Step 3: Test WAF
To ensure that WAF can forward your website requests normally, test WAF locally after you add the domain to WAF.
Before testing WAF, ensure that the protocol, address, and port used by the origin server (for example, www.example5.com) are correct. If Client Protocol is set to HTTPS, ensure that the uploaded certificate and private key are correct.
Background
You can configure local DNS records for domain name resolution by modifying local hosts file. To test connection between WAF and your website locally, you need to resolve the website domain name to WAF IP addresses on a local computer. In this way, you can access the protected domain name from the local computer to verify whether the domain name is accessible after it has been added to WAF, preventing website access exceptions caused by abnormal domain name configurations.
Prerequisites
You have added your domain name to WAF.
Constraints
A CNAME record is generated based on the domain name. For the same domain name, the CNAME records are the same.
Connecting a Domain Name to WAF Locally
- Obtain the CNAME record.
- Click in the upper left corner of the management console and select a region or project.
- Click in the upper left corner and choose to go to the Dashboard page.
- In the navigation pane, choose Website Settings.
- In the Domain Name column, click the target domain name to go to the Basic Information page.
- In the CNAME row, click to copy the CNAME record.
- Ping the CNAME record and record the corresponding IP address.
Open the CLI and run the ping CNAME command to obtain the WAF back-to-source IP address. The WAF back-to-source IP address is returned.
- Add the domain name and WAF back-to-source IP address to the hosts file.
- Use a text editor to edit the hosts file. In Windows, the location of the hosts file is as follows:
- Windows: C:\Windows\System32\drivers\etc
- Linux: /etc/hosts
- Add the WAF IP address obtained in Step 2 and protected domain name to the hosts file.
Figure 1 Adding a record
- Save the hosts file and ping the protected domain name on the local PC.
Figure 2 Pinging the domain name
It is expected that the resolved IP address is the WAF back-to-source IP address obtained in Step 2. If the resolved IP address is the origin server address, run the ipconfig/flushdns command in the Windows operating system to flush the DNS cache.
- Use a text editor to edit the hosts file. In Windows, the location of the hosts file is as follows:
Checking Whether WAF Forwarding Is Normal
- Clear the browser cache and enter the domain name in the address bar to check whether the website is accessible.
If the domain name has been resolved to WAF back-to-source IP addresses and WAF configurations are correct, the website is accessible.
- Simulate simple web attack commands.
- Set the mode of Basic Web Protection to Block. For details, see Enabling Basic Web Protection.
- Clear the browser cache, enter the test domain name in the address bar, and check whether WAF blocks the simulated SQL injection attack against the domain name. Figure 3 shows an example.
- In the navigation pane, choose Events to view test data.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot