This topic lists some frequently asked questions about Web Application Firewall (WAF). CategoryQuestionFeaturesFAQ about pre-sales consultingCan I use WAF to protect servers that are not deployed on Alibaba Cloud?Does WAF support Cloud Web Hosting instances?Can WAF protect HTTPS services?Does WAF support custom ports?What are the limits for the ports that can be added to WAF?Does the QPS limit that is configured for a WAF instance in the WAF console apply to the entire WAF instance or a single domain name added to the WAF instance?Does WAF support two-way HTTPS authentication?Does WAF support the WebSocket, HTTP/2, and SPDY protocols?Is the origin server affected if you add HTTP/2 services to WAF?Which TLS protocols does WAF support?Can WAF protect websites that use NTLM authentication?FAQ about website access configurationCan I use the internal IP address of an ECS instance as an origin IP address in the WAF console?Can WAF protect multiple origin IP addresses for one domain name?How does WAF balance request loads among origin servers?Does WAF support the health check feature?Does WAF support session persistence?Does latency occur when I change an origin IP address in the WAF console?What are the back-to-origin CIDR blocks of WAF?Does WAF automatically add its back-to-origin CIDR blocks to security groups?Do I need to allow access requests from all client IP addresses?Can a WAF instance that uses an exclusive IP address defend against DDoS attacks?Can WAF be deployed with CDN or with Anti-DDoS Pro or Anti-DDoS Premium?Can I deploy WAF with CDN and Anti-DDoS Pro or Anti-DDoS Premium by using different Alibaba Cloud accounts?How does WAF ensure the security of an uploaded certificate and its private key? Does WAF decrypt HTTPS traffic and record the content of HTTPS requests?A domain name is added to WAF. Why am I unable to find the domain name in the domain name list?FAQ about website protection configurationHow can I use WAF to defend against HTTP flood attacks?How long does it take for configuration modifications in the WAF console to take effect?When I configure custom protection policies (ACL policies) in the WAF console, can I enter CIDR blocks in the IP field?Why does a custom protection policy in which the URL match field contains two forward slashes (//) not take effect?FAQ about website protection analysisCan I view the source IP addresses of HTTP flood attacks in the WAF console?How do I query the bandwidth usage of WAF?Website accessHow do I troubleshoot website access exceptions?How do I troubleshoot HTTPS access issuesHTTPS access exceptions arising from SNI compatibility ("Certificate not trusted")How to handle ECS intrusion?What do I do if blackhole filtering is triggered for my WAF instance?ConfigurationSupported domain suffixesIf my website receives requests over an unconfigured port, is the origin server threatened?WAF access traffic flowEmergency Mode of HTTP Flood ProtectionHow do I troubleshoot 405 errors?Fault analysisWhat do I do if services on non-standard ports cannot be added to WAF of the Pro edition?What do I do if “The HTTPS private key format is invalid” appears when I upload an HTTPS certificate file?How do I handle the mismatch between a certificate and its private key?File upload requests blocked by Alibaba Cloud WAFHow to fix the logon status loss issue?What do I do if a persistent connection times out?Why am I unable to access miniapps on a website that I added to WAF?ServicesProduct specification for Alibaba Cloud DNS version of WAFOthersCommon web vulnerabilitiesWhy am I unable to access a CNAME provided by WAF directly?
This topic lists some frequently asked questions about Web Application Firewall (WAF). CategoryQuestionFeaturesFAQ about pre-sales consultingCan I use WAF to protect servers that are not deployed on Alibaba Cloud?Does WAF support Cloud Web Hosting instances?Can WAF protect HTTPS services?Does WAF support custom ports?What are the limits for the ports that can be added to WAF?Does the QPS limit that is configured for a WAF instance in the WAF console apply to the entire WAF instance or a single domain name added to the WAF instance?Does WAF support two-way HTTPS authentication?Does WAF support the WebSocket, HTTP/2, and SPDY protocols?Is the origin server affected if you add HTTP/2 services to WAF?Which TLS protocols does WAF support?Can WAF protect websites that use NTLM authentication?FAQ about website access configurationCan I use the internal IP address of an ECS instance as an origin IP address in the WAF console?Can WAF protect multiple origin IP addresses for one domain name?How does WAF balance request loads among origin servers?Does WAF support the health check feature?Does WAF support session persistence?Does latency occur when I change an origin IP address in the WAF console?What are the back-to-origin CIDR blocks of WAF?Does WAF automatically add its back-to-origin CIDR blocks to security groups?Do I need to allow access requests from all client IP addresses?Can a WAF instance that uses an exclusive IP address defend against DDoS attacks?Can WAF be deployed with CDN or with Anti-DDoS Pro or Anti-DDoS Premium?Can I deploy WAF with CDN and Anti-DDoS Pro or Anti-DDoS Premium by using different Alibaba Cloud accounts?How does WAF ensure the security of an uploaded certificate and its private key? Does WAF decrypt HTTPS traffic and record the content of HTTPS requests?A domain name is added to WAF. Why am I unable to find the domain name in the domain name list?FAQ about website protection configurationHow can I use WAF to defend against HTTP flood attacks?How long does it take for configuration modifications in the WAF console to take effect?When I configure custom protection policies (ACL policies) in the WAF console, can I enter CIDR blocks in the IP field?Why does a custom protection policy in which the URL match field contains two forward slashes (//) not take effect?FAQ about website protection analysisCan I view the source IP addresses of HTTP flood attacks in the WAF console?How do I query the bandwidth usage of WAF?Website accessHow do I troubleshoot website access exceptions?How do I troubleshoot HTTPS access issuesHTTPS access exceptions arising from SNI compatibility ("Certificate not trusted")How to handle ECS intrusion?What do I do if blackhole filtering is triggered for my WAF instance?ConfigurationSupported domain suffixesIf my website receives requests over an unconfigured port, is the origin server threatened?WAF access traffic flowEmergency Mode of HTTP Flood ProtectionHow do I troubleshoot 405 errors?Fault analysisWhat do I do if services on non-standard ports cannot be added to WAF of the Pro edition?What do I do if “The HTTPS private key format is invalid” appears when I upload an HTTPS certificate file?How do I handle the mismatch between a certificate and its private key?File upload requests blocked by Alibaba Cloud WAFHow to fix the logon status loss issue?What do I do if a persistent connection times out?Why am I unable to access miniapps on a website that I added to WAF?ServicesProduct specification for Alibaba Cloud DNS version of WAFOthersCommon web vulnerabilitiesWhy am I unable to access a CNAME provided by WAF directly?