Help Center/ Web Application Firewall/ User Guide (Kuala Lumpur Region)/ Website Settings/ Adding a Website to WAF (Cloud Mode)/ Configuration Example: Adding a Domain Name to WAF
Updated on 2024-03-14 GMT+08:00
View PDF
Share

Configuration Example: Adding a Domain Name to WAF

When adding a domain name to WAF, the configurations are slightly different based on the service scenarios.

Example 1: Protecting Traffic to the Same Standard Port with Different Origin Server IP Addresses Assigned

  1. Select Standard port from the Protected Port drop-down list.
  2. Select HTTP or HTTPS for Client Protocol.

    If Client Protocol is set to HTTPS, a certificate is required.

  3. Your website visitors can access the website without adding a port to the end of the domain name. For example, enter http://www.example.com in the address box of the browser to access the website.

Example 2: Protecting Traffic to a Non-Standard Port with Different Origin Server IP Addresses Assigned

  1. In the Protected Port drop-down list, select a non-standard port you want to protect.
  2. Select HTTP or HTTPS for Client Protocol for all server ports.

    If Client Protocol is set to HTTPS, a certificate is required.

  3. Visitors must add the configured non-standard port to the domain name when they access your website. Otherwise, error 404 is returned. If the non-standard port is 8080, enter http://www.example.com:8080 in the address box of the browser.

Example 3: Protecting Different Service Ports

If the service ports to be protected are different, configure the ports separately. For example, to protect ports 8080 and 6443 for your site www.example.com, add the domain separately for each port.

Example 4: Configuring Protocols for Different Access Methods

WAF provides various protocol types. If your website is www.example.com, WAF provides the following four access modes:

  • HTTP mode – Client Protocol set to HTTP

    This configuration allows web visitors to access http://www.example.com over HTTP only. If they access it over HTTPS, they will receive the 302 Found code and be redirected to http://www.example.com.

  • HTTPS method. This configuration allows web visitors to access your website over HTTPS only. If they access it over HTTP, they are redirected to the HTTPS URL.
    • If web visitors access your website over HTTPS, the website returns a successful response.
    • If web visitors access http://www.example.com over HTTP, they will receive the 302 Found code and are directed to https://www.example.com.
  • HTTP/HTTPS forwarding method
    Configure two server configuration records: Set the client protocol to HTTP in one record and to HTTPS in the other record.
    • If web visitors access your website over HTTP, the website returns a successful response but no communication between the browser and website is encrypted.
    • If web visitors access your website over HTTPS, the website returns a successful response and all communications between the browser and website are encrypted.
  • HTTPS offloading by WAF

    Set Client Protocol to HTTPS and Server Protocol to HTTP.

    If web visitors access your website over HTTPS, WAF forwards the requests to your origin server over HTTP.