If a domain name is added to Web Application Firewall (WAF) in CNAME record mode, an exclusive IP address is assigned to WAF to listen on the traffic of the domain name. A domain name for which an exclusive IP address is enabled is accessible even if other domain names that share a WAF IP address as the domain name are under volumetric DDoS attacks. By default, the domain names that are added to the same WAF instance share a WAF IP address.

Introduction to a shared IP address and exclusive IP address

By default, all the domain names that are added to the same WAF instance in CNAME record mode share a WAF IP address to listen on the requests of the domain names. The WAF IP address is the shared IP address of the WAF instance. By default, each WAF instance has a shared IP address.
Notice WAF instances that are purchased by different users are isolated from each other and have different shared IP addresses.

An exclusive IP address is an IP address that is assigned to a domain name to listen on the requests of the domain name. You can bind an exclusive IP address to only one domain name that is protected by WAF.

Benefits of an exclusive IP address

If you enable an exclusive IP address for a domain name, other domain names that are added to the same WAF instance as the domain name are accessible even if the domain name is under volumetric DDoS attacks.

In CNAME record mode, if one of the domain names that are added to WAF experiences volumetric DDoS attacks and blackhole filtering is triggered for the shared IP address, other domain names in the same WAF instance as the attacked domain name cannot be accessed. You can enable an exclusive IP address for an important domain name. This way, the domain name is accessible even if blackhole filtering is triggered for the shared IP address.

Billing

You are charged based on the number of domain names for which you enable exclusive IP addresses.

You can enable an exclusive IP address for each domain name that is added to WAF in CNAME record mode. After you enable an exclusive IP address for a domain name, you are charged for the exclusive IP address. The more domain names for which you enable exclusive IP addresses, the more you are charged. For more information, see Billing method.

Enable an exclusive IP address

You can enable an exclusive IP address only for a domain name that is added to WAF in CNAME record mode.

To enable an exclusive IP address for a domain name, perform the following steps:
  1. Log on to the WAF 3.0 console, go to the Website Configuration page, and then click Add on the CNAME Record tab. The Add Domain Name wizard appears.
  2. In the Configure Listener step, click More Settings and turn on Exclusive IP Address for the domain name. The following figure shows an example. Exclusive IP AddressFor more information, see Configuration wizard description.

After you enable an exclusive IP address for a domain name, the CNAME that is provided by WAF for the domain name is automatically resolved to the exclusive IP address. You can ping the CNAME of the domain name to check whether the configuration is valid.