After you add a domain name to Web Application Firewall (WAF) and before you change the DNS record to redirect requests to WAF for protection, we recommend that you change the DNS record on your computer to verify domain name settings in WAF. This example in this topic is performed on a Windows machine. The example describes how to verify the domain name settings on your computer.
In the following example, your computer runs a Windows operating system.
- Open File Server Resource Manager on your computer.
- Enter C:\Windows\System32\drivers\etc\hosts in the address bar and open the hosts file by using Notepad or Notepad++.
- Append the following content to the hosts file:
In the content,
<WAF IP address> <Protected domain name>
<Protected domain name>is the domain name that you add to WAF.
<WAF IP address>is the WAF IP address that is mapped to the domain name. Separate
<WAF IP address>and
<Protected domain name>with a space.
To obtain the WAF IP address, perform the following steps:
Assume that you add the domain name
- Log on to the Web Application Firewall console.
- In the top navigation bar, select the resource group to which the instance belongs and the region, Mainland China or International, in which the instance is deployed.
- In the left-side navigation pane, choose .
- On the Domain Names tab, move the pointer over the domain name that you want to manage. Then, view and copy the CNAME of the domain name.
- Open Command Prompt in Windows.
- Run the following command to obtain the WAF IP address:
ping <CNAME that you have copied>
- Record the WAF IP address in the command output.
test.wafqa3.comto WAF and the WAF IP address is
47.***. ***.213. Append the following content to the hosts file:
47.***. ***.213 test.wafqa3.com
- Save changes to the hosts file and run the
ping <Protected domain name>command to verify that your changes are in effect.If your changes are in effect, the IP address in the command output is the WAF IP address that is mapped to the domain name.
If the IP address of the origin server is displayed, refresh the local DNS cache. You can run the
.\ipconfig /flushdnscommand to refresh the DNS cache. Then, run the ping command again until the changes take effect.
- In the address bar of your browser, enter the protected domain name.
- If the website is accessible, the domain name settings in WAF are correct and in effect. In this case, you can restore the hosts file and change the DNS record to redirect traffic to WAF for protection. For more information, see Change a DNS record.
- If the website is inaccessible, the domain name settings may be inappropriate. We recommend that you check the domain name settings in the WAF console. After the domain name settings in WAF are corrected, perform the verification on your computer again. For more information, see Add websites.
- Optional:Simulate simple web attack commands to verify whether WAF works properly.For example, in the address bar of your browser, enter
<Protected domain name>/alert(xss), a web attack request, and verify whether WAF blocks the attack.
If the request is blocked, the following page appears.
- After the verification is complete, delete the record added in Step 3 from the hosts file.Notice Delete the record after the verification is complete. Otherwise, exceptions may occur when your computer sends requests to the protected domain name.