How Do I Route Website Traffic to My Cloud WAF Instance?
In cloud CNAME access mode, after you add your website to WAF, resolve the website domain name to WAF so that the traffic can pass through WAF. Then, WAF will filter out malicious requests and forward only legitimate requests to the origin server.
How WAF Works
- No proxy used
DNS resolves your domain name to the origin server IP address before the site is connected to WAF. DNS resolves your domain name to the CNAME of WAF after the site is connected to WAF. Then WAF inspects the incoming traffic and filters out malicious traffic.
- A proxy (such as anti-DDoS service) used
If a proxy such as anti-DDoS service is used on your site before it is connected to WAF, DNS resolves the domain name of your site to the anti-DDoS IP address. The traffic goes to the anti-DDoS service and the anti-DDoS service then routes the traffic back to the origin server. After you connect your website to WAF, change the back-to-source address of the proxy (such as anti-DDoS service) to the CNAME of WAF. In this way, the proxy forwards the traffic to WAF. WAF then filters out illegitimate traffic and only routes legitimate traffic back to the origin server.
- To ensure that WAF can properly forward requests, test WAF by referring to Testing WAF before modifying the DNS configuration.
- To prevent other users from configuring your domain names on WAF in advance (this will cause interference on your domain name protection), add the subdomain name and TXT record on your DNS management platform. WAF can determine which user owns the domain name based on the subdomain name and TXT record.
Operation Guide
After a domain name is added, WAF generates a CNAME record, or CNAME, subdomain name, and TXT record for DNS to resolve the domain name to WAF so that website traffic can pass through WAF for detection. For details, see Table 1.
Scenario |
Generated Parameter Value |
Operation Related to Domain Name Resolution |
---|---|---|
No proxy used |
CNAME |
The DNS obtains the CNAME of WAF. |
Proxy used |
CNAME, subdomain name, and TXT record |
|
Procedure
For details, see Connecting a Domain Name to WAF.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot