- If you have configured a wildcard domain name in WAF, contact us quickly to help process it by submitting a ticket. The wildcard domain name configuration will then be available for you in WAF, which automatically matches the corresponding sub-domain names.
- If a wildcard domain name, such as
*.test.com, is already connected to Tencent Cloud, then any of its sub-domain names cannot be connected to another account.
- If the wildcard domain name
*.test.comis already connected to your account, then wildcard domain names in formats such as
*.a.test.comcannot be connected to this account.
- If you add both a wildcard and a precise domain name (e.g.
a.test.com), WAF first uses the protection policies configured for the precise domain name.
Verify that CNAME configuration for your website domain name is correct. Once you add a CNAME record in DNS, please wait 10-20 minutes for the protection status to be updated. If you have waited over 30 minutes, and the protection status has not been updated yet, you can contact us for help by submitting a ticket.
In principle, the intermediate IP address of your domain name is not changed. If it happens, we will notify you by SMS, email or Message Center. You can view your intermediate IP address in the [Domain Name List] (https://console.cloud.tencent.com/guanjia/waf/config) of the console.
The business content on your real server must be legal, and you can modify the DNS resolution properly. Otherwise, you will not be able to connect your domain name to WAF.
WAF performs origin-pull based on domain name or IP. You can choose which option to configure as you need. For more information, see Add a Domain Name.
See CNAME Configuration for how to bind CNAME with your DNS service provider.
Once WAF is disabled, all its protection features are unavailable, and only the traffic forwarding mode starts to run instead, with no logs recorded.
No, it won’t. You can go to the WAF Console, click your domain name in the Domain Name List, and view the CNAME in Basic Settings.
No, you can’t change it, in principle. However, if an exception occurs to your WAF service, you may contact us quickly by submitting a ticket so that we can switch it to another working VIP address for you.
WAF provides anti-DDoS Basic capabilities (2 G) for VIP addresses by default. In case of an urgent need to resume your business for a VIP address blocked by anti-DDoS Basic, you can:
You are allowed to remove blocking manually only three times per month. The system resets the count of blocking removals at zero o'clock on the 1st day of every month, and the remaining number of allowed removals from last month is not carried over to this month.
To connect a CDN domain name, simply use the CNAME address that WAF assigned for your domain name as CDN origin server. The content is pulled from the origin as traffic flows through the architecture “user > CDN > WAF > CLB > real server”. Meanwhile, you can log in to the WAF Console, and select Yes for Proxy* in the Add domains page. Then, WAF obtains the real IP of your client for protection based on the XFF field in HTTP headers.
To add a real server domain name to WAF, enter the CNAME or other domain name different from the protection domain names. You may leave the protocol (HTTP or HTTPs) empty.