Web Application Firewall (WAF) uses a shared IP address by default to protect multiple domains. If one of these domains is targeted by a high-volume DDoS attack, the shared IP may be blackholed. This affects all other domains protected by the same instance, making them inaccessible. To prevent this issue, you can purchase an exclusive resource plan for domain names to get an exclusive IP address for your critical domains and provide isolated protection.
Prerequisites
Your website must be added to WAF using CNAME Record mode.
Purchase and use an exclusive domain name resource plan
Upgrade your instance to purchase an exclusive resource plan for domain names. For detailed instructions, see Renewal policy.
Log on to the WAF console. In the top navigation bar, select the resource group and the region (Chinese Mainland or Outside Chinese Mainland) of the WAF instance.
In the navigation pane, choose .
On the Website Access page, find the target domain name. In the Quick Access column, set Protection Resource to Shared Cluster and Exclusive IP Address.
After you enable the exclusive IP address, the domain's CNAME automatically resolves to the new exclusive IP address. Ping the domain's CNAME to verify that it resolves to the new WAF IP address.
ImportantIf the domain resolves through an A record instead of a CNAME record, the automatic switchover cannot be completed. This may cause service interruptions when you enable or disable the exclusive IP.