When a website is deployed with Alibaba Cloud WAF, all web traffic is redirected to WAF for inspection, and WAF returns the inspected traffic to origin server.
You can view the IP addresses of Alibaba Cloud WAF in the Alibaba Cloud WAF console. The procedure is as follows.
- Log on to the Alibaba Cloud WAF console.
- On the top of the page, select the region: Mainland China, International.
- Go to the page.
- Click Alibaba Cloud WAF IP range to view and copy all WAF IP addresses.
You can see the following result:
- Open the security software in origin server, and add the copied WAF IP addresses to the IP whitelist.
What is the Alibaba Cloud WAF IP address?
Why must I whitelist Alibaba Cloud WAF IP addresses?
From origin server’s perspective, web requests from the Alibaba Cloud WAF IP addresses are more concentrated and in a very high frequency. The security software in origin server may determine that Alibaba Cloud WAF IP addresses are starting attacks, and trigger a blocking action against them. If Alibaba Cloud WAF IP addresses are blocked, the real client cannot get a response. Therefore, you must whitelist Alibaba Cloud WAF IP addresses once your website is deployed with WAF. Otherwise, normal web access may be affected, which leads to web pages cannot be opened or respond slowly.
We recommend that after deploying Alibaba Cloud WAF, you only allow web requests originate from WAF and block other requests to guarantee normal web business access and avoid direct-to-origin attacks. If the origin server IP address is disclosed, an attacker can bypass WAF to directly attack your origin server. For more information, see Protect your origin server.