When your site is under development or you want to try the WAF without changing your DNS, there is a WAF feature called Internal Domains.
You can find the Internal Domain address for your website by acessing the main page of the WAF dashboard, right next to the Hosting IP Address and Firewall IP Address:
The URL follows the structure
**********.100XX.sucurifirewall.com, where asterisks are a random hash generated after you add the site to the WAF and the "XX" is the WAF cluster ID, but don’t worry, this is just a detail.
Once you access the URL, you are likely to see your website content. From there, you can check if the WAF is fully functional for your website and if any file is being mistakenly blocked.
Internal Domains are designed to be a quick way to access your site behind WAF protection, but it’s far from perfect. There are many reasons why an internal domain may not function properly, even though the WAF is perfectly functional.
Your web server could be forcing a redirect from the Internal Domain hostname to your domain, cross-origin resource sharing might be blocking the website assets, etc., all because the hostname is different from your domain, the application or web server is not expecting to receive requests from a "strange" hostname.
Unless you face a 502 Backend Timeout message, your website is likely to be working just fine.
If you want to ensure that it really works smoothly, we recommend following the procedure described in Testing the WAF Before Changing the DNS article for more accurate testing.