WAF Service Application

After completing the service request on the service request page, proceed with the steps below in order.

Perform pre-test

1. Before changing the traffic path with SECaaS, verify its proper operation through a test.
   • The security monitoring center provides the IP to be used in SECaaS. Example: 103.22.200.1
   • We will explain using aaa.test.com as the example website.
   • Add the example text below to the C:\Windows\System32\drivers\etc\hosts file and save it.
     • Example phrase : 103.22.200.1 aaa.test.com
2. In Chrome browser, press F12 and when accessing the URL, select F5 (refresh) in the ‘Network tab at the top of the developer tools’.
3. The process completes when the response header ‘X-cdn’ has the value imperva, or when a SECaaS IP is present in the remote address.

Changing DNS Settings

The path is changed so that actual traffic is transmitted via SECaaS.

• We will configure each domain’s address as a CNAME using the provided CNAME domain. When using a CDN, change the CDN’s origin address to a CNAME.
• Root (Naked) domains cannot have a CNAME record. It is recommended to set an A record using the two Anycast IPs provided by default. If configuring both IPs is difficult, set only one.
  • Example: Register/modify DNS for test.com with the provided CNAME, and register/modify the A Record DNS for test.com with the provided IP.

Notify DNS Change

After the DNS change is announced, the security monitoring center checks for proper integration and traffic inflow.

Check Service

Verify normal service connectivity.

• Check whether an SSL certificate error occurs.
• The WAF is operated in detection mode for one month, after which the logs are analyzed and provided to the service owner.
  • If no legitimate traffic is detected as an attack, switch to blocking mode. If a false positive occurs, verify with the service owner and then add an exception in the WAF.