This document describes how to connect a domain name to SaaS WAF. Before using WAF to protect your web business, you need to connect the website to WAF; otherwise, WAF protection cannot take effect.
Directions
- Log in to the WAF console and select Asset Center > Domain Name List on the left sidebar.
- Click Add domain name.
- On the page that appears, configure the basic parameters.

Field description
- Instance: Select SaaS and the target instance on the right.
- Domain name: Enter the domain name to be protected, such as
saas.technicalsupport.cn
.
- Server configuration: Select a protocol and port as needed. For more port options, see Port Access.
- Select the HTTP protocol and enter a port.
- Select the HTTPS protocol and enter a port. Then, you need to configure the associated certificate, forced HTTPS redirection, and HTTPS forwarding method.
- Associate certificate: Click Associate certificate and select a Tencent Cloud-managed or external certificate as needed.
- Force HTTP redirect: To enable forced HTTPS redirect, you need to select both HTTP and HTTPS access protocols.
- HTTPS origin-pull method: Select an origin-pull method as needed: HTTP or HTTPS.
Note:
For HTTP as an origin-pull method, you can specify a port for origin-pull. For HTTPS, the open port is also used for origin-pull.
- Proxy: Select whether proxy services including Anti-DDoS and CDN are used based on the actual conditions.
Note:
If you select Yes, WAF will get real client IPs, which may be forged, from the XFF field as the source IPs.
- Origin address: Enter the IP or domain name as needed.
- IP: Enter up to 20 IPv4 or IPv6 addresses and separate them with line breaks.
- Domain name: Enter the origin domain name. Note that it must be different from the protected domain name.
- Weighted round robin: Use this method when you set multiple origin server IPs for forwarding.
- Load balancing policy: Select RR (default option) or IP hash as needed.
- After configuring the basic parameters, you can configure advanced parameters as needed. Click OK to save the settings.

Field description
- Connection method: Persistent connection is used for forwarding by default. Make sure that the origin server supports persistent connection; otherwise, even if persistent connection is selected, non-persistent connection will still be used.
- Enable HTTP 2.0: Make sure that your origin server supports HTTP 2.0 and enable it; otherwise, even if HTTP 2.0 is enabled, it will be downgraded to 1.1.
- Enable WebSocket: If your website uses WebSocket, we recommend you select Yes.
- Enable Anycast IP: All instances in the same region under the current account use the same Anycast IP.
- After the configuration, you can see the newly added domain name in the domain name list. The current page prompts that you haven't configured a CNAME record. You need to perform local testing and then modify DNS resolution.

Note:
WAF assigns a unique CNAME to each domain name added to WAF regardless of whether it is top-level or second-level.
Subsequent Operations
After adding a domain name, you can proceed to the following steps:
Was this page helpful?