• Web Application Firewall

  1. Help Center
  2. Web Application Firewall
  3. User Guide
  4. Getting Started
  5. Connecting a Domain Name to WAF

Connecting a Domain Name to WAF

This section describes how to connect a domain name to WAF so that website traffic passes through WAF.


  • Login credentials have been obtained.
  • A domain name has been created but not connected to WAF.


  1. Log in to the management console.
  2. Click in the upper left corner of the management console and select a region or project.
  3. Choose Security > Web Application Firewall. In the navigation pane, choose Domains. The Domains page is displayed (see Figure 1).

    Figure 1 Domains page

  4. In the Name column, click the target domain name. Its information is displayed.

    • Without a proxy
      1. In the CNAME row, click to copy the CNAME value.
        Figure 2 CNAME value
      1. Go to your DNS provider and configure the CNAME record. For details, contact your DNS provider.

        The CNAME binding method of some common DNS providers is listed for your reference. If the following configuration is inconsistent with the actual configuration, rely on information provided by the DNS providers.

        1. Log in to the management console of the DNS provider.
        2. Go to the domain resolution record page.
        3. Set the CNAME resolution record.
          • Set the record type to CNAME.
          • Generally, enter the domain name prefix in the host record. For example, if the protected domain name is admin.demo.com, enter admin in the host record.
          • The record value is the CNAME generated by WAF.
          • Resolution line: keep the default value TTL.
        4. Click Save.

        The preceding resolution methods are provided by third parties. This document does not control or assume responsibility for any third party content, including but not limited to its accuracy, compatibility, reliability, availability, legitimacy, appropriateness, performance, non-infringement, or status update, unless otherwise specified in this document.

      2. Verify that the CNAME has been configured.
        1. In Windows, choose Start > Run. Then enter cmd and press Enter.
        2. Run the following command to query the CNAME. If the configured CNAME is displayed, the configuration is successful.

          nslookup www.domain.com

    • With a proxy
      1. In the rows containing the access address, subdomain name, and TXT record, click to copy these values.
        Figure 3 Copying the access address and TXT record
      2. Change the back-to-source address of the proxy (such as AAD or CDN) to the copied access address. Add a subdomain name and TXT record to the DNS records of your DNS provider. Then, the domain name is connected to WAF, directing website traffic to WAF.

    By default, WAF detects the DNS status of each protected domain name hourly. If you have performed domain connection and DNS is Normal, the domain name has been connected to WAF.