Step 2: Add WAF IPs to the whitelist

For traffic to be correctly forwarded back to the origin server, add the WAF back-to-source IPs to the whitelist of the origin server. In the following example, the origin server is located in Kingsoft Cloud.

To add WAF IPs to the whitelist of the origin server:

1. On the upper-left corner of the console, choose Products and Services > Network > Virtual Private Cloud.

2. On top of the page, select the VPC where the origin server is located.

3. In the left navigation pane, click Security Group (Firewall).

4. Select the target security group, click the Inbound Rules tab, and click Edit Inbound Rules.

5. Add rules that contain WAF IP addresses as the source IPs.

   • For an SLB_WAF instance, add the following addresses:

     • 100.64.84.0/24

     • 100.64.85.0/24

     • 100.64.195.0/24

     • 100.65.49.0/24

     • 100.65.50.0/24

     • 100.65.192.0/24

     • 100.71.192.0/24

     • 100.71.193.0/24

     • 100.71.194.0/24

   • For a cloud WAF, add the following addresses:

     • 110.43.76.0/24 (for cn-beijing-6)

     • 110.43.129.0/24 (for cn-shanghai-2)

     • 110.43.43.0/26 (for cn-guangzhou-1)

6. Click Confirm.

   The new rules are successfully added to the security group.