If you add a domain name to Web Application Firewall (WAF) in CNAME record mode, you can enable an exclusive IP address for the domain name to monitor the traffic of the domain name. A domain name for which an exclusive IP address is enabled remains accessible even if other domain names that share a WAF IP address are under volumetric DDoS attacks. By default, all domain names that are added to the same WAF instance share a WAF IP address.
Introduction to shared IP addresses and exclusive IP addresses
By default, all domain names that are added to the same WAF instance in CNAME record mode share a WAF IP address that is used to monitor the requests of the domain names. The WAF IP address is the shared IP address of the WAF instance. By default, each WAF instance has a shared IP address.
WAF instances that are purchased by different users are isolated from each other and have different shared IP addresses.
An exclusive IP address is an IP address that is assigned to a domain name to monitor the requests of the domain name. You can bind an exclusive IP address to only one domain name that is protected by WAF.
Benefits of an exclusive IP address
If you enable an exclusive IP address for a domain name, other domain names that are added to the same WAF instance to which you added the domain name remain accessible even if the domain name is under volumetric DDoS attacks.
In CNAME record mode, if one of the domain names that are added to the same WAF instance experiences volumetric DDoS attacks, and blackhole filtering is triggered for the shared IP address, the other domain names on the WAF instance cannot be accessed. You can enable an exclusive IP address for an important domain name. This way, the domain name remains accessible even if blackhole filtering is triggered for the shared IP address.
Billing
You are charged based on the number of domain names for which you enable exclusive IP addresses.
You can enable an exclusive IP address for each domain name that is added to WAF in CNAME record mode. After you enable an exclusive IP address for a domain name, you are charged for the exclusive IP address. The fee increases as the number domain names for which you enable exclusive IP addresses increases. For more information about the billing rules, see Billing overview.
Enable an exclusive IP address
You can enable an exclusive IP address only for a domain name that is added to WAF in CNAME record mode.
To enable an exclusive IP address for a domain name, perform the following steps:
On the Website Configuration page of the WAF 3.0 console, click Add on the CNAME Record tab. The Add Domain Name wizard appears.
In the Configure Listener step, click More Settings and turn on Exclusive IP Address for the domain name. The following figure shows an example.
For more information, see Add a domain name to WAF.
After you enable an exclusive IP address for a domain name, the CNAME that is provided by WAF for the domain name is automatically resolved to the exclusive IP address. You can ping the CNAME of the domain name to check whether the configuration is valid.
After you disable the exclusive IP address, the CNAME is resolved to a shared IP address.