After you have added a domain name to the WAF console and before changing the DNS record to redirect requests to WAF for protection, we recommend that you change the DNS record on a local computer to verify WAF domain name settings. This example in this topic is performed on a Windows machine. The example describes how to verify the domain name settings on your local computer.
The following procedure describes how to verify domain name settings on a local computer that runs Windows.
- Open File Server Resource Manager on your local computer.
- In the address bar, enter C:\Windows\System32\drivers\etc\hosts and open the hosts file with Notepad or Notepad++.
- Append the following content to the hosts file:
<WAF IP address> <Protected domain name>
<Protected domain name>is the domain name that you added to WAF.
<WAF IP address>is the WAF IP address that is mapped to the domain name. Separate
<WAF IP address>and
<Protected domain name>with a space.
To obtain the WAF IP address, follow these steps:
Assume that you have added the domain name
- Log on to the Web Application Firewall console.
- In the top navigation bar, select the resource group to which the instance belongs and the region, Mainland China or International, in which the instance is deployed.
- In the left-side navigation pane, choose .
- On the Website Access page, move the pointer over the domain name, view and copy the WAF CNAME address of the domain name.
- Open Command Prompt in Windows.
- Run the following command to obtain the WAF IP address:
ping <WAF CNAME address that you have copied>
- Record the WAF IP address in the command output.
test.wafqa3.comto the WAF console and the WAF IP address is
47. ***. ***.213. Append the following content to the hosts file:
47.***. ***.213 test.wafqa3.com
- Save changes to the hosts file and run the
ping <Protected domain name>command to verify that your changes are in effect.If your changes are in effect, the IP address in the command output is the WAF IP address that is mapped to the domain name.
If the origin IP address is displayed, try refreshing the local DNS cache. You can run the
flushdnscommand to refresh the DNS cache. Then, run the ping command again until the changes take effect.
- In the address bar of your local browser, enter the protected domain name.
- If you can access the website, the domain name settings added to the WAF console are correct. In this case, you can restore the hosts file and update the DNS record to redirect traffic to WAF for protection. For more information, see Change the DNS settings.
- If you are unable to access your website, the domain name settings added may be incorrect. We recommend that you check the domain name settings in the WAF console and perform the verification again after troubleshooting. For more information, see Add domain names.
- Optional:Simulate simple web attack commands to verify whether WAF works properly.
For example, in your browser's address bar, enter
<Protected domain name>/alert(xss), a web attack request, and verify whether WAF blocks the attack.
- After the verification is complete, delete the record added in Step 3 from the hosts file.
Notice Delete the record after the verification is complete. Otherwise, exceptions may occur when the local computer sends requests to the protected domain name.
Contact technical support
- Log on to the WAF console. At the lower part of the left-side navigation pane, click Meet Expert, join the WAF emergency handling DingTalk group by scanning the DingTalk code, and contact Alibaba Cloud security experts for assistance.
- Submit a ticket.