• Web Application Firewall

waf
  1. Help Center
  2. Web Application Firewall
  3. User Guide
  4. Getting Started
  5. Testing WAF

Testing WAF

After a domain name is created and connected to WAF, you can test it.

In this section, Basic Web Protection is used as an example.

Prerequisites

  • Login credentials have been obtained.
  • A domain name has been created and connected.

Procedure

  1. Check whether the origin server protocol, address, and port configurations of the domain name (www.test.com is used as an example) are correct. If Client Protocol is HTTPS, check whether the certificate content and private key are correct.
  2. Choose Security > Web Application Firewall > Domains. Figure 1 displays the Domains page.

    Figure 1 Domains page

  3. In the Name column, click the target domain name. Its information is displayed, as shown in Figure 2.

    Figure 2 Copying the CNAME value

  4. In the CNAME row, click to copy the CNAME value.
  5. Ping the CNAME value and record the corresponding IP address (for example, 192.168.0.1).
  6. Modify the hosts file on a local PC. For example, in Windows, go to the C:\Windows\System32\drivers\etc directory, open the hosts file, and add the domain name and IP address (www.test.com and 192.168.0.1) to the hosts file. See Figure 3.

    Figure 3 Adding a record

  7. Set the mode of Basic Web Protection to Block. For details, see Enabling Basic Web Protection.
  8. Clear the browser cache and enter the domain name in the address box of a browser to see if the website can be accessed.

    Figure 4 Normal access

  9. Clear the browser cache, enter http://www.test.com?id=1%20or%201%20=1 in the address box of the browser to simulate an SQL injection, and check whether WAF blocks the attack. See Figure 5.

    Figure 5 Request blocked

  10. Choose Security > Web Application Firewall > Events to view test data. See Figure 6.

    Figure 6 Viewing test data