It seems like your browser didn't download the required fonts. Please revise your security settings and try again.
Barracuda WAF-as-a-Service

Getting Started

  • Last updated on

Follow these steps to configure Barracuda WAF-as-a-Service to protect your web applications. For an overview of the traffic flow you will have created through this process, refer to Understanding Traffic Flow with Barracuda WAF-as-a-Service.

A. Configure Barracuda WAF-as-a-Service

  1. Navigate to https://waas.barracudanetworks.com/ and log in with your Barracuda account credentials.
    If you do not already have a Barracuda account, click Free 30-Day Trial to sign up for a trial of WAF-as-a-Service.

  2. At the top of the page, select Applications. Then click Add Application.

  3. Websites: Enter a familiar name for the application you want to protect. Then enter all possible DNS domains your users will use to access this service, including different forms, like  www.example.com and example.com. Click  Continue.

     addapp1.png


  4. Endpoints: Select one or more protocols and associated ports that Barracuda WAF-as-a-Service should listen on to protect your application. For HTTP traffic, you can choose if you want to add security by redirecting HTTP traffic to the more secure HTTPS protocol. Click Continue.  
    addapp2.png  

     

     

  5. Backend Server: Specify the protocol for the backend server – HTTP or HTTPS, then specify its IP address or Hostname and port. This is typically the current IP Address or hostname associated with the DNS domains you entered in step 1.
    Click Test Connection to ensure that Barracuda WAF-as-a-Service can connect to the backend server. When you have successfully tested the connection, click Continue.
    If the test displays a warning, refer to Backend IP Address Errors  for troubleshooting information.

     addapp3check.png


  6. Select Mode: Specify whether you want to Monitor or Block malicious traffic. If you are protecting an existing, live application, to minimize site downtime, we recommend you only monitor traffic for about a week before blocking malicious traffic. If you are protecting a new application, you can start blocking malicious traffic immediately. For more information, refer to Understanding Monitor and Block Modes. Click Add.

     addapp4.png


  7. Change CNAME: Copy the CNAME domain provided so you can update your DNS records through your hosting provider. The CNAME is structured as app######.prod.cudawaas.com. After copying the information, click Close.

    addapp5.png   

    Change DNS: Copy the IP Address provided so you can change your DNS A records on the DNS server of your domain. Then, click Close .

     
      

    Before You Continue...

    To avoid downtime, wait until your application is completely provisioned before changing DNS information in Section B below.

    Navigate to the Endpoints page for this application. On that page, a message displays while the new application is provisioning, a process that can take up to one hour. Wait until the message disappears, so you know the provisioning process is complete.

B. Add CNAME Records

Go to your domain provider’s DNS management portal to add the CNAME record you created in the previous step. Adding the CNAME record will redirect all of your web application traffic to Barracuda WAF-as-a-Service. If you already have a CNAME record for your domain, edit the existing record. If you already have an A record for your domain, delete the A record first, then create the CNAME record.

Note that it is important to use the CNAME record for DNS instead of using an IP address. IP addresses might change as a result of traffic management or data center maintenance, but CNAME records do not change. Using the CNAME for configuration ensures that you will not have to update your DNS record if your IP address changes.

 

Reach out to your domain provider directly with any questions.

Change A Records

Go to your domain provider’s DNS management portal to change the A records you obtained in the previous step. Changing your DNS A records to point to your application's IP Address will redirect all of your web application traffic to Barracuda WAF-as-a-Service.

Reach out to your domain provider directly with any questions.

 

 

For your convenience, here is a list of popular domain provider knowledgebase entries to help you change your DNS records.

Note that these sites were current at time of publication and are not affiliated with Barracuda Networks.

 

C. Restrict Direct Traffic

Ensure that users cannot access your application server directly, without going through Barracuda WAF-as-a-Service. For full instructions, refer to Restricting Direct Traffic.

Last updated on