It seems like your browser didn't download the required fonts. Please revise your security settings and try again.
Barracuda WAF-as-a-Service

Getting Started

  • Last updated on

Follow these steps to configure Barracuda WAF-as-a-Service to protect your web applications. For an overview of the traffic flow you will have created through this process, refer to Understanding Traffic Flow with Barracuda WAF-as-a-Service.

A. Configure Barracuda WAF-as-a-Service

To configure your application:

  1. Navigate to and log in with your Barracuda account credentials.
    If you do not already have a Barracuda account, click Free 30-Day Trial to sign up for a trial of WAF-as-a-Service.

  2. At the top of the page, select Applications. Then click Add Application.

  3. Websites: Enter a familiar name for the application you want to protect. Then enter all possible DNS domains your users will use to access this service, including different forms, like and Click  Continue.

    Note: Be sure to include all of your possible domains in this step. If you do not add certain domains, they will not be accessible.


  4. Backend Server: 
    Specify the protocol for the backend server – HTTP or HTTPS, then specify its public IP address or Hostname and port that resolve to the public IP address. This is typically the current IP Address or hostname associated with the DNS domains you entered in step 1.
    Click Test Connection to ensure that Barracuda WAF-as-a-Service can connect to the backend server. When you have successfully tested the connection, click Continue.
    If you cannot reach the backend server: You have the option to continue with the setup without fixing the connection at that time. Read the message, then click Continue anyway, then click Add. You must still fix the connection issue before your application can work. Refer to Backend IP Address Errors for troubleshooting information.
    Allowing the IP address to access your backend server: If you protect your backend server with a firewall, expand the lower section of this window, as shown below. Specify the IP address for your backend server to make it accessible.
    To view a list of Barracuda WAF-as-a-Service IP addresses to add to your firewall allow list:

    1. Enter the IP address or hostname for your backend server, then click Get IP Addresses.
      A message appears with IP addresses you need to allow.

      • Allow the IP addresses on your backend server.

      • Click Test Connection


    Note: The IP address used to test your connection is

    Change CNAME: Copy the CNAME domain provided so you can update your DNS records through your hosting provider. The CNAME is structured as After copying the information, click Close.
    You must configure CNAMEs for all of the domains you entered in Step 1 for your application configuration to be marked as configured.


    Before You Continue...

    To avoid downtime, wait until your application is completely provisioned before changing DNS information in Section B below.

    Navigate to the Endpoints page for this application. On that page, a message displays while the new application is provisioning, a process that can take up to 20 minutes. Wait until the message disappears, so you know the provisioning process is complete.

    B. Add CNAME Records

    Go to your domain provider’s DNS management portal to add the CNAME record you created in the previous step. Adding the CNAME record will redirect all of your web application traffic to Barracuda WAF-as-a-Service. If you already have a CNAME record for your domain, edit the existing record. If you already have an A record for your domain, delete the A record first, then create the CNAME record.

    Note that it is important to use the CNAME record for DNS instead of using an IP address. IP addresses might change as a result of traffic management or data center maintenance, but CNAME records do not change. Using the CNAME for configuration ensures that you will not have to update your DNS record if your IP address changes.

    Reach out to your domain provider directly with any questions.


    For your convenience, here is a list of popular domain provider knowledgebase entries to help you change your DNS records.

    Note that these sites were current at time of publication and are not affiliated with Barracuda Networks.

    After you complete the standard steps above, you will have HTTP redirect service on port 80 and HTTPS service with automatic certificate on port 443. Note that certificates can only be generated successfully after you have updated the DNS to point to all available domains and the endpoint is marked as configured.

    Note that your application starts in monitoring mode. For more information, refer to Understanding Monitor and Block Modes

    C. Restrict Direct Traffic

    Barracuda WAF-as-a-Service automatically assigns regions for your application. If you want to change a region, follow the instructions in  Restricting Direct Traffic . Note that when you change a region, you must allow a new list of IPs in your firewall. 

    D. Subscribe to Receive Notifications

    It is important that you be informed of incidents or scheduled maintenance that might affect your deployment of Barracuda WAF-as-a-Service. You can sign up to receive notifications automatically.

    To sign up for notifications:

    1. Navigate to the Barracuda Status Page – 
    2. Click Subscribe to Updates.
    3. Add your information for your preferred contact method, then click Subscribe via...