Domain Management
The domain management interface can add domains to UWAF for Web application access to security protection capabilities, and you can also view the added domain list and configure the added domains.
The following is based on the SaaS version of UWAF.
Add Domains
Domains can be added to UWAF. After accessing the domain through UWAF, UWAF will perform security detection and rule judgment on the traffic. As shown in the figure below, in the domain column, only fill in the domain name that needs to be accessed by WAF, without writing the port. The Source IP column fills in the public IP address or domain of the source station, and fills in the port of the source station after selecting the corresponding protocol. If the same source station has multiple ports or there are multiple source stations, click on the ⊕ to add a column and fill in or select the corresponding configuration, click on the ⊕ to delete the column.
?> Note:
If there are multiple different ports, UWAF will return to the port that the client actually visits.
If there is more than one source station on the same port, UWAF will adopt the round-robin method to return to the source.
Parameter Description
| Parameter | Description |
|---|---|
| Domain | Domain to be protected |
| Source IP | The origin IP address of the domain, you need to select the protocol type and fill in the corresponding port |
| Load Mode | In scenarios with multiple source station loads, the effective load balancing algorithm is activated ● Weighted Round Robin: Rotate according to the number of parts each source station weight occupies in the total weight of the source station. Nodes with high weights occupy more rotation parts and are requested more. Nodes with low weights occupy fewer rotation parts and are requested less. ● IP Hash: By Hashing the client’s P address, the request is distributed to different origin server, ensuring that the same client’s requests are always allocated to the same source server. |
| Deployment Area | The work area where the domain configuration is generated |
| Working Mode | The working mode of the domain UWAF rule ● Blocking Mode: Intercepts and releases according to the default UWAF rules and user-defined UWAF rules, and generates security logs ● Warning Mode: Generates security logs according to the default UWAF rules and user-defined UWAF rules, but does not intercept ● Passing Mode: Only acts as a traffic forwarding server, recording access logs, all access will be released, and no attack log information will be generated |
| Exclusive Defense IP | Consumes an exclusive IP point, assigns an exclusive defense IP to this domain, this item can only be turned on when adding a domain The domain with exclusive IP turned on has better concurrent performance compared to the domain with shared defense IP, and will not be affected when the shared defense IP is attacked by 4 layers DDoS attack |
| Is there a proxy before WAF | Use third-party proxies (high defense, CDN, PATHX, etc.) in front of UWAF. When the request is forwarded by the proxy, causing the UWAF cannot get the true client IP address, turn it on. After turning on this feature and filling in the fields that can accurately obtain the true client IP, UWAF can get the true client IP address |
| SSL Certificate | When using HTTPS protocol port, you need to upload the corresponding certificate. If there are matching certificates, they will be listed. If the certificate is purchased from USSL or the certificate is hosted in USSL, the certificate of the corresponding domain will be automatically pulled when adding HTTPS site. |
| HTTP Back to Source | After turning on, the request from HTTPS 443 port will be back to the source station HTTP 80 port. This item does not support non-443 port HTTP back to source, or back to non-80 port, |
| HTTPS Redirect | After turning on, UFAM will return a 301 redirect response to the client request from HTTP 80 port, which requests HTTPS 443 port. This item does not support non-80 port redirect, or redirect to non-443 port |
| HTTP2 Forwarding | Enable HTTP 2.0 business forwarding and security protection, this item needs to enable HTTPS redirect at the same time |
| Traffic Marking | UWAF adds a custom request Header field in the return request header and sets it to a custom value, which is used to mark the traffic from UWAF |
Domain List
You can conveniently view various information about the domain added to UWAF, such as business availability, parsing status, deployment area, working mode, today’s attack count, etc., you can also click the button behind the domain to configure the domain.
Parameter Description
| Parameter | Description |
|---|---|
| Domain | Added protected domain |
| CNAME | CNAME defense domain assigned by UWAF, after the successful addition of the domain, the original domain needs to be resolved to this CNAME defense domain to introduce traffic into UWAF, refer to Integration SaaS version UWAF |
| Business Availability | Prompt for HTTP and HTTPS connectivity, showing the status of detecting client -> UWAF -> source station route |
| Resolution Status | The current DNS resolution status of the CNAME record assigned by UWAF. Normal means it is resolved to UWAF’s defense IP; back to source means it is resolved to the source, taking the first one in multiple source stations. |
| Deployment Area | The deployment area of the firewall domain, multiple deployment areas of the CNAME defense domain will parse out multiple IPs |
| Working Mode | The working mode of the domain UWAF rule |
| Attacks Today | Statistic of the total number of attacks that have occurred today, that is, the number of attack logs for the day |
| Function Status | The display is the status of the CC protection engine and webpage tamper-proof feature being opened or closed |
| Operation | Security Report: Jump to the security report page Protection Settings: Jump to the protection settings page Function Settings: Jump to the function settings page Edit: Popup the domain edit box Delete: Delete the domain from UWAF, please ensure that the business flow has been switched back to the source station More: Includes back to source settings and monitoring settings ● Back to Source Settings: Business back to source will resolve CNAME defense domain to the source station; lifting back to source will resolve the CNAME defense domain back to UWAF ● Monitoring Settings: You can enable or disable domain attack alarm monitoring, abnormal status code monitoring, source station status monitoring, and automatic back to source for business exceptions, and you can also customize the source station status monitoring address (URL) |