This topic describes how to add a domain name to the new edition of Web Application Firewall (WAF) to help you quickly get started with the new edition of WAF.
Enable WAF
If WAF is not enabled, log on to the DCDN console. In the left-side navigation pane, choose . On the page that appears, click Activate Now. 
Step 1: (Optional) Configure the default protection policy
WAF provides a built-in basic web protection policy that is used as the default policy to defend against common web application attacks. The attacks include SQL injection, cross-site scripting (XSS) attacks, unauthorized code execution, webshells, and command injection. If the built-in basic protection policy cannot meet your requirements, you can configure a custom default protection policy. For example, if you want to specify different protection actions for requests from different protected objects, configure a custom default protection policy. For more information, see Configure a default protection policy.
Step 2: Add a domain name for protection
Log on to the DCDN console.
In the left-side navigation pane, choose .
On the Protected Domain Names page, click Add Domain Name.
In the Add Domain Name dialog box, select the domain names that you want to add to WAF and specify the Client IP parameter.
Parameter
Description
Add Domain Name
Select the domain names that you want WAF to protect.
NoteYou can add up to 50 domain names at a time.
Client IP
Valid values: Client IP and Custom Header.
Default value: Client IP. If you have used gateway services such as Anti-DDoS and EdgeRoutine (ER), the IP addresses of the requests that are received by WAF are those of the Anti-DDoS and ER servers. In this case, you can change the IP address source to other headers such as X-Forwarded-For (XFF). This prevents WAF from blocking Anti-DDoS and ER requests.
Custom Headers
This parameter is valid only when you set Client IP to Custom Header.
Sample custom headers:
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apgn,*/*;q=0.8NoteSeparate multiple headers with commas (,). You can enter up to five headers.
NoteWAF protection policies are immediately executed after requests reach DCDN points of presence (POPs). The execution priority of WAF protection policies is higher than that of other configurations, such as cache and authentication.
Click OK.
After you add a protected domain name, the default protection policy is automatically configured for the domain name.
NoteIf you do not configure other default policies in Step 1: (Optional) Configure the default protection policy, only the built-in basic web protection policy is configured for the domain name that you added, and you are charged based on the number of requests that are processed by WAF.
Step 3: (Optional) Add or modify a protection rule
If you want to modify the status of a protection rule and the action that can be performed for a protection rule, you can modify the protection rule on the Protection Policies page. For example, if you want to change the value of the Action parameter from Block to Monitor, modify the protection rule on the Protection Policies page. For more information, see Overview.
