Learn how to add a domain name to Edge WAF for protection and quickly get started with the WAF feature.
Alibaba Cloud DCDN will stop offering the WAF protection feature to new users at 00:00 on May 1, 2025 (UTC+8). Users who have already enabled the service are not affected.
If you need this feature, upgrade to Edge Security Acceleration (ESA). The WAF protection feature of ESA provides better protection than the WAF feature of DCDN.
Enable Edge WAF
If you have not enabled the Edge WAF feature, log on to the DCDN console. In the navigation pane on the left, choose . Then, click Activate Now and follow the on-screen instructions.
(Optional) Step 1: Configure a default mitigation policy
Edge WAF includes a built-in default mitigation policy that protects your web services from common attacks, such as SQL injection, cross-site scripting (XSS), code execution, webshell uploads, and command injection. If this policy does not meet your needs, you can configure a custom default mitigation policy to apply different prevention modes to different protected objects. For more information, see Default mitigation policy.
Step 2: Add a domain name for protection
-
Log on to the DCDN console.
-
In the navigation pane on the left, choose .
-
On the Protected Domain Names page, click Add Domain Name.
-
In the Add Domain Name dialog box, select the domain names that you want to protect and configure a method to obtain client IP addresses.
Parameter
Description
Add Domain Name
Select the domain names that you want to protect.
NoteYou can add up to 50 domain names at a time.
Client IP
You can use the Client Connection IP or Custom Header method.
By default, Client Connection IP is selected. If a gateway product such as DDoS or ER is deployed before WAF, the request IP addresses that WAF receives are the gateway server IP addresses. In this case, change the IP address source to another header, such as X-Forwarded-For (XFF), to prevent WAF from incorrectly blocking requests from the gateway servers.
Custom Headers
This parameter is available only when Client IP is set to Custom Header.
Example of a custom header:
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apgn,*/*;q=0.8NoteSeparate multiple headers with commas. You can enter up to five headers.
NoteWAF mitigation policies are executed immediately when requests reach DCDN points of presence (POPs). This means that WAF protection has a higher execution priority than other configurations, such as caching and authentication.
-
Click OK.
After you add the protected domain name, a default mitigation policy is automatically configured, and billing starts based on the Billing of Edge WAF.
NoteIf you did not configure another default policy in (Optional) Step 1: Configure a default mitigation policy, only the system-provided basic web protection default policy is configured after you add the domain name. You are then billed based on the number of processed requests.
(Optional) Step 3: Add or modify protection rules
To modify the status or action of a protection rule, such as changing the action from Block to Monitor, edit the mitigation policy in the mitigation policy overview section. For more information, see Configure an Edge WAF mitigation policy.
