/ DOCS
nav-img
Advanced

Changing the Protection Mode

You can change the WAF protection mode for your website. You can enable, suspend, and bypass WAF protection.

Note

If you have enabled enterprise projects, ensure that you have all operation permissions for the project where your WAF instance locates. Then, you can select the enterprise project from the Enterprise Project drop-down list and switch WAF working mode for a specific domain name.

Prerequisites

You have connected the website you want to protect to WAF.

Constraints

  • WAF protection can be bypassed only when Protection is set to Cloud.
  • Before bypassing WAF protection, ensure that the service port of the origin server has been enabled.
  • If you connect a domain name to WAF with different protection ports configured, bypassing WAF protection is not supported for the domain name.
  • If you bypass WAF protection, requests for the domain name are sent to the backend server directly and do not pass through WAF. Your domain name may become inaccessible if any of the following happens:
    • In the website server configuration, settings for Client Protocol and Server Protocol are inconsistent.
    • Different ports are set for Protected Port and Server Port.

Application Scenarios

  • Enable WAF: WAF protects your website against attacks based on the protection policy you configure for it.
  • Suspend WAF: If a large number of normal requests are blocked, for example, status code 418 is frequently returned, you can suspend WAF. In this mode, WAF only forwards requests to origin servers. It does not scan for or log attacks. This is risky. Global protection whitelist rules are recommended to reduce false alarms.
  • Bypass WAF: If you bypass WAF protection for a domain name, requests are directly sent to backend origin servers without passing through WAF. Before bypassing WAF, enable the service port of origin servers so that requests can go to origin servers. Bypassing WAF is recommended only when one of the following conditions is met:
    • Website services need to be restored to the status when the website is not connected to WAF.
    • You need to investigate website errors, such as 502, 504, or other incompatibility issues.
    • No proxies are configured between the client and WAF.

Impact on the System

If you suspend WAF protection, WAF does not scan for attacks and only forwards requests to origin servers. This is risky. To avoid normal requests from being blocked, configure global protection whitelist rules, instead of suspending WAF protection.

Changing the Protection Mode (Enabling/Suspending WAF Protection)

  1. Log in to the management console.
  2. Click in the upper left corner of the management console and select a region or project.
  3. Click in the upper left corner of the page and choose Security > Web Application Firewall.
  4. In the navigation pane on the left, choose Website Settings.
  5. In the row containing the target domain name, click in the Mode column and select a mode you want.
Parent topic: Managing Websites
Предыдущая статья
Viewing Basic Information of a Website
Следующая статья
Changing the Protection Policy for a Protected Website
Была ли эта статья полезна?
Поддержка Юридические документы
© 2025 Cloud.ru