After you add a domain name to Web Application Firewall (WAF), we recommend that you change the DNS record on your computer to verify domain name settings in WAF. Then, you can change the DNS record in the WAF console to redirect requests to WAF to protect your service. This topic provides an example on how to verify domain name settings on an on-premises computer. In the following example, a Windows machine is used.
In the following example, your computer runs a Windows operating system.
- Open File Server Resource Manager on your computer.
- Enter C:\Windows\System32\drivers\etc\hosts in the address bar and open the hosts file by using a text editor.
- Append the following content to the hosts file:
In the content,
<IP address of your WAF instance> <Protected domain name>
<Protected domain name>is the domain name that you add to WAF.
<IP address of your WAF instance>is the IP address that is mapped to the domain name. Separate
<IP address of your WAF instance>and
<Protected domain name>with a space.
To obtain the IP address of your WAF instance, perform the following steps:
Assume that you add the domain name
- Log on to the Web Application Firewall console.
- In the top navigation bar, select the resource group and region to which the WAF instance belongs. The region can be Mainland China or International.
- In the left-side navigation pane, choose .
- On the Domain Names tab, move the pointer over the domain name that you add and click the icon to copy the CNAME of the domain name.
- Open Command Prompt in Windows.
- Run the following command to obtain the IP address of your WAF instance:
ping <CNAME that you copy>
- Record the IP address of your WAF instance in the output of the
test.aliyundoc.comto WAF and the IP address of your WAF instance is
47.XX.XX.213. Append the following content to the hosts file:
- Save changes to the hosts file and run the
ping <Protected domain name>command to verify that your changes are in effect.If your changes are in effect, the IP address in the output of the
pingcommand is the IP address of your WAF instance.
If the IP address of the origin server is displayed in the command output, refresh the local DNS cache. You can run the
.\ipconfig /flushdnscommand to refresh the DNS cache. Then, run the ping command again until the changes take effect.
- In the address bar of your browser, enter the protected domain name.
- If the website can be accessed, the domain name settings in the WAF console are correct and valid. In this case, you can restore the hosts file. Then, you can change the DNS record in the WAF console to redirect requests to WAF for protection. For more information, see Change a DNS record.
- If the website cannot be accessed, the domain name settings may be inappropriate. We recommend that you check the domain name settings in the WAF console. After you fix errors in the domain name settings, verify the domain name settings on your computer again. For more information, see Add a website.
- Optional:Simulate simple web attack commands to check whether WAF runs as expected. For example, in the address bar of your browser, enter
<Protected domain name>/alert(xss), which is a web attack request. Then, check whether WAF blocks the request.
If the request is blocked, the following page appears.
- After the verification is complete, delete the record that you add in Step 3 from
the hosts file. Notice If you do not delete the record after the verification is complete, exceptions may occur when your computer sends requests to the protected domain name.