When you use Incapsula, we want to hide your site's real IP address (to restrict direct access to web threats). To do this, it's not enough to redirect traffic from your naked domain to your www sub-domain, because an attacker can easily discover your naked domain's IP address (and most sites have their www sub-domain at the same IP address).
In order to totally "encapsulate" your site, Incapsula provides the forwarding service itself and therefore requires that you route all requests sent to your naked domain to an Incapsula IP address.
How to configure your DNS:
- In order to configure A Records and CNAME Record(s) of your DNS, you must log into your DNS management console.
- Update the A Record for your naked domain (for example, yourdomain.com) so that it points to the IPs provided by Incapsula for the A Record.
Why 2 A records? Incapsula provides you with two different A records for the sake of redundancy, and you will need to configure both of them for the naked domain. These IPs points to the Incapsula PoPs closest to the location where your application is hosted. Incapsula provides full support for sites using IPv6. If your DNS records contain an AAAA record, Incapsula will also provide two AAAA records to replace the existing AAAA record.
Important Note: The A records of your non-HTTP/S DNS records (such as ftp.yourdomain.com or mail.yourdomain.com) must remain pointing to your origin web server and not to Incapsula, which means that you should simply leave them "as is" in the DNS Zone file.
- Create or update the CNAME Record of the full domain of your site so that it points to the domain provided by Incapsula. Remember, the full domain includes the subdomain prefix, such as www.yourdomain.com or subdomain.yourdomain.com. If an end user types in the subdomain, then Incapsula uses the CNAME Record and provides service from the PoP that is closest to the end user.