to-source IP address. Use a text editor to open the hosts file. Generally, the hosts file is stored in the C:\Windows\System32\drivers\etc\ directory. Add a record into the hosts file in the format of *DomainName* WAF back-to-source IP address. Save the hosts file after the record is added. In the CLI, run the ping Domain name added to WAF command, for example, ping www.example.com. If the WAF back-to-source IP address in 2 is displayed in the command output, the domain name settings are correct. For details, see Testing WAF. If there are incorrect domain name settings, remove the domain name from WAF and add it to WAF again.
Cause 4: DNS record or the back-to-source IP addresses of proxies not configured	Check whether the website connected to WAF uses proxies such as advanced anti-DDoS, CDN, and cloud acceleration service. Yes. Make sure that you have selected Layer-4 proxy or Layer-7 proxy for Proxy Configured. Change the back-to-source IP address of the proxy such as CDN to the CNAME record of WAF. (Optional) Add a WAF subdomain name and TXT record at your DNS provider. If no, contact your DNS service provider to configure a CNAME record for the domain name. For details, see Connecting a Domain Name to WAF.
Cause 5: Incorrect DNS record or proxy back-to-source address	Perform the following steps to check whether the domain name CNAME record takes effect: In Windows OSs, choose Start > Run. Then enter cmd and press Enter. Run a nslookup command to query the CNAME record. If the command output displays the CNAME record of WAF, the record takes effect. Using www.example.com as an example, the output is as follows: nslookup www.example.com If the CNAME record fails to take effect, modify the DNS record or back-to-source address. For details, see Connecting a Domain Name to WAF.

Troubleshooting and Solutions for Dedicated WAF

Refer to Figure 2 and Table 2 to fix connection failures.

Figure 2 Troubleshooting for dedicated mode
Click to enlarge

**Table 2** Solutions for dedicated mode
Possible Cause	Solution
Cause 1: Access Status for Domain Name/IP Address not updated	In the Access Status column for the website, click to update the status.
Cause 2: Website access traffic not enough for WAF to consider the website accessible NOTICE: After you connect a website to WAF, the website is considered accessible only when WAF detects at least 20 requests to the website within 5 minutes.	Access the protected website many times within 1 minute. In the Access Status column for the website, click to update the status.
Cause 3: Incorrect domain name or IP address settings	Check domain name or IP address settings by referring to View the basic information about the domain name. If there are incorrect settings for the domain name or IP address, remove this domain name or IP address from WAF and add it to WAF again.
Cause 4: No load balancer configured for the dedicated WAF instance or no EIP bound to the load balancer configured for the dedicated WAF instance	Configure a load balancer for dedicated WAF instances by referring to Configuring a Load Balancer. Bind an EIP to a Load Balancer.
Cause 5: Incorrect load balancer configured or incorrect EIP bound to the load balancer	After you configure a load balancer, ensure that Health Check Result for the dedicated WAF instances added to the load balancer is Healthy. For details about troubleshooting, see How Do I Troubleshoot an Unhealthy Backend Server? After you bind an EIP to the load balancer, check the EIP status.

Troubleshooting and Solutions for Cloud ELB-Access WAF

Refer to Figure 3 and Table 3 to fix connection failures.

Figure 3 Troubleshooting for ELB-mode WAF
Click to enlarge

**Table 3** Solutions for ELB mode
Possible Cause	Solution
Cause 1: Access Status for Domain Name/IP Address not updated	In the Access Status column for the protected website, click to update the status.
Cause 2: Website access traffic not enough for WAF to consider the website accessible NOTICE: After you connect a website to WAF, the website is considered accessible only when WAF detects at least 20 requests to the website within 5 minutes.	Access the protected website for many times within 1 minute. In the Access Status column for the website, click to update the status.
Cause 3: Incorrect domain name or IP address settings	View the basic information about the domain name and check whether the domain name or IP address settings are correct. If there are incorrect settings, remove the domain name or IP address from WAF and add it to WAF again.

Parent topic: Service Interruption Check

Service Interruption Check FAQs

Feedback

Was this page helpful?

Helpful Not helpful

Provide feedback

Thank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.

The system is busy. Please try again later.

Which of the following issues have you encountered?

Content is inconsistent with the product UI

Unclear descriptions

Lack of examples or code

Incorrect steps

Can't find what I need

Lack of best practices

Feedback (optional)

0/500

Select at least one type of issue, and enter your comments or suggestions.

Enter a maximum of 500 characters.

Submit Cancel

For any further questions, feel free to contact us through the chatbot.

Chatbot

more