If a website that is added to the WAF console for protection supports HTTPS, you can click Advanced Settings to turn on the Enforce HTTPS Routing and Enable HTTP switches when you configure WAF.

Prerequisites

  • Your website is added to the WAF console, and HTTPS is selected for Protocol Type. For more information, see Add domain names.
    Note This topic describes how to enable HTTPS advanced settings by editing an existing domain name in the WAF console. Alternatively, you can enable HTTPS advanced settings when you manually add a website to the WAF console for protection. For more information, see Manually add website configurations.
  • A correct and valid HTTPS certificate is uploaded to the WAF console. The HTTPS state is Normal. For more information, see Upload HTTPS certificates.

Background information

HTTPS advanced settings in the WAF console support the following features:
  • Enforce HTTPS Routing: forcibly converts all HTTP requests for accessing your website to HTTPS requests and redirects these requests to port 443 by default. The following figure shows how this feature is implemented.Enforce HTTPS Routing

    If you want a client to use HTTPS requests to access your website, you can enable this feature. This enhances access security.

    Notice Before you enable this feature, make sure that your website supports HTTPS services. After this feature is enabled, some web browsers will be forcibly configured to access your website over HTTPS.
  • Enable HTTP: allows WAF to forward HTTPS requests from a client to the origin server over HTTP. The default HTTP port is 80. The following figure shows how this feature is implemented.Enable HTTP

    With this feature, WAF can implement HTTPS access without changes to the origin server. This reduces the load of your website. If your website does not support HTTPS back-to-origin requests, you must enable this feature.

Procedure

  1. Log on to the Web Application Firewall console.
  2. In the top navigation bar, select the resource group to which the instance belongs and the region, Mainland China or International, in which the instance is deployed.
  3. In the left-side navigation pane, choose Asset Center > Website Access.
  4. On the Website Access page, find the target domain name and click Edit in the Actions column.
  5. On the Edit page, click Advanced Settings in the Protocol Type section.
    Note Advanced Settings can be displayed only after you select HTTPS for Protocol Type.
    HTTPS
  6. Enable HTTPS advanced settings based on your business requirements.
    • Enforce HTTPS Routing: Turn on this switch. In the Tips message, click Confirm.
      Note To turn on this switch, you must clear HTTP first.
      Click Confirm

      After this switch is turned on, HTTP requests for the target website domain will be displayed as HTTPS requests, and these requests will be redirected to port 443 by default.

    • Enable HTTP: Turn on this switch.

      After this switch is turned on, WAF forwards back-to-origin requests to the origin server over HTTP. The default HTTP port is 80.

  7. Click Confirm to save the settings.