Updated on 2024-03-14 GMT+08:00

Connection Process (Dedicated Mode)

To let a dedicated WAF instance protect your website, the domain name of the website must be connected to the dedicated WAF instance so that the website incoming traffic can go to WAF first.

Constraints

  • Dedicated WAF instances can protect only web applications and websites that are accessible through domain names or IP addresses.
  • A dedicated Elastic Load Balance (ELB) load balancer has been used to distribute workloads for the website you want to add to WAF.

Processes of Connecting a Website to WAF

Before using a dedicated WAF instance, complete the required configurations by following the process shown in Figure 1.

Figure 1 Process of connecting a website to a dedicated WAF instance

Collecting Domain Name/IP Address Details

Before adding a domain name or IP address to WAF, obtain the information listed in Table 1.

Table 1 Domain name or IP address details required

Information

Parameter

Description

Example

Parameters

Protected Object

  • Domain name: used by visitors to access your website. A domain name consists of letters separated by dots (.). It is a human readable address that maps to the machine readable IP address of your server.
  • IP: IP address of the website.

www.example.com

Protected Port

The service port corresponding to the domain name of the website you want to protect.

  • Standard ports
    • 80: default port when the client protocol is HTTP
    • 443: default port when the client protocol is HTTPS
  • Non-standard ports

    Ports other than ports 80 and 443

80

Client Protocol

Protocol used by a client (for example, a browser) to access the website. WAF supports HTTP and HTTPS.

HTTP

Server Protocol

Protocol used by WAF to forward requests from the client (such as a browser). The options are HTTP and HTTPS.

HTTP

VPC

Select the VPC that the dedicated WAF instance belongs to.

vpc-default

Server Address

Private IP address of the website server.

Log in to the ECS or ELB console and view the private IP address of the server in the instance list.

NOTE:

The origin server address cannot be the same as that of the protected object.

192.168.1.1

(Optional) Certificate

Certificate Name

If you set Client Protocol to HTTPS, you are required to configure a certificate on WAF and associate the certificate with the domain name.

NOTICE:

Only .pem certificates can be used in WAF. If a certificate is not in .pem, convert it by referring to How Do I Convert a Certificate into PEM Format?

-

Fixing Inaccessible Websites

If a domain name fails to be connected to WAF, its access status is Inaccessible. To fix this issue, see Why Is My Domain Name or IP Address Inaccessible?