If a domain name is added to Web Application Firewall (WAF) in CNAME record mode, an exclusive IP address is assigned to WAF to listen on the traffic of the domain name. A domain name for which an exclusive IP address is enabled is accessible even if other domain names that share a WAF IP address as the domain name are under volumetric DDoS attacks. By default, the domain names that are added to the same WAF instance share a WAF IP address.
Introduction to a shared IP address and exclusive IP address
An exclusive IP address is an IP address that is assigned to a domain name to listen on the requests of the domain name. You can bind an exclusive IP address to only one domain name that is protected by WAF.
Benefits of an exclusive IP address
If you enable an exclusive IP address for a domain name, other domain names that are added to the same WAF instance as the domain name are accessible even if the domain name is under volumetric DDoS attacks.
In CNAME record mode, if one of the domain names that are added to WAF experiences volumetric DDoS attacks and blackhole filtering is triggered for the shared IP address, other domain names in the same WAF instance as the attacked domain name cannot be accessed. You can enable an exclusive IP address for an important domain name. This way, the domain name is accessible even if blackhole filtering is triggered for the shared IP address.
Billing
You are charged based on the number of domain names for which you enable exclusive IP addresses.
You can enable an exclusive IP address for each domain name that is added to WAF in CNAME record mode. After you enable an exclusive IP address for a domain name, you are charged for the exclusive IP address. The more domain names for which you enable exclusive IP addresses, the more you are charged. For more information, see Billing method.
Enable an exclusive IP address
You can enable an exclusive IP address only for a domain name that is added to WAF in CNAME record mode.
- Log on to the WAF 3.0 console, go to the Website Configuration page, and then click Add on the CNAME Record tab. The Add Domain Name wizard appears.
- In the Configure Listener step, click More Settings and turn on Exclusive IP Address for the domain name. The following figure shows an example. For more information, see Configuration wizard description.
After you enable an exclusive IP address for a domain name, the CNAME that is provided by WAF for the domain name is automatically resolved to the exclusive IP address. You can ping the CNAME of the domain name to check whether the configuration is valid.