Help Center/ Web Application Firewall/ User Guide (ME-Abu Dhabi Region) / Website Settings/ Adding a Website to WAF (Cloud Mode)/ Configuration Example: Adding a Domain Name to WAF
Updated on 2024-03-14 GMT+08:00
View PDF
Share

Configuration Example: Adding a Domain Name to WAF

When adding a domain name to WAF, the configurations are slightly different based on the service scenarios.

Example 1: Protecting Traffic to the Same Standard Port with Different Origin Server IP Addresses Assigned

  1. Select Standard port from the Protected Port drop-down list.
  2. Select HTTP or HTTPS for Client Protocol. Figure 1 and Figure 2 show standard port configurations when the client protocol is HTTP or HTTPS.
    Figure 1 Port 80
    Figure 2 Port 443

    If Client Protocol is set to HTTPS, a certificate is required.

  3. Your website visitors can access the website without adding a port to the end of the domain name. For example, enter http://www.example.com in the address box of the browser to access the website.

Example 2: Protecting Traffic to a Non-Standard Port with Different Origin Server IP Addresses Assigned

  1. In the Protected Port drop-down list, select a non-standard port you want to protect.
  2. Select HTTP or HTTPS for Client Protocol for all server ports. Figure 3 and Figure 4 show the configuration of non-standard HTTP or HTTPS port, respectively.
    Figure 3 Other HTTP port besides port 80
    Figure 4 Other HTTPS port besides port 443

    If Client Protocol is set to HTTPS, a certificate is required.

  3. Visitors must add the configured non-standard port to the domain name when they access your website. Otherwise, error 404 is returned. If the non-standard port is 8080, enter http://www.example.com:8080 in the address box of the browser.

Example 3: Protecting Different Service Ports

If the service ports to be protected are different, configure the ports separately. For example, to protect ports 8080 and 6443 for your site www.example.com, add the domain separately for each port, as shown in Figure 5 and Figure 6.
Figure 5 Protecting port 8080
Figure 6 Protecting port 6443

Example 4: Configuring Protocols for Different Access Methods

WAF provides various protocol types. If your website is www.example.com, WAF provides the following four access modes:

  • HTTP mode
    Figure 7 HTTP mode

    This configuration allows web visitors to access http://www.example.com over HTTP only. If they access it over HTTPS, they will receive the 302 Found code and be redirected to http://www.example.com.

  • HTTPS method. This configuration allows web visitors to access your website over HTTPS only. If they access it over HTTP, they are redirected to the HTTPS URL.
    Figure 8 HTTPS redirection
    • If web visitors access your website over HTTPS, the website returns a successful response.
    • If web visitors access http://www.example.com over HTTP, they will receive the 302 Found code and are directed to https://www.example.com.
  • HTTP/HTTPS forwarding method
    Figure 9 HTTP and HTTPS forwarding
    • If web visitors access your website over HTTP, the website returns a successful response but no communication between the browser and website is encrypted.
    • If web visitors access your website over HTTPS, the website returns a successful response and all communications between the browser and website are encrypted.
  • HTTPS offloading by WAF
    Figure 10 HTTPS offloading

    If web visitors access your website over HTTPS, WAF forwards the requests to your origin server over HTTP.