Step 2: Add WAF IPs to the whitelist

Last updated:2020-06-01 15:42:38

For traffic to be correctly forwarded back to the origin server, add the WAF back-to-source IPs to the whitelist of the origin server. In the following example, the origin server is located in Kingsoft Cloud.

To add WAF IPs to the whitelist of the origin server:

  1. On the upper-left corner of the console, choose Products and Services > Network > Virtual Private Cloud.

  2. On top of the page, select the VPC where the origin server is located.

  3. In the left navigation pane, click Security Group (Firewall).

  4. Select the target security group, click the Inbound Rules tab, and click Edit Inbound Rules.

  5. Add rules that contain WAF IP addresses as the source IPs.

    • For an SLB_WAF instance, add the following addresses:










    • For a cloud WAF, add the following addresses:

      • (for cn-beijing-6)

      • (for cn-shanghai-2)

      • (for cn-guangzhou-1)

  6. Click Confirm.

    The new rules are successfully added to the security group.

Did you find the above information helpful?

Mostly Unhelpful
A little helpful
Very helpful

What might be the problems?

Unclear or awkward
Redundant or clumsy
Lack of context for the complex system or functionality

More suggestions


Please give us your feedback.


Thank you for your feedback.