When you add a website to your Web Application Firewall (WAF) instance in CNAME record mode, you must specify the HTTP or HTTPS ports that the website uses. After you specify the ports and add the website, traffic destined for the website is redirected to WAF for detection and protection.

Background information

WAF forwards the traffic only over the specified ports to the origin server. WAF does not forward the traffic over a port that is not specified.

WAF protects services that use standard ports or non-standard ports. The number of ports that are supported and the range of non-standard ports that are supported by a WAF instance vary based on the WAF edition that is used. For more information, see Ports supported by each WAF edition.


You must specify HTTP or HTTPS ports in the following scenarios:
  • A website is added to WAF in CNAME record mode.
  • The HTTP or HTTPS ports that the website uses change.


  1. Log on to the Web Application Firewall console.
  2. In the top navigation bar, select the resource group and region to which the WAF instance belongs. The region can be Mainland China or International.
  3. In the left-side navigation pane, choose Asset Center > Website Access.
  4. In the domain name list, find the domain name for which you want to specify ports. Then, click Edit in the Actions column.
  5. On the Edit page, find the Destination Server Port section and enter the required port numbers in the HTTP Port and HTTPS Port fields.
    Press Enter each time you enter a port number.
    Notice The port numbers that you enter must be within the allowed port range. Otherwise, the settings cannot be saved. You can click View Allowed Port Range to check whether a port number is within the allowed port range.
    Destination Server Port
  6. Click Confirm.


If my website receives requests over an unconfigured port, is the origin server threatened?

Does WAF support custom ports?

What do I do if services on non-standard ports cannot be added to WAF of the Pro edition?