While on-boarding a site to the Cloud WAF, current DNS records are captured and stored in the Cloud WAF management console -- > Site --> Settings --> General/Advanced tab.
Once a customer points the site to Cloud WAF the following flow occurs:
User -> Cloud WAF -> Origin Server.
CNAME as Origin Server:
The default behavior of Cloud WAF when adding a site is to resolve and capture the IP address i.e. A records.
However, a domain may point to a CNAME to support dynamic changes in IP-addresses:
www.example.com CNAME abc.example.com
abc.example.com A 220.127.116.11
For most CNAMEs, Imperva Cloud WAF proxies can capture the CNAME, and add it to the Origin Servers tab.
Whenever a CNAME is configured for a site as the origin server, the Cloud WAF proxy will regularly query it. The querying interval will occur in accordance with the returned TTL for the CNAME record.
AWS "An ALIAS" Record:
To increase DNS query efficiency AWS offers another record type "A ALIAS"
AWS documentation is located here.
With this configuration the DNS server is configured as below:
www.example.com A ALIAS abc.example.com
However, running a DNS query returns A records and not CNAME:
www.examle.com 60 IN A 18.104.22.168
Hence, when on-boarding domains with "A ALIAS" records to Cloud WAF, the Imperva Cloud WAF will capture the A records and not the CNAME.
Currently, Cloud WAF doesn't support identifying the CNAME record for domains configured as "A ALIAS".
To support this configuration, navigate to Site --> Settings --> Origin Servers and manually add the required CNAME as the origin server.