Alibaba Cloud WAF provides convenient HTTPS options to help you implement HTTP back-to-source and HTTPS force redirect without re-constructing the origin.

Procedure

  1. Log on to the Alibaba Cloud WAF console.
  2. On the top of the page, select the region: Mainland China, International.
  3. On the Management > Website Configuration page, locate the domain name to be operated, and click Edit.
  4. Check HTTPS under Protocol type, and expand the Advanced settings menu.

    • Enable HTTP back-to-source
      You can enable an HTTP communication between Alibaba Cloud WAF and origin server by enabling HTTP back-to-source. By doing this, WAF returns the inspected traffic to the default port of 80 of your origin server.
      Note Using HTTP back-to-source does not require any modification on origin server or any HTTPS configuration. However, you must make sure that you upload the correct certificate and private key to Alibaba Cloud WAF. You can apply for a certificate for free in Alibaba Cloud SSL Certificate Service.


    • Enable HTTPS force redirect
      If you want to force clients to use HTTPS to access your sites, you can enable HTTPS force redirect.
      Note You must cancel the HTTP protocol to enable HTTPS force redirect.
      When HTTPS force redirect is enabled, some Web browsers that support HSTS (HTTP Strict Transport Security) will be forced to use HTTPS for a period of time. Therefore, you must make sure that the origin server supports HTTPS.

      When HTTPS force redirect is enabled, all HTTP requests will be displayed as HTTPS and forwarded to port 443.