Configuration Example: Adding a Domain Name to WAF
When adding a domain name to WAF, the configurations are slightly different based on the service scenarios.
- Example 1: Protecting Traffic to the Same Standard Port with Different Origin Server IP Addresses Assigned
- Example 2: Protecting Traffic to a Non-Standard Port with Different Origin Server IP Addresses Assigned
- Example 3: Protecting Different Service Ports
- Example 4: Configuring Protocols for Different Access Methods
Example 1: Protecting Traffic to the Same Standard Port with Different Origin Server IP Addresses Assigned
- Select Standard port from the Protected Port drop-down list.
- Select HTTP or HTTPS for Client Protocol. Figure 1 and Figure 2 show standard port configurations when the client protocol is HTTP or HTTPS.
Figure 1 Port 80
Figure 2 Port 443
NoteIf Client Protocol is set to HTTPS, a certificate is required.
- Your website visitors can access the website without adding a port to the end of the domain name. For example, enter http://www.example.com in the address box of the browser to access the website.
Example 2: Protecting Traffic to a Non-Standard Port with Different Origin Server IP Addresses Assigned
- In the Protected Port drop-down list, select a non-standard port you want to protect.
- Select HTTP or HTTPS for Client Protocol for all server ports. Figure 3 and Figure 4 show the configuration of non-standard HTTP or HTTPS port, respectively.
Figure 3 Other HTTP port besides port 80
Figure 4 Other HTTPS port besides port 443
NoteIf Client Protocol is set to HTTPS, a certificate is required.
- Visitors must add the configured non-standard port to the domain name when they access your website. Otherwise, error 404 is returned. If the non-standard port is 8080, enter http://www.example.com:8080 in the address box of the browser.
Example 3: Protecting Different Service Ports
If the service ports to be protected are different, configure the ports separately. For example, to protect ports 8080 and 6443 for your site www.example.com, add the domain separately for each port, as shown in Figure 5 and Figure 6.
Figure 5 Protecting port 8080
Figure 6 Protecting port 6443
Example 4: Configuring Protocols for Different Access Methods
WAF provides various protocol types. If your website is www.example.com, WAF provides the following four access modes:
- HTTP mode
Figure 7 HTTP mode
NoticeThis configuration allows web visitors to access http://www.example.com over HTTP only. If they access it over HTTPS, they will receive the 302 Found code and be redirected to http://www.example.com.
- HTTPS method. This configuration allows web visitors to access your website over HTTPS only. If they access it over HTTP, they are redirected to the HTTPS URL.
Figure 8 HTTPS redirection
Notice- If web visitors access your website over HTTPS, the website returns a successful response.
- If web visitors access http://www.example.com over HTTP, they will receive the 301 Found code and are directed to https://www.example.com.
- HTTP/HTTPS forwarding method
Figure 9 HTTP and HTTPS forwarding
Notice- If web visitors access your website over HTTP, the website returns a successful response but no communication between the browser and website is encrypted.
- If web visitors access your website over HTTPS, the website returns a successful response and all communications between the browser and website are encrypted.
- HTTPS offloading by WAF
Figure 10 HTTPS offloading
NoticeIf web visitors access your website over HTTPS, WAF forwards the requests to your origin server over HTTP.
- Example 1: Protecting Traffic to the Same Standard Port with Different Origin Server IP Addresses Assigned
- Example 2: Protecting Traffic to a Non-Standard Port with Different Origin Server IP Addresses Assigned
- Example 3: Protecting Different Service Ports
- Example 4: Configuring Protocols for Different Access Methods