If you want to mark the requests forwarded to the origin server by Web Application Firewall (WAF), you must enable traffic marking when you configure WAF. WAF adds header field names and header field values to all back-to-origin requests based on your settings to mark the traffic forwarded to the origin server. This helps implement precise access control on the origin server and facilitate statistical analysis.


Your website is added to the WAF console. For more information, see Add domain names.
Note This topic describes how to mark back-to-origin traffic by editing an existing domain name in the WAF console. Alternatively, you can mark back-to-origin traffic when you manually add a website to the WAF console for protection. For more information, see Manually add website configurations.


  1. Log on to the Web Application Firewall console.
  2. In the top navigation bar, select the resource group to which the instance belongs and the region, Mainland China or International, in which the instance is deployed.
  3. In the left-side navigation pane, choose Asset Center > Website Access.
  4. On the Website Access page, find the target domain name and click Edit in the Actions column.
  5. In the Request Tag section of the Edit page, specify Header Field Name and Header Field Value that are used for WAF to mark back-to-origin traffic.
    Note Do not use an existing custom header field. Otherwise, WAF will overwrite the value of this custom header field with that of the header field that you have specified.
    Request Tag
  6. Click Confirm.


After the settings take effect, WAF adds the HTTP header field and its value to all requests to be forwarded to the origin server.